Hi,
I am trying to authenticate Cisco AP 1200 against FreeRadius through
LDAP.The following is the error I am getting after stage 2 "rlm_eap_leap:
No User-Password or NT-Password configured for this user". The LDAP
authentication is getting done. and the EAP is also getting started. But,
the credentials of the LDAP is not getting used for EAP.
Please suggest the reason for this error. Log is given below.
Joseph
===============================================================================
rad_recv: Access-Request packet from host 192.168.1.7:21645, id=245,
length=125
User-Name = "FAnthony"
Framed-MTU = 1400
Called-Station-Id = "000e.d7b1.008b"
Calling-Station-Id = "000f.2478.85cf"
Message-Authenticator = 0x2f568765c076a1cc35ec515b50580740
EAP-Message = 0x0202000d0146416e74686f6e79
NAS-Port-Type = Wireless-802.11
NAS-Port = 485
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.7
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type notification id 2 length 13
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'o=MyOrg'
radius_xlat: '(uid=FAnthony)'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.41:389, authentication 0
rlm_ldap: bind as cn=Admin,o=MyOrg/<removed> to 192.168.1.41:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
ldap_release_conn: Release Id: 0
radius_xlat: '(&(uid=FAnthony)(objectclass=top))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter
(&(uid=FAnthony)(objectclass=top))
rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for FAnthony
radius_xlat: '(uid=FAnthony)'
radius_xlat: 'o=MyOrg'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
rlm_ldap: checking if remote access for FAnthony is allowed by
proposedaltorgunit
rlm_ldap: Password header not found in password (91CA0741343JHUG6C9A32A21F)
for user FAnthony
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user FAnthony authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 2 length 13
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 0
modcall: group authenticate returns ok for request 0
modcall: entering group post-auth for request 0
radius_xlat: '/var/log/radius/radacct/192.168.1.7/reply-detail-20040524'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.1.7/reply-detail-20040524
modcall[post-auth]: module "reply_log" returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Challenge of id 245 to 192.168.1.7:21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x0103001811010008b94601729c9a3dd446416e74686f6e79
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xe3166619f4e5ebeceeecf4c8ad538f14c2b3b1406fa168fb18df0f59e7687b3844c0e160
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.7:21645, id=246,
length=190
User-Name = "FAnthony"
Framed-MTU = 1400
Called-Station-Id = "000e.d7b1.008b"
Calling-Station-Id = "000f.2478.85cf"
Message-Authenticator = 0xbbf0ade28f802ee85b254d14fd07308c
EAP-Message =
0x0203002811010018e24bd48592abbef7378f8fc67fcd97fe01e0cfd3cba39e1446416e74686f6e79
NAS-Port-Type = Wireless-802.11
NAS-Port = 485
State =
0xe3166619f4e5ebeceeecf4c8ad538f14c2b3b1406fa168fb18df0f59e7687b3844c0e160
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.7
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: EAP packet type notification id 3 length 40
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'o=MyOrg'
radius_xlat: '(uid=FAnthony)'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
ldap_release_conn: Release Id: 0
radius_xlat: '(&(uid=FAnthony)(objectclass=top))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter
(&(uid=FAnthony)(objectclass=top))
rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for FAnthony
radius_xlat: '(uid=FAnthony)'
radius_xlat: 'o=MyOrg'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
rlm_ldap: checking if remote access for FAnthony is allowed by
proposedaltorgunit
rlm_ldap: Password header not found in password
(91CA0GFYG78673936C9A32A421F) for user FAnthony
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user FAnthony authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 3 length 40
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.1.7:21645, id=246,
length=190
Sending Access-Reject of id 246 to 192.168.1.7:21645
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Cleaning up request 0 ID 245 with timestamp 40b1b3c1
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 246 with timestamp 40b1b3c2
Nothing to do. Sleeping until we see a request.
****************DISCLAIMER***************** This message and any
attachments (hereinafter referred to as the 'mail content') is intended
solely for the addressee. The 'mail content' is confidential and may be
privileged and is also prohibited from disclosure. Access, use, copying,
distribution or re-use of the 'mail content' by anyone except the
addressee is unauthorized. If you are not the intended addressee, please
destroy all copies of the 'mail content' in your possession and also
delete the same from your computer. Any views expressed in the 'mail
content' are those of the individual sender except where the sender, with
due authority of Jyoti Structures Ltd., specifically states them to be
the views of Jyoti Structures Ltd. Nothing contained in the 'mail
content' is capable or intended to create any legally binding
obligations on the sender, Jyoti Structures Ltd. The sender, Jyoti
Structures Ltd., accepts no responsibility, whatsoever, for loss or damage
from the use of the 'Said Information' including damage from viruses.
****************************************************
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
