Hello guys,<br>allways problems to convert EAP to non EAP requests. I try to do what those who helped me without succes. Is anybody could help me to understand how it works before I become crasy ?<br><span style="font-family: arial black,sans-serif;"><br>
<br>This is my configuration files:<br>
</span><br>
<b>clients.conf</b><br>client 192.168.0.250 {<br> secret = lrnp2tlm<br> shortname = AP1<br>}<br><b>proxy.conf<br></b>realm jack {<br> authhost = <a href="http://192.168.0.252:1812">192.168.0.252:1812</a><br>
accthost = <a href="http://192.168.0.252:1813">192.168.0.252:1813</a><br> secret = lrnp2tlm<br>}<br><b>eap.conf</b><br>default_eap_type = md5 (or peap - see tryings)<br>...<br>peap {<br> default_eap_type = mschapv2<br>
copy_request_to_tunnel = yes <i>(or no, i don't see any difference)</i><br> use_tunneled_reply = yes <i>(or no, i don't see any difference)</i><br> proxy_tunneled_request_as_eap = no<br>
virtual_server = "inner-tunnel"<br> }<br><br><b>users</b><br>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := jack<br><br><b>sites-enabled/default and sites-enabled/inner-tunnel</b><br>
some tryings with or without suffix (see tryings later)<br><br><br><span style="font-family: arial black,sans-serif;">That is what i have when "default_eap_type = peap" in eap.conf and suffix commented<br></span><br>
rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=26, length=239<br> Acct-Session-Id = "1f15e604-0000006e"<br> NAS-Port = 111<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br>
NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br> User-Name = "test@jack"<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br> Called-Station-Id = "00-0F-61-FE-EF-D2"<br>
Service-Type = Framed-User<br> EAP-Message = 0x0202000e0174657374406a61636b<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br> Message-Authenticator = 0x62375f6948b6efde2a86ec186367ca77<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>
++[mschap] returns noop<br>[suffix] Looking up realm "jack" for User-Name = "test@jack"<br>[suffix] Found realm "jack"<br>[suffix] Adding Stripped-User-Name = "test"<br>[suffix] Adding Realm = "jack"<br>
[suffix] Proxying request from user test to realm jack<br>[suffix] Preparing to proxy authentication request to realm "jack"<br>++[suffix] returns updated<br>[eap] Request is supposed to be proxied to Realm jack. Not doing EAP.<br>
++[eap] returns noop<br>++[unix] returns notfound<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns noop<br> WARNING: Empty section. Using default return values.<br>
Sending Access-Request of id 43 to 192.168.0.252 port 1812<br> Acct-Session-Id = "1f15e604-0000006e"<br> NAS-Port = 111<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br>
NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br> User-Name = "test"<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br> Called-Station-Id = "00-0F-61-FE-EF-D2"<br>
Service-Type = Framed-User<br> EAP-Message = 0x0202000e0174657374406a61636b<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br> Proxy-State = 0x3236<br><br><span style="font-family: arial black,sans-serif;"><br>
</span><span style="font-family: arial black,sans-serif;">That is what i have when "default_eap_type = peap" in eap.conf and suffix commented<br></span>rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=195, length=387<br>
Acct-Session-Id = "1f15e604-00000067"<br> NAS-Port = 104<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br> NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br>
User-Name = "test@jack"<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br> Called-Station-Id = "00-0F-61-FE-EF-D2"<br> Service-Type = Framed-User<br> EAP-Message = 0x02c30090190017030100206ef157f1edb209ced6df7284ef870774d1adc808c2f7393a443abde91a4eb99017030100607d4d8d08c8c680d2d06afc57337fa4cce547e386b98106b6c80393c7d131a1279fe2d7a2db1721c7df77a9eaf71cf2a3cad712f2e48dabd36454632ea81428c537a746ae38f08546d6f06766fe8574365a5f87f3689cbde6763580e173ef60ce<br>
State = 0x939ea92a945db03a6035c51f15a10082<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br> Message-Authenticator = 0x89e1bcd7e7ce60181bdb737896d18bbe<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>
++[mschap] returns noop<br>[eap] EAP packet type response id 195 length 144<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>
[peap] EAP type mschapv2<br>[peap] Got tunneled request<br> EAP-Message = 0x02c3004b1a02c300463160397ae5a1c3f5a575162355af3a810a00000000000000001c9fc0b11ba69c8647aef4a10cc29ffece47522c5bc98e94006a6163717565732e6e65745c74657374<br>
server {<br> PEAP: Setting User-Name to <a href="http://jacques.net">jacques.net</a>\test<br>Sending tunneled request<br> EAP-Message = 0x02c3004b1a02c300463160397ae5a1c3f5a575162355af3a810a00000000000000001c9fc0b11ba69c8647aef4a10cc29ffece47522c5bc98e94006a6163717565732e6e65745c74657374<br>
FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "<a href="http://jacques.net">jacques.net</a>\\test"<br> State = 0xfbacdee0fb6fc428f0638ecd3474d47e<br> Acct-Session-Id = "1f15e604-00000067"<br>
