<div dir="ltr"><div class="" style="padding-bottom:20px;padding-left:8px;font-family:arial,sans-serif;font-size:medium"><div class="" style="margin-left:44px"><div id=":1ju" class="" style="font-size:13px;margin-bottom:0px;margin-left:0px;padding-bottom:5px">
<div id=":1jv" class="" style="overflow:hidden"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div>Hi,</div><div><br></div><div>I was trying to connect to AP using EAP-FAST authentication.</div><div>But Freeradius EAP-FAST failed with below error:</div>
<div><br></div><div><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">  State = 0x97d5bb340dc1cb0c525e6b44738f3553<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        Message-Authenticator = 0xdce2fb540845c5ee76a5f48b505bb4eb<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"># Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+group authorize {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[preprocess] = ok<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[chap] = noop<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[mschap] = noop<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[digest] = noop<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[suffix] No '@' in User-Name = "anonymous", looking up realm NULL<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[suffix] No such realm "NULL"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[suffix] = noop<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[eap] EAP packet type response id 4 length 107<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[eap] No EAP Start, assuming it's an on-going EAP conversation<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[eap] = updated<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[files] users: Matched entry DEFAULT at line 202<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[files] = ok<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[expiration] = noop<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[logintime] = noop<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[pap] = noop<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+} # group authorize = updated<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Found Auth-Type = EAP<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"># Executing group from file /usr/local/etc/raddb/sites-enabled/default<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+group EAP {<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[eap2] Request found, released from the list<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: EAP entering state RECEIVED<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: parseEapResp: rxResp=1 respId=4 respMethod=43 respVendor=0 respVendorMethod=0<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: EAP entering state INTEGRITY_CHECK<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: EAP entering state METHOD_RESPONSE<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">SSL: Received packet(len=107) - Flags 0x01<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">SSL: Received packet: Flags 0x1 Message Length 0<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: Received 101 bytes encrypted data for Phase 2<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: Decrypted Phase 2 TLVs - hexdump(len=67): [REMOVED]<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: Received Phase 2: TLV type 9 length 63 (mandatory)<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: EAP-Payload TLV - hexdump(len=63): 02 04 00 3f 1a 02 04 00 3a 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 67 a5 fd 37 80 a6 91 10 ed 46 97 b2 70 75 aa cc 57 27 17 4e dc 0c 6c 00 77 69 66 69<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: Received Phase 2: code=2 identifier=4 length=63</span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-MSCHAPV2: eap_server Password not configured<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: Phase2 method failed<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP-FAST: PHASE2_METHOD -> FAILURE<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: EAP entering state SELECT_ACTION<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: getDecision: method failed -> FAILURE<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: EAP entering state FAILURE<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: Building EAP-Failure (id=4)<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">==> Fail<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[eap2] Freeing handler<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">EAP: Server state machine removed<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[eap2] = reject<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+} # group EAP = reject<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Failed to authenticate the user.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Using Post-Auth-Type REJECT<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"># Executing group from file /usr/local/etc/raddb/sites-enabled/default<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+group REJECT {<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">[attr_filter.access_reject]     expand: %{User-Name} -> anonymous<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">attr_filter: Matched entry DEFAULT at line 11<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">++[attr_filter.access_reject] = updated<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">+} # group REJECT = updated<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Delaying reject of request 4 for 1 seconds<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Going to the next request<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Waking up in 0.9 seconds.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Sending delayed reject for request 4<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Sending Access-Reject of id 117 to 10.10.2.2 port 46531<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        EAP-Message = 0x04040004<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        Message-Authenticator = 0x00000000000000000000000000000000<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Waking up in 3.9 seconds.<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">
<u></u>Other details are as below"<u></u></p><p class="MsoNormal"><u></u> <u></u></p>Users file"<br><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">wifi  Auth-Type := EAP, Cleartext-Password := "welcome123"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> </span><span style="font-family:'Lucida Console';font-size:10pt"> </span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">eap.conf<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">eap2 {<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                fast {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        pac_opaque_encr_key = 000102030405060708090a0b0c0d0e0f<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        eap_fast_a_id = tjsys<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        eap_fast_a_id_info = my_server<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        eap_fast_prov = 3<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        pac_key_lifetime = 604800 # 7 days<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        pac_key_refresh_tim = 86400<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                }<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                tls {<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        ca_cert = /usr/local/etc/raddb/certs/ca.pem<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        server_cert = /usr/local/etc/raddb/certs/server.pem<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        private_key_file = /usr/local/etc/raddb/certs/server.key<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        private_key_password = whatever<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        dh_file = /usr/local/etc/raddb/certs/dh<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                        random_file = /usr/local/etc/raddb/certs/random<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                }<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        }<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Sites-enabled/default:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Added i</span><span style="font-family:'Lucida Console'">n authenticate block</span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">Auth-Type EAP {<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">                eap2<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        }<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p><p class="MsoNormal"><br></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> </span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">wpa_supplicant.conf<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">update_config=1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">ap_scan=1<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">fast_reauth=1<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">network={<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        ssid="WiFi-11g"<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        key_mgmt=WPA-EAP<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        proto=WPA<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        pairwise=TKIP<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        group=TKIP<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        eap=FAST<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        anonymous_identity="fast"<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        identity="fast"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        password="koro"<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        phase1="fast_provisioning=3"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">        pac_file="/data/misc/wifi/eap_fast.pac"<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'">}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:'Lucida Console'"><u></u> <u></u></span></p><br><p class="MsoNormal"><br></p><p class="MsoNormal">FreeRADIUS Version 2.2.5,<u></u><u></u></p><p class="MsoNormal">
OpenSSL 1.0.1e 11<u></u><u></u></p><p class="MsoNormal">Ubuntu 14.04.1<u></u><u></u></p><p class="MsoNormal"><br></p><p class="MsoNormal">Please help me to get it work.</p><p class="MsoNormal"><u></u> <u></u></p><p class="MsoNormal">
<u></u>Regards</p><font color="#888888"><p class="MsoNormal">Ammu</p></font></div><div class=""></div></div></div></div></div></div><div class=""></div></div><div class=""></div></div><div class="" style="font-size:13px;border-bottom-left-radius:0px;border-bottom-right-radius:0px;border-top-style:none;font-family:arial,sans-serif;background-image:initial;background-color:rgb(255,255,255)">
<div class=""><div class="" style="margin-right:5px;padding-top:12px;padding-right:0px;padding-left:8px;border-top-width:1px;border-top-style:solid;border-top-color:rgb(216,216,216)"><div id=":1jt"><table class=""><tbody><tr>
</tr></tbody></table></div></div></div></div></div>