<div>I do not have "raduser" configured in my proxy users file. If it is configuration problem on the Home-Server why does it work if I use radeapclient/radclient. <br></div><div><br></div><div>I see following on my host on running eapol_test. Whay is NAS-IP-Address set as 127.0.0.1 in this case?</div>
<div><br></div><div>Reading configuration file '/tmp/eapol.conf'<br>Line: 1 - start of a new network block<br>key_mgmt: 0x4<br>eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00<br>identity - hexdump_ascii(len=21):<br>
72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser@mytes<br> 74 2e 63 6f 6d <a href="http://t.com">t.com</a><br>password - hexdump_ascii(len=7):<br> 70 61 73 73 31 32 33 pass123<br>
Priority group 0<br> id=0 ssid=''<br>Authentication server <a href="http://192.168.6.134:1812">192.168.6.134:1812</a><br>RADIUS local address: <a href="http://192.168.6.181:32771">192.168.6.181:32771</a><br>EAPOL: SUPP_PAE entering state DISCONNECTED<br>
EAPOL: KEY_RX entering state NO_KEY_RECEIVE<br>EAPOL: SUPP_BE entering state INITIALIZE<br>EAP: EAP entering state DISABLED<br>EAPOL: External notification - portValid=0<br>EAPOL: External notification - portEnabled=1<br>
EAPOL: SUPP_PAE entering state CONNECTING<br>EAPOL: SUPP_BE entering state IDLE<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>Sending fake EAP-Request-Identity<br>EAPOL: Received EAP-Packet frame<br>
EAPOL: SUPP_PAE entering state RESTART<br>EAP: EAP entering state INITIALIZE<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_PAE entering state AUTHENTICATING<br>EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>
EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0<br>EAP: EAP entering state IDENTITY<br>CTRL-EVENT-EAP-STARTED EAP authentication started<br>EAP: EAP-Request Identity data - hexdump_ascii(len=0):<br>
EAP: using real identity - hexdump_ascii(len=21):<br> 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser@mytes<br> 74 2e 63 6f 6d <a href="http://t.com">t.com</a><br>EAP: EAP entering state SEND_RESPONSE<br>
EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>WPA: eapol_test_eapol_send(type=0 len=26)<br>TX EAP -> RADIUS - hexdump(len=26): 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d<br>
Encapsulating EAP message into a RADIUS packet<br>Learned identity from EAP-Response-Identity - hexdump(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d<br>Sending RADIUS message to authentication server<br>
RADIUS message: code=1 (Access-Request) identifier=0 length=150<br> Attribute 1 (User-Name) length=23<br> Value: '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br> Attribute 4 (NAS-IP-Address) length=6<br>
Value: 127.0.0.1<br> Attribute 31 (Calling-Station-Id) length=19<br> Value: '02-00-00-00-00-01'<br> Attribute 12 (Framed-MTU) length=6<br> Value: 1400<br> Attribute 61 (NAS-Port-Type) length=6<br>
Value: 19<br> Attribute 77 (Connect-Info) length=24<br> Value: 'CONNECT 11Mbps 802.11b'<br> Attribute 79 (EAP-Message) length=28<br> Value: 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d<br>
Attribute 80 (Message-Authenticator) length=18<br> Value: cb 60 23 ea b3 e1 3d 7d 11 81 f1 02 53 39 5d e1<br>Next RADIUS client retransmit in 3 seconds<br><br>EAPOL: SUPP_BE entering state RECEIVE<br>Received 129 bytes from RADIUS server<br>
Received RADIUS message<br>RADIUS message: code=11 (Access-Challenge) identifier=0 length=129<br> Attribute 27 (Session-Timeout) length=6<br> Value: 6<br> Attribute 79 (EAP-Message) length=37<br> Value: 01 01 00 23 04 10 b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 52 4f 4f 54 54 45 53 54 4c 41 42 41 44<br>
Attribute 24 (State) length=25<br> Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00<br> Attribute 80 (Message-Authenticator) length=18<br> Value: d8 fb 71 20 d9 1c ca 4d 61 a5 7d 7a e6 34 0c 4b<br>
Attribute 1 (User-Name) length=23<br> Value: '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br>STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec<br>
