I am testing wireless on both Windows and Unix Radius servers for 802.1X. Windows RADIUS authentication works fine while UNIX RADIUS gives this error message. Unix admin is saying that he is not receiving password information and only User name is coming through to Unix radius and so authentication is rejected. UNIX use Kerberos. Any idea what it could mean?
Here is the log from the controller:
Aug 26 14:39:18 fpcli: USER:admin@86.36.35.231 COMMAND:<logging level debugging user-debug c0:9f:42:99:e7:c8 > -- command executed successfully
Aug 26 14:40:00 authmgr[2225]: <522036> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8 Station DN: BSSID=00:1a:1e:21:1a:62 ESSID=ABC-SECURE VLAN=522 AP-name=ABC-CPPM-TEST
Aug 26 14:40:00 authmgr[2225]: <522234> <DBUG> |authmgr| Setting idle timer for user c0:9f:42:99:e7:c8 to 15300 seconds (idle timeout: 15300 ageout: 0).
Aug 26 14:40:00 stm[1996]: <501000> <DBUG> |stm| Station c0:9f:42:99:e7:c8: Clearing state
Aug 26 14:40:00 stm[1996]: <501102> <NOTI> |stm| Disassoc from sta: c0:9f:42:99:e7:c8: AP 172.20.33.176-00:1a:1e:21:1a:62-ABC-CPPM-TEST Reason STA has left and is disassociated
Aug 26 14:40:00 stm[757]: <501000> <DBUG> |AP ABC-CPPM-TEST@172.20.33.176 stm| Station c0:9f:42:99:e7:c8: Clearing state
Aug 26 14:40:00 stm[757]: <501102> <NOTI> |AP ABC-CPPM-TEST@172.20.33.176 stm| Disassoc from sta: c0:9f:42:99:e7:c8: AP 172.20.33.176-00:1a:1e:21:1a:62-ABC-CPPM-TEST Reason STA has left and is disassociated
Aug 26 14:40:01 authmgr[1995]: <522038> <INFO> |authmgr| username=andrews MAC=c0:9f:42:99:e7:c8 IP=172.20.62.181 Authentication result=Authentication Successful method=radius-accounting server=QTR-RADIUS-02
Aug 26 14:40:01 authmgr[2225]: <522005> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8 IP=172.20.62.181 User entry deleted: reason=essid change
Aug 26 14:40:01 authmgr[2225]: <522030> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8 Station deauthenticated: BSSID=00:1a:1e:21:1a:62, ESSID=ABC-SECURE
Aug 26 14:40:01 authmgr[2225]: <522035> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8 Station UP: BSSID=00:1a:1e:21:02:47 ESSID=ABC-UNIX VLAN=524 AP-name=ABC-2244
Aug 26 14:40:01 authmgr[2225]: <522049> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User role updated, existing Role=ABC-AUTH/ABC-AUTH, new Role=logon/ABC-AUTH, reason=Station is L2 deauthenticated
Aug 26 14:40:01 authmgr[2225]: <522050> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=15300
Aug 26 14:40:01 authmgr[2225]: <522050> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0, reason=Station resetting role, idle-timeout=15300
Aug 26 14:40:01 authmgr[2225]: <522050> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0, reason=layer 2 event driven download, idle-timeout=15300
Aug 26 14:40:01 authmgr[2225]: <522077> <DBUG> |authmgr| MAC=c0:9f:42:99:e7:c8 ingress 0x0x10b7d (tunnel 2941), u_encr 64, m_encr 64, slotport 0x0x2100 , type: local, FW mode: 0, AP IP: 0.0.0.0 mdie 0 ft_complete 0
Aug 26 14:40:01 authmgr[2225]: <522078> <DBUG> |authmgr| MAC=c0:9f:42:99:e7:c8, wired: 0, vlan:524 ingress:0x0x10b7d (tunnel 2941), ingress:0x0x10b7d new_aaa_prof: ABC-AAA-UNIX-TEST, stored profile: ABC-AAA stored wired: 0 stored essid: ABC-SECURE, stored-ingress: 0x0x108d8
Aug 26 14:40:01 authmgr[2225]: <522079> <DBUG> |authmgr| MAC=c0:9f:42:99:e7:c8 (vlan:524) Detecting Wireless-user AAA-Profile mismatch or wireless<->wired roam
Aug 26 14:40:01 authmgr[2225]: <522242> <DBUG> |authmgr| MAC=c0:9f:42:99:e7:c8 Station Created Update MMS: BSSID=00:1a:1e:21:02:47 ESSID=ABC-UNIX VLAN=524 AP-name=ABC-2244
Aug 26 14:40:01 authmgr[2225]: <522244> <DBUG> |authmgr| MAC=c0:9f:42:99:e7:c8 Station Deleted Update MMS
Aug 26 14:40:01 authmgr[2225]: <522246> <DBUG> |authmgr| Idle timeout should be driven by STM for MAC c0:9f:42:99:e7:c8.
