Hi,
I'm trying to use my existing freeradius server and mysql database to
add 802.1X PEAP functionality to my wireless network. Currently, it
works great authenticating my cisco device logins. However, after
setting the peap stuff up, when I try to log in with a user on the
wireless, it -seems to get the wrong auth-type, and fails. Here's what
happens:
> rad_recv: Access-Request packet from host 192.168.1.10:2050, id=0,
length=125
> User-Name = "growse"
> NAS-IP-Address = 192.168.1.10
> Called-Station-Id = "0016b6edfe1b"
> Calling-Station-Id = "000e35bd8c13"
> NAS-Identifier = "0016b6edfe1b"
> NAS-Port = 34
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = <some stuff>
> Message-Authenticator = <more stuff>
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "growse", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: EAP packet type response id 0 length 11
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
> radius_xlat: 'growse'
> rlm_sql (sql): sql_set_user escaped user --> 'growse'
> radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = 'growse' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 4
> radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'growse' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radreply WHERE Username = 'growse' ORDER BY id'
> radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'growse' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): Released sql socket id: 4
> modcall[authorize]: module "sql" returns ok for request 0
> users: Matched entry DEFAULT at line 155
> modcall[authorize]: module "files" returns ok for request 0
> modcall: leaving group authorize (returns updated) for request 0
> rad_check_password: Found Auth-Type Local
> auth: type Local
> auth: No User-Password or CHAP-Password attribute in the request
> auth: Failed to validate the user.
> Login incorrect: [growse] (from client wlan port 34 cli 000e35bd8c13)
However, if I put something like:
"testuser" Auth-Type = EAP, User-Password := "test"
in the users file and use the test credentials on the wireless client,
it works fine. I've read a bunch of things saying that the Auth-Type
aatribute shouldn't need to be set and that it should figure out that
it's EAP by itself. However when using the sql db as a credentials store
it can't seem to figure out that it's an EAP request.
Any ideas how to fix this?
Thanks,
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
