Hi All,<br clear="all"><br>I have a proxy setup ( proxy server 192.168.6.134) where users are proxied to home server (192.168.7.40).<br><div>Host IP address = 192.168.6.181</div><div>FreeRADIUS version 2.1.9</div><br>User authentication using radclient works fine when I issue following command<br>
<div><br></div><div>echo "User-Name=<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>,Password=pass123" | radclient 192.168.6.134 auth testing123<br></div><br>I get following response on my proxy server<br>
<br>rad_recv: Access-Accept packet from host 192.168.7.40 port 1812, id=104, length=68<br> Proxy-State = 0x3737<br> Framed-Protocol = PPP<br> Service-Type = Framed-User<br> Class = 0x52a505b1000001370001c0a8072801cb4d87ddbf246a0000000000000016<br>
<br>I try the same test to work out with EAP using following command:<br><br>echo "User-Name=<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>,Password=pass123,EAP-Code=Response,EAP-Id=210,EAP-Type-Identity=<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>" | radeapclient -x 192.168.6.134 auth testing123<br>
<br>I see following output on proxy server:<br><br>rad_recv: Access-Request packet from host 192.168.6.181 port 32771, id=108, length=107<br> User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br>
User-Password = "pass123"<br> EAP-Message = 0x02d2001a0172616475736572406e65766973746573742e636f6d<br> Message-Authenticator = 0xe61561c7667d60c2fbc37709b16e8193<br>Mon Sep 6 06:48:30 2010 : Info: +- entering group authorize {...}<br>
Mon Sep 6 06:48:30 2010 : Info: ++[preprocess] returns ok<br>Mon Sep 6 06:48:30 2010 : Info: ++[chap] returns noop<br>Mon Sep 6 06:48:30 2010 : Info: ++[mschap] returns noop<br>Mon Sep 6 06:48:30 2010 : Info: [suffix] Looking up realm "<a href="http://mytest.com">mytest.com</a>" for User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br>
Mon Sep 6 06:48:30 2010 : Info: [suffix] Found realm "<a href="http://mytest.com">mytest.com</a>"<br>Mon Sep 6 06:48:30 2010 : Info: [suffix] Adding Stripped-User-Name = "raduser"<br>Mon Sep 6 06:48:30 2010 : Info: [suffix] Adding Realm = "<a href="http://mytest.com">mytest.com</a>"<br>
Mon Sep 6 06:48:30 2010 : Info: [suffix] Proxying request from user raduser to realm <a href="http://mytest.com">mytest.com</a><br>Mon Sep 6 06:48:30 2010 : Info: [suffix] Preparing to proxy authentication request to realm "<a href="http://mytest.com">mytest.com</a>"<br>
Mon Sep 6 06:48:30 2010 : Info: ++[suffix] returns updated<br>Mon Sep 6 06:48:30 2010 : Info: [eap] Request is supposed to be proxied to Realm <a href="http://mytest.com">mytest.com</a>. Not doing EAP.<br>Mon Sep 6 06:48:30 2010 : Info: ++[eap] returns noop<br>
Mon Sep 6 06:48:30 2010 : Info: ++[unix] returns notfound<br>Mon Sep 6 06:48:30 2010 : Info: [files] users: Matched entry DEFAULT at line 195<br>Mon Sep 6 06:48:30 2010 : Info: [files] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>
Mon Sep 6 06:48:30 2010 : Info: ++[files] returns ok<br>Mon Sep 6 06:48:30 2010 : Info: ++[expiration] returns noop<br>Mon Sep 6 06:48:30 2010 : Info: ++[logintime] returns noop<br>Mon Sep 6 06:48:30 2010 : Info: ++[pap] returns noop<br>
Mon Sep 6 06:48:30 2010 : Info: WARNING: Empty pre-proxy section. Using default return values.<br><br>Mon Sep 6 06:48:30 2010 : Info: Proxying request 0 to home server 192.168.7.40 port 1812<br>Sending Access-Request of id 40 to 192.168.7.40 port 1812<br>
User-Name = "raduser"<br> User-Password = "pass123"<br> EAP-Message = 0x02d2001a0172616475736572406e65766973746573742e636f6d<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
NAS-IP-Address = 192.168.6.181<br> Proxy-State = 0x313038<br>Mon Sep 6 06:48:30 2010 : Debug: Going to the next request<br>Mon Sep 6 06:48:30 2010 : Debug: Waking up in 0.9 seconds.<br>rad_recv: Access-Accept packet from host 192.168.7.40 port 1812, id=40, length=69<br>
Proxy-State = 0x313038<br> Framed-Protocol = PPP<br> Service-Type = Framed-User<br> Class = 0x52a605b2000001370001c0a8072801cb4d87ddbf246a0000000000000017<br>Mon Sep 6 06:48:30 2010 : Info: +- entering group post-proxy {...}<br>
