Jos� Luis Solano wrote:
Hi again Jean-Paul, but I have a new problem:Don't type anything for 'domain'.
What I need to change in my radiusd.conf???
Note: When Alfa&Ariss client ask me user, password and domain I write my user "sgisev" and my password "whatever" , but I don't know exactly what is my domain.
Have you the user 'sgisev' at the line 161 of users file with User-Password == "something" and with no Auth-Type ?
freeradius log ------------------------- [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 192.168.49.252:1225, id=68, length=134 User-Name = "sgisev" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b01736769736576 Message-Authenticator = 0x8854f2ad8aab0424819b2a04e221f5b6 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 users: Matched sgisev at 161
I don't see any thing wrong in radiusd.conf.modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 68 to 192.168.49.252:1225 Waking up in 4 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=69, length=134 User-Name = "sgisev" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b01736769736576 Message-Authenticator = 0x028d6a55380ba0efb236aec77d33f8b3 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 users: Matched sgisev at 161 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns ok for request 1 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 68 with timestamp 403606ef Sending Access-Reject of id 69 to 192.168.49.252:1225 Waking up in 4 seconds... rad_recv: Access-Request packet from host 192.168.49.252:1225, id=70, length=134 User-Name = "sgisev" NAS-IP-Address = 192.168.49.252 NAS-Port = 0 Called-Station-Id = "00-80-C8-01-01-55" Calling-Station-Id = "00-0B-46-26-1C-44" NAS-Identifier = "DWL-1000AP+" Framed-MTU = 1380 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000b01736769736576 Message-Authenticator = 0x1259bac11b122a6599dfb8dc056263f1 modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 users: Matched sgisev at 161 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns ok for request 2 auth: type Local auth: No User-Password or CHAP-Password attribute in the request auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 69 with timestamp 403606f3 Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 70 to 192.168.49.252:1225 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 70 with timestamp 403606f8 Nothing to do. Sleeping until we see a request.
users file ----------------- sgisev User-Password == "whatever"
radiusd.conf ------------------------- eap { default_eap_type = tls
timer_expire = 60 ignore_unknown_eap_types = no
md5 { } leap { }
tls { private_key_password = izadisan private_key_file = /usr/local/openssl/ssl/certs/server/server.pem
certificate_file = /usr/local/openssl/ssl/certs/server/server.pem
CA_file = /usr/local/openssl/ssl/certs/ca/ca.pem
dh_file = /usr/local/openssl/ssl/certs/dh
random_file = /usr/local/openssl/ssl/certs/random
fragment_size = 1024
include_length = yes } ttls { default_eap_type=md5 copy_request_to_tunnel = no use_tunneled_reply=no
} }
......
authorize { preprocess
# Read the 'users' file files
}
authenticate { Auth-Type PAP { pap }
}
Regards.
Jean-Paul.
-- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D
smime.p7s
Description: S/MIME Cryptographic Signature
