<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
First of all, thanks for your help.<br><br><br>radiusd.conf - eap section :<br><br>....<br>....<br> eap {<br> default_eap_type = ttls<br><br> md5 {<br> }<br><br> mschapv2 {<br> }<br><br> tls {<br><br> rsa_key_exchange = no<br> dh_key_exchange = yes<br> rsa_key_length = 512<br> dh_key_length = 512<br><br> pem_file_type = yes<br><br> include_length = yes<br><br> CA_path = ${db_dir}/certs<br><br> CA_file = ${db_dir}/certs/rootca.pem<br><br> certificate_file = ${db_dir}/certs/server.pem<br> private_key_file = ${db_dir}/certs/server-key.pem<br><br> random_file = ${db_dir}/certs/random<br><br> dh_file = ${db_dir}/certs/dh<br> <br> check_crl = no<br><br> verify_depth = 0<br><br> cipher_list = "DEFAULT"<br><br> <br> }<br><br> ttls {<br> default_eap_type = md5<br> copy_request_to_tunnel = no<br> use_tunneled_reply = no<br> }<br><br> peap {<br> <br> default_eap_type = mschapv2<br> }<br> }<br><br>-----<br><br>users file: the first line reads: testuser Cleartext-Password := "testpw"<br> Reply-Message = "Hello, %{User-Name}"<br><br>--------<br><br>then, i type: eapol_test -c md5.conf -s testing123 ; I'm using md5.conf from here: http://deployingradius.com/scripts/eapol_test/<br><br><br>Find below radiusd -X output:<br><br><br>Starting - reading configuration files ...<br>including configuration file ..\etc\raddb/radiusd.conf<br>including configuration file ../etc/raddb/clients.conf<br>including configuration file ../etc/raddb/policy.conf<br>including dictionary file ..\etc\raddb/dictionary<br>main {<br> name = "radiusd"<br> prefix = ".."<br> localstatedir = "../var"<br> sbindir = "../sbin"<br> logdir = "../var/log/radius"<br> run_dir = "../var/run/radiusd"<br> libdir = "../lib"<br> radacctdir = "../var/log/radius/radacct"<br> hostname_lookups = no<br> max_request_time = 30<br> cleanup_delay = 5<br> max_requests = 1024<br> pidfile = "../var/run/radiusd/radiusd.pid"<br> checkrad = "../sbin/checkrad"<br> debug_level = 0<br> proxy_requests = no<br> log {<br> stripped_names = no<br> auth = no<br> auth_badpass = no<br> auth_goodpass = no<br> }<br> security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = yes<br> }<br>}<br>radiusd: #### Loading Realms and Home Servers ####<br> home_server localhost {<br> ipaddr = 127.0.0.1<br> port = 1812<br> type = "auth"<br> secret = "testing123"<br> response_window = 30<br> max_outstanding = 65536<br> zombie_period = 40<br> status_check = "none"<br> ping_interval = 30<br> check_interval = 30<br> num_answers_to_alive = 3<br> num_pings_to_alive = 3<br> revive_interval = 300<br> status_check_timeout = 4<br> }<br> realm LOCAL {<br> }<br>radiusd: #### Loading Clients ####<br> client localhost {<br> ipaddr = 127.0.0.1<br> require_message_authenticator = no<br> secret = "testing123"<br> nastype = "other"<br> }<br>radiusd: #### Instantiating modules ####<br> instantiate {<br> Module: Linked to module rlm_exec<br> Module: Instantiating module "exec" from file ..\etc\raddb/radiusd.conf<br> Module: Linked to module rlm_expr<br> Module: Instantiating module "expr" from file ..\etc\raddb/radiusd.conf<br> }<br>radiusd: #### Loading Virtual Servers ####<br>server { # from file ..\etc\raddb/radiusd.conf<br> modules {<br> Module: Checking authenticate {...} for more modules to load<br> Module: Linked to module rlm_pap<br> Module: Instantiating module "pap" from file ..\etc\raddb/radiusd.conf<br> Module: Linked to module rlm_mschap<br> Module: Instantiating module "mschap" from file ..\etc\raddb/radiusd.conf<br> Module: Linked to module rlm_eap<br> Module: Instantiating module "eap" from file ..\etc\raddb/radiusd.conf<br> Module: Checking authorize {...} for more modules to load<br> Module: Linked to module rlm_detail<br> Module: Instantiating module "auth_log" from file ..\etc\raddb/radiusd.conf<br> Module: Linked to module rlm_files<br> Module: Instantiating module "files" from file ..\etc\raddb/radiusd.conf<br> Module: Checking accounting {...} for more modules to load<br> Module: Instantiating module "detail" from file ..\etc\raddb/radiusd.conf<br> Module: Linked to module rlm_radutmp<br> Module: Instantiating module "radutmp" from file ..\etc\raddb/radiusd.conf<br> } # modules<br>} # server<br>radiusd: #### Opening IP addresses and Ports ####<br>listen {<br> type = "auth"<br> ipaddr = *<br> port = 0<br>}<br>listen {<br> type = "acct"<br> ipaddr = *<br> port = 0<br>}<br>Listening on authentication address * port 1812<br>Listening on accounting address * port 1813<br>Ready to process requests.<br># Executing section authorize from file ..\etc\raddb/radiusd.conf<br>+- entering group authorize {...}<br>[auth_log] ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.log expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20111017.log<br>++[auth_log] returns ok<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>++[mschap] returns noop<br>++[files] returns noop<br>[eap] EAP packet type response id 0 length 14<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>Found Auth-Type = EAP<br># Executing group from file ..\etc\raddb/radiusd.conf<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.10 seconds.<br># Executing section authorize from file ..\etc\raddb/radiusd.conf<br>+- entering group authorize {...