Hi all,
I'm trying to configure my PF to authenticate wireless users.
I have created a WPA2 enterprise WLAN on my Aps and I have configured the PF IP
as radius server.
I have configured a LDAP user source that should be used by the Radius server.
Using pftest I have this output:
[root@mitelwifi ~]# /usr/local/pf/bin/pftest authentication integrazionewifi
<MYPASSWD> <LDAP_SOURCE>
Testing authentication for "integrazionewifi"
Authenticating against <LDAP_SOURCE>
Authentication SUCCEEDED against <LDAP_SOURCE> (Authentication successful.)
Matched against <LDAP_SOURCE>for 'authentication' rules
set_role : impiegati
set_access_duration : 5D
Did not match against <LDAP_SOURCE>
When a wireless client try to connect to the WLAN I see this log on radius log
file:
Wed Jan 25 02:41:29 2017 : Auth: (11) Login incorrect (eap: Tried to start
unsupported EAP type MSCHAPv2 (26)): [<MYDOMAIN>\integrazionewifi] (from client
10.12.15.0/24 port 1 cli 70:77:81:1a:d2:c5 via TLS tunnel)
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (1): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (2): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (3): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (4): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (0): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Closing connection (5): Hit
idle_timeout, was idle for 204 seconds
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Opening additional connection
(6), 1 of 64 pending slots used
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Need 2 more connections to
reach 10 spares
Wed Jan 25 02:41:29 2017 : Info: rlm_sql (sql): Opening additional connection
(7), 1 of 63 pending slots used
Wed Jan 25 02:41:29 2017 : Info: (12) eap_peap: The users session was
previously rejected: returning reject (again.)
Wed Jan 25 02:41:29 2017 : Info: (12) eap_peap: This means you need to read
the PREVIOUS messages in the debug output
Wed Jan 25 02:41:29 2017 : Info: (12) eap_peap: to find out the reason why
the user was rejected
Wed Jan 25 02:41:29 2017 : Info: (12) eap_peap: Look for "reject" or "fail".
Those earlier messages will tell you
Wed Jan 25 02:41:29 2017 : Info: (12) eap_peap: what went wrong, and how to
fix the problem
Wed Jan 25 02:41:29 2017 : Auth: (12) Login incorrect (eap: Failed continuing
EAP PEAP (25) session. EAP sub-module failed): [<MYDOMAIN>\integrazionewifi]
(from client 10.12.15.0/24 port 1 cli 70:77:81:1a:d2:c5)
Wed Jan 25 02:41:29 2017 : [mac:70:77:81:1a:d2:c5] Rejected user:
assl10\integrazionewifi
Using tcpdump I cannot see any connection to LDAP serevr
I don't understand why I have this log.
I have enabled PEAP and MSCHAPv2 as authentication method.
Thank you very much
Luca Messori
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
