troubles with eap-peap mschapv2

Bertrand Poulet bertrand.poulet at pasteur-lille.fr
Tue Mar 12 15:23:26 CET 2013 

Le 11/03/2013 , freeradius-users-request at lists.freeradius.org a écrit :
> Date: Mon, 11 Mar 2013 11:50:17 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Subject: Re: troubles with eap-peap mschapv2
> Message-ID: <513DFD39.90108 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Bertrand Poulet wrote:
>> i try to migrate from  FreeRADIUS 1.1.6 (Mandrake)
>> to   FreeRADIUS 2.2.0 (from source) on ubuntu12.04.
>   That should be easy.
I thought so (from what i read on documentation).
>
>> The same supplicant and same AP with old FR is ok,
>> but not with  new FR 2.2.0.
>>
>> What i've done :
>>
>> I've installed with ./configure; make; make install
>> root at myhost:/usr/local/etc/raddb/certs# make
>> openssl dhparam -out dh 1024
>   Well... that's the problem.  You didn't copy the old certificates
> over.  Instead, you created new ones.
>
>   Don't do that.  Use the old certs.  It will work.
I've copied old "certs" directory to the new server.
It's still not good.
The supplicant can not connect;
there is like a loop between ra_recv and sending-access-challenge.
the problem is with certs or could it be something else ?

Thanks.


