Problem s linux freeradius - Cisco AP1232 - Notebook WinXP
Petr Simek
psimek na jcu.cz
Pátek Leden 27 12:32:01 CET 2006
Dobry den,
uz jsem prosel kde co, ale porad nemohu nalezt reseni, tak bych si
dovolil pozadat o radu zde. Zkousim pripojit notebook s windows XP
na Cisco AP1232. Chtel bych se vuci AP prihlasovat pres jmeno/heslo
ktere by se overilo na radiusu, takze se to snazim konfigurovat podle
navodu pro PEAP/MSCHAPv2
Na linuxu mam freeradius nastaveny podle dostupnych navodu aby podporoval
tls peap autorizaci. APcko jsme nastavil podle podobnych navodu aby
autorizace na wifi byla open eap a mam tam nastaveny muj radius (klice
mi sedi). WinXP jsem konfiguroval zase podle navodu - pouzivat WEP,
klic mi posle AP, IEEE 802.1x authentikace (odskrtnuto auth. as computer,
auth. as guest), vypnul jsem validaci server certifikatu (v radiusu mam
zavedeny ten testovaci). Auth metodu mam Secured password a ve volbach
k ni jsme odskrtnul automaticke prihlaseni jmenem a heslem z windows.
Kdyz to testuju tak na masine kde mi bezi radius zadam :
echo "User-Name = simek, User-Password = marusja" | radclient radius-host.jcu.cz auth 123ert
na radiusu (ma ho spusten jako radiusd -X) mi to vypise :
rad_recv: Access-Request packet from host 160.217.IP.IP:32857, id=69, length=45
User-Name = "simek"
User-Password = "marusja"
Processing the authorize section of radiusd.conf
....vynechano....
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [simek/marusja] (from client test1 port 0)
Sending Access-Accept of id 69 to 160.217.IP.IP:32857
vse je v poradku. Podobne to je i kdyz na onom AP zadam :
test aaa group radius simek marusja legacy
probehne to v poradku a radius vypise :
rad_recv: Access-Request packet from host 160.217.IP.IP:1645, id=205, length=61
NAS-IP-Address = 160.217.IP.IP
NAS-Port-Type = Async
User-Name = "simek"
User-Password = "marusja"
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
....vynechano....
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
Login OK: [simek/marusja] (from client AP1232 port 0)
Sending Access-Accept of id 205 to 160.217.IP.IP:1645
Situace je jina na tech WindowsXP. Po zapnuti cudliku wireless najde
wifi sit pro kterou jsem udelal tu konfiguraci, objevi se vyzva k zadani
'credentials' a po zadani jmena simek a hesla marusja se prihlaseni nezdari
a porad se opakuje dokola. Radius pise :
rad_recv: Access-Request packet from host 160.217.IP.IP:1645, id=206, length=123
User-Name = "simek"
Framed-MTU = 1400
Called-Station-Id = "0014.6912.efb0"
Calling-Station-Id = "000e.354e.026e"
Service-Type = Login-User
Message-Authenticator = 0xb41b97f1fedfd2c1279d46589186952b
EAP-Message = 0x0202000a0173696d656b
NAS-Port-Type = Wireless-802.11
NAS-Port = 335
NAS-IP-Address = 160.217.IP.IP
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
....vynechano....
rad_check_password: Found Auth-Type Local
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [simek/<no User-Password attribute>] (from client AP1232 port 335 cli 000e.354e.026e)
Delaying request 8 for 1 seconds
Mne to vychazi tak, ze windows neposilaji heslo, ale netusim v cem muze
byt problem. Mozna jsem neco nepochopil - nevedeli by jste kde muze byt
chyba a jak to rozbehnout ?
S pozdravem
*------------------------------------------------------------------------*
| Petr Simek APS JU |
| psimek na jcu.cz |
*------------------------------------------------------------------------*
Další informace o konferenci Linux