OK, I have successfully got the new controller talking to our Windows radius
servers in order to test, and can authenticate users. Switching over to the PF
server for authentication via freeradius I get the errors as below:
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.13 port 32768, id=7, length=211
User-Name = "sm18818"
Calling-Station-Id = "00-26-b6-da-18-42"
Called-Station-Id = "b8-be-bf-ef-24-20:hallsnet-student"
NAS-Port = 13
NAS-IP-Address = 10.1.1.13
NAS-Identifier = "cywlc_halls"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "710"
EAP-Message = 0x0205001119800000000715030100020230
State = 0x4dff6b344ffa727124508253e356604b
Message-Authenticator = 0x28de35753ef6ab156d7e60261470a7b8
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 5 length 17
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 7
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
TLS Alert read:fatal:unknown CA
TLS_accept: failed in SSLv3 read client certificate A
rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
SSL: SSL_read failed inside of TLS (-1), TLS session fails.
TLS receive handshake failed during operation
[peap] eaptls_process returned 4
[peap] EAPTLS_OTHERS
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server packetfence
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> sm18818
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 60 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 60
Sending Access-Reject of id 7 to 10.1.1.13 port 32768
EAP-Message = 0x04050004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 57 ID 4 with timestamp +18676
Cleaning up request 58 ID 5 with timestamp +18676
Cleaning up request 59 ID 6 with timestamp +18676
Waking up in 1.0 seconds.
Cleaning up request 60 ID 7 with timestamp +18676
Ready to process requests.
PS, if this kind of support is covered under our current support contract with
inverse I'll happily raise this as an official ticket and take it off the
mailing list if you'd rather. Otherwise I'm hoping that other users who have
configured WLC4400s successfully can maybe offer some advice.
Cheers,
Andi
-----Original Message-----
From: Morris, Andi [mailto:[email protected]]
Sent: 12 March 2012 13:52
To: [email protected]
Subject: Re: [Packetfence-users] Cisco Wireless Lan Controller 5500
Hi Francois,
I'll give that a go. Currently we're struggling to get it to authenticate via
radius anyway, even before Packetfence gets invoked.
What is involved with sponsoring?
Cheers,
Andi
-----Original Message-----
From: Francois Gaudreault [mailto:[email protected]]
Sent: 12 March 2012 12:37
To: [email protected]
Subject: Re: [Packetfence-users] Cisco Wireless Lan Controller 5500
Hi Andi,
Try using the WLC_4400 module. It will probably behave the same way.
If not, let us know, if you are interested, you can probably sponsor the module
development.
Thanks.
On 12-03-12 7:08 AM, Morris, Andi wrote:
> Hi,
>
> Has anyone successfully setup a WLC 5500 in packetfence? I would very
> much like to get one working, but the documentation for the 4400 is
> “to be contributed”, and there is also no option to add the 5500 in
> the switches interface. Is this something that would be possible?
>
> Cheers,
>
> Andi
>
> ---------------------------------------------------------------
> Andi Morris
> Technical Security Analyst
>
> Systems and Communications Services
> Information Services Division
> Cardiff Metropolitan University
> Cardiff
> Wales
> CF5 2YB
>
> 02920 205720
>
> --------------------------------------------------------------
>
> ----------------------------------------------------------------------
> --
>
> >From 1st November 2011 UWIC changed its title to Cardiff
> Metropolitan University. From the 6th December 2011, as part of this
> change, all email addresses which included @uwic.ac.uk have changed to
> @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan
> University will now be sent from the new @cardiffmet.ac.uk address.
> *Please could you ensure that all of your contact records and
> databases are updated to reflect this change.* Further information can
> be found on the website here.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan
> Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad
> e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr
> holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu
> danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. *Gwnewch yn siwr eich
> bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i
> adlewyrchu
> hyn.* Gellir cael rhagor o wybodaeth ar y wefan yma.
> <http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
>
>
>
> ----------------------------------------------------------------------
> -------- Try before you buy = See our experts in action!
> The most comprehensive online learning library for Microsoft
> developers is just $99.99! Visual Studio, SharePoint, SQL - plus
> HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you
> subscribe now!
> http://p.sf.net/sfu/learndevnow-dev2
>
>
>
> _______________________________________________
> Packetfence-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/packetfence-users
--
Francois Gaudreault, ing. jr
[email protected] :: +1.514.447.4918 (x130) :: www.inverse.ca Inverse
inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers is just
$99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style
Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
________________________________
From 1st November 2011 UWIC changed its title to Cardiff Metropolitan
University. From the 6th December 2011, as part of this change, all email
addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All
emails sent from Cardiff Metropolitan University will now be sent from the new
@cardiffmet.ac.uk address. Please could you ensure that all of your contact
records and databases are updated to reflect this change. Further information
can be found on the website
here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan
Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n
cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a
ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad
@cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion
cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar
y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers is just
$99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style
Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
