I'm having a problem with my Cisco 2950 and EAP/TLS...I've already
configured this to work on my HP 5300, so I'd assume that everything on
the freeradius end is proper...
However I am receiving this from the debug log:
rad_recv: Access-Request packet from host 192.168.2.161:1812, id=9,
length=116
NAS-IP-Address = 192.168.2.161
NAS-Port = 50012
NAS-Port-Type = Ethernet
User-Name = "client"
Called-Station-Id = "00-09-7C-3E-92-0C"
Calling-Station-Id = "00-11-11-64-A1-E6"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x
Message-Authenticator = 0x21afff7782222d4fa2ead6e802a75517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "client", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: Got EAP_START message
modcall[authorize]: module "eap" returns handled for request 0
modcall: group authorize returns handled for request 0
Sending Access-Challenge of id 9 to 192.168.2.161:1812
EAP-Message = 0x0101000501
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 9 with timestamp 43fc4990
Nothing to do. Sleeping until we see a request.
Then this from the switch:
000043: *Mar 1 01:16:24: %DOT1X-5-ERR_INVALID_AAA_ATTR: Got invalid AAA
attribute settings from RADIUS server
My question is, for anyone who has set this up, what must I do in the
Cisco world to make this work?
-Bob
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
