On Fri, Feb 11, 2005 at 03:43:19PM -0600, Jeffrey C. Ollie wrote:
| I have a similar setup... Follow Alan DeKok's suggestions to get the APs
| authenticating with WDS. Once you have fixed those problems even the
| stock 1.0.1 will work to authenticate the APs.
Yes, my APs are chattering away happily now after:
1) Removing the "Auth-Type := Accept" clause in the users file
and
2) Changing "nastype = other" in clients.conf
Joe and Alan - thanks! Sorry I didn't spot this myself :-)
| However, I am still unable to get the WLSE to talk properly with the
| APs. I have recompiled with the patches mentioned above and the WDS AP
| shows that the WLSE is authenticated but things still aren't working
| properly (WLSE reports faults and is unable to control the APs).
Same here - I've appended the debug output from radiusd and the
WDS master AP in case anyone can spot what's wrong.
The WLSE just has a "User-Password" attribute in the users file.
Cheers,
Martin
rad_recv: Access-Request packet from host XXXXXX:1645, id=63, length=185
User-Name = "banana"
Framed-MTU = 1400
Called-Station-Id = "000deddf77b8"
Calling-Station-Id = "00e0180d9e0b"
Service-Type = Login-User
Message-Authenticator = 0x4bae9ce29b72551325b12085ccdd59e2
EAP-Message =
0x0203002611010018fb93b01e42127b278061a8cb392d8ba5badee9c48db41bff62616e616e61
NAS-Port-Type = Wireless-802.11
NAS-Port = 45
State = 0x457b11e4ad18262f1ce62a13b4abdb5b
NAS-IP-Address = XXXXXX
NAS-Identifier = "mymasterap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
modcall[authorize]: module "preprocess" returns ok for request 27
rlm_eap: EAP packet type response id 3 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 27
users: Matched entry banana at line 4
modcall[authorize]: module "files" returns ok for request 27
modcall: group authorize returns updated for request 27
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
rlm_eap: Request found, released from the list
rlm_eap: EAP/leap
rlm_eap: processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: NtChallengeResponse from AP is valid
rlm_eap: Underlying EAP-Type set EAP ID to 0
rlm_eap: RT Modif EAP-Type = 0 EAP-LENGTH = 0
modcall[authenticate]: module "eap" returns ok for request 27
modcall: group authenticate returns ok for request 27
Sending Access-Challenge of id 63 to XXXXXX:1645
EAP-Message = 0x03000004
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c009db9b82d9943e0aa2f82330db26b
Finished request 27
Going to the next request
Feb 11 21:55:41: dot11_auth_dot1x_send_id_req_to_client: Started timer
client_timeout 30 seconds
Feb 11 21:55:41: dot11_auth_parse_client_pak: Received EAPOL packet from
00e0.180d.9e0b
Feb 11 21:55:41: EAPOL pak dump rx
Feb 11 21:55:41: EAPOL Version: 0x1 type: 0x0 length: 0x000B
Feb 11 21:55:41: EAP code: 0x2 id: 0x1 length: 0x000B type: 0x1
00E01A00: 0100 000B0201 ......
00E01A10: 000B0162 616E616E 61 ...banana
Feb 11 21:55:41: dot11_auth_parse_client_pak: id is not matching
req-id:1resp-id:2, waiting for response
Feb 11 21:55:41: dot11_auth_parse_client_pak: Received EAPOL packet from
00e0.180d.9e0b
Feb 11 21:55:41: EAPOL pak dump rx
Feb 11 21:55:41: EAPOL Version: 0x1 type: 0x0 length: 0x000B
Feb 11 21:55:41: EAP code: 0x2 id: 0x2 length: 0x000B type: 0x1
00E006C0: 0100 000B0202 ......
00E006D0: 000B0162 616E616E 61 ...banana
Feb 11 21:55:41: dot11_auth_dot1x_run_rfsm: Executing
Action(CLIENT_WAIT,CLIENT_REPLY) for 00e0.180d.9e0b
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_server: Sending client
00e0.180d.9e0b data to server
Feb 11 21:55:41: AAA/AUTHEN/PPP (00000035): Pick method list 'FOO'
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_server: Started timer
server_timeout 60 seconds
Feb 11 21:55:41: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
Feb 11 21:55:41: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server
response
Feb 11 21:55:41: dot11_auth_dot1x_run_rfsm: Executing
Action(SERVER_WAIT,SERVER_REPLY) for 00e0.180d.9e0b
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_client: Forwarding server
message to client 00e0.180d.9e0b
Feb 11 21:55:41: EAPOL pak dump tx
Feb 11 21:55:41: EAPOL Version: 0x1 type: 0x0 length: 0x0016
Feb 11 21:55:41: EAP code: 0x1 id: 0x3 length: 0x0016 type: 0x11
00E014F0: 01000016 01030016 11010008 ............
00E01500: 5A43AA12 8B1E153D 62616E61 6E61 ZC*....=banana
Feb 11 21:55:41: dot11_auth_send_msg: sending data to requestor status 1
Feb 11 21:55:41: dot11_auth_send_msg: Sending EAPOL to requestor
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_client: Started timer
client_timeout 30 seconds
Feb 11 21:55:41: dot11_auth_parse_client_pak: Received EAPOL packet from
00e0.180d.9e0b
Feb 11 21:55:41: EAPOL pak dump rx
Feb 11 21:55:41: EAPOL Version: 0x1 type: 0x0 length: 0x0026
Feb 11 21:55:41: EAP code: 0x2 id: 0x3 length: 0x0026 type: 0x11
00E034D0: 0100 00260203 00261101 ...&...&..
00E034E0: 00180E49 C65E0C3D EE28E204 F2750834 ...IF^.=n(b.ru.4
00E034F0: E4EB049D 4F111492 638A6261 6E616E61 dk..O...c.banana
00E03500:
Feb 11 21:55:41: dot11_auth_dot1x_run_rfsm: Executing
Action(CLIENT_WAIT,CLIENT_REPLY) for 00e0.180d.9e0b
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_server: Sending client
00e0.180d.9e0b data to server
Feb 11 21:55:41: AAA/AUTHEN/PPP (00000035): Pick method list 'FOO'
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_server: Started timer
server_timeout 60 seconds
Feb 11 21:55:41: dot11_auth_dot1x_parse_aaa_resp: Received server response:
GET_CHALLENGE_RESPONSE
Feb 11 21:55:41: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server
response
Feb 11 21:55:41: dot11_auth_dot1x_run_rfsm: Executing
Action(SERVER_WAIT,SERVER_REPLY) for 00e0.180d.9e0b
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_client: Forwarding server
message to client 00e0.180d.9e0b
Feb 11 21:55:41: EAPOL pak dump tx
Feb 11 21:55:41: EAPOL Version: 0x1 type: 0x0 length: 0x0004
Feb 11 21:55:41: EAP code: 0x3 id: 0x0 length: 0x0004
00E00DB0: 01000004 ....
00E00DC0: 03000004 ....
Feb 11 21:55:41: dot11_auth_send_msg: sending data to requestor status 1
Feb 11 21:55:41: dot11_auth_send_msg: Sending EAPOL to requestor
Feb 11 21:55:41: dot11_auth_dot1x_send_response_to_client: Started timer
client_timeout 30 seconds
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
