Hello,
I'm trying to authenticate Windows users via Cisco AP 1100, freeradius
and Fedora Directory Server (FDS) combination.
I configured FDS and radiusd.conf and other configuration files
according to ldap_howto found in freeradius documentation. I managed
to authorize users but authentication doesn't work. Here is the log of
radiusd -X. I have to make it work urgently. Has anybody suggestions?
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:21645,
id=91, length=170
User-Name = yilmaz
Framed-MTU = 1400
Called-Station-Id = 0012.dae5.02d0
Calling-Station-Id = 00a0.c5fb.a044
Service-Type = Login-User
Message-Authenticator = 0xb5aae70f920a25df14d59908548ecadf
EAP-Message =
0x020a00261900170301001b242f66ff01fc8cabcc0f2e8203235bec935abdc9dac564949a1b82
NAS-Port-Type = Wireless-802.11
NAS-Port = 674
State = 0x5a4c45339a4de6925fbb158c95df2d80
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = ap
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
modcall[authorize]: module preprocess returns ok for request 17
modcall[authorize]: module chap returns noop for request 17
modcall[authorize]: module mschap returns noop for request 17
rlm_realm: No '@' in User-Name = yilmaz, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 17
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 17
users: Matched entry DEFAULT at line 152
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=Personel,dc=deu,dc=edu,dc=tr'
radius_xlat: '(uid=yilmaz)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Personel,dc=deu,dc=edu,dc=tr, with
filter (uid=yilmaz)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '((uid=yilmaz)(objectclass=radiusprofile))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Personel,dc=deu,dc=edu,dc=tr, with
filter ((radiusGroupName=disabled)((uid=yilmaz)(objectclass=radiusprofile)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=yilmaz,
ou=Personel,dc=deu,dc=edu,dc=tr, with filter (objectclass=*)
rlm_ldap::groupcmp: Group disabled not found or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'ou=Personel,dc=deu,dc=edu,dc=tr'
radius_xlat: '((uid=yilmaz)(objectclass=radiusprofile))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Personel,dc=deu,dc=edu,dc=tr, with
filter ((radiusGroupName=kablosuz)((uid=yilmaz)(objectclass=radiusprofile)))
rlm_ldap::ldap_groupcmp: User found in group kablosuz
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 222
modcall[authorize]: module files returns ok for request 17
rlm_ldap: - authorize
rlm_ldap: performing user authorization for yilmaz
radius_xlat: '(uid=yilmaz)'
radius_xlat: 'ou=Personel,dc=deu,dc=edu,dc=tr'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Personel,dc=deu,dc=edu,dc=tr, with
filter (uid=yilmaz)
rlm_ldap: performing search in
uid=kablosuz,ou=Radius,ou=Profil,dc=deu,dc=edu,dc=tr, with filter
(objectclass=radiusprofile)
rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User op=11
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user yilmaz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected
earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module eap returns invalid for request 17
modcall: leaving group authenticate (returns invalid) for request 17
auth: Failed to validate the user.
Delaying request 17 for 1