using freradius 1.0.5 to secure an WLAN AP

Frank Buttner frank-buettner at gmx.net
Wed Dec 28 21:49:05 CET 2005 

Hello, I try to use freeradius to secure my WLAN. But it will not work.
The clients talk to the ap and the ap to my radius Server. But the answer of
the radius server is not ok:( It will use EAP-TLS. The clients has valid
certificates.
This is the output of radiusd -X -A when a client try's to connect:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=163
        User-Name = "schneeball.netz-von-frank"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0014bfa57781"
        Calling-Station-Id = "000e2e3ee98f"
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0200001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0x66c2303e813aec1cfd1cde8a17334a73
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051228'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051228
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "attr_filter" returns noop for request 0
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2ba99a35bae31f77cfceff5a7b53c1db
Finished request 0
Going to the next request

In this case the name of the client machine is schneeball.netz-von-frank
what make I wrong??

More information about the Freeradius-Users mailing list