<div>hi,</div> <div> I am using Odyssey Client Manager and freeRADIUS 1.1.6.</div> <div>When I set peap with inner eap-mschap-v2, It works well.When I change inner eap type to eap-popt, seems can not work.</div> <div> </div> <div><STRONG>eap.conf:</STRONG></div> <div> eap {<BR> default_eap_type = md5<BR> timer_expire = 60<BR> ignore_unknown_eap_types = no<BR> cisco_accounting_username_bug = no<BR> md5 {<BR> }<BR> leap {<BR> }<BR> gtc {<BR> auth_type = PAP<BR> }<BR> tls {<BR> private_key_password = whatever<BR> private_key_file = ${raddbdir}/certs/server_keycert.pem<BR> certificate_file = ${raddbdir}/certs/server_keycert.pem<BR> CA_file = ${raddbdir}/certs/demoCA/cacert.pem</div>
<div> dh_file = ${raddbdir}/certs/dh<BR> random_file = ${raddbdir}/certs/random</div> <div> fragment_size = 1024</div> <div> include_length = yes<BR> cipher_list = "DEFAULT"<BR> }</div> <div> peap {<BR> default_eap_type = mschapv2<BR> copy_request_to_tunnel = no<BR> use_tunneled_reply = no</div> <div> proxy_tunneled_request_as_eap = yes<BR> }</div> <div> mschapv2 {<BR> }<BR> }</div> <div> </div> <div> </div> <div><STRONG>debug message:</STRONG></div> <div>rad_recv: Access-Request packet from host 10.155.20.84:1028, id=97, length=310<BR> User-Name = "hhe123"<BR> NAS-IP-Address = 10.155.20.84<BR> NAS-Identifier =
"AH-000030"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-00-31:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x0204008f198000000085160301004510000041003f90e19f0e9099ace6ec05fb17123a18280ef2aaabf14d2a6c632e502133afefc99bf3c3e8216dd91489e6c3e58622bacd148a5c4cd3dfecff8fe172ac0d0a19140301000101160301003095d558aeea1c6a30113c21922745a4584a82f81ed2aec13d206481d23805d67e8760d4b1cdca811a54e5ed9819fefc52<BR> State = 0xe364c386672736607a0f8f7ce0f2896a<BR> Message-Authenticator =
0x0743c8bc02356a840f048e55b5b87143<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 4<BR> modcall[authorize]: module "mschap" returns noop for request 4<BR> rlm_eap: EAP packet type response id 4 length 143<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 4<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 4<BR>modcall: leaving group authorize (returns updated) for request 4<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 4<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap:
Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length Included<BR> eaptls_verify returned 11<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0045], ClientKeyExchange<BR> TLS_accept: SSLv3 read client key exchange A<BR> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished<BR> TLS_accept: SSLv3 read finished A<BR> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]<BR> TLS_accept: SSLv3 write change cipher spec A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished<BR> TLS_accept: SSLv3 write finished A<BR> TLS_accept: SSLv3 flush data<BR> (other): SSL negotiation finished successfully<BR>SSL Connection Established<BR> eaptls_process returned 13<BR> rlm_eap_peap:
EAPTLS_HANDLED<BR> modcall[authenticate]: module "eap" returns handled for request 4<BR>modcall: leaving group authenticate (returns handled) for request 4<BR>Sending Access-Challenge of id 97 to 10.155.20.84 port 1028<BR> Reply-Message = "Hello"<BR> EAP-Message = 0x0105004119001403010001011603010030972d13c7c42d04d1e4749ae66d2232830dd90327e820cab5cd8d2733712e71315b05c41c9c6b934cae84a1b7f75804e1<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x218ad259b8a94329f3d37b7ee6d7afad<BR>Finished request 4<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 10.155.20.84:1028, id=98, length=173<BR> User-Name = "hhe123"<BR> NAS-IP-Address =
10.155.20.84<BR> NAS-Identifier = "AH-000030"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-00-31:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020500061900<BR> State = 0x218ad259b8a94329f3d37b7ee6d7afad<BR> Message-Authenticator = 0x95efe7dde77c253e487f9cfd6065f838<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 5<BR> modcall[authorize]: module "mschap" returns
noop for request 5<BR> rlm_eap: EAP packet type response id 5 length 6<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 5<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 5<BR>modcall: leaving group authorize (returns updated) for request 5<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 5<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Received EAP-TLS ACK message<BR> rlm_eap_tls: ack handshake is finished<BR> eaptls_verify returned 3<BR> eaptls_process returned
