Thread: FreeRadius connectivity problems
hi,
have installed , configured freeradius service on ubuntu machine. plan use freeradius authenticate users via mac address , 802.1 x eap.
problem while freeradius gives "auth-type = accept" after passing tests, user can't connect internet , booted network uses freeradius auth in less minute.
there no message in freeradius debug mode when happens, i'm bit lost here.
thing worth of note using ruckus zonedirector manage our networks, , there authentication test in it, used check if works ok. problem here gives failed result settings give auth-type = accept, if go , remove auth checks in sites-enabled/default config file, gives success. there definetly wrong configs.
i've been following plain mac-auth guide accomplish whatever have now, still needs tinkering. problem have no idea start.
here log of happens when user connects freeradius guarded network:
code:ready process requests. rad_recv: access-request packet host 192.168.154.12 port 1065, id=9, length=168 user-name = "60d819a89668" user-password = "60d819a89668" calling-station-id = "60-d8-19-a8-96-68" nas-ip-address = 192.168.154.12 called-station-id = "c4-01-7c-1a-50-69:opetusx" service-type = framed-user nas-port-type = wireless-802.11 nas-identifier = "c4-01-7c-1a-50-69" vendor-25053-attr-3 = 0x6f706574757378 message-authenticator = 0xa7676bfa2ace5b4ba05356c35cac255a # executing section authorize file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok [authorized_macs] expand: %{calling-station-id} -> 60-d8-19-a8-96-68 [authorized_macs] users: matched entry 60-d8-19-a8-96-68 @ line 2 ++[authorized_macs] returns ok ++? if (!ok) ? evaluating !(ok) -> false ++? if (!ok) -> false ++- entering else else {...} +++? if (!eap-message) ? evaluating !(eap-message) -> true +++? if (!eap-message) -> true +++- entering if (!eap-message) {...} ++++[control] returns ok +++- if (!eap-message) returns ok ++- else else returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] no '@' in user-name = "60d819a89668", looking realm null [suffix] no such realm "null" ++[suffix] returns noop [eap] no eap-message, not doing eap ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] warning: auth-type set. not setting pap ++[pap] returns noop found auth-type = accept auth-type = accept, accepting user # executing section post-auth file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop sending access-accept of id 9 192.168.154.12 port 1065 finished request 0. going next request waking in 4.9 seconds. cleaning request 0 id 9 timestamp +7 ready process requests.
contents of sites-enabled/default authorize portion follows:
now current thing own crude work, used examples given in plain mac auth wiki prior one, gave same results.code:authorize { # # preprocess module takes care of sanitizing bizarre # attributes in request, , turning them attributes # more standard. # # takes care of processing 'raddb/hints' , # 'raddb/huntgroups' files. preprocess authorized_macs if (!ok) { reject } else { if (!eap-message) { update control { auth-type := accept } } } #else { #eap #}
ideas i'm doing wrong here?
also, using pap on ruckus controller, other option being chap. switching between these 2 though seems have no effect whatsoever.
i'm @ wits end here.
Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [ubuntu] FreeRadius connectivity problems
Ubuntu
Comments
Post a Comment