Freeradius cannot verify client via Aruba AP

Fadrný Jaroslav Jaroslav.Fadrny at k-net.cz
Thu Feb 22 10:00:21 UTC 2024 

Hi,

I am facing following issue. I have already configured Freeradius with open ldap verification and It is working properly, I am able to verify from the localhost, but when client is trying to connect to SSID trough Auba AP I receive following information:

(0) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [freestaff] (from client aruba port 0 cli bc8556c82a83)
(0) Delaying response for 1.000000 seconds

I am sending debug output as well.


This is the ouput when I use aaa test from AP:

NAS-IP-Address = 10.0.98.38
(1)   NAS-Port = 0
(1)   NAS-Port-Type = Wireless-802.11
(1)   User-Name = "freestaff"
(1)   User-Password = "freestaff"
(1)   Service-Type = Login-User
(1)   Calling-Station-Id = "703a0ecaf5f2"
(1)   Called-Station-Id = "703a0ecaf5f2"
(1)   Aruba-Location-Id = "AP08NP2"
(1)   Aruba-AP-Group = "GymelgWiFi"
(1)   Message-Authenticator = 0x7d8ce6bfa7e6f07260502129ffb5c4aa

This is ouput when client is trying to connect to SSID, you can notice that parameter User-Password is missing and I don't know why.

Received Access-Request Id 4 from 10.0.98.38:60360 to 10.0.0.31:1812 length 187
(0)   User-Name = "freestaff"
(0)   NAS-IP-Address = 10.0.98.38
(0)   NAS-Port = 0
(0)   NAS-Identifier = "10.0.98.38"
(0)   NAS-Port-Type = Wireless-802.11
(0)   Calling-Station-Id = "bc8556c82a83"
(0)   Called-Station-Id = "703a0ecaf5f2"
(0)   Service-Type = Login-User
(0)   Framed-MTU = 1100
(0)   EAP-Message = 0x0202000e01667265657374616666
(0)   Aruba-Essid-Name = "Radius-test"
(0)   Aruba-Location-Id = "AP08NP2"
(0)   Aruba-AP-Group = "GymelgWiFi"
(0)   Message-Authenticator = 0x1d1d8a9e38e818c1fcf19b63dc17b6e7

Has anyone any idea what could be wrong?

S pozdravem / Best regards

Ing. Jaroslav Fadrný

IT specialist, Head of L1 support

[cid:image001.jpg at 01DA657B.F1C91180]
  K-net Technical International Group, s.r.o.

Adresa

Tel/Fax

SMS

E-mail/URL

Olomoucká 170

+420 548 220 150

+420 734 686 038

jaroslav.fadrny at k-net.cz<mailto:jaroslav.fadrny at k-net.cz>

627 00 Brno

+420 548 220 151



http://www.k-net.cz<http://www.k-net.cz/>


Informace obsažené v tomto e-mailu jsou určeny výlučně pro potřeby jeho adresáta. Text nebo přílohy mohou obsahovat utajované informace, informace považované společností K-net Technical International Group, s.r.o. za obchodní tajemství, případně jiné informace podléhající ochraně dle příslušných právních předpisů. Pokud Vám tento e-mail byl doručen omylem, zdržte se, prosím, jakékoli manipulace s textem či přílohami a o chybném doručení neprodleně informujte odesílatele.

The information contained within this e-mail is intended only for the person or entity to which it is addressed. The text or attachments may contain confidential information, information considered a trade secret by K-net Technical International Group, s.r.o. or, as the case may be, other information subject to protection under the relevant legal regulations. If you receive this e-mail by mistake, please refrain from manipulation with e-mail body or attachments and immediately inform the sender of the mistaken delivery.



-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20240222/01cae88a/attachment-0001.txt>

More information about the Freeradius-Users mailing list