Help with Zentyal RADIUS configuration. Need more detailed guide.

[mamen0330]

I have setup Zentyal 2.0 RADIUS and add user in users and groups for testing. I have also configured my AP(Linksys WRT54GS, routing capability off, dedicated as an AP) as a NAS and I know that it's talking correctly with the RADIUS server. But I can't authenticate using the username and password at users and groups. It keeps asking and asking the UN/PWD. Tested both in fedora-linux and windows-7.

RADIUS server setting:
(WRT54GS with dd-wrt installed)
Client IP = 192.168.0.2/32
Shared secret: test

RADIUS client setting:
Security Mode: WPA Enterprise
WPA Algorithms: TKIP+AES
Radius Auth Server = 192.168.0.1
Port: 1812
Shared secret: test

Can anyone help me with this to make it work? A step by step guide clearer than the documentation will do. Thanks.

[jsalamero]

Did you try with radtest first ?

Are you using EAP TTLS PAP on the clients ?

[mamen0330]

root@zentyal:/home/mamen# radtest test test 192.168.0.1:1812 1812 secret test-secret 192.168.0.2
Sending Access-Request of id 217 to 192.168.0.1 port 1812
   User-Name = "test"
   User-Password = "test"
   NAS-IP-Address = 192.168.0.2
   NAS-Port = 1812
   Framed-Protocol = PPP
Sending Access-Request of id 217 to 192.168.0.1 port 1812
   User-Name = "test"
   User-Password = "test"
   NAS-IP-Address = 192.168.0.2
   NAS-Port = 1812
   Framed-Protocol = PPP
Sending Access-Request of id 217 to 192.168.0.1 port 1812
   User-Name = "test"
   User-Password = "test"
   NAS-IP-Address = 192.168.0.2
   NAS-Port = 1812
   Framed-Protocol = PPP
radclient: no response from server for ID 217 socket 3

*that's the output of radtest. I'm new at RADIUS. can you please provide me with a detailed configuration guide? my hardwares are:

1 Zentyal Server with 2 NICs (192.168.0.1)
1 Linksys WRT54GS router with dd-wr(configured as AP, this will be the NAS) wireless security set @ WPA Enterprise (192.168.0.2)

Help please..

[jsalamero]

Is 192.168.0.2 added on RADIUS clients ? Is 192.168.0.1 Zentyal IP address ? Can you login on user corner with test user ? Have a look at /var/log/freeradius/* to see what's going on...

[mamen0330]

Yes, i can login @ usercorner with the said username and password. here's my setup and pictures.
Radius Server (Zentyal) IP: 192.168.0.1, Radius Client (WRT54GS) IP: 192.168.0.2


By mamen0330 at 2010-09-17


By mamen0330 at 2010-09-17

[jsalamero]

Then probably is a client configuration issue ? Did you check freeradius logs ? What's you client configuration ? You should be using EAP TTLS PAP.

[mamen0330]

should the NAS (access point) should have EAP TTLS PAP or the connecting machine? because on my access point, the options available on me are only RADIUS auth server IP, shared secret and port. encryption is AES+TKIP.

[jsalamero]

Connecting machine.

[verdura]

mamen,

Do you managed to get it? I'm having the same problem...

[FutureTechSys]

Check to make sure you have that port 1812 opened in the correct section of the firewall piece on Zentyal, and also check the firewall logs to see if its being blocked.

[verdura]

Zentyal already opens the right port in the firewall. I think that's not the problem...

I think I have everything configured right but still no go. I was reading the forum and found out that I need a 802.1x supplicant. But the I read that in June it was part of the plans to incorporate MS-CHAPv2 support. Is this true? Can someone please make some print-screen of some windows XP or 7 with the Radius functioning? Or some description?

Thanks a lot for your help!

[verdura]

Anyone?

[jsalamero]

In Windows you need a supplicant like Open1X or SecureW2.

[Josep]

I couldn't help but notice that in your tests you use "test" as the shared secret, but your dd-wrt screenshot has "test-secret" in it.
Has it anything to do with anything?

[dansanti]

is necessarily required EAP?, becouse i have same problem with my accesPoint AWN 54-HP-ort http://advanteknetworks.com/products/wireless/awn54hport.html, i can't find EAP there, and i think that its the problem.