Conexão do FreeRadius + OpenLdap no Access Point

1. Conexão do FreeRadius + OpenLdap no Access Point

Felipe_S_Vieira
(usa Ubuntu)

Enviado em 17/04/2016 - 18:40h

Olá, este é meu 1º post aqui... Bem, estou tentando configurar um Servidor Radius com integração do Ldap para a autenticação em um Access Point no Ubuntu 12.04 ou 14.04, a integração dos serviços ocorre normalmente, mas quando tento fazer a autenticação com qualquer usuário da base do Ldap no Access Point, diz que a senha está incorreta. Quando tento autenticar qualquer usuário no AP somente pelo Radius, a autenticação ocorre tudo bem.

Abaixo o Debug da tentativa de autenticação, por favor me ajudem, estou tentando dar seguimento no meu projeto de TCC.

Muito Obrigado.

rad_recv: Access-Request packet from host 192.168.0.110 port 1024, id=0, length=187
Message-Authenticator = 0xc38fa97209495a68d91fe1840e40c42d
Service-Type = Framed-User
User-Name = "felipe"
Framed-MTU = 1488
Called-Station-Id = "40-01-C6-DE-13-00:ap-radius"
Calling-Station-Id = "50-FC-9F-46-7B-E9"
NAS-Identifier = "ap-radius"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000b0166656c697065
NAS-IP-Address = 192.168.0.110
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[ldap] performing user authorization for felipe
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> felipe
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=felipe)
[ldap] expand: dc=ldap,dc=com -> dc=ldap,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to 127.0.0.1:389, authentication 0
[ldap] bind as cn=admin,dc=ldap,dc=com/freeradius to 127.0.0.1:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] performing search in dc=ldap,dc=com, with filter (uid=felipe)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{MD5}oF9D7AIHqUnOqgVAI3E+1g=="
[ldap] looking for reply items in directory...
[ldap] user felipe authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> felipe
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.0.110 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.110 port 1026, id=0, length=187
Message-Authenticator = 0x2cc33541e0868ba90cba088b3c11e2c0
Service-Type = Framed-User
User-Name = "felipe"
Framed-MTU = 1488
Called-Station-Id = "40-01-C6-DE-13-00:ap-radius"
Calling-Station-Id = "50-FC-9F-46-7B-E9"
NAS-Identifier = "ap-radius"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000b0166656c697065
NAS-IP-Address = 192.168.0.110
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[ldap] performing user authorization for felipe
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> felipe
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=felipe)
[ldap] expand: dc=ldap,dc=com -> dc=ldap,dc=com
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=ldap,dc=com, with filter (uid=felipe)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{MD5}oF9D7AIHqUnOqgVAI3E+1g=="
[ldap] looking for reply items in directory...
[ldap] user felipe authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> felipe
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 0 ID 0 with timestamp +4
Waking up in 0.6 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 192.168.0.110 port 1026
Waking up in 4.9 seconds.
Cleaning up request 1 ID 0 with timestamp +9
Ready to process requests.

0 0

Quote