}<br>[auth_log] ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.log expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20111017.log<br>++[auth_log] returns ok<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>++[mschap] returns noop<br>++[files] returns noop<br>[eap] EAP packet type response id 1 length 216<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br># Executing group from file ..\etc\raddb/radiusd.conf<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/ttls<br>[eap] processing type ttls<br>[ttls] Authenticate<br>[ttls] processing EAP-TLS<br>[ttls] eaptls_verify returned 7 <br>[ttls] Done initial handshake<br>[ttls] (other): before/accept initialization<br>[ttls] TLS_accept: before/accept initialization<br>[ttls] TLS_accept: SSLv3 read client hello A<br>[ttls] TLS_accept: SSLv3 write server hello A<br>[ttls] TLS_accept: SSLv3 write certificate A<br>[ttls] TLS_accept: SSLv3 write key exchange A<br>[ttls] TLS_accept: SSLv3 write server done A<br>[ttls] TLS_accept: SSLv3 flush data<br>[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>[ttls] eaptls_process returned 13 <br>++[eap] returns handled<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.7 seconds.<br>Waking up in 4.4 seconds.<br>Waking up in 1.4 seconds.<br>Cleaning up request 0 ID 0 with timestamp +27<br>Waking up in 0.2 seconds.<br>Cleaning up request 1 ID 1 with timestamp +27<br>Ready to process requests.<br>Ready to process requests.<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 58118, id=0, length=126<br> User-Name = "anonymous"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0200000e01616e6f6e796d6f7573<br> Message-Authenticator = 0xfe5e2cea30ed69e3ebb5597d9c677bcf<br>Sending Access-Challenge of id 0 to 127.0.0.1 port 58118<br> EAP-Message = 0x010100061520<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x26b3a7ae26b2b26bc177f1c70c867315<br>rad_recv: Access-Request packet from host 127.0.0.1 port 58118, id=1, length=346<br> User-Name = "anonymous"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020100d8150016030100cd010000c903014e9bf235ba7f9efdc193f071e50186c14a010f47a15bd3e3897a7fd552820b8c00005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000<br> State = 0x26b3a7ae26b2b26bc177f1c70c867315<br> Message-Authenticator = 0xc51bb1dac6f978b85e3f41a1357b4ca0<br>Sending Access-Challenge of id 1 to 127.0.0.1 port 58118<br> EAP-Message = 0x0102040015c000000dc116030100310200002d03014e9bf2356d72da691120cc7a5be6fa242c914777e7a6cddfadb8e39923496e78000039000005ff010001001603010beb0b000be7000be400065f3082065b30820543a003020102020102300d06092a864886f70d01010505003081dd310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73746572311c301a060355040a13134d617465415220495420536f6c7574696f6e7331173015060355040b130e504b49204465706172746d656e7431223020060355040313195465737420526f6f7420434120284672656552414449<br> EAP-Message = 0x5553293120301e060355040d13175465737420526f6f744341204365727469666963617465311d301b06092a864886f70d010901160e696e666f406d61746561722e6575310b3009060355040513023031301e170d3131313031363134323735325a170d3132313031353134323735325a3081f2312330210603550403131a554b57494e3230303852322e636f72702e6d61746561722e657531123010060a0992268993f22c64011916024555311d301b06092a864886f70d010901160e696e666f406d61746561722e6575310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73<br> EAP-Message = 0x74657231163014060355040b130d4954204465706172746d656e74311630140603550405130d554b4c4f4e444f4e535256303131343032060355040d132b5465737420536572766572204365727469666963617465202850454150202d20467265655241444955532930819f300d06092a864886f70d010101050003818d0030818902818100d0912be92981af2f9ee8e1c827c30b70a9710463fbe052bde41c7a96af52bc770a83daa7bbc286da3beff1f7f71394c806f0214b2b1fae41aafb045efc1e49b5a70082fd2eace9f7c098dbea777b6bd8d6d80c99d42a2a6184f763756838faff97048737f92bdbc41cd803e12ed17cc4cfed295797d6f6<br> EAP-Message = 0xdb799f5bbc4b53ce810203010001a38202913082028d300f0603551d130101ff04053003020100300e0603551d0f0101ff0404030203f8301d0603551d0e04160414c7c514ad16237701f629bf2c1d18c24c8186188f3082010b0603551d23048201023081ff80148c042872c8603f29a58ac14fdb9a62ff9aadc3faa181e3a481e03081dd310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73746572311c301a060355040a13134d617465415220495420536f6c7574696f6e7331173015060355040b130e504b49204465706172746d656e7431223020060355040313195465<br> EAP-Message = 0x737420526f6f742043412028<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x26b3a7ae27b1b26bc177f1c70c867315<br><br><br>----------<br><br><br>I've tried almost everything. I'd appreciate any pointers/help here. Is there any other tool I could use instead of eapol_test?<br><br>Thanks again.<br><br>Sergio.<br><br><br><br><br><br><br><br><div>> Date: Mon, 17 Oct 2011 09:30:32 +0100<br>> From: A.L.M.Buxey@lboro.ac.uk<br>> To: tim.sylvester@networkradius.com; freeradius-users@lists.freeradius.org<br>> CC: sfhacker@hotmail.com<br>> Subject: Re: EAP Testing - Newbie<br>> <br>> hi,<br>> <br>> ...please dont send eapol_test output - send the output<br>> from radiusd -X<br>> <br>> from the log sent it looks like the client isnt get a response from<br>> the server (note the 3 default timeouts at the end....)<br>> <br>> alan<br></div> </div></body>
</html>