> Hiya > > I need some help to configure freeradius with openldap. I have a ldap > database which stores password in SSHA format, so i choose PAP for > authentication. I want to use freeradius to authenticate on a netgear Wifi > access point. > > (http://deployingradius.com/documents/protocols/compatibility.html) > > I've set up the AP in client freeradius in clients.conf, with a secret and > shortname like in documentation. > > Next i've put auto_header = yes in pap.conf > And uncomment the line ldap to activate module in /site-enable/default > > When i start server in debug mode, authorization works fine but server have > problems to authentication step and i don't understand why > Here is the debug comments : > > rad_recv: Access-Request packet from host 192.168.0.201 port 32774, id=85, > length=169 User-Name = "cyril" > NAS-IP-Address = 192.168.0.201 > NAS-Identifier = "hello" > NAS-Port = 0 > Called-Station-Id = "4C-60-DE-D2-22-61:easyBridge2" > Calling-Station-Id = "7C-C5-37-14-16-C9" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 0Mbps 802.11b" > EAP-Message = 0x0200000e016e6c61746869657265 > Message-Authenticator = 0x2bf3ec3446adc97ea15c4c160ee8b0bbThu Nov > 22 15:04:36 2012 : >
Since your 802.1x supplicant does not send a User-Password it seems that you configured some kind of EAP (802.1x) in the network authentications settings of your client (notebook). You also have a EAP-Message attribute in your Access- Request packet. And according to the protocol compatibility matrix you mentioned, SSHA and *EAP will not work. -- Dr. Michael Schwartzkopff Guardinistr. 63 81375 München Tel: (0163) 172 50 98 Fax: (089) 620 304 13
signature.asc
Description: This is a digitally signed message part.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html