I'm trying to set up a configuration where the freeradius server
authenticates win 2000 clients in a wireless lan with cisco aironet 350.
(Sorry for this long mex)
My forbidden dream is ldap, but ... for the moment eap is enough.
Here are the main portion of conf files.
radiusd.conf
* * *
bind_address = 192.168.27.4
modules {
eap {
# default_eap_type = md5
timer_expire = 60
# md5 {
# }
leap {
}
}
authorize {
eap
files
}
authenticate {
eap
}
* * *
users
* * *
abc Password = "123"
Reply-Message = "Hy !!! :)"
* * *
clients.conf
* * *
client 192.168.27.4 {
secret = testing123
shortname = lb
}
* * *
I've got my freeradius running on my server, and if I use radtest or
radclient I receive the correct Access-Accept:
* * *
radtest abc 123 192.168.27.4 1 testing123
Sending Access-Request of id 98 to 192.168.27.4:1812
User-Name = "abc"
User-Password = " [EMAIL PROTECTED]"
NAS-IP-Address = wha
NAS-Port = 1
rad_recv: Access-Accept packet from host 192.168.27.4:1812, id=98,
length=31
Reply-Message = "Hy !!! :)"
* * *
And on the the server:
* * *
radiusd -sfxxyz -l stdout
[...]
Listening on IP address 192.168.27.4, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.27.4:35883, id=98,
length=55
User-Name = "abc"
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1
modcall: entering group authorize
rlm_eap: EAP-Message not found
modcall[authorize]: module "eap" returns noop
users: Matched abc at 159
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat: 'Hy !!! :)'
Sending Access-Accept of id 98 to 192.168.27.4:35883
Reply-Message = "Hy !!! :)"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 98 with timestamp 3ef3157c
Nothing to do. Sleeping until we see a request.
* * *
I've run radtest on the same machine running radiusd.
Now the problem: trying to authenticate from a windows 2000 client
(SP3) to a cisco aironet 350.
Here is the output from radiusd:
* * *
rad_recv: Access-Request packet from host 195.250.227.169:1770, id=218,
length=1
42
User-Name = "abc"
Cisco-AVPair = "ssid=tsunami"
NAS-IP-Address = 195.250.227.169
Called-Station-Id = "0040965dfff9"
Calling-Station-Id = "000d28464a26"
NAS-Identifier = "CISCOWR01"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0205000801616263
Message-Authenticator = 0xeaee53e33aa0f00ab1b17dba7f15a508
modcall: entering group authorize
rlm_eap: EAP packet type notification id 5 length 8
modcall[authorize]: module "eap" returns updated
users: Matched abc at 159
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 5 length 8
rlm_eap: Unsupported EAP_TYPE 1
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 218 to 195.250.227.169:1770
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Reply-Message = "Hy !!! :)"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 218 with timestamp 3ef31717
Nothing to do. Sleeping until we see a request.
* * *
It seems that the problem is here:
rlm_eap: Unsupported EAP_TYPE 1
but I'm not able to understand it.
Any hint/help? :)))
Thanks in advance.
Bye,
Luca
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
