<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Hi All,<br>
<br>
I am new to Radius Servers and have a Project to get Radius Server
configured in the organization for authenticating users through an
Access Point which is based on Mikrotik. I have setup freeradius
(version 1.0.1) server and have defined a user in the "users" file.
When I test the configuration using the "radtest" command, it works
fine and says "Access-Accept". However, when I try to authentcate the
user through the access point, I am prompted for Username and Password
at the client, but Debug mode on radius server shows "request
rejected". It says "no User-Password attribute". (However, the the
debug mode is showing correct Username as entered from the client)<br>
<br>
I checked lot of Forums, but none of the solutions worked for me. I
have stored user password in clear-text in the users file. Also, I am
not using any certificate (TLS) in the setup.<br>
<br>
The confiurations are as follows:<br>
<br>
<br>
<big><u><b>Radius Server:</b></u></big><br>
##################################################################################<br>
<font color="#cc0000"><u><b>radiusd.conf:</b></u></font><br>
##################################################################################<br>
<b><u>modules</u></b>{<br>
<br>
pap {<br>
encryption_scheme = clear<br>
}<br>
pap md5{<br>
encryption_scheme = md5<br>
}<br>
<br>
}<br>
<br>
chap {<br>
authtype = CHAP<br>
}<br>
<br>
$INCLUDE ${confdir}/eap.conf<br>
<br>
mschap {<br>
authtype = MS-CHAP<br>
}<br>
<br>
<u><b>authenticate</b></u><br>
{<br>
eap<br>
}<br>
<br>
<u><b>authorize</b></u><br>
{<br>
preprocess<br>
eap<br>
files<br>
}<br>
<br>
##################################################################################<br>
<br>
<br>
##################################################################################<br>
<font color="#cc0000"><u><b>eap.conf</b></u></font><br>
##################################################################################<br>
<br>
eap {<br>
default_eap_type = mschapv2<br>
mschapv2 {<br>
Auth-Type = PAP<br>
}<br>
}<br>
<br>
##################################################################################<br>
<font color="#cc0000"><u><b>users</b></u></font><br>
##################################################################################<br>
<br>
"radtest1" Cleartext-Password == "password"<br>
<br>
#(also tried User-Password instead of Cleartext-password, but no luck
!!)<br>
##################################################################################<br>
<font color="#990000"><u><b>clients.conf</b></u></font><br>
##################################################################################<br>
<br>
client 192.168.xxx.xxx {<br>
secret = test<br>
shortname = private-network<br>
nastype = other<br>
}<br>
<br>
<br>
##################################################################################<br>
##################################################################################<br>
<big><u><b>Access Point Configuration:</b></u></big><br>
##################################################################################<br>
<br>
Network Authentication: WPA with Radius<br>
Data Encryption: TKIP<br>
<br>
<br>
Have given Radius Server IP, Port and shared key(Which is same as
mentioned in clients.conf)<br>
<br>
<br>
##################################################################################<br>
<big><u><b>Client Machine Configuration:</b></u></big><br>
##################################################################################<br>
<br>
<br>
The client machine is a Windows Vista OS, and have the following
configurations for Wireless Network:<br>
Security Type: WPA-Enterprise<br>
Encryption: TKIP<br>
<br>
Authentication Method: PEAP (Secured Password MSCHAPv2)<br>
<br>
##################################################################################<br>
<br>
<big><u><b>Debug mode of Radius Server says this:</b></u></big><br>
<br>
<br>
User-Name = "radtest1"<br>
NAS-IP-Address = 192.168.1.254<br>
NAS-Port = 0<br>
Called-Station-Id = "00-21-DE-00-17-B2:Wireless1"<br>
Calling-Station-Id = "00-19-D2-AD-4A-BF"<br>
Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br>
Connect-Info = "CONNECT 11Mbps 802.11b"<br>
EAP-Message = 0x0201000d017261647465737431<br>
Message-Authenticator = 0x2376aab3c18a8a9cbe0320fc1add824a<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 6<br>
modcall[authorize]: module "preprocess" returns ok for request 6<br>
rlm_eap: EAP packet type response id 1 length 13<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 6<br>
users: Matched radtest1 at 100<br>
modcall[authorize]: module "files" returns ok for request 6<br>
modcall: group authorize returns updated for request 6<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 6<br>
rlm_eap: EAP Identity<br>
rlm_eap: processing type mschapv2<br>
rlm_eap_mschapv2: Issuing Challenge<br>
modcall[authenticate]: module "eap" returns handled for request 6<br>
modcall: group authenticate returns handled for request 6<br>
Sending Access-Challenge of id 0 to 192.168.104.168:3111<br>
EAP-Message =
0x010200221a0102001d10f60a0398e4f61c9beba89b3dbcefde677261647465737431<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xc02709d0e2c702124f02a4d451d0a59d<br>
Finished request 6<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 6 seconds...<br>
rad_recv: Access-Request packet from host 192.168.104.168:3111, id=0,
length=159<br>
Sending duplicate reply to client private-network:3111 - ID: 0<br>
Re-sending Access-Challenge of id 0 to 192.168.104.168:3111<br>
--- Walking the entire request list ---<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
Would appreciate if someone could suggest me the resolution for the
problem. ALso, if someone can get me a working copy of freeradius
server with Mikrotik (or otherwise Linksys) Access Point, it would be
of great help.<br>
<br>
<br>
Thanks and Regards,<br>
SaN<br>
<a class="moz-txt-link-abbreviated" href="mailto:sankalpk@tulip.net">sankalpk@tulip.net</a><br>
<br>
<br>
<br>
<br>
<br>
<br>
DISCLAIMER: This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may containconfidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. The recipient acknowledges that Tulip Telecom Limited is unable to exercise control or ensure or guarantee the integrity of/overthe contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of Tulip Telecom Limited. Before opening any attachments please check them for viruses!
and defects.
<br>
</body>
</html>