Hello to all
I'm very new at this whole radius deal so I hope I can find a kind soul that could help me with this setup. I'm sorry if this is described somewhere I've been looking around and I don't seem to find this. For now i'm trying to get a very simple setup to work I have a Cisco 1121G AP which I want to use with my freeeradius server EAP/PEAP Nothing fancy just a user local on the freeradius server I can't get the user credentials to authenticate It's a Windows machine that I trying to authenticate with and the wireless netcard is set to use EAP (PEAP), no certificates and EAP-MSCHAPv2 as authentication method. I have a user in the radius users file called wifiuser User-Password := "SomePasswordHere" MS-CHAP-Use-NTLM-Auth := 0 In the clients.conf I have client 192.168.150.250 { secret = SomePasswordHere shortname = CiscoAP1121 nastype = cisco } In the eap.conf I unmarked default_eap_type = mschapv2 Then I read this in the eap.conf # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # mschapv2 { } Does this apply to my setup and if so what is an alternative to what I'm trying todo? When I debug on the cisco AP I get the following lines that are odd (Full log in bottom of the mail) *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12 *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA] *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3 *Apr 23 19:50:57.299: RADIUS: 33 It's a pretty standard Freeradius config havn't done anything to it but added some users and one other client. Thank you in advance Christian -------- LOGS BELOW --------- All I get in radius.log is Mon May 14 19:50:20 2007 : Info: rlm_eap_md5: Issuing Challenge --------------- CISCO DEBUG RADIUS ----------------------- *Apr 23 19:50:57.288: RADIUS/ENCODE(000000D3):Orig. component type = DOT11 *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [263] 12 *Apr 23 19:50:57.288: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA] *Apr 23 19:50:57.288: RADIUS: AAA Unsupported [156] 3 *Apr 23 19:50:57.288: RADIUS: 33 [3] *Apr 23 19:50:57.288: RADIUS(000000D3): Storing nasport 336 in rad_db *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250 *Apr 23 19:50:57.289: RADIUS/ENCODE(000000D3): acct_session_id: 82 *Apr 23 19:50:57.289: RADIUS(000000D3): Config NAS IP: 192.168.150.250 *Apr 23 19:50:57.289: RADIUS(000000D3): sending *Apr 23 19:50:57.290: RADIUS(000000D3): Send Access-Request to 192.168.150.1:1812 id 1645/33, len 135 *Apr 23 19:50:57.290: RADIUS: authenticator EA B6 33 72 6C 09 8E CF - 84 B1 60 BB 54 B8 55 BF *Apr 23 19:50:57.290: RADIUS: User-Name [1] 10 "wifiuser" *Apr 23 19:50:57.290: RADIUS: Framed-MTU [12] 6 1400 *Apr 23 19:50:57.290: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0" *Apr 23 19:50:57.290: RADIUS: Calling-Station-Id [31] 16 "000e.35e6.0bd0" *Apr 23 19:50:57.290: RADIUS: Service-Type [6] 6 Login [1] *Apr 23 19:50:57.291: RADIUS: Message-Authenticato[80] 18 * *Apr 23 19:50:57.291: RADIUS: EAP-Message [79] 15 *Apr 23 19:50:57.291: RADIUS: 02 02 00 0D 01 77 69 66 69 75 73 65 72 [?????wifiuser] *Apr 23 19:50:57.291: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19] *Apr 23 19:50:57.292: RADIUS: NAS-Port [5] 6 336 *Apr 23 19:50:57.292: RADIUS: NAS-IP-Address [4] 6 192.168.150.250 *Apr 23 19:50:57.292: RADIUS: Nas-Identifier [32] 10 "VOICE-AP" *Apr 23 19:50:57.293: RADIUS: Received from id 1645/33 192.168.150.1:1812, Access-Challenge, len 80 *Apr 23 19:50:57.294: RADIUS: authenticator F9 A4 EE 6B E1 5A 8A AB - F5 BD 19 CA 96 33 48 CA *Apr 23 19:50:57.294: RADIUS: EAP-Message [79] 24 *Apr 23 19:50:57.294: RADIUS: 01 03 00 16 04 10 41 8F DB 50 B7 94 9A 30 DF CE [??????A??P???0??] *Apr 23 19:50:57.294: RADIUS: 60 DA D1 51 EB 08 [`??Q??] *Apr 23 19:50:57.294: RADIUS: Message-Authenticato[80] 18 * *Apr 23 19:50:57.294: RADIUS: State [24] 18 *Apr 23 19:50:57.295: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF 21 54 FB [?SV????????F?!T?] *Apr 23 19:50:57.295: RADIUS(000000D3): Received from id 1645/33 *Apr 23 19:50:57.296: RADIUS/DECODE: EAP-Message fragments, 22, total 22 bytes *Apr 23 19:50:57.298: RADIUS/ENCODE(000000D3):Orig. component type = DOT11 *Apr 23 19:50:57.298: RADIUS: AAA Unsupported [263] 12 *Apr 23 19:50:57.299: RADIUS: 57 49 46 49 5F 50 52 49 56 41 [WIFI_PRIVA] *Apr 23 19:50:57.299: RADIUS: AAA Unsupported [156] 3 *Apr 23 19:50:57.299: RADIUS: 33 [3] *Apr 23 19:50:57.299: RADIUS(000000D3): Using existing nas_port 336 *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250 *Apr 23 19:50:57.300: RADIUS/ENCODE(000000D3): acct_session_id: 82 *Apr 23 19:50:57.300: RADIUS(000000D3): Config NAS IP: 192.168.150.250 *Apr 23 19:50:57.300: RADIUS(000000D3): sending *Apr 23 19:50:57.300: RADIUS(000000D3): Send Access-Request to 192.168.150.1:1812 id 1645/34, len 146 *Apr 23 19:50:57.300: RADIUS: authenticator 56 F3 92 78 A7 7A 09 FA - 99 29 51 99 7D E0 9F B3 *Apr 23 19:50:57.301: RADIUS: User-Name [1] 10 "wifiuser" *Apr 23 19:50:57.301: RADIUS: Framed-MTU [12] 6 1400 *Apr 23 19:50:57.301: RADIUS: Called-Station-Id [30] 16 "0017.0e86.2cb0" *Apr 23 19:50:57.301: RADIUS: Calling-Station-Id [31] 16 "000e.35e6.0bd0" *Apr 23 19:50:57.301: RADIUS: Service-Type [6] 6 Login [1] *Apr 23 19:50:57.302: RADIUS: Message-Authenticato[80] 18 * *Apr 23 19:50:57.302: RADIUS: EAP-Message [79] 8 *Apr 23 19:50:57.302: RADIUS: 02 03 00 06 03 19 [??????] *Apr 23 19:50:57.302: RADIUS: NAS-Port-Type [61] 6 802.11 wireless [19] *Apr 23 19:50:57.302: RADIUS: NAS-Port [5] 6 336 *Apr 23 19:50:57.302: RADIUS: State [24] 18 *Apr 23 19:50:57.302: RADIUS: DE 53 56 01 A4 DC 17 CD C0 B9 E0 46 DF 21 54 FB [?SV????????F?!T?] *Apr 23 19:50:57.302: RADIUS: NAS-IP-Address [4] 6 192.168.150.250 *Apr 23 19:50:57.303: RADIUS: Nas-Identifier [32] 10 "VOICE-AP" *Apr 23 19:51:02.527: RADIUS: no sg in radius-timers: ctx 0xC2506C sg 0x0000 *Apr 23 19:51:02.527: RADIUS: Retransmit to (192.168.150.1:1812,1813) for id 1645/34 *Apr 23 19:51:02.527: RADIUS: Received from id 1645/34 192.168.150.1:1812, Access-Reject, len 44 *Apr 23 19:51:02.528: RADIUS: authenticator 27 C2 B4 DD 14 F9 C3 C0 - DF 88 BD B5 DC 0D 6C 63 *Apr 23 19:51:02.528: RADIUS: EAP-Message [79] 6 *Apr 23 19:51:02.528: RADIUS: 04 03 00 04 [????] *Apr 23 19:51:02.528: RADIUS: Message-Authenticato[80] 18 * *Apr 23 19:51:02.529: RADIUS(000000D3): Received from id 1645/34 *Apr 23 19:51:02.529: RADIUS/DECODE: EAP-Message fragments, 4, total 4 bytes ------------------------ CISCO DEBUG RADIUS END ---------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html