the ouput is :
rad_recv: Access-Request packet from host 172.20.100.53 port 1645,
id=247, length=172
        User-Name = "bertrand"
        Framed-MTU = 1400
        Called-Station-Id = "0014.1bb6.4be0"
        Calling-Station-Id = "844b.f5b8.d423"
        Cisco-AVPair = "ssid=ipl_dsi"
        Service-Type = Login-User
        Message-Authenticator = 0x508e5e0ee37be030c0d4c6e4002d5b60
        EAP-Message = 0x0202000d016265727472616e64
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "642"
        NAS-Port = 642
        NAS-IP-Address = 172.20.100.53
        NAS-Identifier = "net-ap-A1-1-53"
Tue Mar 12 15:10:20 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 12 15:10:20 2013 : Info: +- entering group authorize {...}
Tue Mar 12 15:10:20 2013 : Info: ++[preprocess] returns ok
Tue Mar 12 15:10:20 2013 : Info: ++[chap] returns noop
Tue Mar 12 15:10:20 2013 : Info: ++[mschap] returns noop
Tue Mar 12 15:10:20 2013 : Info: ++[digest] returns noop
Tue Mar 12 15:10:20 2013 : Info: [suffix] No '@' in User-Name =
"bertrand", looking up realm NULL
Tue Mar 12 15:10:20 2013 : Info: [suffix] No such realm "NULL"
Tue Mar 12 15:10:20 2013 : Info: ++[suffix] returns noop
Tue Mar 12 15:10:20 2013 : Info: [eap] EAP packet type response id 2
length 13
Tue Mar 12 15:10:20 2013 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Mar 12 15:10:20 2013 : Info: ++[eap] returns updated
Tue Mar 12 15:10:20 2013 : Debug: WARNING: Found User-Password == "...".
Tue Mar 12 15:10:20 2013 : Debug: WARNING: Are you sure you don't mean
Cleartext-Password?
Tue Mar 12 15:10:20 2013 : Debug: WARNING: See "man rlm_pap" for more
information.
Tue Mar 12 15:10:20 2013 : Info: [files] users: Matched entry bertrand
at line 207
Tue Mar 12 15:10:20 2013 : Info: ++[files] returns ok
Tue Mar 12 15:10:20 2013 : Info: ++[expiration] returns noop
Tue Mar 12 15:10:20 2013 : Info: ++[logintime] returns noop
Tue Mar 12 15:10:20 2013 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Tue Mar 12 15:10:20 2013 : Info: ++[pap] returns noop
Tue Mar 12 15:10:20 2013 : Info: Found Auth-Type = EAP
Tue Mar 12 15:10:20 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 12 15:10:20 2013 : Info: +- entering group authenticate {...}
Tue Mar 12 15:10:20 2013 : Info: [eap] EAP Identity
Tue Mar 12 15:10:20 2013 : Info: [eap] processing type tls
Tue Mar 12 15:10:20 2013 : Info: [tls] Initiate
Tue Mar 12 15:10:20 2013 : Info: [tls] Start returned 1
Tue Mar 12 15:10:20 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 247 to 172.20.100.53 port 1645
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x131466f213177f9f58f8ed5fb507e76c
Tue Mar 12 15:10:20 2013 : Info: Finished request 0.
Tue Mar 12 15:10:20 2013 : Debug: Going to the next request
Tue Mar 12 15:10:20 2013 : Debug: Waking up in 4.9 seconds.
Tue Mar 12 15:10:25 2013 : Info: Cleaning up request 0 ID 247 with
timestamp +8
Tue Mar 12 15:10:25 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Mar 12 15:10:25 2013 : Debug: WARNING: !! EAP session for state
0x131466f213177f9f did not finish!
Tue Mar 12 15:10:25 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Tue Mar 12 15:10:25 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Mar 12 15:10:25 2013 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 172.20.100.53 port 1645,
id=247, length=172
        User-Name = "bertrand"
        Framed-MTU = 1400
        Called-Station-Id = "0014.1bb6.4be0"
        Calling-Station-Id = "844b.f5b8.d423"
        Cisco-AVPair = "ssid=ipl_dsi"
        Service-Type = Login-User
        Message-Authenticator = 0x508e5e0ee37be030c0d4c6e4002d5b60
        EAP-Message = 0x0202000d016265727472616e64
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "642"
        NAS-Port = 642
        NAS-IP-Address = 172.20.100.53
        NAS-Identifier = "net-ap-A1-1-53"
Tue Mar 12 15:10:25 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 12 15:10:25 2013 : Info: +- entering group authorize {...}
Tue Mar 12 15:10:25 2013 : Info: ++[preprocess] returns ok
Tue Mar 12 15:10:25 2013 : Info: ++[chap] returns noop
Tue Mar 12 15:10:25 2013 : Info: ++[mschap] returns noop
Tue Mar 12 15:10:25 2013 : Info: ++[digest] returns noop
Tue Mar 12 15:10:25 2013 : Info: [suffix] No '@' in User-Name =
"bertrand", looking up realm NULL
Tue Mar 12 15:10:25 2013 : Info: [suffix] No such realm "NULL"
Tue Mar 12 15:10:25 2013 : Info: ++[suffix] returns noop
Tue Mar 12 15:10:25 2013 : Info: [eap] EAP packet type response id 2
length 13
Tue Mar 12 15:10:25 2013 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Mar 12 15:10:25 2013 : Info: ++[eap] returns updated
Tue Mar 12 15:10:25 2013 : Debug: WARNING: Found User-Password == "...".
Tue Mar 12 15:10:25 2013 : Debug: WARNING: Are you sure you don't mean
Cleartext-Password?
Tue Mar 12 15:10:25 2013 : Debug: WARNING: See "man rlm_pap" for more
information.
Tue Mar 12 15:10:25 2013 : Info: [files] users: Matched entry bertrand
at line 207
Tue Mar 12 15:10:25 2013 : Info: ++[files] returns ok
Tue Mar 12 15:10:25 2013 : Info: ++[expiration] returns noop
Tue Mar 12 15:10:25 2013 : Info: ++[logintime] returns noop
Tue Mar 12 15:10:25 2013 : Info: [pap] WARNING! No "known good" password
found for the user.  Authentication may fail because of this.
Tue Mar 12 15:10:25 2013 : Info: ++[pap] returns noop
Tue Mar 12 15:10:25 2013 : Info: Found Auth-Type = EAP
Tue Mar 12 15:10:25 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Tue Mar 12 15:10:25 2013 : Info: +- entering group authenticate {...}
Tue Mar 12 15:10:25 2013 : Info: [eap] EAP Identity
Tue Mar 12 15:10:25 2013 : Info: [eap] processing type tls
Tue Mar 12 15:10:25 2013 : Info: [tls] Initiate
Tue Mar 12 15:10:25 2013 : Info: [tls] Start returned 1
Tue Mar 12 15:10:25 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 247 to 172.20.100.53 port 1645
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xb07a7177b07968b416db63d319887c15
Tue Mar 12 15:10:25 2013 : Info: Finished request 1.
Tue Mar 12 15:10:25 2013 : Debug: Going to the next request
Tue Mar 12 15:10:25 2013 : Debug: Waking up in 4.9 seconds.
Tue Mar 12 15:10:30 2013 : Info: Cleaning up request 1 ID 247 with
timestamp +13
Tue Mar 12 15:10:30 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Mar 12 15:10:30 2013 : Debug: WARNING: !! EAP session for state
0xb07a7177b07968b4 did not finish!
Tue Mar 12 15:10:30 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Tue Mar 12 15:10:30 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Tue Mar 12 15:10:30 2013 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 172.20.100.53 port 1645,
id=247, length=172
        User-Name = "bertrand"
        Framed-MTU = 1400
        Called-Station-Id = "0014.1bb6.4be0"
        Calling-Station-Id = "844b.f5b8.d423"
        Cisco-AVPair = "ssid=ipl_dsi"
        Service-Type = Login-User
        Message-Authenticator = 0x508e5e0ee37be030c0d4c6e4002d5b60
        EAP-Message = 0x0202000d016265727472616e64
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "642"
        NAS-Port = 642
        NAS-IP-Address = 172.20.100.53
        NAS-Identifier = "net-ap-A1-1-53"
....

More information about the Freeradius-Users mailing list