Problem on WPA-EAP with Linux

Alexandros Gougousoudis gougousoudis at kh-berlin.de
Mon Aug 13 15:16:02 CEST 2007


Hi,

I'am having trouble to authenticate my linux workstations with 
wpa_supplicant to Freeradius (1.1). The Windows Stations are working 
fine, but linux is making trouble. The AP is a Linksys WLAN Accesspoint, 
as said WPA Radius works, because all Windows Notebooks can login.

I'am doing a WPA over EAP. And my Error is:

Error: rlm_eap: Either EAP-request timed out OR
EAP-response to an unknown EAP-request

After switching on my debug I see this:

  rlm_eap: NAK asked for bad type 0
   rlm_eap: Failed in EAP select

Which is most certanly the reason why the auth fails. But I'am far away 
from knowing the solution. Can you help please?

Below the complete Log of the conversation:

rad_recv: Access-Request packet from host 10.48.244.28:3073, id=1, 
length=131
         User-Name = "scit-acer"
         NAS-IP-Address = 10.48.244.28
         Called-Station-Id = "0016b64f44cc"
         Calling-Station-Id = "0016cfab64e4"
         NAS-Identifier = "0016b64f44cc"
         NAS-Port = 43
         Framed-MTU = 1400
         NAS-Port-Type = Wireless-802.11
         EAP-Message = 0x0201000e01736369742d61636572
         Message-Authenticator = 0x8b86db463306f78257b8e03600912a5b
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
   modcall[authorize]: module "preprocess" returns ok for request 0
   rlm_eap: EAP packet type response id 1 length 14
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 0
     users: Matched entry scit-acer at line 14
   modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
   rlm_eap: EAP Identity
   rlm_eap: processing type tls
  rlm_eap_tls: Requiring client certificate
   rlm_eap_tls: Initiate
   rlm_eap_tls: Start returned 1
   modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 1 to 10.48.244.28 port 3073
         EAP-Message = 0x010200060d20
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xb2f2a1559ef1683126762202eeec3974
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.28:3073, id=1, 
length=141
         User-Name = "scit-acer"
         NAS-IP-Address = 10.48.244.28
         Called-Station-Id = "0016b64f44cc"
         Calling-Station-Id = "0016cfab64e4"
         NAS-Identifier = "0016b64f44cc"
         NAS-Port = 43
         Framed-MTU = 1400
         State = 0xb2f2a1559ef1683126762202eeec3974
         NAS-Port-Type = Wireless-802.11
         EAP-Message = 0x020200060300
         Message-Authenticator = 0x9a1a879ecba47ab01f2f3410625ceabc
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
   modcall[authorize]: module "preprocess" returns ok for request 1
   rlm_eap: EAP packet type response id 2 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 1
     users: Matched entry scit-acer at line 14
   modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
   rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
   rlm_eap: Request found, released from the list
   rlm_eap: EAP NAK
  rlm_eap: NAK asked for bad type 0
   rlm_eap: Failed in EAP select
   modcall[authenticate]: module "eap" returns invalid for request 1
modcall: leaving group authenticate (returns invalid) for request 1
auth: Failed to validate the user.
Login incorrect: [scit-acer] (from client khb-buehring port 43 cli 
0016cfab64e4)
Delaying request 1 for 1 seconds
Finished request 1



TIA
  Alex



More information about the Freeradius-Users mailing list