Wireless Access

Hi,

I have another question or problem. :)

We ware using two freeradius server. Both are integrated in two closed systems and I cannot change the configuration. The Support told me the freeradius Server uses peap-mschapv2 to communicate. So I checked in 'Security > Authentication > L2 Authentication' - > Termination, eap-peap and eap-mschapv2. But the authentication is not possilbe.

The logifle from the freeradius server:

"rad_recv: Access-Request packet from host 172.16.6.254 port 64459, id=25, length=219
        NAS-IP-Address = 172.16.6.254
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        User-Name = "test.test"
        Calling-Station-Id = "000000000000"
        Called-Station-Id = "000B866DE6A8"
        MS-CHAP-Challenge = 0x7e202d8738229328921442db4452bde6
        MS-CHAP2-Response = 0x0000bb62de51fcd9d27ffa32b4b41066e4630000000000000000c0f5561b18359db1896b6efe7a2418f7dc4fb3e54545a0ac
        Service-Type = Login-User
        Aruba-Location-Id = "N/A"
        Aruba-Attr-10 = 0x4e2f41
        Message-Authenticator = 0x172eaaba97999974bc4be1bdbc320373
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [alexander.grund] (from client 172.16.6.0/24 port 0 cli 000000000000)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> alexander.grund
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
[log_reject]    expand: %{User-Name} -> alexander.grund
Exec-Program output:
Exec-Program: returned: 0
++[log_reject] returns ok
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 25 to 172.16.6.254 port 64459
Waking up in 4.9 seconds.
Cleaning up request 0 ID 25 with timestamp +24
Ready to process requests."

I cannot find the problem or what's wrong with the config.

Regards,

Alex

Hi Alex,

what is your DB which freeradius server connecting with,(LDAP, AD, Mysql)?

please try to use internal DB on freeradius first. config like below

1. path which freeradius installed exam: /etc/freeradius/site-enable/ then edit file default

authorize {        

 preprocess        

chap        

 mschap        

 digest        

eap {                

    ok = return        

 }        

files        

 pap

}

authenticate {        

   Auth-Type PAP {

        pap         }

    Auth-Type CHAP {

        chap       }        

    Auth-Type MS-CHAP {                

        mschap         }        

    eap

}

#other config not change

================================ 

2. edit file which stroe user and password exam:/etc/freeradius/users

add user and password like this.

aakmit  Cleartext-Password := 123456 

================================

3. restart server and run debug again i think it' should work.

=======================================================

if this configuration is work then try to edit config which match your DB like LDAP or SQL.

regards,

Hi,

thanks for your advice. The Radius Server is connectet so a mysql database and the connection is working. If I connect a Cisco WAP2000 AP to the Radius Server the connection is working. But the Aruba controller cannot connect to the freeradius server or uses the wrong configuration. Our Aruba support told me to select in the 'default' profile 'eap-mschapv2', 'eap-peap' and 'Termination'. But this is not really working.

Regards,

Alex

Hi,

when I am using a Cisco WAP2000 the authentication works great and there is no problem. I am a little bit confused, a 100 Euro AP can communicate with my freeradius server but a 4000 Euro Aruba appliance can't?

Regards,

Alex

Can you try to use command "aaa test-server mschapv2 freeradius-server-ip username password" ?

it should work.

can you attachted freeradius config?