Mon Sep 6 06:48:30 2010 : Info: [force_username] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>Mon Sep 6 06:48:30 2010 : Debug: force_username: Added attribute User-Name with value '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br>
Mon Sep 6 06:48:30 2010 : Info: ++[force_username] returns ok<br>Mon Sep 6 06:48:30 2010 : Info: [eap] No pre-existing handler found<br>Mon Sep 6 06:48:30 2010 : Info: ++[eap] returns noop<br>Mon Sep 6 06:48:30 2010 : Info: Found Auth-Type = Accept<br>
Mon Sep 6 06:48:30 2010 : Info: Auth-Type = Accept, accepting the user<br>Mon Sep 6 06:48:30 2010 : Info: +- entering group post-auth {...}<br>Mon Sep 6 06:48:30 2010 : Info: ++[exec] returns noop<br>Sending Access-Accept of id 108 to 192.168.6.181 port 32771<br>
Framed-Protocol = PPP<br> Service-Type = Framed-User<br> Class = 0x52a605b2000001370001c0a8072801cb4d87ddbf246a0000000000000017<br> User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br>
<br><br>When I use eapol_test client to using following command:<br>eapol_test -c /tmp/eapol.conf -a 192.168.6.134 -p 1812 -s testing123 -r 1<br><br>eapol.conf is as follows<br>network={<br> key_mgmt=NONE<br>
eap=MD5<br> identity="<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br> password="pass123"<br>}<br><br>I see following output on my proxy server:<br><br>Mon Sep 6 06:53:49 2010 : Info: Proxying request 0 to home server 192.168.7.40 port 1812<br>
Sending Access-Request of id 166 to 192.168.7.40 port 1812<br> User-Name = "raduser"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0200001a0172616475736572406e65766973746573742e636f6d<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
Proxy-State = 0x30<br>Mon Sep 6 06:53:49 2010 : Debug: Going to the next request<br>Mon Sep 6 06:53:49 2010 : Debug: Waking up in 0.9 seconds.<br>rad_recv: Access-Challenge packet from host 192.168.7.40 port 1812, id=166, length=109<br>
Proxy-State = 0x30<br> Session-Timeout = 6<br> EAP-Message = 0x0101002304101f3bc497bfe2cfaf507a66218e4dcb01524f4f54544553544c41424144<br> State = 0x1a2902ae000001370001c0a8072800000003235c233800<br>
Message-Authenticator = 0x467eeb430357cbddf194719353853d80<br>Mon Sep 6 06:53:49 2010 : Info: +- entering group post-proxy {...}<br>Mon Sep 6 06:53:49 2010 : Info: [force_username] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>
Mon Sep 6 06:53:49 2010 : Debug: force_username: Added attribute User-Name with value '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br>Mon Sep 6 06:53:49 2010 : Info: ++[force_username] returns ok<br>
Mon Sep 6 06:53:49 2010 : Info: [eap] No pre-existing handler found<br>Mon Sep 6 06:53:49 2010 : Info: ++[eap] returns noop<br>Sending Access-Challenge of id 0 to 192.168.6.181 port 32771<br> Session-Timeout = 6<br>
EAP-Message = 0x0101002304101f3bc497bfe2cfaf507a66218e4dcb01524f4f54544553544c41424144<br> State = 0x1a2902ae000001370001c0a8072800000003235c233800<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br>Mon Sep 6 06:53:49 2010 : Info: Finished request 0.<br>Mon Sep 6 06:53:49 2010 : Debug: Going to the next request<br>Mon Sep 6 06:53:49 2010 : Debug: Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 192.168.6.181 port 32771, id=1, length=171<br> User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br>
Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0201001604100ff84736f21760abada91fdb828e888c<br> State = 0x1a2902ae000001370001c0a8072800000003235c233800<br>
Message-Authenticator = 0xe1da93d7d4f4d4b68cf9ef4333a1f8eb<br>Mon Sep 6 06:53:49 2010 : Info: +- entering group authorize {...}<br>Mon Sep 6 06:53:49 2010 : Info: ++[preprocess] returns ok<br>Mon Sep 6 06:53:49 2010 : Info: ++[chap] returns noop<br>
Mon Sep 6 06:53:49 2010 : Info: ++[mschap] returns noop<br>Mon Sep 6 06:53:49 2010 : Info: [suffix] Looking up realm "<a href="http://mytest.com">mytest.com</a>" for User-Name = "<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>"<br>
Mon Sep 6 06:53:49 2010 : Info: [suffix] Found realm "<a href="http://mytest.com">mytest.com</a>"<br>Mon Sep 6 06:53:49 2010 : Info: [suffix] Adding Stripped-User-Name = "raduser"<br>Mon Sep 6 06:53:49 2010 : Info: [suffix] Adding Realm = "<a href="http://mytest.com">mytest.com</a>"<br>
