Authentication problem Cisco WAP4410N + FreeRadius + OpenLDAP

Discussion in 'Server Operation' started by skrollan, Sep 2, 2011.

  1. skrollan

    skrollan Guest

    Hello! I'm having trouble to authenticate with my Cisco WAP4410N AP to my radiusserver (Debian6).
    The thing is i'm using LDAP to login to the wireless network, which seems to work because i can do:
    radtest testuser "password" \ localhost 2 testing123
    Where testuser is an LDAP-user.
    Where i get an "Access-Accept" answer.
    But when i then try to login to the wireless network, radius refuses to accept the Cisco AP. Which in follow blocks every attempt to login.
    Current errormessage is printed by freeradius -X

    Code:
    ++[eap] returns ok 
Found Auth-Type = EAP 
# Executing group from file /etc/freeradius/sites-enabled/default 
+- entering group authenticate {...} 
[eap] Request found, released from the list 
[eap] EAP/peap 
[eap] processing type peap 
[peap] processing EAP-TLS 
[peap] eaptls_verify returned 7 
[peap] Done initial handshake 
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK 
[peap] Session established. Decoding tunneled attributes. 
[peap] Peap state send tlv failure 
[peap] Received EAP-TLV response. 
[peap] The users session was previously rejected: returning reject (again.) 
[peap] *** This means you need to read the PREVIOUS messages in the debug output 
[peap] *** to find out the reason why the user was rejected. 
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you. 
[peap] *** what went wrong, and how to fix the problem. 
[eap] Handler failed in EAP/peap 
[eap] Failed in EAP select 
++[eap] returns invalid 
Failed to authenticate the user. 
Using Post-Auth-Type Reject 
# Executing group from file /etc/freeradius/sites-enabled/default 
+- entering group REJECT {...} 
[attr_filter.access_reject] expand: %{User-Name} -> host/robert-laptop 
attr_filter: Matched entry DEFAULT at line 11 
++[attr_filter.access_reject] returns updated 
Delaying reject of request 59 for 1 seconds 
Going to the next request 
Waking up in 0.9 seconds. 
Sending delayed reject for request 59 
Sending Access-Reject of id 55 to 10.0.0.3 port 2070 
EAP-Message = 0x04080004 
Message-Authenticator = 0x00000000000000000000000000000000 
Waking up in 3.9 seconds. 
Cleaning up request 51 ID 47 with timestamp +2345
    I have added an entry for the AP in clients.conf which looks like following:

    Code:
    client 10.0.0.3 { 
secret = testing123 
shortname = wireless_ap 
nastype = cisco 
}
    Does anyone on have a clue on where I did go wrong with this, and what I can do to fix this.

    Thanks in advance
    /skrollan
     
    skrollan, Sep 2, 2011
    #1

Share This Page