Having a bizarre problem that started due to someone in my department deleting
the samba computer account for my freeradius machine. I recreated it and for a
time everything went back to normal, but later that afternoon all of my apple
clients can simply not connect to our 802.1x enabled wireless network. We are
using Cisco wireless controllers. Radiusd -X doesn't seem to be giving me
enough debug output. Is there any suggestion as to drill down further to see
what is going on here. I am having no issues with my Windows 7 clients and
Windows mobile devices. Simply not getting enough information. Everything has
been working fine for months and I don't understand why all of the sudden this
is going on and why its only affecting Apple IOS devices and iMacs so far.
Here's an example output. This simply loops over and over again:
rad_recv: Access-Request packet from host 172.20.9.253 port 32769, id=63,
length=228
User-Name = "oclarke"
Calling-Station-Id = "10-40-f3-27-b9-83"
Called-Station-Id = "00-1f-c9-ff-8a-d0:s-wsc"
NAS-Port = 29
Cisco-AVPair = "audit-session-id=ac1409fd000000085042b3cc"
NAS-IP-Address = 172.20.9.253
NAS-Identifier = "diller-wism-b"
Airespace-Wlan-Id = 4
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "891"
EAP-Message = 0x0207000c016f636c61726b65
Message-Authenticator = 0x6015385c05fd07141cd27b2bd7d4452a
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[IPASS] No '/' in User-Name = "oclarke", looking up realm NULL
[IPASS] No such realm "NULL"
++[IPASS] returns noop
[suffix] No '@' in User-Name = "oclarke", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "oclarke", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 7 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 216
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 63 to 172.20.9.253 port 32769
EAP-Message = 0x010800061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0ca5d3010cadca632a899d669d6fd38b
Finished request 218.
Going to the next request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
