Alright, I'm going to try my best to explain what's going on here. I have a Meraki wireless access point I am trying to get configured to work with RADIUS. I have my freeradius server up and running with two other access points just fine. However, I cannot get it to work right with the Meraki one. It's set up to us MySQL for all the authentication and such and as I mentioned it works fine with the other two access points. However, when the Meraki access point tries to authenticate using SHA-Password credentials in the MySQL database I get a Login incorrect. Here is a bit from the radius log file:
Sat Dec 4 09:21:54 2010 : Auth: Login OK: [testing] (from client Meraki port 0 via TLS tunnel) Sat Dec 4 09:21:54 2010 : Auth: Login OK: [testing] (from client Meraki port 0 cli 00-00-00-00-00-02) Sat Dec 4 09:22:24 2010 : Auth: Login incorrect: [test2] (from client Meraki port 0 via TLS tunnel) Sat Dec 4 09:22:24 2010 : Auth: Login incorrect: [test2] (from client Meraki port 0 cli 00-00-00-00-00-02) Both users are in the MySQL database, the only difference is the 'testing' has a 'Cleartext-Password' while the 'test2' user has an 'SHA-Password' If I try to use the 'test2' user from command line with a radtest it works fine: Sat Dec 4 09:23:28 2010 : Auth: Login OK: [test2] (from client localhost port 10) It also works correctly with my Untangle box: Sat Dec 4 09:29:23 2010 : Auth: Login OK: [test2] (from client Untangle port 0) I contacted Meraki about it and among other things they said: "It may be failing because your RADIUS server policy is configured to use the EAP-TLS authentication method and our test simulates a supplicant using PEAP-MSCHAPv2." Honestly I know very little about freeradius. I have set it up using some how-to guides on the Internet and it seems to be functioning correctly for the other two access points. The record in the 'nas' table for the Meraki access point is identical to the records for the other access points other than the IP/shortname. I have made copies of (I think) all the used config files if that's helpful. You can find them all here: http://dbunyard.homeip.net/stuff/raddb/ http://dbunyard.homeip.net/stuff/raddb/ Any help in configuring this would be greatly appreciated! If you need any additional information or logs let me know. Thanks! -- Dan -- View this message in context: http://freeradius.1045715.n5.nabble.com/Meraki-Access-Points-Login-incorrect-for-SHA-Password-tp3292174p3292174.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html