Hi,
Is there anyone out there who has successfully managed to make a Cisco WLSE authenticate against a freeradius server when joining a WDS? Cisco AP1200 access points successfully authenticate to the freeradius server through the WDS, but I have been unsuccessful when it comes to the WLSE.
A couple of weeks ago a patch for freeradius was posted to this mailing list that partially helped by fixing a Cisco bug - after applying the patch freeradius now Access-Accept's the WLSE's authentication and the access point I'm using as the WDS is showing the WLSE (or Wireless Network Manager) as being 'AUTHENTICATED' but the WLSE itself appears to go into a 'WLSE to WDS Authentication Status' of Authenticated only momentarily before switching back to unauthenticated. The WLSE then repeatedly retries to authenticate every 10 seconds (with freeradius logging successful authentications each time).
Am I perhaps missing some attributes that I should be sending to the WLSE? We don't have a Cisco ACS to be able to compare what it sends. The users file entry is currently as follows (and has been many variations...) :
------------------------
admin NT-Password := "0x63D79465F548EA2213141CA0C489F1F2", Auth-Type := eap
Service-Type = Login-User,
Fall-Through = No
------------------------
eap.conf is as follows :
------------------------
eap {
default_eap_type = leap
leap {
}
tls {
private_key_password = whatever
private_key_file = /usr/local/etc/raddb/certs/wireless.key
certificate_file = /usr/local/etc/raddb/certs/wireless.crt
CA_file = /usr/local/etc/raddb/certs/root.pem
dh_file = /usr/local/etc/raddb/certs/dh
random_file = /usr/local/etc/raddb/certs/random
}
}------------------------
I'm running :
freeradius-1.0.0 final on Fedora Core 1 (openssl-0.9.7a-33.10) The AP1200's (and hence WDS) are running IOS 12.2(15)JA and the WLSE is version 2.7.1
Thanks for any help, Craig
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
