|
Hallo, I tried with EAP-TLS and PEAP/MS-CHAPv2. With the last, I have this user: vlan3 Cisco-AVPair == "ssid=VLAN3", User-Password == "test" Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 3, Tunnel-Type = VLAN If I insert the check == in the Cisco-AVPair attribute, I have this log: rad_recv: Access-Request packet from host 192.168.9.104:1645, id=21, length=240 User-Name = "vlan3" Framed-MTU = 1400 Called-Station-Id = "0012.dacb.8420" Calling-Station-Id = "000c.f135.f1ba" Cisco-AVPair = "ssid=VLAN3" Service-Type = Login-User Message-Authenticator = 0x57cbe83313e35c36a3878a5151361c44 EAP-Message = 0x020900501900170301002029a86e41268c925e584b0924c058e045487523e0b2181541f520fe517e5fa67c1703010020ebe4e512af90e916f41fc666e138157bd279a6ed7f1ab44243f67e72d18ce012 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "260" NAS-Port = 260 State = 0xbb09e1038e24af4dc9f4002adb7d6b0a NAS-IP-Address = 192.168.9.104 NAS-Identifier = "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "vlan3", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry vlan3 at line 24 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 8 modcall: leaving group authenticate (returns invalid) for request 8 auth: Failed to validate the user. Login incorrect: [vlan3/<no User-Password attribute>] (from client ap-test port 260 cli 000c.f135.f1ba) Delaying request 8 for 1 seconds Finished request 8 The radius don't authenticate my user, but the SSID is correct! I don't understand what is wrong..... Thanks a lot for your support... Antonio on 06/04/2006 14.59 Guy Davies said the following: I don't think you should be setting the Auth-Type. Just let FreeRADIUS work that out. What are you doing with your Cisco AP? Are you doing PEAP/MS-CHAPv2? If so, then you must have a User-Password == "foo" in your user database and you *must not* set Auth-Type := EAP.You should do as Sergio says and use == in your Cisco-AVPair check item. This is a comparison. Rgds, Guy On 06/04/06, Antonio Matera <[EMAIL PROTECTED]> wrote: |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
