LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   freeradius + wpa auth problem (https://www.linuxquestions.org/questions/linux-security-4/freeradius-wpa-auth-problem-858968/)

gettons1980 01-27-2011 03:40 AM
freeradius + wpa auth problem
 
Hi all,


I am having some troubles setting up freeradius2 + WPA enterprise onto backfire rc4.
I have installed and configiured properly ( I presume ) the service, but when I try to login with either raclient locally or any other wireless client ( xp, xubuntu, android gingerbread ) I get an error.
Basically it looks like when I put details about user and pass ( I am using clear text pass ) the server is not able to see my password and complains about a missing one, but I provide the right password of course.

These are some logs:




First I try with radclient locally :


echo "User-Name=gettons,Password=mypass"| radclient -x 127.0.0.1:1812 auth myclientpass


and I get:


rad_recv: Access-Request packet from host 127.0.0.1 port 50527, id=125, length=29
User-Name = "gettons"
Thu Jan 27 00:17:27 2011 : Info: +- entering group authorize {...}
Thu Jan 27 00:17:27 2011 : Info: ++[chap] returns noop
Thu Jan 27 00:17:27 2011 : Info: ++[mschap] returns noop
Thu Jan 27 00:17:27 2011 : Info: [eap] No EAP-Message, not doing EAP
Thu Jan 27 00:17:27 2011 : Info: ++[eap] returns noop
Thu Jan 27 00:17:27 2011 : Info: [files] users: Matched entry gettons at line 203
Thu Jan 27 00:17:27 2011 : Info: ++[files] returns ok
Thu Jan 27 00:17:27 2011 : Info: [pap] No clear-text password in the request. Not performing PAP.
Thu Jan 27 00:17:27 2011 : Info: ++[pap] returns noop
Thu Jan 27 00:17:27 2011 : Info: WARNING: Please update your configuration, and remove 'Auth-Type = Local'
Thu Jan 27 00:17:27 2011 : Info: WARNING: Use the PAP or CHAP modules instead.
Thu Jan 27 00:17:27 2011 : Info: No User-Password or CHAP-Password attribute in the request.
Thu Jan 27 00:17:27 2011 : Info: Cannot perform authentication.
Thu Jan 27 00:17:27 2011 : Info: Failed to authenticate the user.
Thu Jan 27 00:17:27 2011 : Auth: Login incorrect: [gettons/<no User-Password attribute>] (from client openget port 0)
Thu Jan 27 00:17:27 2011 : Info: Delaying reject of request 0 for 1 seconds
Thu Jan 27 00:17:27 2011 : Debug: Going to the next request
Thu Jan 27 00:17:27 2011 : Debug: Waking up in 0.9 seconds.
Thu Jan 27 00:17:28 2011 : Info: Sending delayed reject for request 0

It basically expects User-Password attribute. And this happens also with wireless clients...

But If try now from the server with radclient using User-Password attribute:


echo "User-Name=gettons,User-Password=mypass"| radclient -x 127.0.0.1:1812 auth myclientpass

it works.




So, the question is: how to tell the clients ( xp, xubuntu and any other wireless wpa enterprise capable device ) to provide the password with "User-Password" instead of just the "Password" attribute?
Or maybe, is there a way to change the default value it expects?








root@openget:/etc/freeradius2# cat /etc/config/wireless

config 'wifi-device' 'radio0'
option 'type' 'mac80211'
option 'macaddr' '00:24:a5:b0:06:5a'
list 'ht_capab' 'SHORT-GI-40'
list 'ht_capab' 'DSSS_CCK-40'
option 'channel' '4'
option 'hwmode' '11g'
option 'disabled' '0'
option 'wmm' '0'

config 'wifi-iface'
option 'device' 'radio0'
option 'network' 'guest'
option 'mode' 'ap'
option 'ssid' 'guestrad'
option 'encryption' 'wpa'
option 'server' '127.0.0.1'
option 'port' '1812'
option 'key' 'myclientpass'

root@openget:/etc/freeradius2# cat /etc/freeradius2/users


# DEFAULT
# Service-Type = Administrative-User

# On no match, the user is denied access.
gettons Cleartext-Password := "mypass"








Thanks in advance.


All times are GMT -5. The time now is 04:22 PM.