Authentification with: login, password, SSID

[ludovic cailleau]

Good morning,

 

I wish to realize an authentication 802.11x for a wireless network.

I use a switch wireless Symbol, and Freeradius under fedora 5.

 

The authentication will have to verified 3 parameters: the login, the password, and the SSID.

The switch Symbol with the Vendor Specific Attribute (Symbol-SSID) transmits the SSID.

I have then creates a Freeradius's dictionary for this attribute (Symbol-SSID).

 

#

# dictionary.symbol

#

VENDOR            Symbol       388  

ATTRIBUTE   Symbol-SSID        2     string            Symbol

 

 

I use the users files of Freeradius.

For validate the authentication I use the entry:

 

"vlan4"      Auth-Type := eap, User-Password == "vlan4", Symbol-SSID == 'CRTguest'

            Reply-Message = "Hello, %u"

 

 

I start freeradius, and when I want to connect me with a client PC I'm reject.

Logs indicates me:

 

Fri Apr 21 09:01:34 2006 : Info: Using deprecated naslist file.   Support for this will go away soon.

Fri Apr 21 09:01:34 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?

Fri Apr 21 09:01:34 2006 : Info: Ready to process requests.

Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls:   Length Included

Fri Apr 21 09:01:49 2006 : Error:      TLS_accept:error in SSLv3 read client certificate A

Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message

Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls:   Length Included

Fri Apr 21 09:01:49 2006 : Info:      (other): SSL negotiation finished successfully

Fri Apr 21 09:01:49 2006 : Info: rlm_eap_tls: Received EAP-TLS ACK message

Fri Apr 21 09:01:50 2006 : Info: rlm_eap_mschapv2: Issuing Challenge

Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client localhost port 0)

Fri Apr 21 09:01:50 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)

Fri Apr 21 09:01:52 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request

Fri Apr 21 09:01:52 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)

Fri Apr 21 09:01:54 2006 : Error: rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request

Fri Apr 21 09:01:54 2006 : Auth: Login incorrect: [vlan4/<no User-Password attribute>] (from client symbol port 29 cli 00:11:F5:3A:DC:37)

 

 

But if I delete the VSA Symbol-SSID, I can connect me.

 

Thank you for your help.

---

Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html