DD-WRT and FreeRADIUS Windows Authentication problem
-
I read the msg thread about DD-WRT and FreeRADIUS that was posted a few months ago, but was unable to get it working. After doing some googling and checking out some other groups I decided to post back here and see if I could get any help. Here is a capture of my FreeRADIUS log:
Sat Feb 21 15:36:26 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Sat Feb 21 15:36:26 2009 : Info: Ready to process requests.
Sat Feb 21 15:36:28 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:36:33 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:39:06 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:39:54 2009 : Info: Using deprecated naslist file. Support for this will go away soon.
Sat Feb 21 15:39:54 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Sat Feb 21 15:39:54 2009 : Info: Ready to process requests.
Sat Feb 21 15:42:50 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:42:50 2009 : Auth: Login incorrect: [Ryan/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 15:49:40 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:49:40 2009 : Auth: Login incorrect: [Ryan/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 15:52:08 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:52:08 2009 : Auth: Login incorrect: [Marilee/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 15:56:42 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 15:56:42 2009 : Auth: Login incorrect: [Marilee/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 16:02:35 2009 : Info: Using deprecated naslist file. Support for this will go away soon.
Sat Feb 21 16:02:35 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Sat Feb 21 16:02:35 2009 : Info: Ready to process requests.
Sat Feb 21 16:03:54 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 16:03:54 2009 : Auth: Login incorrect: [Ryan/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 16:15:34 2009 : Info: Using deprecated naslist file. Support for this will go away soon.
Sat Feb 21 16:15:34 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Sat Feb 21 16:15:34 2009 : Info: Ready to process requests.
Sat Feb 21 16:16:52 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 16:16:52 2009 : Auth: Login incorrect: [Ryan/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 16:30:53 2009 : Info: Using deprecated naslist file. Support for this will go away soon.
Sat Feb 21 16:30:53 2009 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Sat Feb 21 16:30:53 2009 : Info: Ready to process requests.
Sat Feb 21 16:32:04 2009 : Auth: Login OK: [00:0e:35:39:96:87/1234567890] (from client DD-WRT port 1)
Sat Feb 21 16:32:41 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 16:32:41 2009 : Auth: Login incorrect: [00:0e:35:39:96:87/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 16:35:21 2009 : Info: rlm_eap_md5: Issuing Challenge
Sat Feb 21 16:35:21 2009 : Auth: Login incorrect: [Ryan/<no user-password="" attribute="">] (from client DD-WRT port 40 cli 000e35399687)
Sat Feb 21 16:36:51 2009 : Auth: Login incorrect: [00:1a:73:dd:97:77/1234567890] (from client DD-WRT port 1)
Sat Feb 21 16:37:43 2009 : Auth: Login OK: [00:0e:35:39:96:87/1234567890] (from client DD-WRT port 1)I have configured freeradius on my pfsense box to communicate on port 1812 which matches up with my DD-WRT router. I have set the router to Authenticate and Encrypt using WPA2 Enterprise and have configured the static IP used by my pfsense box. I have set up the DD-WRT router to be a client in FreeRADIUS and made sure that the shared secret is identical between both boxes. I have configured a list of users on FreeRADIUS with passwords and made sure that my windows clients are configured for PEAP and not to validate the server certificate. I have cleared the "use windows login credentials" checkbox on the windows clients.
After all said and done I attempt to connect to the DD-WRT box and I get a popup on the windows client asking me to provide username and/or certificate credentials to login. I type in the the username and password I provided in FreeRADIUS and after some humming and hawing I get "Authentication Failed".
I have tried enabling MAC Radius client in DD-WRT and providing the same username and password in FreeRADIUS but no go there either. At this point I am kind of stuck. Any help would be appreciated. Thanks.</no></no></no></no></no></no></no></no>
-
Oh!!! You too?!?!?! I thought it was just me having the problems!!! I was trying to use PEAP to authenticate and for the life of me couldn't get the stupid thing to work and though it was just some ID10T errors due to lack of experience with FreeRadius.
So please help and I would like to BUMP this topic for assistance.
I was getting the same authentication errors in my log and posted here (http://forum.pfsense.org/index.php/topic,14371.0.html) to try and get some help.
-
Hello everyone. I am having the same issue as described by the topic Author. Can someone point me in the right direction.
Its kind of funny. I configure the users in the freeRadius users tab and try to authenticate. I get prompted for my user and pass and still the log says "Auth: Login incorrect: [tommyboy180/<no user-password="" attribute="">] (from client WRT54GL port 46 cli 0015afc64921)"
Some help please?</no>