I've configured the radius server with the eDirectory and tested the connection it is ok. From the client side, I configured the wifi to use mschapv2, and it prompts me for username, password and domain.
When I enter the information, from the radius server I can see:
It get's an EAP-TLV response, what is that? When I test the same user id and password combination using radtest, I can connect.
I'd like to ask, how do I enter the information in the client side when it asks me for username, password and domain?
user.ou / password / domain name or
cn=user, o=org/password ?
The log shows :
No '@' in User-Name = "admin", looking up realm NULL
[suffix] No such realm "NULL"
Does that mean it is looking for this user in the user.conf file? Why is it not checking for the user from the ldap database?
Please advise.
If I use rad-test, then I can authenticate with the same credentials. And it finds the user in ldap.
When I enter the information, from the radius server I can see:
Code:
rad_recv: Access-Request packet from host 192.168.100.151 port 1645, id=75, length=174
User-Name = "admin"
Framed-MTU = 1400
Called-Station-Id = "0013.7f43.9f50"
Calling-Station-Id = "001c.bf8b.77be"
Service-Type = Login-User
Message-Authenticator = 0x9fd862ccfbe04efee08d8fed8f31ca39
EAP-Message = 0x020800261900170301001ba4d273df68b695406287e0a4250c6b1c1d8ebdc157f43be349f41f
NAS-Port-Type = Wireless-802.11
NAS-Port = 293
State = 0xf3c90c12f6c115bf76b74b1b2ec75c5f
NAS-IP-Address = 192.168.100.151
NAS-Identifier = "ict-dev"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "admin", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
++[ldap] returns noop
[attr_filter.access_reject] expand: %{User-Name} -> admin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 62 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 62
Sending Access-Reject of id 75 to 192.168.100.151 port 1645
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 56 ID 69 with timestamp +1854
Cleaning up request 57 ID 70 with timestamp +1854
Cleaning up request 58 ID 71 with timestamp +1854
Cleaning up request 59 ID 72 with timestamp +1854
Cleaning up request 60 ID 73 with timestamp +1854
Cleaning up request 61 ID 74 with timestamp +1854I'd like to ask, how do I enter the information in the client side when it asks me for username, password and domain?
user.ou / password / domain name or
cn=user, o=org/password ?
The log shows :
No '@' in User-Name = "admin", looking up realm NULL
[suffix] No such realm "NULL"
Does that mean it is looking for this user in the user.conf file? Why is it not checking for the user from the ldap database?
Please advise.
If I use rad-test, then I can authenticate with the same credentials. And it finds the user in ldap.