3<BR> rlm_eap_peap: EAPTLS_SUCCESS<BR> modcall[authenticate]: module "eap" returns handled for request 5<BR>modcall: leaving group authenticate (returns handled) for request 5<BR>Sending Access-Challenge of id 98 to 10.155.20.84 port 1028<BR> Reply-Message = "Hello"<BR> EAP-Message = 0x0106002b190017030100207f66e440788e3e4a186296309a4f1b5ebf1038927fa99eb61b7e63dfc7317b84<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x22cd9bd446d12f902e0ad6df5d148f89<BR>Finished request 5<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 10.155.20.84:1028, id=99, length=210<BR> User-Name = "hhe123"<BR> NAS-IP-Address =
10.155.20.84<BR> NAS-Identifier = "AH-000030"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-00-31:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x0206002b1900170301002062571e196c27b9966b1382edddbf0274e942305aff8893fc3cd152c500f726ea<BR> State = 0x22cd9bd446d12f902e0ad6df5d148f89<BR> Message-Authenticator = 0x82ae47e2cb4faa273ac7b648e4ec8383<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group
authorize for request 6<BR> modcall[authorize]: module "mschap" returns noop for request 6<BR> rlm_eap: EAP packet type response id 6 length 43<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 6<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 6<BR>modcall: leaving group authorize (returns updated) for request 6<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 6<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR> eaptls_verify returned 7<BR> rlm_eap_tls: Done initial handshake<BR>
eaptls_process returned 7<BR> rlm_eap_peap: EAPTLS_OK<BR> rlm_eap_peap: Session established. Decoding tunneled attributes.<BR> rlm_eap_peap: Identity - hhe123<BR> rlm_eap_peap: Tunneled data is valid.<BR> PEAP: Got tunneled EAP-Message<BR> EAP-Message = 0x0206000b01686865313233<BR> PEAP: Got tunneled identity of hhe123<BR> PEAP: Setting default EAP type for tunneled EAP session.<BR> PEAP: Setting User-Name to hhe123<BR> PEAP: Sending tunneled request<BR> EAP-Message = 0x0206000b01686865313233<BR> FreeRADIUS-Proxied-To = 127.0.0.1<BR> User-Name = "hhe123"<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 6<BR> modcall[authorize]: module "mschap" returns noop for request 6<BR>
rlm_eap: EAP packet type response id 6 length 11<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 6<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 6<BR>modcall: leaving group authorize (returns updated) for request 6<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 6<BR> rlm_eap: EAP Identity<BR> rlm_eap: processing type mschapv2<BR>rlm_eap_mschapv2: Issuing Challenge<BR> modcall[authenticate]: module "eap" returns handled for request 6<BR>modcall: leaving group authenticate (returns handled) for request 6<BR> PEAP: Got tunneled reply RADIUS code 11<BR> Reply-Message =
"Hello"<BR> EAP-Message = 0x010700201a0107001b10b91afa7dcc132d9d9a98ec6a4c1bdc97686865313233<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a<BR> PEAP: Processing from tunneled session code 0x81745d8 11<BR> Reply-Message = "Hello"<BR> EAP-Message = 0x010700201a0107001b10b91afa7dcc132d9d9a98ec6a4c1bdc97686865313233<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a<BR> PEAP: Got tunneled Access-Challenge<BR> modcall[authenticate]: module "eap" returns handled for request 6<BR>modcall: leaving group authenticate (returns handled) for request
6<BR>Sending Access-Challenge of id 99 to 10.155.20.84 port 1028<BR> Reply-Message = "Hello"<BR> EAP-Message = 0x0107004b190017030100409b40ceb2c423ae86e9f356b82858738088fead594577936681b8946ca687752bc90e31c2a093d94c7dfcd476e209191266ed9a8704f39b60e60a9892329909ad<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0xf80de75dd97216787da75df59dc75cd1<BR>Finished request 6<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 10.155.20.84:1028, id=100, length=210<BR> User-Name = "hhe123"<BR> NAS-IP-Address = 10.155.20.84<BR> NAS-Identifier = "AH-000030"<BR> NAS-Port =
0<BR> Called-Station-Id = "00-19-77-00-00-31:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x0207002b190017030100209775c3b3d2ccbe5e26098b568eecd9b52fbf38942c670989a3a473825f6088c7<BR> State = 0xf80de75dd97216787da75df59dc75cd1<BR> Message-Authenticator = 0xe8a7a3a8a613f72f9ae0b72243b3626a<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 7<BR> modcall[authorize]: module "mschap" returns noop for request 7<BR> rlm_eap: EAP packet type response id 7
