Gary,
My setup is as follows:
LDAP ---- FreeRadius ---- Cisco 1200 AP ---- Cisco 350 Series Client
I have checked out each component in parts.
1. The LDAP to FreeRadius segment has been checked on the FreeRadius Server
by using the "radtest" for user on the LDAP. I have got an "Accept-Accept"
packet.
2. For testing purposes, I made the Cisco 1200 AP double up as a Radius
Server (Cisco's in-built functionality) with authentication of users
present in the local database. This also has worked. I am able to login to
the network through my PCMCIA card. I used LEAP for this. (No certificated
yet, which I planned to do later, once my basic setup is up and running.)
3. Now, I want to replace the Cisco AP Radius Server with FreeRadius
Server. Then, What I see the following in the Cisco ACU "
Starting LEAP Authentication - Successful
Waiting on Authentication - Processing
It refuses to go any further saying "350 Series is not associated" with
user authentication getting timed out.
The log on the FreeRadius server, I have already posted.
Looks like what you said is right; the credentials from the Cisco AP is not
being passed to the through FreeRadius properly.
What next? Where should I start looking ?
Alan, please HELP.....
JS
"Gary McKinney"
<[EMAIL PROTECTED]> To: <[EMAIL
PROTECTED]>
Sent by: cc:
[EMAIL PROTECTED] Subject: Re: rlm_eap: EAP Start not
found
eradius.org
24/05/2004 07:46 PM
Please respond to
freeradius-users
Joseph,
>From the info you sent to the list it looks like the NT authentication is
not happening...
NOTE: I don't know why it is but the EAP - Start not found shows up in the
debug normally [grin]...
Here is the line that indicates the actual problem:
rlm_eap_leap: No User-Password or NT-Password configured for this user
Hope this helps you ....
Gary N. McKinney
Network Administrator
Computer Services Dept.
Brevard County Library System
---------- Original Message ----------------------------------
From: "Joseph Silvin" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date: Mon, 24 May 2004 19:01:36 +0530
>Hi,
>
>Currently using LEAP through Cisco AP 1200 and Cisco Client adapter (350
>series)
>Not able to connect.
>
>Any suggestions are welcome.
>
>JS
>
>=====================================================================
>Waking up in 5 seconds...
>rad_recv: Access-Request packet from host 192.168.1.7:21654, id=211,
>length=194
> User-Name = "Joseph"
> Framed-MTU = 1400
> Called-Station-Id = "000e.d7b1.008b"
> Calling-Station-Id = "000f.245d.b532"
> Message-Authenticator = 0xbfff0cd4e770e2b66a99fb1b3fd057c0
> EAP-Message =
>0x02040028110100181cd0eb44b170c98d8f75735f502bed799897f9be3ceb75af46416e74686f6e79
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 377
> State =
>0xa098942a08a361fac4b58e0be619329c434faf401ce42fce9ace56190b71178623755fa7
> Service-Type = Framed-User
> NAS-IP-Address = 192.168.1.7
> NAS-Identifier = "ap"
>modcall: entering group authorize for request 2
> modcall[authorize]: module "preprocess" returns ok for request 2
> modcall[authorize]: module "chap" returns noop for request 2
> rlm_eap: EAP packet type notification id 4 length 40
> rlm_eap: EAP Start not found
> modcall[authorize]: module "eap" returns updated for request 2
> rlm_realm: No '@' in User-Name = "Joseph", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 2
>rlm_ldap: Entering ldap_groupcmp()
>radius_xlat: 'o=MyOrg'
>radius_xlat: '(uid=Joseph)'
>ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in o=MyOrg, with filter (uid=Joseph)
>ldap_release_conn: Release Id: 0
>radius_xlat: '(&(uid=Joseph)(objectclass=top))'
>ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in OU=MyLocation,O=MyOrg, with filter
>(&(uid=Joseph)(objectclass=top))
>rlm_ldap::ldap_groupcmp: User found in group OU=MyLocation,O=MyOrg
>ldap_release_conn: Release Id: 0
> users: Matched DEFAULT at 161
> users: Matched DEFAULT at 180
> modcall[authorize]: module "files" returns ok for request 2
> modcall[authorize]: module "mschap" returns noop for request 2
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for Joseph
>radius_xlat: '(uid=Joseph)'
>radius_xlat: 'o=MyOrg'
>ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in o=MyOrg, with filter (uid=Joseph)
>rlm_ldap: checking if remote access for Joseph is allowed by
>proposedaltorgunit
>rlm_ldap: looking for check items in directory...
>rlm_ldap: looking for reply items in directory...
>rlm_ldap: user Joseph authorized to use remote access
>ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 2
>modcall: group authorize returns updated for request 2
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
>modcall: entering group authenticate for request 2
> rlm_eap: EAP packet type notification id 4 length 40
> rlm_eap: EAP Start not found
> rlm_eap: Request found, released from the list
> rlm_eap: EAP_TYPE - leap
> rlm_eap: processing type leap
>rlm_eap_leap: No User-Password or NT-Password configured for this user
> modcall[authenticate]: module "eap" returns invalid for request 2
>modcall: group authenticate returns invalid for request 2
>auth: Failed to validate the user.
>Delaying request 2 for 1 seconds
>Finished request 2
>Going to the next request
>Waking up in 5 seconds...
>rad_recv: Access-Request packet from host 192.168.1.7:21654, id=211,
>length=194
>Sending Access-Reject of id 211 to 192.168.1.7:21654
> EAP-Message = 0x04040004
> Message-Authenticator = 0x00000000000000000000000000000000
>--- Walking the entire request list ---
>Cleaning up request 0 ID 209 with timestamp 40af4f42
>Cleaning up request 1 ID 210 with timestamp 40af4f42
>Waking up in 1 seconds...
>--- Walking the entire request list ---
>Cleaning up request 2 ID 211 with timestamp 40af4f43
>Nothing to do. Sleeping until we see a request.
>==================================================
>
>
>----- Forwarded by Joseph Silvin/Information Technology/MyLocation/MyOrg
on
>24/05/2004 07:02 PM -----
>
> Joseph Silvin
> To:
[EMAIL PROTECTED]
> 24/05/2004 09:53 cc:
> AM Subject: rlm_eap: EAP
Start not found
>
>
>
>
>
>Hi,
>
>Need:
>Authorization through Domino LDAP (Lotus Notes)
>Authentication through EAP without certificates
>
>Current System:
>Server - FreeRadius (freeradius-0.9.3-1.i386.rpm) on RedHat Fedora 1
>AP - Cisco Aironet 1200
>Client - Windows 2000 with Odyssey Client
>
>Problem:
>LDAP working perfectly.... (checked with radtest)
>but, the eap component is not working. (rlm_eap: EAP Start not found )
>
>Any pointers to a solution is welcome.
>
>JS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
