Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The authentication is not working properly #3

Open
The-Debarghya opened this issue Feb 17, 2024 · 1 comment
Open

The authentication is not working properly #3

The-Debarghya opened this issue Feb 17, 2024 · 1 comment

Comments

@The-Debarghya
Copy link

The-Debarghya commented Feb 17, 2024
edited
Loading

I've carefully followed all the instructions to run the AAA test, but it keeps looping with these log messages:

onos-1               | 18:04:48.640 WARN  [StateMachine$Pending] START transition from this state is not allowed.
onos-1               | 18:04:48.640 INFO  [AaaManager] Auth event STARTED for of:0000000000000002/1
onos-1               | 18:04:48.642 INFO  [StateMachine] Current State 2
onos-1               | 18:04:48.644 WARN  [StateMachine$Pending] REQUEST ACCESS transition from this state is not allowed.
onos-1               | 18:04:48.644 INFO  [AaaManager] Auth event REQUESTED for of:0000000000000002/1
onos-1               | 18:04:48.646 INFO  [StateMachine] Current State 2

and the authentication doesn't go into authenticated state at all, it keeps showing:

mininet> h2 wpa_supplicant -Dwired -ih2-eth0 -c/etc/config/wpa_supplicant.conf
Successfully initialized wpa_supplicant
h2-eth0: Associated with 01:80:c2:00:00:03
h2-eth0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h2-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started

I checked the subsId field is UNKNOWN, is that the problem?

karaf@root > aaa-users                                                                                           18:14:23
18:17:50.425 WARN  [SubscriberManager] Data not found for id s1-eth1
of:0000000000000001/1: STARTED_STATE, last-changed=25s ago, mac=00:00:00:00:00:01, subid=UNKNOWN, username=admin
18:17:50.431 WARN  [SubscriberManager] Data not found for id s2-eth1
of:0000000000000002/1: PENDING_STATE, last-changed=15m41s ago, mac=00:00:00:00:00:02, subid=UNKNOWN, username=admin

Please tell me possible fixes.
@The-Debarghya
Copy link
Author

The-Debarghya commented Feb 18, 2024
edited
Loading

Currently the looping thing is gone, but now it won't authenticate.

  • wpa_supplicant.conf contents:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=1
ap_scan=0
fast_reauth=0
network={
        key_mgmt=WPA-EAP
        eap=TLS
        #eap=MD5
        identity="admin"
        password="whatever"
        ca_cert="/etc/cert/ca.pem"
        client_cert="/etc/cert/client.pem"
        private_key="/etc/cert/client.key"
        private_key_passwd="whatever"
        eapol_flags=3
}
  • My ONOS instance is running in a docker container with ovs network ip CIDR = 192.168.60.0/24 and with controller CIDR = 192.168.50.0/24, with proper ports exposed and mapped to localhost.
  • FreeRADIUS server is running in localhost, mininet is also the same.
  • Here is the config I am using:
{
  "apps": {
    "org.opencord.aaa" : {
      "AAA" : {
        "radiusIp": "192.168.60.1",
        "radiusServerPort": "1812",
        "radiusSecret": "whatever",
        "nasIp": "192.168.50.1"
      }
    }
  }
}
  • here are the auth failed logs:
Successfully initialized wpa_supplicant
h1-eth0: Associated with 01:80:c2:00:00:03
h1-eth0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
h1-eth0: CTRL-EVENT-EAP-STARTED EAP authentication started
h1-eth0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
h1-eth0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected
h1-eth0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=kubuntu' hash=a92c2edc664703763bb63111cdd8a634c595bf2b2d71effd409a000af9f1222b
h1-eth0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:kubuntu
TLS: Certificate verification failed, error 18 (self-signed certificate) depth 0 for '/CN=kubuntu'
h1-eth0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=0 subject='/CN=kubuntu' err='self-signed certificate'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:0A000086:SSL routines::certificate verify failed
h1-eth0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
^Ch1-eth0: CTRL-EVENT-DISCONNECTED bssid=01:80:c2:00:00:03 reason=3 locally_generated=1
h1-eth0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="" auth_failures=1 duration=10 reason=AUTH_FAILED
h1-eth0: CTRL-EVENT-DSCP-POLICY clear_all
h1-eth0: CTRL-EVENT-DSCP-POLICY clear_all
h1-eth0: CTRL-EVENT-TERMINATING

Please can you tell me where I'm doing wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@The-Debarghya