eap-peap inner outer identity

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Apr 23 23:37:38 CEST 2009


Hi,

Per, if you read the debug log you will clearly
see the problem.

(cutting everything until the auth occurring.

> rad_recv: Access-Request packet from host 127.0.0.1 port 43395, id=1,  
> length=168
>    User-Name = "0016dbd4b7d5"
>    User-Password = "0016dbd4b7d5"
>    NAS-IP-Address = 192.168.1.1
>    Called-Station-Id = "00-21-91-F3-D2-21:MY-radius"
>    Calling-Station-Id = "00-16-EA-E5-C8-E6"
>    NAS-Port-Type = Wireless-802.11
>    Connect-Info = "CONNECT 11Mbps 802.11b"
>    Message-Authenticator = 0xd33a8bb379cbb4798259751e0532df73
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "0016dbd4b7d5", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop

there. look. its not EAP. the server tells you this...and you can clearly
see this isnt EAP. this is just plain PAP - even worse, its nothing
to do with your username - this is a very dumb MAC address PAP.

you'd find that if you put

"0016dbd4b7d5" Cleartext-Password := "0016dbd4b7d5"

into your users file this would probably work straight away..but
do you want PAP - if you want EAP, configure your NAS to
do EAP  (from the other log entries, looks like this NAS doesnt
send proper accounting data either)

alan



More information about the Freeradius-Users mailing list