Aug 26 14:40:01 authmgr[2225]: <522253> <DBUG> |authmgr| VDR - mac c0:9f:42:99:e7:c8 derivation_type Initial Role Contained derived vlan 521.
Aug 26 14:40:01 authmgr[2225]: <522254> <DBUG> |authmgr| VDR - mac c0:9f:42:99:e7:c8 rolename logon fwdmode 0 derivation_type Initial Role Contained vp not present.
Aug 26 14:40:01 authmgr[2225]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for c0:9f:42:99:e7:c8 vlan 521 fwdmode 0 derivation_type Initial Role Contained.
Aug 26 14:40:01 authmgr[2225]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for c0:9f:42:99:e7:c8 vlan 524 fwdmode 0 derivation_type Current VLAN updated.
Aug 26 14:40:01 authmgr[2225]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for c0:9f:42:99:e7:c8 vlan 524 fwdmode 0 derivation_type Default VLAN.
Aug 26 14:40:01 authmgr[2225]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 0 derivation_type Reset VLANs for Station up index 0.
Aug 26 14:40:01 authmgr[2225]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 521 derivation_type Initial Role Contained index 3.
Aug 26 14:40:01 authmgr[2225]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 524 derivation_type Current VLAN updated index 2.
Aug 26 14:40:01 authmgr[2225]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 524 derivation_type Default VLAN index 1.
Aug 26 14:40:01 authmgr[2225]: <522264> <DBUG> |authmgr| "MAC:c0:9f:42:99:e7:c8: Allocating UUID: 1125.
Aug 26 14:40:01 authmgr[2225]: <522265> <DBUG> |authmgr| "MAC:c0:9f:42:99:e7:c8: Deallocating UUID: 1042.
Aug 26 14:40:01 authmgr[2225]: <524124> <DBUG> |authmgr| dot1x_supplicant_up(): MAC:c0:9f:42:99:e7:c8, pmkid_present:False, pmkid:N/A
Aug 26 14:40:01 mdns[2075]: <527000> <DBUG> |mdns| mdns_client_purge 648 Purge mdns client, mac=c0:9f:42:99:e7:c8
Aug 26 14:40:01 mdns[2075]: <527000> <DBUG> |mdns| mdns_parse_auth_userrole_message 287 Auth User ROLE: MAC:c0:9f:42:99:e7:c8, NAME:andrews, ROLE_NAME:ABC-AUTH
Aug 26 14:40:01 mdns[2075]: <527004> <INFO> |mdns| mdns_parse_auth_useridle_message 195 Auth User Idle Timeout: MAC:c0:9f:42:99:e7:c8, WIRED:0, FW:0, VLAN:522, IP:172.20.62.181, BSSID:00:1a:1e:21:1a:62, AGE:166,
Aug 26 14:40:01 stm[1996]: <501095> <NOTI> |stm| Assoc request @ 14:40:01.490941: c0:9f:42:99:e7:c8 (SN 231): AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244
Aug 26 14:40:01 stm[1996]: <501100> <NOTI> |stm| Assoc success @ 14:40:01.495688: c0:9f:42:99:e7:c8: AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244
Aug 26 14:40:01 stm[755]: <501093> <NOTI> |AP ABC-2244@172.20.8.64 stm| Auth success: c0:9f:42:99:e7:c8: AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244
Aug 26 14:40:01 stm[755]: <501095> <NOTI> |AP ABC-2244@172.20.8.64 stm| Assoc request @ 14:40:03.532906: c0:9f:42:99:e7:c8 (SN 231): AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244
