<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000066">
<font face="serif">Hello,<br>
<br>
I hate to ask this, but I'm running out of time on this project and I'm
completely new to RADIUS. I would be really happy if someone could
just point me to a detailed HOW TO for what I need.<br>
<br>
I have freeRADIUS set up with an external MySQL user database and it's
successfully authorizing requests from NTRadPing. <br>
<br>
Now I need to actually try it out "In the field". I need people
running XP, Vista (ugh), and Apple laptops to be able to auth using the
MySQL database that I have set up.<br>
<br>
So far I'm not having any luck, and I don't mind saying that I'm a
little over my head at this point. Someone familiar with this will
probably see glaring problems.<br>
<br>
I will provide all the details I can think of, but please let me know
if you need more.<br>
<br>
Server:<br>
FreeRADIUS 1.1.7 with MySQL module.<br>
<br>
Database:<br>
Remote MySQL<br>
<br>
Access Point:<br>
D-Link DWL-7100AP (Ciscos coming in January)<br>
WPA-EAP<br>
TKIP<br>
<br>
Client Laptop:<br>
WPA Enterprise<br>
TKIP<br>
PEAP (Other options: EAP-SIM, TLS, TTLS, LEAP, EAP-FAST)<br>
MS-CHAP-V2 (Other options: GTC, TLS)<br>
<br>
<br>
<br>
<br>
<br>
<br>
I set up an AP to use RADIUS, and the requests get through to the
RADIUS server, but they always fail. Posted below is the debug output
from the failed attempt.<br>
<br>
<br>
<blockquote type="cite">Ready to process requests.<br>
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=0,
length=193<br>
Message-Authenticator = 0xf9c41895a382161a1d31b4a47bd830e0<br>
Service-Type = Framed-User<br>
User-Name = "testuser"<br>
Framed-MTU = 1488<br>
Called-Station-Id = "00-11-95-DA-16-A6:SUSOM"<br>
Calling-Station-Id = "00-1B-77-28-B3-CF"<br>
NAS-Identifier = "D-Link Access Point"<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 54Mbps 802.11a"<br>
EAP-Message = 0x0200000b01746261727468<br>
NAS-IP-Address = 192.168.0.1<br>
NAS-Port = 1<br>
NAS-Port-Id = "STA port # 1"<br>
rad_lowerpair: User-Name now 'testuser'<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 0<br>
modcall[authorize]: module "preprocess" returns ok for request 0<br>
modcall[authorize]: module "chap" returns noop for request 0<br>
modcall[authorize]: module "mschap" returns noop for request 0<br>
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 0<br>
rlm_eap: EAP packet type response id 0 length 11<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 0<br>
radius_xlat: 'testuser'<br>
rlm_sql (sql): sql_set_user escaped user --> 'testuser'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'testuser' ORDER BY id'<br>
rlm_sql (sql): Reserving sql socket id: 4<br>
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'testuser' ORDER BY id'<br>
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'<br>
rlm_sql (sql): Released sql socket id: 4<br>
modcall[authorize]: module "sql" returns ok for request 0<br>
rlm_pap: Found existing Auth-Type, not changing it.<br>
modcall[authorize]: module "pap" returns noop for request 0<br>
modcall: leaving group authorize (returns updated) for request 0<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 0<br>
rlm_eap: EAP Identity<br>
rlm_eap: processing type md5<br>
rlm_eap_md5: Issuing Challenge<br>
modcall[authenticate]: module "eap" returns handled for request 0<br>
modcall: leaving group authenticate (returns handled) for request 0<br>
Sending Access-Challenge of id 0 to 192.168.0.1 port 1030<br>
Framed-Protocol := PPP<br>
Service-Type := Framed-User<br>
Framed-MTU := 1500<br>
Framed-Compression := Van-Jacobson-TCP-IP<br>
EAP-Message = 0x0101001604104e273ea966f4fb77466b296f9c607385<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x149370a5228b3ae0acdd9dc3fb4a25a4<br>
Finished request 0<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1,
length=206<br>
Message-Authenticator = 0xc9926863cf3df06ac150bbb6f77208eb<br>
Service-Type = Framed-User<br>
User-Name = "testuser"<br>
Framed-MTU = 1488<br>
State = 0x149370a5228b3ae0acdd9dc3fb4a25a4<br>
Called-Station-Id = "00-11-95-DA-16-A6:SUSOM"<br>
Calling-Station-Id = "00-1B-77-28-B3-CF"<br>
NAS-Identifier = "D-Link Access Point"<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 54Mbps 802.11a"<br>
EAP-Message = 0x020100060319<br>
NAS-IP-Address = 192.168.0.1<br>
NAS-Port = 1<br>
NAS-Port-Id = "STA port # 1"<br>
rad_lowerpair: User-Name now 'testuser'<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 1<br>
modcall[authorize]: module "preprocess" returns ok for request 1<br>
modcall[authorize]: module "chap" returns noop for request 1<br>
modcall[authorize]: module "mschap" returns noop for request 1<br>
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 1<br>
rlm_eap: EAP packet type response id 1 length 6<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 1<br>
radius_xlat: 'testuser'<br>
rlm_sql (sql): sql_set_user escaped user --> 'testuser'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'testuser' ORDER BY id'<br>
rlm_sql (sql): Reserving sql socket id: 3<br>
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'<br>
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'testuser' ORDER BY id'<br>
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'<br>
rlm_sql (sql): Released sql socket id: 3<br>
modcall[authorize]: module "sql" returns ok for request 1<br>
rlm_pap: Found existing Auth-Type, not changing it.<br>
modcall[authorize]: module "pap" returns noop for request 1<br>
modcall: leaving group authorize (returns updated) for request 1<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 1<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP NAK<br>
rlm_eap: EAP-NAK asked for EAP-Type/peap<br>
rlm_eap: No such EAP type peap<br>
rlm_eap: Failed in EAP select<br>
modcall[authenticate]: module "eap" returns invalid for request 1<br>
modcall: leaving group authenticate (returns invalid) for request 1<br>
auth: Failed to validate the user.<br>
Delaying request 1 for 1 seconds<br>
Finished request 1<br>
Going to the next request<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1,
length=206<br>
Sending Access-Reject of id 1 to 192.168.0.1 port 1030<br>
EAP-Message = 0x04010004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
</blockquote>
<br>
</font>
</body>
</html>