EAP Not Authenticating
Syed Rais Ahmad NON DRI
SAhmad at darden.com
Wed Aug 26 23:02:27 CEST 2015
I am using EAP for authenticating WiFi Clients with Certificate on their machines. However RADIUS won't authenticate.
Any help is appreciated.
Thanks.
Rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=56, length=210
User-Name = "host/Loaner751.darden.com"
Framed-MTU = 1400
Called-Station-Id = "0019.aaab.5af5"
Calling-Station-Id = "100b.a988.b5a0"
Cisco-AVPair = "ssid=DRI_test"
WISPr-Location-Name = "4441-NC-AP1"
Service-Type = Login-User
Message-Authenticator = 0x0e316ee8b533416251694ad185583409
EAP-Message = 0x0202001e01686f73742f4c6f616e65723735312e64617264656e2e636f6d
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "102"
NAS-Port = 102
NAS-IP-Address = 10.238.250.50
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 2 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group eap {
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] = handled
+} # group eap = handled
Sending Access-Challenge of id 56 to 10.238.250.50 port 1645
EAP-Message = 0x010300160410bfd16c1dfa600bd36fa2eb08ba9b5618
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8a4efdcc894a61cff43991e0926e2a
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=57, length=204
User-Name = "host/Loaner751.darden.com"
Framed-MTU = 1400
Called-Station-Id = "0019.aaab.5af5"
Calling-Station-Id = "100b.a988.b5a0"
Cisco-AVPair = "ssid=DRI_test"
WISPr-Location-Name = "4441-NC-AP1"
Service-Type = Login-User
Message-Authenticator = 0x54d5aec97fd76f4282e2eac636980031
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "102"
NAS-Port = 102
State = 0xcc8a4efdcc894a61cff43991e0926e2a
NAS-IP-Address = 10.238.250.50
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
++[expiration] = noop
++[logintime] = noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+group eap {
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] = handled
+} # group eap = handled
Sending Access-Challenge of id 57 to 10.238.250.50 port 1645
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcc8a4efdcd8e5761cff43991e0926e2a
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=58, length=303
User-Name = "host/Loaner751.darden.com"
Framed-MTU = 1400
Called-Station-Id = "0019.aaab.5af5"
Calling-Station-Id = "100b.a988.b5a0"
Cisco-AVPair = "ssid=DRI_test"
WISPr-Location-Name = "4441-NC-AP1"
Service-Type = Login-User
Message-Authenticator = 0x9b2daf305bb49a270834f943e0206af9
EAP-Message = 0x0204006919800000005f160301005a01000056030155de2777bb843e994ac509c2e8cbb6b78411ee24c71e69bbc547a17566e65bc9000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "102"
NAS-Port = 102
State = 0xcc8a4efdcd8e5761cff43991e0926e2a
NAS-IP-Address = 10.238.250.50
# Executing section authorize from file /etc/raddb/sites-enabled/default
+group authorize {
++[preprocess] = ok
++[chap] = noop
++[mschap] = noop
++[digest] = noop
[suffix] No '@' in User-Name = "host/Loaner751.darden.com", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[eap] EAP packet type response id 4 length 105
Eventually I get:
Cleaning up request 6 ID 62 with timestamp +12
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xcc8a4efdca835761 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
rad_recv: Access-Request packet from host 10.238.250.50 port 1645, id=62, length=204
This e-mail message is for the sole use of the intended recipient and may contain information that is confidential, proprietary or privileged. Any unauthorized review, use, distribution, copying or disclosure is strictly prohibited. If you are not the intended recipient, or the employee or agent responsible for delivering it to the intended recipient, please notify sender of the delivery error by replying to this message and then delete it from your system. Receipt by anyone other than the intended recipient is not a waiver of confidentiality or privilege.
More information about the Freeradius-Users
mailing list