FreeRadius/OpenLdap Configuration Assistance

  • 1
  • Question
  • Updated 2 years ago
Greetings,

We're migrating the Aerohive APs and are using  FreeRadius/OpenLdap.  In our previous wireless implementation we've seen no challenges with authentication (known good radius config).  It seems the new APs are getting access-reject messages.  

I'm hoping there is somebody with a similar setup who's able to provide some configuration advice.

Thanks in advance,

-J
Photo of JamesB

JamesB

  • 1 Post
  • 0 Reply Likes

Posted 2 years ago

  • 1
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
Have you tried radtest from free radius to ldap and that's working ok?  Have you looked at the logs to see the reason for reject?  Is authentication 802.1x, mac authentication, or captive portal to see if all fail?  Perhaps the Aerohive is sending different check items than the previous system - the logs should tell you.
Photo of JB

JB

  • 1 Post
  • 0 Reply Likes
It seems that the AP is trying all EAP types and fails (access-reject) on EAP-TTLS prior to getting to our desired auth type.  Looking to figure out EAP order or disabling them.
Photo of Dianne Dunlap

Dianne Dunlap

  • 75 Posts
  • 15 Reply Likes
The EAP type would typically be negotiated with the peer.  If the eap-ttls request is going to Freeradius and it does not support eap-ttls, it should respond with a nak and move on to the next method.  My guess is this works if you use a different server like Microsoft NPS?