Hi,<div><br></div><div>I have configurated a freeradius server using MySql authentication. When i run "radtest" i get a succefull response:</div><div><br></div><div>rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209, length=59</div>
<div><span style="white-space:pre"> </span>User-Name = "sqltest"</div><div><span style="white-space:pre"> </span>User-Password = "testpwd"</div><div><span style="white-space:pre"> </span>NAS-IP-Address = 127.0.1.1</div>
<div><span style="white-space:pre"> </span>NAS-Port = 1812</div><div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div>
<div>[suffix] No '@' in User-Name = "sqltest", looking up realm NULL</div><div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] No EAP-Message, not doing EAP</div>
<div>++[eap] returns noop</div><div>++[unix] returns notfound</div><div>++[files] returns noop</div><div><span style="white-space:pre"> </span>expand: %{User-Name} -> sqltest</div><div>[sql] sql_set_user escaped user --> 'sqltest'</div>
<div>rlm_sql (sql): Reserving sql socket id: 3</div><div><span style="white-space:pre"> </span>expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id</div>
<div>[sql] User found in radcheck table</div><div><span style="white-space:pre"> </span>expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id</div>
<div><span style="white-space:pre"> </span>expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority</div>
<div>rlm_sql (sql): Released sql socket id: 3</div><div>++[sql] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>++[pap] returns updated</div><div>Found Auth-Type = PAP</div>
<div>+- entering group PAP {...}</div><div>[pap] login attempt with password "testpwd"</div><div>[pap] Using clear text password "testpwd"</div><div>[pap] User authenticated successfully</div><div>++[pap] returns ok</div>
<div>+- entering group post-auth {...}</div><div>++[exec] returns noop</div><div>Sending Access-Accept of id 209 to 127.0.0.1 port 45562</div><div>Finished request 20.</div><div>Going to the next request </div><div><br></div>
<div>Now i have configurated a windows supplicant, when i enter the credentials for login from the suplicant pc, the radius server always sends a rejected response in the servers terminal(i have freeradius over debug mode to se all the messages), this is what i get:</div>
<div><br></div><div><div>Waking up in 4.9 seconds.</div><div>rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0, length=139</div><div>Cleaning up request 18 ID 0 with timestamp +502</div><div><span style="white-space:pre"> </span>User-Name = "sqltest"</div>
<div><span style="white-space:pre"> </span>NAS-IP-Address = 192.168.1.4</div><div><span style="white-space:pre"> </span>Called-Station-Id = "00226b81bae1"</div><div>
<span style="white-space:pre"> </span>Calling-Station-Id = "002369764cef"</div><div><span style="white-space:pre"> </span>NAS-Identifier = "00226b81bae1"</div>
<div><span style="white-space:pre"> </span>NAS-Port = 21</div><div><span style="white-space:pre"> </span>Framed-MTU = 1400</div><div><span style="white-space:pre"> </span>State = 0x5589d8c55588dc92d29bccd07151cb7c</div>
<div><span style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div><div><span style="white-space:pre"> </span>EAP-Message = 0x020100060319</div><div><span style="white-space:pre"> </span>Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[suffix] No '@' in User-Name = "sqltest", looking up realm NULL</div>
<div>[suffix] No such realm "NULL"</div><div>++[suffix] returns noop</div><div>[eap] EAP packet type response id 1 length 6</div><div>[eap] No EAP Start, assuming it's an on-going EAP conversation</div><div>
++[eap] returns updated</div><div>++[unix] returns notfound</div><div>++[files] returns noop</div><div><span style="white-space:pre"> </span>expand: %{User-Name} -> sqltest</div><div>[sql] sql_set_user escaped user --> 'sqltest'</div>
<div>rlm_sql (sql): Reserving sql socket id: 4</div><div><span style="white-space:pre"> </span>expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id</div>
<div>[sql] User found in radcheck table</div><div><span style="white-space:pre"> </span>expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id</div>
<div><span style="white-space:pre"> </span>expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority</div>
<div>rlm_sql (sql): Released sql socket id: 4</div><div>++[sql] returns ok</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] Found existing Auth-Type, not changing it.</div><div>++[pap] returns noop</div>
<div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP NAK</div><div>[eap] NAK asked for unsupported type 25</div><div>[eap] No common EAP types found.</div>
<div>[eap] Failed in EAP select</div><div>++[eap] returns invalid</div><div>Failed to authenticate the user.</div><div>Using Post-Auth-Type Reject</div><div>+- entering group REJECT {...}</div><div><span style="white-space:pre"> </span>expand: %{User-Name} -> sqltest</div>
<div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 19 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div>
<div>Sending delayed reject for request 19</div><div>Sending Access-Reject of id 0 to 192.168.1.4 port 3666</div><div><span style="white-space:pre"> </span>EAP-Message = 0x04010004</div><div><span style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div>
<div>Waking up in 4.9 seconds.</div><div>Cleaning up request 19 ID 0 with timestamp +502</div><div>Ready to process requests.</div><div><br></div><div>As i can see the error is located here:</div><div><br></div><div><div>
Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP NAK</div><div>[eap] NAK asked for unsupported type 25</div><div>[eap] No common EAP types found.</div>
<div>[eap] Failed in EAP select</div><div><br></div><div>when the windows suppllicant tryes to access the server found an EAP authentication..that from some reason fails, when i do a "radtest" the the server tells:</div>
<div><br></div><div><div>Found Auth-Type = PAP</div><div>+- entering group PAP {...}</div><div>[pap] login attempt with password "testpwd"</div><div>[pap] Using clear text password "testpwd"</div><div>
[pap] User authenticated successfully</div><div><br></div><div>I have configurated the windows client as recomended over in wiki.<a href="http://freeradius.org" target="_blank">freeradius.org</a> site</div><div><br></div>
<div>Any idea?</div><div><br></div><div>Cheers</div></div></div></div>