length 43<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 7<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 7<BR>modcall: leaving group authorize (returns updated) for request 7<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 7<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR> eaptls_verify returned 7<BR> rlm_eap_tls: Done initial handshake<BR> eaptls_process returned 7<BR> rlm_eap_peap: EAPTLS_OK<BR> rlm_eap_peap: Session established. Decoding tunneled
attributes.<BR> rlm_eap_peap: EAP type nak<BR> rlm_eap_peap: Tunneled data is valid.<BR> PEAP: Got tunneled EAP-Message<BR> EAP-Message = 0x020700060320<BR> PEAP: Setting User-Name to hhe123<BR> PEAP: Adding old state with fd b9<BR> PEAP: Sending tunneled request<BR> EAP-Message = 0x020700060320<BR> FreeRADIUS-Proxied-To = 127.0.0.1<BR> User-Name = "hhe123"<BR> State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 7<BR> modcall[authorize]: module "mschap" returns noop for request 7<BR> rlm_eap: EAP packet type response id 7 length 6<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR>
modcall[authorize]: module "eap" returns updated for request 7<BR> users: Matched entry hhe123 at line 95<BR> modcall[authorize]: module "files" returns ok for request 7<BR>modcall: leaving group authorize (returns updated) for request 7<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 7<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP NAK<BR> rlm_eap: NAK asked for bad type 32<BR> rlm_eap: Failed in EAP select<BR> modcall[authenticate]: module "eap" returns invalid for request 7<BR>modcall: leaving group authenticate (returns invalid) for request 7<BR>auth: Failed to validate the user.<BR> PEAP: Got tunneled reply RADIUS code 3<BR> Reply-Message = "Hello"<BR> EAP-Message =
0x04070004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> PEAP: Processing from tunneled session code 0x8163440 3<BR> Reply-Message = "Hello"<BR> EAP-Message = 0x04070004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> PEAP: Tunneled authentication was rejected.<BR> rlm_eap_peap: FAILURE<BR> modcall[authenticate]: module "eap" returns handled for request 7<BR>modcall: leaving group authenticate (returns handled) for request 7<BR>Sending Access-Challenge of id 100 to 10.155.20.84 port 1028<BR> Reply-Message = "Hello"<BR> EAP-Message =
0x0108002b190017030100201de3831a7f2125c2ec88dedc5dbee21a24e23e625e1371f27bdab38d63f4568e<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0xe001231019ae6ca94a0f00f7fc2da77b<BR>Finished request 7<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 10.155.20.84:1028, id=101, length=210<BR> User-Name = "hhe123"<BR> NAS-IP-Address = 10.155.20.84<BR> NAS-Identifier = "AH-000030"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-00-31:hhe"<BR> Calling-Station-Id = "00-19-E0-80-A5-5A"<BR> Framed-MTU =
1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x0208002b19001703010020ca0014dd22e8f82e4820bb23d6b91f570d81a30691975f99827e71e2596d4145<BR> State = 0xe001231019ae6ca94a0f00f7fc2da77b<BR> Message-Authenticator = 0x3fab705ee35081dfacb8bd2bc1cf65c2<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 8<BR> modcall[authorize]: module "mschap" returns noop for request 8<BR> rlm_eap: EAP packet type response id 8 length 43<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 8<BR> users: Matched entry hhe123 at line 95<BR>
modcall[authorize]: module "files" returns ok for request 8<BR>modcall: leaving group authorize (returns updated) for request 8<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 8<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR> eaptls_verify returned 7<BR> rlm_eap_tls: Done initial handshake<BR> eaptls_process returned 7<BR> rlm_eap_peap: EAPTLS_OK<BR> rlm_eap_peap: Session established. Decoding tunneled attributes.<BR> rlm_eap_peap: Received EAP-TLV response.<BR> rlm_eap_peap: Tunneled data is valid.<BR> rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.<BR> rlm_eap: Handler
failed in EAP/peap<BR> rlm_eap: Failed in EAP select<BR> modcall[authenticate]: module "eap" returns invalid for request 8<BR>modcall: leaving group authenticate (returns invalid) for request 8<BR>auth: Failed to validate the user.<BR>Sending Access-Reject of id 101 to 10.155.20.84 port 1028<BR> EAP-Message = 0x04080004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> Reply-Message = "Hello"<BR>Finished request 8</div> <div> </div> <div> </div> <div>-John</div> <div> </div><p>
<hr size=1><a href="http://cn.mail.yahoo.com/gc/index.html?entry=5&souce=mail_mailletter_tagline">ÑÅ»¢ÓÊÏä´«µÝÐÂÄê×£¸££¬¸öÐԺؿ¨ËÍÇ×Åó£¡</a>