FreeRadius MAC address authorization (no authentication)

Ramot Lubis ramot.lubis at gmail.com
Fri Aug 8 10:48:25 CEST 2008 

Thanks Alan, it was my mistake. I have fixed the openssl trouble. Now
PEAP is running. But I still have problem with authentication.

I put the log here. Please, tell me what my next mistake is.

rad_recv: Access-Request packet from host 10.0.0.2 port 1027, id=76, length=189
       User-Name = "PIDEL-3C5B30E9C\\Administrator"
       NAS-IP-Address = 10.0.0.2
       NAS-Port = 0
       Called-Station-Id = "00-1E-E5-9D-61-85:DEL_LR1"
       Calling-Station-Id = "00-21-00-0B-68-E3"
       Framed-MTU = 1400
       NAS-Port-Type = Wireless-802.11
       Connect-Info = "CONNECT 11Mbps 802.11b"
       EAP-Message = 0x020c00061900
       State = 0x61fcdc3962f0c5fd5ac44742bec48a4e
       Message-Authenticator = 0xf9de9a4b155e31af40d1602df959ad77
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "PIDEL-3C5B30E9C\Administrator",
looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 12 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 76 to 10.0.0.2 port 1027
       EAP-Message = 0x010d00061900
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x61fcdc3965f1c5fd5ac44742bec48a4e
Finished request 9.


rgds




On Fri, Aug 8, 2008 at 3:06 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Ramot Lubis wrote:
>> thanks Stefan.
>> it's already uncommented by default. I didn't change any default value
>> except the SQL authorization.
>> I wonder what might be the problem?
>
>  You haven't installed the OpenSSL libraries and header files.  As a
> result, FreeRADIUS wasn't built with support for PEAP.
>
>  Run the server in debug mode, and read the output.  When it's loading
> the EAP module, it will TELL YOU that it's not loading PEAP.  It will
> also tell you why it's not loading PEAP.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list