[strongSwan] eap-radius-md5-android

Tue, 06 Jan 2015 03:54:40 -0800 

hello,
we are testing the implemantion and integration of strongswan over radius to ldap 
-----
/etc/ipsec.conf
config setup
       charondebug="ike 6, knl 3, cfg 0, lib 2"
conn %default
      #pingsource=192.168.240.98
conn rw-eap
        ikelifetime=60m
        keylife=20m
        rekeymargin=3m
        keyingtries=1
        keyexchange=ikev2
        left=quark.xxxx.com
        leftsubnet=192.168.240.0/21
        [email protected]
        leftcert=xin-ca-quark.xxxx.com.crt
        leftauth=pubkey
        leftfirewall=yes
        rightid=%any
        rightsendcert=never
        rightauth=eap-radius
        eap_identity=%any
        right=%any
        auto=add
-----
/etc/stronswan.conf
charon {
        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
        eap-radius {
        secret = W0mbel-88
        server = 192.168.240.69
        }
        }
}
include strongswan.d/*.conf
-----

from our gateway - we got a positiv result

radtest badura.odinsraben 12suxer34  192.168.240.69 1812 W0mbel-88
Sending Access-Request of id 59 to 192.168.240.69 port 1812
    User-Name = "badura.odinsraben"
    User-Password = "12suxer34"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 1812
    Message-Authenticator = 0x00000000000000000000000000000000
rad_recv: Access-Accept packet from host 192.168.240.69 port 1812, id=59, length=20 
-----------


after we tried to established a connection over strongswan - we get

----
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly? 
[ldap] user badura.odinsraben authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user 
Failed to authenticate the user.
----

i have 2 questions ...

1. what is wrong? is there any parameter in strongswan.conf missing?
2. we use "rightid=%any" instead of "rightid=*@xxxx.com" ... where is the rightid option in the strongswan android app? 

regards ...

--
thomas will
- xinux e.K.- networking - security - consulting - training   -
- novell certified linux professional - lpi level 2 certified -
- fon 06332 44040  - fax 06332 899227  - mobil 0170 52 18 548  -
- 66482 zweibruecken - wichernstr. 18  - http://www.xinux.de  -
- Amtsgericht  -  Registergericht  -  Zweibruecken - HRA 1518 -

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to