Menu
What's new
By:
Filters Better Search

Authentication problem Cisco WAP4410N + FreeRadius + OpenLDAP

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

skrollan

New Around Here
Hello!
I'm having trouble to authenticate with my Cisco WAP4410N AP to my radiusserver (Debian6).
The thing is i'm using LDAP to login to the wireless network, which seems to work because i can do:
radtest testuser "password" \ localhost 2 testing123
Where testuser is an LDAP-user.
Where i get an "Access-accept" answer.
But when i then try to login to the wireless network, radius refuses to accept the Cisco AP. Which in follow blocks every attempt to login.
Current errormessage is printed by freeradius -X

++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> host/robert-laptop
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 59 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 59
Sending Access-Reject of id 55 to 10.0.0.3 port 2070
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 51 ID 47 with timestamp +2345
Click to expand...


I have added an entry for the AP in clients.conf which looks like following:


client 10.0.0.3 {
secret = testing123
shortname = wireless_ap
nastype = cisco
}
Click to expand...


Does anyone on have a clue on where I did go wrong with this, and what I can do to fix this.

Thanks in advance :)
/skrollan
 
You must log in or register to reply here.

Similar threads

K
ASUS RT N66U Router in AP Mode w/ Cisco AT&T Gateway/Wireless STB Issues - PLEASE HELP!!
Replies
5
Views
3K
stevech
S
N
Freeradius installed on a Windows machine
Replies
0
Views
5K
netman64
N
Similar threads
Thread starter Title Forum Replies Date
J ASUS Orbi rbr50 problem General Wi-Fi Discussion 1
C Cisco looking to the future for Wireless. General Wi-Fi Discussion 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 644 (members: 16, guests: 628)
Top