EAP-MD5 testing with radeapclient and eapol_test

Chidanand Gangur chidanand.gangur at gmail.com
Mon Sep 6 11:24:42 CEST 2010 

I do not have "raduser" configured in my proxy users file. If it is
configuration problem on the Home-Server why does it work if I use
radeapclient/radclient.

I see following on my host on running eapol_test. Whay is NAS-IP-Address set
as 127.0.0.1 in this case?

Reading configuration file '/tmp/eapol.conf'
Line: 1 - start of a new network block
key_mgmt: 0x4
eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00
00
identity - hexdump_ascii(len=21):
72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser at mytes
74 2e 63 6f 6d t.com
password - hexdump_ascii(len=7):
70 61 73 73 31 32 33 pass123
Priority group 0
id=0 ssid=''
Authentication server 192.168.6.134:1812
RADIUS local address: 192.168.6.181:32771
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=21):
72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser at mytes
74 2e 63 6f 6d t.com
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=26)
TX EAP -> RADIUS - hexdump(len=26): 02 00 00 1a 01 72 61 64 75 73 65 72 40
6e 65 76 69 73 74 65 73 74 2e 63 6f 6d
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=21): 72 61 64 75
73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=150
Attribute 1 (User-Name) length=23
Value: 'raduser at mytest.com'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=28
Value: 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e
63 6f 6d
Attribute 80 (Message-Authenticator) length=18
Value: cb 60 23 ea b3 e1 3d 7d 11 81 f1 02 53 39 5d e1
Next RADIUS client retransmit in 3 seconds

EAPOL: SUPP_BE entering state RECEIVE
Received 129 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=129
Attribute 27 (Session-Timeout) length=6
Value: 6
Attribute 79 (EAP-Message) length=37
Value: 01 01 00 23 04 10 b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 52
4f 4f 54 54 45 53 54 4c 41 42 41 44
Attribute 24 (State) length=25
Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00
Attribute 80 (Message-Authenticator) length=18
Value: d8 fb 71 20 d9 1c ca 4d 61 a5 7d 7a e6 34 0c 4b
Attribute 1 (User-Name) length=23
Value: 'raduser at mytest.com'
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=35) from RADIUS server:
EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2
4d cb 01
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69
02 2d 21
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=22)
TX EAP -> RADIUS - hexdump(len=22): 02 01 00 16 04 10 26 f7 be 54 fc 4a 29
80 58 5c a6 65 69 02 2d 21
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=171
Attribute 1 (User-Name) length=23
Value: 'raduser at mytest.com'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=24
Value: 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21
Attribute 24 (State) length=25
Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00
Attribute 80 (Message-Authenticator) length=18
Value: 74 44 82 76 ad 4a 69 3f 63 5d 39 6e 92 19 c1 53
Next RADIUS client retransmit in 3 seconds

EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=1 length=44
Attribute 79 (EAP-Message) length=6
Value: 04 01 00 04
Attribute 80 (Message-Authenticator) length=18
Value: 8f 2f ea 83 e9 df 05 6e 4b 01 be ee 65 a9 fc 6f
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending
request, round trip time 1.00 sec

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit
MPPE keys OK: 0 mismatch: 1
FAILURE

Thanks,
Chidanand



On Mon, Sep 6, 2010 at 1:45 PM, Alan Buxey <A.L.M.Buxey at lboro.ac.uk> wrote:

> Hi,
>
> <snip>
>
> > Sending Access-Request of id 177 to 192.168.7.40 port 1812
>
> <cut>
>
> > rad_recv: Access-Reject packet from host 192.168.7.40 port 1812, id=177,
> length=47
>
>
> seems quite simple. the home server that you proxied the request to has
> rejected
> it. check the logs on that server to see why - i suspect its because you
> are
> stripping the username and thus the EAP stuff wont be right....
>
>
> you seem to also have that user in your local users file...and you also
> seem to be setting
> auth-type to accept - that wont work for EAP
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
Chidanand Gangur
Pune.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100906/e444d7e5/attachment.html>

More information about the Freeradius-Users mailing list