Humm , look at your client profile, i think something is wrong Thomas Tsai <[email protected]> a écrit :
>Yes...Thank you. In fact I already started doing that. Very informative. >Turns out that: > >[mschap] ERROR: User-Name (guest) is not the same as MS-CHAP Name >(domain\username) from EAP-MSCHAPv2 > >More poking to do. > >-----Original Message----- >From: Fabrice Durand [mailto:[email protected]] >Sent: Thursday, October 04, 2012 3:48 PM >To: [email protected] >Subject: Re: [PacketFence-users] Cisco WLC 5508 wireless auth to PF FreeRadius > >Hi thomas, >Try to run raduis as debug mode: >ps -edf |grep radius >kill -15 (the pid of radius) >And launch radius with -X (copy and paste the line from ps -edf and add -X) >You will see exactly what happen . > >Fabrice > >Thomas Tsai <[email protected]> a écrit : > >>I think I see the issue now, but I don't know how to fix... Please help! >> >>Localhost test yields: >> >>Thu Oct 4 15:37:03 2012 : Auth: Login OK: [guest/password] (from >>client localhost port 12) Thu Oct 4 15:37:03 2012 : Info: rlm_perl: >>MAC address is empty or invalid in this request. It could be normal on >>certain radius calls >> >>Thu Oct 4 15:37:17 2012 : Auth: Login incorrect: [guest/<via Auth-Type >>= EAP>] (from client WLC port 13 cli 00-88-10-88-59-88 via TLS tunnel) >>Thu Oct 4 15:37:17 2012 : Auth: Login incorrect: [guest/<via Auth-Type >>= EAP>] (from client WLC port 13 cli 00-88-10-88-59-88) >> >>So the password being passed along is not the actual password, but "<via >>Auth-Type = EAP>" ? Where have I gone wrong? >> >>-----Original Message----- >>From: Thomas Tsai [mailto:[email protected]] >>Sent: Thursday, October 04, 2012 3:36 PM >>To: '[email protected]' >>Subject: [PacketFence-users] Cisco WLC 5508 wireless auth to PF >>FreeRadius >> >>Now that I finally figured out the issue with the freeradius config I had, I >>have the following dilemma. >> >>I've configured the WLC per the specifications outlined in the packetfence >>network device configuration pdf guide (which is very detailed and up to >>date). >> >>Now that I have started internal testing, I have run into an issue where the >>client cannot connect. >> >>The client sees a prompt for username / password upon joining the SSID that >>is configured for packetfence (SSID created for "Secure method"). Once the >>client enters in credentials and submits, I see the following in the >>/usr/local/pf/log/radius.log log: >> >>Thu Oct 4 15:29:29 2012 : Auth: Login incorrect: [guest] (from client >>WLC port 13 cli 00-88-10-88-59-88 via TLS tunnel) Thu Oct 4 15:29:29 >>2012 : Auth: Login incorrect: [guest] (from client WLC port 13 cli >>00-88-10-88-59-88) Thu Oct 4 15:30:26 2012 : Auth: Login OK: [guest] >>(from client localhost port 12) >> >>Currently, I am using local file for authentication (so the users file >>/usr/local/pf/raddb/users) >> >>Which contains the following: >> >>DEFAULT EAP-Message !* "", Auth-Type := Accept "guest" Cleartext-Password := >>"password" >> >> >> >>Any suggestions anyone? >> >>********************************************** >>Email Disclaimer: >> >>This email, including attachments, may contain proprietary, confidential or >>privileged information. If you are not the intended recipient, please (i) do >>not use, disclose, save or retransmit this message or any attachments, (ii) >>alert the sender by reply email and (iii) destroy or delete this message and >>any attachments. >>Delivery of this email to a person other than the intended >>recipient(s) shall not constitute a waiver of privilege or confidentiality. >> >>CP Investments, member FINRA and SIPC, serves as placement agent for >>investment products advised by Canyon Capital Advisors LLC. This email is not >>intended to be an offer to sell or a solicitation of an offer to buy any >>security in any jurisdiction. We review and retain electronic communications >>traveling through our network. >> >>********************************************** >> >>----------------------------------------------------------------------- >>------- Don't let slow site performance ruin your business. Deploy New >>Relic APM Deploy New Relic app performance management and know exactly what >>is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic >>at no cost today and get our sweet Data Nerd shirt too! >>http://p.sf.net/sfu/newrelic-dev2dev >>_______________________________________________ >>PacketFence-users mailing list >>[email protected] >>https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >>----------------------------------------------------------------------- >>------- Don't let slow site performance ruin your business. Deploy New >>Relic APM Deploy New Relic app performance management and know exactly >>what is happening inside your Ruby, Python, PHP, Java, and .NET app Try >>New Relic at no cost today and get our sweet Data Nerd shirt too! >>http://p.sf.net/sfu/newrelic-dev2dev >>_______________________________________________ >>PacketFence-users mailing list >>[email protected] >>https://lists.sourceforge.net/lists/listinfo/packetfence-users >------------------------------------------------------------------------------ >Don't let slow site performance ruin your business. Deploy New Relic APM >Deploy New Relic app performance management and know exactly what is happening >inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost >today and get our sweet Data Nerd shirt too! >http://p.sf.net/sfu/newrelic-dev2dev >_______________________________________________ >PacketFence-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/packetfence-users > >********************************************** >Email Disclaimer: > >This email, including attachments, may contain >proprietary, confidential or privileged information. If you >are not the intended recipient, please (i) do not use, >disclose, save or retransmit this message or any >attachments, (ii) alert the sender by reply email and (iii) >destroy or delete this message and any attachments. >Delivery of this email to a person other than the intended >recipient(s) shall not constitute a waiver of privilege or >confidentiality. > >CP Investments, member FINRA and SIPC, serves as >placement agent for investment products advised by >Canyon Capital Advisors LLC. This email is not intended to >be an offer to sell or a solicitation of an offer to buy any >security in any jurisdiction. We review and retain >electronic communications traveling through our network. > >********************************************** >------------------------------------------------------------------------------ >Don't let slow site performance ruin your business. Deploy New Relic APM >Deploy New Relic app performance management and know exactly >what is happening inside your Ruby, Python, PHP, Java, and .NET app >Try New Relic at no cost today and get our sweet Data Nerd shirt too! >http://p.sf.net/sfu/newrelic-dev2dev >_______________________________________________ >PacketFence-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
