Can't get past first stage of authentication

Nick Howitt nick at howitts.co.uk
Wed May 2 11:43:26 CEST 2018 


On 02/05/2018 10:02, Adam Bishop wrote:
> On 2 May 2018, at 09:55, Nick Howitt <nick at howitts.co.uk> wrote:
>>    eap {
>>          default_eap_type = "md5"
> You probably want to set this to 'peap' or 'ttls' for wireless clients.
>
> Adam Bishop
> Senior Infrastructure and Systems Architect
>
>    gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460
>      t: +44 (0)1235 822 245
>   xmpp: adamb at jabber.dev.ja.net
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Changing to peap gives:

Ready to process requests
(0) Received Access-Request Id 128 from 172.22.22.2:3600 to 
172.22.22.1:1812 length 81
(0)   User-Name = "test1"
(0)   NAS-IP-Address = 172.22.22.2
(0)   NAS-Port = 29
(0)   NAS-Port-Type = Wireless-802.11
(0)   Framed-MTU = 1396
(0)   EAP-Message = 0x0200000a017465737431
(0)   Message-Authenticator = 0x5ab518eaa9df382184bb9dc33fc6fe0e
(0) # Executing section authorize from file /etc/raddb/sites-enabled/default
(0)   authorize {
(0)     [preprocess] = ok
(0)     [chap] = noop
(0)     [mschap] = noop
(0)     [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "test1", looking up realm NULL
(0) suffix: No such realm "NULL"
(0)     [suffix] = noop
(0) ntdomain: Checking for prefix before "\"
(0) ntdomain: No '\' in User-Name = "test1", looking up realm NULL
(0) ntdomain: No such realm "NULL"
(0)     [ntdomain] = noop
(0) eap: Peer sent EAP Response (code 2) ID 0 length 10
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the 
rest of authorize
(0)     [eap] = ok
(0)   } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0)   authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_peap to process data
(0) eap_peap: Initiating new EAP-TLS session
(0) eap_peap: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 1 length 6
(0) eap: EAP session adding &reply:State = 0x3e72e94e3e73f08d
(0)     [eap] = handled
(0)   } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found.  Ignoring.
(0) # Executing group from file /etc/raddb/sites-enabled/default
(0) Sent Access-Challenge Id 128 from 172.22.22.1:1812 to 
172.22.22.2:3600 length 0
(0)   EAP-Message = 0x010100061920
(0)   Message-Authenticator = 0x00000000000000000000000000000000
(0)   State = 0x3e72e94e3e73f08d09b1afbce1068a81
(0) Finished request
Waking up in 4.9 seconds.
(0) Cleaning up request packet ID 128 with timestamp +135
Ready to process requests

but no progress

More information about the Freeradius-Users mailing list