Mon Sep 6 06:53:49 2010 : Info: [suffix] Proxying request from user raduser to realm <a href="http://mytest.com">mytest.com</a><br>Mon Sep 6 06:53:49 2010 : Info: [suffix] Preparing to proxy authentication request to realm "<a href="http://mytest.com">mytest.com</a>"<br>
Mon Sep 6 06:53:49 2010 : Info: ++[suffix] returns updated<br>Mon Sep 6 06:53:49 2010 : Info: [eap] Request is supposed to be proxied to Realm <a href="http://mytest.com">mytest.com</a>. Not doing EAP.<br>Mon Sep 6 06:53:49 2010 : Info: ++[eap] returns noop<br>
Mon Sep 6 06:53:49 2010 : Info: ++[unix] returns notfound<br>Mon Sep 6 06:53:49 2010 : Info: [files] users: Matched entry DEFAULT at line 195<br>Mon Sep 6 06:53:49 2010 : Info: [files] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>
Mon Sep 6 06:53:49 2010 : Info: ++[files] returns ok<br>Mon Sep 6 06:53:49 2010 : Info: ++[expiration] returns noop<br>Mon Sep 6 06:53:49 2010 : Info: ++[logintime] returns noop<br>Mon Sep 6 06:53:49 2010 : Info: ++[pap] returns noop<br>
Mon Sep 6 06:53:49 2010 : Info: WARNING: Empty pre-proxy section. Using default return values.<br>Sending Access-Request of id 177 to 192.168.7.40 port 1812<br> User-Name = "raduser"<br> NAS-IP-Address = 127.0.0.1<br>
Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0201001604100ff84736f21760abada91fdb828e888c<br>
State = 0x1a2902ae000001370001c0a8072800000003235c233800<br> Message-Authenticator = 0x00000000000000000000000000000000<br> Proxy-State = 0x31<br>Mon Sep 6 06:53:49 2010 : Info: Proxying request 1 to home server 192.168.7.40 port 1812<br>
Sending Access-Request of id 177 to 192.168.7.40 port 1812<br> User-Name = "raduser"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br>
NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0201001604100ff84736f21760abada91fdb828e888c<br> State = 0x1a2902ae000001370001c0a8072800000003235c233800<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> Proxy-State = 0x31<br>Mon Sep 6 06:53:49 2010 : Debug: Going to the next request<br>Mon Sep 6 06:53:49 2010 : Debug: Waking up in 0.9 seconds.<br>
rad_recv: Access-Reject packet from host 192.168.7.40 port 1812, id=177, length=47<br> Proxy-State = 0x31<br> EAP-Message = 0x04010004<br> Message-Authenticator = 0x9ce0e5c3b355540c348cbff29f5f40f2<br>
Mon Sep 6 06:53:49 2010 : Info: +- entering group post-proxy {...}<br>Mon Sep 6 06:53:49 2010 : Info: [force_username] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>Mon Sep 6 06:53:49 2010 : Debug: force_username: Added attribute User-Name with value '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br>
Mon Sep 6 06:53:49 2010 : Info: ++[force_username] returns ok<br>Mon Sep 6 06:53:49 2010 : Info: [eap] No pre-existing handler found<br>Mon Sep 6 06:53:49 2010 : Info: ++[eap] returns noop<br>Mon Sep 6 06:53:49 2010 : Info: Using Post-Auth-Type Reject<br>
Mon Sep 6 06:53:49 2010 : Info: +- entering group REJECT {...}<br>Mon Sep 6 06:53:49 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> <a href="mailto:raduser@mytest.com">raduser@mytest.com</a><br>Mon Sep 6 06:53:49 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11<br>
Mon Sep 6 06:53:49 2010 : Info: ++[attr_filter.access_reject] returns updated<br>Mon Sep 6 06:53:49 2010 : Info: Delaying reject of request 1 for 1 seconds<br>Mon Sep 6 06:53:49 2010 : Debug: Going to the next request<br>
Mon Sep 6 06:53:49 2010 : Debug: Waking up in 0.9 seconds.<br>Mon Sep 6 06:53:50 2010 : Info: Sending delayed reject for request 1<br>Sending Access-Reject of id 1 to 192.168.6.181 port 32771<br> EAP-Message = 0x04010004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>Mon Sep 6 06:53:50 2010 : Debug: Waking up in 3.9 seconds.<br>Mon Sep 6 06:53:54 2010 : Info: Cleaning up request 0 ID 0 with timestamp +48<br>Mon Sep 6 06:53:54 2010 : Debug: Waking up in 0.9 seconds.<br>
Mon Sep 6 06:53:55 2010 : Info: Cleaning up request 1 ID 1 with timestamp +48<br>Mon Sep 6 06:53:55 2010 : Info: Ready to process requests.<br> <br> <br>I have never succedded with eapol_test. I doubt on NAS-IP-Address attribute in Access=Request which is 127.0.0.1.<br>
Can some body point me where am I going wrong? <br><br><br>-- <br>Chidanand Gangur<br>Pune.<br>