<DIV> EAP/MD5 with mysql authentication failed</DIV>
<DIV> </DIV>
<DIV>My running environment is freeraius-2.1.3 and mysql-5.0.37. </DIV>
<DIV>The authentication type is EAP/MD5. It's running well with individual 'user' file, however, If I enable the sql optioal, it rejects with '[eap]<BR>Handler failed in EAP/md5'. The mysql module was loaded success and could connected with my database.</DIV>
<DIV> </DIV>
<DIV>It could authorized in freeradius-1.0.5 and freeradius-1.1.7 with mysql, but failed in freeradius-2.1.3.</DIV>
<DIV> </DIV>
<DIV>I paste my mainly configuration file and debug information below.<BR>Thanks for your help!</DIV>
<DIV> </DIV>
<DIV>IN radius.conf<BR>----------------------<BR>$INCLUDE sql.conf</DIV>
<DIV> </DIV>
<DIV>IN sql.conf<BR>----------------------<BR>server = "localhost"<BR>port = 3306<BR>login = "radius"<BR>password = "radius"</DIV>
<DIV> </DIV>
<DIV>IN sites-enabled/inner-tunnel<BR>----------------------<BR>authorize {<BR>eap {<BR> ok = return<BR> }<BR>files<BR>sql<BR>expiration<BR>logintime<BR>}</DIV>
<DIV> </DIV>
<DIV>authenticate {<BR>eap<BR>}</DIV>
<DIV> </DIV>
<DIV>IN eap.conf<BR>----------------------<BR>eap {<BR>default_eap_type = md5<BR>timer_expire = 60<BR>ignore_unknown_eap_types = no<BR> max_sessions = 2048<BR>md5 {<BR>}<BR>}</DIV>
<DIV> </DIV>
<DIV>IN user<BR>----------------------<BR>DEFAULT Auth-Type := EAP<BR> Fall-Through = 1</DIV>
<DIV> </DIV>
<DIV>IN radcheck table<BR>----------------------<BR>mysql> select * from radcheck;<BR>+----+----------+--------------------+----+-------+<BR>| id | username | attribute | op | value |<BR>+----+----------+--------------------+----+-------+<BR>| 1 | test | Cleartext-Password | := | test | </DIV>
<DIV><BR>IN radreply table<BR>----------------------<BR>mysql> select * from radreply;<BR>+----+----------+-------------------+----+---------------+<BR>| id | username | attribute | op | value |<BR>+----+----------+-------------------+----+---------------+<BR>| 1 | test | Framed-IP-Address | := | 192.168.1.55 | </DIV>
<DIV> </DIV>
<DIV>DEBUG information</DIV>
<DIV>----------------------<BR>-----------Ready to process requests.<BR>rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=0, length=142<BR> User-Name = "test"<BR> NAS-IP-Address = 192.168.1.7<BR> NAS-Port = 0<BR> Called-Station-Id = "00-0F-1E-51-00-04:"<BR> Calling-Station-Id = "00-13-D7-20-00-90"<BR> Framed-MTU = 1400<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020000090174657374<BR> Message-Authenticator = 0xbfed0ae2dd3f0b2a36fe1a88cbd3569d<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "test", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 0 length 9<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>++[unix] returns notfound<BR>[files] users: Matched entry DEFAULT at line 144<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<BR>++[pap] returns noop<BR>Found Auth-Type = EAP<BR>+- entering group authenticate {...}<BR>[eap] EAP Identity<BR>[eap] processing type md5<BR>rlm_eap_md5: Issuing Challenge<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 0 to 192.168.1.7 port 1024<BR> EAP-Message = 0x01010016041095e48ee00d7d5ecc1639d149c9aa7283<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x40ca4f4d40cb4b4734e42cbd94a7636b<BR>Finished request 0.<BR>Going to the next request<BR>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=1, length=173<BR> User-Name = "test"<BR> NAS-IP-Address = 192.168.1.7<BR> NAS-Port = 0<BR> Called-Station-Id = "00-0F-1E-51-00-04:"<BR> Calling-Station-Id = "00-13-D7-20-00-90"<BR> Framed-MTU = 1400<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020100160410f34f8c1c140e4f4b3846e691a7aa2175<BR> State = 0x40ca4f4d40cb4b4734e42cbd94a7636b<BR> Message-Authenticator = 0xa9e8279e3d299800129cc25ad426acce<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "test", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 1 length 22<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>++[unix] returns notfound<BR>[files] users: Matched entry DEFAULT at line 144<BR>++[files] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<BR>++[pap] returns noop<BR>Found Auth-Type = EAP<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/md5<BR>[eap] processing type md5<BR>rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication<BR>[eap] Handler failed in EAP/md5<BR>[eap] Failed in EAP select<BR>++[eap] returns invalid<BR>Failed to authenticate the user.<BR>Using Post-Auth-Type Reject<BR>+- entering group REJECT {...}<BR>[attr_filter.access_reject] expand: %{User-Name} -> test<BR> attr_filter: Matched entry DEFAULT at line 11<BR>++[attr_filter.access_reject] returns updated<BR>Delaying reject of request 1 for 1 seconds<BR>Going to the next request<BR>Waking up in 0.9 seconds.<BR>Sending delayed reject for request 1<BR>Sending Access-Reject of id 1 to 192.168.1.7 port 1024<BR> EAP-Message = 0x04010004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR>Waking up in 3.9 seconds.-----------<BR></DIV>
<DIV> </DIV><br><!-- footer --><br>
<hr>
<font style="font-size:12px;line-height:15px;">[¹ã¸æ] </font><font style="font-size:12px;line-height:15px;">Öؽ± </font><a style="font-size:12px;line-height:15px; color:blue; text-decoration:underline;" href="http://popme.163.com/link/004584_1120_7027.html">ÐüÉÍkfc3v3 ÇòÒÂ</a>