Hi, I am trying to authenticate Cisco AP 1200 against FreeRadius through LDAP.The following is the error I am getting after stage 2 "rlm_eap_leap: No User-Password or NT-Password configured for this user". The LDAP authentication is getting done. and the EAP is also getting started. But, the credentials of the LDAP is not getting used for EAP.
Please suggest the reason for this error. Log is given below. Joseph =============================================================================== rad_recv: Access-Request packet from host 192.168.1.7:21645, id=245, length=125 User-Name = "FAnthony" Framed-MTU = 1400 Called-Station-Id = "000e.d7b1.008b" Calling-Station-Id = "000f.2478.85cf" Message-Authenticator = 0x2f568765c076a1cc35ec515b50580740 EAP-Message = 0x0202000d0146416e74686f6e79 NAS-Port-Type = Wireless-802.11 NAS-Port = 485 Service-Type = Framed-User NAS-IP-Address = 192.168.1.7 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'o=MyOrg' radius_xlat: '(uid=FAnthony)' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.1.41:389, authentication 0 rlm_ldap: bind as cn=Admin,o=MyOrg/<removed> to 192.168.1.41:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony) ldap_release_conn: Release Id: 0 radius_xlat: '(&(uid=FAnthony)(objectclass=top))' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter (&(uid=FAnthony)(objectclass=top)) rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 156 users: Matched DEFAULT at 175 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for FAnthony radius_xlat: '(uid=FAnthony)' radius_xlat: 'o=MyOrg' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony) rlm_ldap: checking if remote access for FAnthony is allowed by proposedaltorgunit rlm_ldap: Password header not found in password (91CA0741343JHUG6C9A32A21F) for user FAnthony rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user FAnthony authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: EAP packet type notification id 2 length 13 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type leap rlm_eap_leap: Stage 2 rlm_eap_leap: Issuing AP Challenge rlm_eap_leap: Successfully initiated modcall[authenticate]: module "eap" returns ok for request 0 modcall: group authenticate returns ok for request 0 modcall: entering group post-auth for request 0 radius_xlat: '/var/log/radius/radacct/192.168.1.7/reply-detail-20040524' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.1.7/reply-detail-20040524 modcall[post-auth]: module "reply_log" returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Challenge of id 245 to 192.168.1.7:21645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0103001811010008b94601729c9a3dd446416e74686f6e79 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe3166619f4e5ebeceeecf4c8ad538f14c2b3b1406fa168fb18df0f59e7687b3844c0e160 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.1.7:21645, id=246, length=190 User-Name = "FAnthony" Framed-MTU = 1400 Called-Station-Id = "000e.d7b1.008b" Calling-Station-Id = "000f.2478.85cf" Message-Authenticator = 0xbbf0ade28f802ee85b254d14fd07308c EAP-Message = 0x0203002811010018e24bd48592abbef7378f8fc67fcd97fe01e0cfd3cba39e1446416e74686f6e79 NAS-Port-Type = Wireless-802.11 NAS-Port = 485 State = 0xe3166619f4e5ebeceeecf4c8ad538f14c2b3b1406fa168fb18df0f59e7687b3844c0e160 Service-Type = Framed-User NAS-IP-Address = 192.168.1.7 modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_eap: EAP packet type notification id 3 length 40 rlm_eap: EAP Start not found modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'o=MyOrg' radius_xlat: '(uid=FAnthony)' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony) ldap_release_conn: Release Id: 0 radius_xlat: '(&(uid=FAnthony)(objectclass=top))' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter (&(uid=FAnthony)(objectclass=top)) rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg ldap_release_conn: Release Id: 0 users: Matched DEFAULT at 156 users: Matched DEFAULT at 175 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for FAnthony radius_xlat: '(uid=FAnthony)' radius_xlat: 'o=MyOrg' ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony) rlm_ldap: checking if remote access for FAnthony is allowed by proposedaltorgunit rlm_ldap: Password header not found in password (91CA0GFYG78673936C9A32A421F) for user FAnthony rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user FAnthony authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate for request 1 rlm_eap: EAP packet type notification id 3 length 40 rlm_eap: EAP Start not found rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - leap rlm_eap: processing type leap rlm_eap_leap: No User-Password or NT-Password configured for this user modcall[authenticate]: module "eap" returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.1.7:21645, id=246, length=190 Sending Access-Reject of id 246 to 192.168.1.7:21645 EAP-Message = 0x04030004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Cleaning up request 0 ID 245 with timestamp 40b1b3c1 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 246 with timestamp 40b1b3c2 Nothing to do. Sleeping until we see a request. ****************DISCLAIMER***************** This message and any attachments (hereinafter referred to as the 'mail content') is intended solely for the addressee. The 'mail content' is confidential and may be privileged and is also prohibited from disclosure. Access, use, copying, distribution or re-use of the 'mail content' by anyone except the addressee is unauthorized. If you are not the intended addressee, please destroy all copies of the 'mail content' in your possession and also delete the same from your computer. Any views expressed in the 'mail content' are those of the individual sender except where the sender, with due authority of Jyoti Structures Ltd., specifically states them to be the views of Jyoti Structures Ltd. Nothing contained in the 'mail content' is capable or intended to create any legally binding obligations on the sender, Jyoti Structures Ltd. The sender, Jyoti Structures Ltd., accepts no responsibility, whatsoever, for loss or damage from the use of the 'Said Information' including damage from viruses. **************************************************** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html