Aug 26 14:40:01 stm[755]: <501100> <NOTI> |AP ABC-2244@172.20.8.64 stm| Assoc success @ 14:40:03.534627: c0:9f:42:99:e7:c8: AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244
Aug 26 14:40:01 stm[755]: <501109> <NOTI> |AP ABC-2244@172.20.8.64 stm| Auth request: c0:9f:42:99:e7:c8: AP 172.20.8.64-00:1a:1e:21:02:47-ABC-2244 auth_alg 0
Aug 26 14:40:03 authmgr[1995]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station c0:9f:42:99:e7:c8 00:1a:1e:21:02:47 doing 802.1x
Aug 26 14:40:03 authmgr[1995]: <132053> <ERRS> |authmgr| Dropping the radius packet for Station c0:9f:42:99:e7:c8 00:1a:1e:21:02:47 doing 802.1x
Aug 26 14:40:03 authmgr[1995]: <132207> <ERRS> |authmgr| RADIUS reject for station andrews c0:9f:42:99:e7:c8 from server CMU_RAD.
Aug 26 14:40:03 authmgr[1995]: <132207> <ERRS> |authmgr| RADIUS reject for station andrews c0:9f:42:99:e7:c8 from server CMU_RAD.
Aug 26 14:40:03 authmgr[1995]: <522030> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8 Station deauthenticated: BSSID=00:1a:1e:21:02:47, ESSID=ABC-UNIX
Aug 26 14:40:03 authmgr[1995]: <522042> <NOTI> |authmgr| User Authentication Failed: username=andrews MAC=c0:9f:42:99:e7:c8 IP=0.0.0.0 auth method=802.1x auth server=CMU_RAD
Aug 26 14:40:03 authmgr[1995]: <522049> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User role updated, existing Role=logon/none, new Role=logon/none, reason=Station is L2 deauthenticated
Aug 26 14:40:03 authmgr[1995]: <522050> <INFO> |authmgr| MAC=c0:9f:42:99:e7:c8,IP=N/A User data downloaded to datapath, new Role=logon/1, bw Contract=0/0, reason=Download driven by user role setting, idle-timeout=15300
Aug 26 14:40:03 authmgr[1995]: <522095> <DBUG> |authmgr| c0:9f:42:99:e7:c8: Sending STM new vlan info: vlan 521, AP 00:1a:1e:21:02:47 caller user_send_current_vlan_update
Aug 26 14:40:03 authmgr[1995]: <522175> <DBUG> |authmgr| skipping mac : c0:9f:42:99:e7:c8, from AP : 0.0.0.0, with authtype : 802.1x.
Aug 26 14:40:03 authmgr[1995]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for c0:9f:42:99:e7:c8 vlan 521 fwdmode 0 derivation_type Current VLAN updated.
Aug 26 14:40:03 authmgr[1995]: <522255> <DBUG> |authmgr| "VDR - set vlan in user for c0:9f:42:99:e7:c8 vlan 521 fwdmode 0 derivation_type VLAN exported.
Aug 26 14:40:03 authmgr[1995]: <522257> <DBUG> |authmgr| "VDR - send current vlan for user c0:9f:42:99:e7:c8 vlan 521 derivation_type Initial Role Contained trace new vlan: from deauth.
Aug 26 14:40:03 authmgr[1995]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 0 derivation_type Reset all Auth VLANs index 4.
Aug 26 14:40:03 authmgr[1995]: <522258> <DBUG> |authmgr| "VDR - Add to history of user user c0:9f:42:99:e7:c8 vlan 521 derivation_type Current VLAN updated index 5.