<br>RADIUS packet matching with station<br>decapsulated EAP packet (code=1 id=1 len=35) from RADIUS server: EAP-Request-MD5 (4)<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>
EAP: EAP entering state RECEIVED<br>EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0<br>EAP: EAP entering state GET_METHOD<br>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)<br>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected<br>
EAP: EAP entering state METHOD<br>EAP-MD5: Challenge - hexdump(len=16): b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01<br>EAP-MD5: Generating Challenge Response<br>EAP-MD5: Response - hexdump(len=16): 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21<br>
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC<br>EAP: EAP entering state SEND_RESPONSE<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RESPONSE<br>EAPOL: txSuppRsp<br>WPA: eapol_test_eapol_send(type=0 len=22)<br>
TX EAP -> RADIUS - hexdump(len=22): 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21<br>Encapsulating EAP message into a RADIUS packet<br> Copied RADIUS State Attribute<br>Sending RADIUS message to authentication server<br>
RADIUS message: code=1 (Access-Request) identifier=1 length=171<br> Attribute 1 (User-Name) length=23<br> Value: '<a href="mailto:raduser@mytest.com">raduser@mytest.com</a>'<br> Attribute 4 (NAS-IP-Address) length=6<br>
Value: 127.0.0.1<br> Attribute 31 (Calling-Station-Id) length=19<br> Value: '02-00-00-00-00-01'<br> Attribute 12 (Framed-MTU) length=6<br> Value: 1400<br> Attribute 61 (NAS-Port-Type) length=6<br>
Value: 19<br> Attribute 77 (Connect-Info) length=24<br> Value: 'CONNECT 11Mbps 802.11b'<br> Attribute 79 (EAP-Message) length=24<br> Value: 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21<br>
Attribute 24 (State) length=25<br> Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00<br> Attribute 80 (Message-Authenticator) length=18<br> Value: 74 44 82 76 ad 4a 69 3f 63 5d 39 6e 92 19 c1 53<br>
Next RADIUS client retransmit in 3 seconds<br><br>EAPOL: SUPP_BE entering state RECEIVE<br>Received 44 bytes from RADIUS server<br>Received RADIUS message<br>RADIUS message: code=3 (Access-Reject) identifier=1 length=44<br>
Attribute 79 (EAP-Message) length=6<br> Value: 04 01 00 04<br> Attribute 80 (Message-Authenticator) length=18<br> Value: 8f 2f ea 83 e9 df 05 6e 4b 01 be ee 65 a9 fc 6f<br>STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec<br>
<br>RADIUS packet matching with station<br>decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure<br>EAPOL: Received EAP-Packet frame<br>EAPOL: SUPP_BE entering state REQUEST<br>EAPOL: getSuppRsp<br>EAP: EAP entering state RECEIVED<br>
EAP: Received EAP-Failure<br>EAP: EAP entering state DISCARD<br>EAP: EAP entering state IDLE<br>EAPOL: SUPP_BE entering state RECEIVE<br>EAPOL: EAP key not available<br>EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit<br>
MPPE keys OK: 0 mismatch: 1<br>FAILURE<br></div><div><br></div><div>Thanks,</div><div>Chidanand</div><div><br></div><div><br></div><br><div class="gmail_quote">On Mon, Sep 6, 2010 at 1:45 PM, Alan Buxey <span dir="ltr"><<a href="mailto:A.L.M.Buxey@lboro.ac.uk" target="_blank">A.L.M.Buxey@lboro.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
<snip><br>
<div><br>
> Sending Access-Request of id 177 to 192.168.7.40 port 1812<br>
<br>
</div><cut><br>
<div><br>
> rad_recv: Access-Reject packet from host 192.168.7.40 port 1812, id=177, length=47<br>
<br>
<br>
</div>seems quite simple. the home server that you proxied the request to has rejected<br>
it. check the logs on that server to see why - i suspect its because you are<br>
stripping the username and thus the EAP stuff wont be right....<br>
<br>
<br>
you seem to also have that user in your local users file...and you also seem to be setting<br>
auth-type to accept - that wont work for EAP<br>
<font color="#888888"><br>
alan<br>
</font><div><div>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Chidanand Gangur<br>Pune.<br>