help with EAP MD5 wired authentication

Anup Parkhi anup_parkhi at hotmail.com
Tue Nov 22 22:11:22 CET 2005


Thanks for responding.

I tried that but did not work.  radiusd gave the same error message before.

If you have it working then please send your radiusd.conf, users file

My email is anup_parkhi at hotmail.com

Anup




>From: "MINODIER David RD-RESA-LAN" <david.minodier at francetelecom.com>
>To: <anup_parkhi at hotmail.com>,"FreeRadius users mailing list" 
><freeradius-users at lists.freeradius.org>
>Subject: RE: help with EAP MD5 wired authentication
>Date: Tue, 22 Nov 2005 09:31:29 +0100
>
>Since you're using EAP-MD5, you should have in your users file:
>
>Xxx	Auth-Type := EAP, User-Password == "whatever"
>
>David.
>
>
> > -----Message d'origine-----
> > De : freeradius-users-bounces at lists.freeradius.org
> > [mailto:freeradius-users-bounces at lists.freeradius.org] De la
> > part de Anup Parkhi
> > Envoyé : mardi 22 novembre 2005 01:54
> > À : freeradius-users at lists.freeradius.org
> > Objet : help with EAP MD5 wired authentication
> >
> > Hi,
> >
> > I am struggling with EAP-MD5 wired authentication for last
> > couple of days. I checked the web and archives but to no avail.
> >
> > I am using XP supplicant. Tried with Funk's supplicant also
> > but same result.
> >
> > Any help will be highly appreciated.
> >
> > Thanks
> > Anup
> >
> > My users file has following towards the end
> >
> > # On no match, the user is denied access.
> >
> > a       User-Password == "a"
> >
> > "test"  User-Password == "test"
> >
> > "Administrator" User-Password == "pnbidm123!"
> >
> > aparkhi Auth-Type := System, User-Password == "aparkhi"
> >
> > DEFAULT Auth-Type := Accept
> >                Reply-Message = "All users are allowed, Welcome %u."
> >
> > Radiusd.conf has
> >
> > 1. modules section
> > ...
> > pap {
> >                encryption_scheme = crypt
> >        }
> >
> >        # CHAP module
> >        #
> >        #  To authenticate requests containing a CHAP-Password
> > attribute.
> >        #
> >        chap {
> >                authtype = CHAP
> >        }
> > ...
> > $INCLUDE ${confdir}/eap.conf
> >
> > mschap {
> > ...
> > }
> >
> > files {
> > ...
> > }
> >
> > ...
> >
> >
> > The console output of radiusd -X -s is
> >
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
> > length=214
> >        Framed-MTU = 1480
> >        NAS-IP-Address = 10.11.12.107
> >        NAS-Identifier = "HP ProCurve Switch 2824"
> >        User-Name = "test"
> >        Service-Type = Framed-User
> >        Framed-Protocol = PPP
> >        NAS-Port = 24
> >        NAS-Port-Type = Ethernet
> >        NAS-Port-Id = "24"
> >        Called-Station-Id = "00-0f-20-8d-04-c8"
> >        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
> >        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >        Tunnel-Type:0 = VLAN
> >        Tunnel-Medium-Type:0 = IEEE-802
> >        Tunnel-Private-Group-Id:0 = "1010"
> >        EAP-Message = 0x020200090174657374
> >        Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 0
> > modcall[authorize]: module "preprocess" returns ok for request 0
> > modcall[authorize]: module "chap" returns noop for request 0
> > modcall[authorize]: module "mschap" returns noop for request 0
> > rlm_eap: EAP packet type response id 2 length 9
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 0
> >    users: Matched entry DEFAULT at line 152
> >    users: Matched entry DEFAULT at line 171
> >    users: Matched entry DEFAULT at line 183
> > modcall[authorize]: module "files" returns ok for request 0
> > modcall: group authorize returns updated for request 0
> > rad_check_password:  Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 0
> > rlm_eap: EAP Identity
> > rlm_eap: processing type md5
> > rlm_eap_md5: Issuing Challenge
> > modcall[authenticate]: module "eap" returns handled for request 0
> > modcall: group authenticate returns handled for request 0
> > Sending Access-Challenge of id 76 to 10.11.12.107:1024
> >        Framed-IP-Address = 255.255.255.254
> >        Framed-MTU = 576
> >        Service-Type = Framed-User
> >        Framed-Protocol = PPP
> >        Framed-Compression = Van-Jacobson-TCP-IP
> >        EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
> >        Message-Authenticator = 0x00000000000000000000000000000000
> >        State = 0x33fe6026586af730cd367983bb9ea8b6
> > Finished request 0
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> > length=249
> >        Framed-MTU = 1480
> >        NAS-IP-Address = 10.11.12.107
> >        NAS-Identifier = "HP ProCurve Switch 2824"
> >        User-Name = "test"
> >        Service-Type = Framed-User
> >        Framed-Protocol = PPP
> >        NAS-Port = 24
> >        NAS-Port-Type = Ethernet
> >        NAS-Port-Id = "24"
> >        Called-Station-Id = "00-0f-20-8d-04-c8"
> >        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
> >        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
> >        Tunnel-Type:0 = VLAN
> >        Tunnel-Medium-Type:0 = IEEE-802
> >        Tunnel-Private-Group-Id:0 = "1010"
> >        State = 0x33fe6026586af730cd367983bb9ea8b6
> >        EAP-Message =
> > 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
> >        Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 1
> > modcall[authorize]: module "preprocess" returns ok for request 1
> > modcall[authorize]: module "chap" returns noop for request 1
> > modcall[authorize]: module "mschap" returns noop for request 1
> > rlm_eap: EAP packet type response id 3 length 26
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 1
> >    users: Matched entry DEFAULT at line 152
> >    users: Matched entry DEFAULT at line 171
> >    users: Matched entry DEFAULT at line 183
> > modcall[authorize]: module "files" returns ok for request 1
> > modcall: group authorize returns updated for request 1
> > rad_check_password:  Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 1
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/md5
> > rlm_eap: processing type md5
> > rlm_eap_md5: User-Password is required for EAP-MD5 authentication
> > rlm_eap: Handler failed in EAP/md5
> > rlm_eap: Failed in EAP select
> > modcall[authenticate]: module "eap" returns invalid for request 1
> > modcall: group authenticate returns invalid for request 1
> > auth: Failed to validate the user.
> > Delaying request 1 for 1 seconds
> > Finished request 1
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> > length=249
> > Sending Access-Reject of id 77 to 10.11.12.107:1024
> >        EAP-Message = 0x04030004
> >        Message-Authenticator = 0x00000000000000000000000000000000
> > --- Walking the entire request list ---
> > Waking up in 1 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 0 ID 76 with timestamp 43826690 Cleaning
> > up request 1 ID 77 with timestamp 43826690 Nothing to do.
> > Sleeping until we see a request.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >





More information about the Freeradius-Users mailing list