NAS-Port = 104<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br> NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br>
Called-Station-Id = "00-0F-61-FE-EF-D2"<br> Service-Type = Framed-User<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>
++[control] returns notfound<br>[eap] Request is supposed to be proxied to Realm jack. Not doing EAP.<br>++[eap] returns noop<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>
++[logintime] returns noop<br>++[pap] returns noop<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 0<br> PEAP: Calling authenticate in order to initiate tunneled EAP session.<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/mschapv2<br>[eap] processing type mschapv2<br>[eap] Not-EAP proxy set. Not composing EAP<br>++[eap] returns handled<br> PEAP: Tunneled authentication will be proxied to jack<br>
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.<br>[eap] Tunneled session will be proxied. Not doing EAP.<br>++[eap] returns handled<br> WARNING: Empty section. Using default return values.<br>ERROR: Failed to create a new socket for proxying requests.<br>
ERROR: Failed inserting request into proxy hash.<br>ERROR: Failed to proxy request 8<br>There was no response configured: rejecting request 8<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> test@jack<br>
attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 8 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 8<br>
Sending Access-Reject of id 195 to 192.168.0.250 port 32769<br>Waking up in 3.5 seconds.<br>^C<br><br><span style="font-family: arial black,sans-serif;">That is what i have when "default_eap_type = mschapv2" in eap.conf</span><br>
rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=4, length=387<br> Acct-Session-Id = "1f15e604-00000062"<br> NAS-Port = 99<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br>
NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br> User-Name = "test@jack"<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br> Called-Station-Id = "00-0F-61-FE-EF-D2"<br>
Service-Type = Framed-User<br> EAP-Message = 0x029c009019001703010020386a87a32d54ce789a58bf0797c8fec2146cab40657d2844f3c669d3ff74437317030100604ab4dde3619f7b2e4b7d8813d7bb491f9cda910d8d648759b9214dba32a2247c5fa5d7341f8f0c61150144b29e4d7d0a05d0afd057ceb43f5bfc81d8ae6b6028063bd44616c025592dbf694424da9e1420d26b07b6a3fd76ac3cba16a8cdc7fe<br>
State = 0x9495ab219309b2f8e681988bdb8e38dd<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br> Message-Authenticator = 0x4e5c523271e20690afa7deb40b198fc6<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>
++[mschap] returns noop<br>[eap] EAP packet type response id 156 length 144<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>
[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>
[peap] EAP type mschapv2<br>[peap] Got tunneled request<br> EAP-Message = 0x029c004b1a029c0046311d53cb59aa4d9b9b1bcbe6b548560779000000000000000037033132aa97f5429493f665e083a7691d6524037460f7a8006a6163717565732e6e65745c74657374<br>
server {<br> PEAP: Setting User-Name to <a href="http://jacques.net">jacques.net</a>\test<br>Sending tunneled request<br> EAP-Message = 0x029c004b1a029c0046311d53cb59aa4d9b9b1bcbe6b548560779000000000000000037033132aa97f5429493f665e083a7691d6524037460f7a8006a6163717565732e6e65745c74657374<br>
FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "<a href="http://jacques.net">jacques.net</a>\\test"<br> State = 0x25cd979825518d94ace7ecd0c04358cd<br> Acct-Session-Id = "1f15e604-00000062"<br>
NAS-Port = 99<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "AP1"<br> NAS-IP-Address = 192.168.0.250<br> Framed-MTU = 1496<br> Calling-Station-Id = "00-13-02-C4-80-4C"<br>
Called-Station-Id = "00-0F-61-FE-EF-D2"<br> Service-Type = Framed-User<br> Colubris-AVPair = "ssid=test2"<br> Colubris-AVPair = "vsc-unique-id=3"<br> Colubris-AVPair = "phytype=IEEE802dot11g"<br>
Colubris-Attr-250 = 0x00000000<br> Colubris-Attr-249 = 0x00000000<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>
++[control] returns notfound<br>[eap] Request is supposed to be proxied to Realm jack. Not doing EAP.<br>++[eap] returns noop<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>
++[logintime] returns noop<br>++[pap] returns noop<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 0<br> PEAP: Calling authenticate in order to initiate tunneled EAP session.<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/mschapv2<br>[eap] processing type mschapv2<br>[eap] Not-EAP proxy set. Not composing EAP<br>++[eap] returns handled<br> PEAP: Tunneled authentication will be proxied to jack<br>
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.<br>[eap] Tunneled session will be proxied. Not doing EAP.<br>++[eap] returns handled<br> WARNING: Empty section. Using default return values.<br>ERROR: Failed to create a new socket for proxying requests.<br>
ERROR: Failed inserting request into proxy hash.<br>ERROR: Failed to proxy request 8<br><br>