I'm attempting 802.1x authentication with Checkpoint Integrity. I have it working with peap no problems and usings mschapv2. However, when I attempt with Integrity, I have to choose "Zone Labs Cooperative Enforcement" within the Windows
802.1x authentication options. I've then chosen peap/mschapv2 here, but an additional setting is eap-type "44" of which I'm unable to change on the client.<br><br>When the authentication attempt is tried with freeradius, this is what I see from the debug log.
<br><br>rad_recv: Access-Request packet from host <a href="http://172.20.12.220:4066">172.20.12.220:4066</a>, id=145, length=232<br> Framed-MTU = 1480<br> NAS-IP-Address = <a href="http://172.20.12.220">172.20.12.220
</a><br> NAS-Identifier = "HP ProCurve Switch 5304XL"<br> User-Name = "bartek"<br> Service-Type = Framed-User<br> Framed-Protocol = PPP<br> NAS-Port = 1<br> NAS-Port-Type = Ethernet
<br> NAS-Port-Id = "A1"<br> Called-Station-Id = "00-11-85-57-88-00"<br> Calling-Station-Id = "00-00-39-53-b0-aa"<br> Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br> Tunnel-Type:0 = VLAN<br> Tunnel-Medium-Type:0 = IEEE-802<br> Tunnel-Private-Group-Id:0 = "111"<br> State = 0xa470cc42adabab0256dc2c8bc1eed1a2<br> EAP-Message = 0x02020006032c
<br> Message-Authenticator = 0x7aaa286e636cd7d6d2db5775789ea1ec<br> Processing the authorize section of radiusd.conf<br>modcall: entering group authorize for request 1<br> modcall[authorize]: module "preprocess" returns ok for request 1
<br> modcall[authorize]: module "mschap" returns noop for request 1<br> rlm_eap: EAP packet type response id 2 length 6<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br> modcall[authorize]: module "eap" returns updated for request 1
<br> users: Matched entry bartek at line 223<br> modcall[authorize]: module "files" returns ok for request 1<br>modcall: leaving group authorize (returns updated) for request 1<br> rad_check_password: Found Auth-Type EAP
<br>auth: type "EAP"<br> Processing the authenticate section of radiusd.conf<br>modcall: entering group eap for request 1<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP NAK<br> rlm_eap: NAK asked for bad type 44
<br> rlm_eap: Failed in EAP select<br> modcall[authenticate]: module "eap" returns invalid for request 1<br>modcall: leaving group eap (returns invalid) for request 1<br>auth: Failed to validate the user.<br>Delaying request 1 for 1 seconds
<br>Finished request 1<br>Going to the next request<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host <a href="http://172.20.12.220:4066">172.20.12.220:4066</a>, id=145, length=232<br>Sending Access-Reject of id 145 to
<a href="http://172.20.12.220">172.20.12.220</a> port 4066<br> EAP-Message = 0x04020004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>--- Walking the entire request list ---<br>Waking up in 2 seconds...
<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 144 with timestamp 4562beee<br>Cleaning up request 1 ID 145 with timestamp 4562beee<br>Nothing to do. Sleeping until we see a request.<br><br>The main bit of this being the EAP NAK and "NAK asked for bad type 44". I'm unsure of how I'm supposed to configure freeradius to use this type, as in the IANA numbers, type 44 is shown as:
<br><br>44 ZoneLabs EAP (ZLXEAP)<br><br>Any ideas on what I can do to get this working?<br>