802.1x authentication

Jin Fan jfan at cwlab.com
Fri Jul 7 16:32:17 CEST 2006 

Hi, all:
 
To further describe my challenge, here is debugging output from freeradius.  One line says, "rlm_eap: Failed in EAP select".  I must have set up eap wrong.  Could anyone help me out here?  Btw, in the following example, user "TRPZEDU\\jfan" tries to authenticate through 802.1x.  Thanks.
 
Jin
 
rad_recv: Access-Request packet from host 192.168.3.26:20000, id=89, length=157
        NAS-Port-Id = "1/1"
        Calling-Station-Id = "00-0B-BE-D4-50-46"
        Called-Station-Id = "00-0B-0E-13-74-C0:hotspot"
        Service-Type = Framed-User
        User-Name = "TRPZEDU\\jfan"
        State = 0xdcfe3f22dc8680c7b0e05b3d498b6090
        EAP-Message = 0x020200060319
        NAS-Identifier = "Trapeze"
        NAS-Port-Type = Wireless-802.11
        NAS-IP-Address = 192.168.3.26
        Message-Authenticator = 0xc846da111c9f48b4a5570fff318767a2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "TRPZEDU\jfan", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 152
    users: Matched entry DEFAULT at line 171
    users: Matched entry TRPZEDU\jfan at line 228
  modcall[authorize]: module "files" returns ok for request 6
radius_xlat:  'TRPZEDU\\jfan'
rlm_sql (sql): sql_set_user escaped user --> 'TRPZEDU\\jfan'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'TRPZEDU=5C=5C=5C=5Cjfan' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User TRPZEDU\\jfan not found in radcheck
radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'TRPZEDU=5C=5C=5C=5Cjfan' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = 'TRPZEDU=5C=5C=5C=5Cjfan' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User TRPZEDU\\jfan not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 3
  modcall[authorize]: module "sql" returns notfound for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/peap
 rlm_eap: No such EAP type peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 6
modcall: group authenticate returns invalid for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 89 to 192.168.3.26:20000
        EAP-Message = 0x04020004
        Message-Authenticator = 0x00000000000000000000000000000000
        Trapeze-VLAN-Name = "vlan10"
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 88 with timestamp 44ae6d5d
Cleaning up request 6 ID 89 with timestamp 44ae6d5d
Nothing to do.  Sleeping until we see a request.


________________________________

From: freeradius-users-bounces+jfan=cwlab.com at lists.freeradius.org on behalf of Jin Fan
Sent: Thu 7/6/2006 5:22 PM
To: FreeRadius users mailing list
Subject: 802.1x authentication



Hi, All:

        I need some pointers on how to set up 802.1x (PEAP/MSCHAP v.2)
authentication in freeradius.  Generating certificates? Modifying
configurations?   

Jin 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 7486 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060707/9c97739f/attachment.bin>

More information about the Freeradius-Users mailing list