<div dir="ltr"><span style="color:rgb(31,73,125)">Hi,</span><br><div class="gmail_quote"><div lang="EN-IN" link="blue" vlink="purple">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">I am sending an Access-Request packet using radeapclient without password,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">I am giving the following attributes in radeapclient:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">User-Name= "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Code = Response<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Id = 210<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Type-Identity = " testuser "<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">Message-Authenticator = 0x00<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">But server is sending Access-Reject to the request.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">Following are the logs of radeapclient:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">User-Name= "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Code = Response<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Id = 210<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">EAP-Type-Identity = "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">Message-Authenticator = 0x00<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">+++> About to send encoded packet:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        User-Name = "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Code = Response<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Id = 210<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Type-Identity = "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        Message-Authenticator = 0x00<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><+++ EAP decoded packet:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Message = 0x01d3001604107b44069aa80b67319a536bfd4f8ac713<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        Message-Authenticator = 0xb4499f3ee54742d9dd8469980720dcf6<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        State = 0x8a52e3488a81e7f33f4b54075fcd3936<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Id = 211<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Code = Request<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Type-MD5 = 0x107b44069aa80b67319a536bfd4f8ac713<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">+++> About to send encoded packet:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        User-Name = "testuser"<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Code = Response<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Id = 211<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        Message-Authenticator = 0x00000000000000000000000000000000<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Type-MD5 = 0x10d2c45d5e328b2b2db8bd66c7d171635d<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        State = 0x8a52e3488a81e7f33f4b54075fcd3936<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><+++ EAP decoded packet:<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Message = 0x04d30004<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        Message-Authenticator = 0xf6f7e2707ef22ea86a660a4ddce7fb30<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Id = 211<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">        EAP-Code = Failure<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">On further investigation, i found an example
</span>to test eap-md5  in the source code{ freeradius-2.1.8 }  in <span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">
src/tests</span><span style="font-size:10.0pt;font-family:Courier"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">Example is :<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'User-Name = "eapmd5"'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'Cleartext-Password = "md5md5"'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'NAS-IP-Address = <a href="http://marajade.sandelman.ottawa.on.ca" target="_blank">marajade.sandelman.ottawa.on.ca</a>'<u></u><u></u></span></p>

<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'EAP-Code = Response'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'EAP-Id = 210'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'EAP-Type-Identity = "eapsim'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'Message-Authenticator = 0'<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">echo 'NAS-Port = 0' )<u></u><u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif""><u></u> <u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">But
</span><span style="font-size:10.5pt;font-family:"Verdana","sans-serif";color:#1f497d;background:white">EAP
</span><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">RFC3579
</span><span style="font-size:10.5pt;font-family:"Verdana","sans-serif";color:#1f497d;background:white">and
</span><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">RFC2869</span><span style="font-size:10.5pt;font-family:"Verdana","sans-serif";color:#1f497d;background:white"> states that User-Password should not be
 part of a radius packet containing EAP-Message attribute</span><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">,</span><span style="font-size:10.5pt;font-family:"Verdana","sans-serif";color:#1f497d;background:white"><u></u><u></u></span></p>

<p class="MsoNormal" style="text-autospace:none"><span style="color:#1f497d;background:white"><u></u> <u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif""> <u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="background:white;font-size:10.5pt;font-family:"Verdana","sans-serif"">it written that “</span><span style="font-size:10.0pt;font-family:Courier">An Access-Request that contains either
 a User-Password or<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Courier">CHAP-Password or ARAP-Password or one or more EAP-Message attributes<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Courier">MUST NOT contain more than one type of those four attributes. If it<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Courier">does not contain any of those four attributes, it SHOULD contain a<u></u><u></u></span></p>
<p class="MsoNormal" style="text-autospace:none"><span style="font-size:10.0pt;font-family:Courier">Message-Authenticator. If any packet type contains an EAP-Message<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">attribute it MUST also contain a Message-Authenticator.”<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier;color:#1f497d">Please let me know if any specific configuration need to be done on the server so that server sends Access-Accept.</span><span style="font-size:10.0pt;font-family:Courier"><u></u><u></u></span></p>

<p class="MsoNormal"><span style="font-size:10.0pt;font-family:Courier">  <span style="color:#1f497d"><u></u><u></u></span></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal" style><font color="#1f497d">Thanks in advance.</font></p><p class="MsoNormal" style><font color="#1f497d">Arpit</font></p></div></div></div>