I have a lab that has wired ports that connect to a Linksys SLM248G switch that supports 802.1x. What I want to do do is to set this switch up to make the users authenticate to gain access to the network. The users will have an accounts on the radius server which is a FreeBSD 7.0 system running FreeRadius 2.06. I would like them to be able to enter their username and password to access the network. Should this be possible? I get nothing from the radiusd -X if I have the windows xp EAP type: set to MD5-Challenge or Smart card or other Certificates. I get the following if I have the windows xp supplicant EAP type: set to Protected EAP (PEAP) and Select Authentication Method: set to Secured password (EAP-MSCHAP v2) configured to automatically use my windows logon name... rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=83 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" EAP-Message = 0x0201000e014442335c64626c6163 Message-Authenticator = 0x829bab10f0c399313b4946fc47f6aa9c +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DB3\dblac at line 206 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x01020016041081b9c6b3f031cce93aac863f3383a0c1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255ecec605113c816ac1ff80419e2 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=93 Cleaning up request 12 ID 0 with timestamp +190 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" State = 0xec6255ecec605113c816ac1ff80419e2 EAP-Message = 0x020200060319 Message-Authenticator = 0x3156b6e297a2d81c38042450074ffa81 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DB3\dblac at line 206 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255eced614c13c816ac1ff80419e2 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=167 Cleaning up request 13 ID 0 with timestamp +190 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" State = 0xec6255eced614c13c816ac1ff80419e2 EAP-Message = 0x0203005019800000004616030100410100003d030148eb44b1c52d912b11d4d2bbd04b61fd302b03d22ba373beb33f2aa37b24248200001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xd3f4489233cacc67f8a062f7e24b05f7 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x0104040019c0000008bb160301004a02000046030148eb4379e9bfdee521dcb3928d8ca625b7d1f2cdfd1561c5deafbe6ce7ed6a52203eb5a90289c645a44ae02464f658a92024e0030a6fa06680d2536fc60819f4cf000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335315a170d3039303931393135303335315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bf1135e7403c91fce2e032ecca3a6a145563d12900aee0f492557dcd151f EAP-Message = 0xa5ae2d8204eed48117170b963f923ff0fffd0912fe9e8e16684e410daf483f046ca000e41b7610d935f03d3a108b7ecd148dbd0aa410f35e72e1372195bbe307fa3d90482745b2bf0eb8bc8e6328c6c9947bb4f4ce24dde218475416ca55361c2e88a3647214ad165f70da12b0f40d754dc357ca812ab8f94bd8a58acf78a2280c478e0b9b403fe7d1ab55296b22869c581feb0c07a4ba0106e66e82025d210c9d6363a02e740f627e85446b7aeb29eed663768ba9c5e3463d97fe7f4790c562b9e3d28032bc09a448b0e9d65c08f0ef85c4e1d3710e9aa36e8d5f19b41bdd05a9750203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101006b001b9f369b704d4eb7b8720d3db79dae602ca5eaa73ce38b8e8167e4da5a54762304a9a622f9381a8c2af8fe4ea5a0104e4a593a4ee607dc108d898d2c93122290c3c9948f20a19a3b8cbfb251d37e0b8cc0171270427639644546c71ccbfe8b1e64025ce560c70e030625349089138e8e08dc1a2b7d0d92c032b80fe1626a948789619ed1de6fc5a26dba9e978a12395b905b5d2f1e12428a58c75bbc3e0149bb3b724a3d866e2581656e6c939e6571570c67207ed46bfbbe7d37ac5b468ad6bb72d9b9aae7fd587679a814d47fdd15f5aecb6e3d20dc66effa359bf7ceb24db46b5f65bd EAP-Message = 0xdd8b0d1ffbd9cfc10c334d0c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255ecee664c13c816ac1ff80419e2 Finished request 14. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=93 Cleaning up request 14 ID 0 with timestamp +190 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" State = 0xec6255ecee664c13c816ac1ff80419e2 EAP-Message = 0x020400061900 Message-Authenticator = 0x886a8775435f25263f2aca201609785c +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x010503fc19407595a82abeae63e145f572782b550004ab308204a73082038fa003020102020900d9e21f5ee6835c3a300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335305a170d3038313031393135303335305a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c1f6ababdbb11157e01222cd06effd53fe6bbe93ccef710728fa7dbd748861ec895fafaed33ce581aa8d1988705e6360c00d238ed22cf23e36983af70411268f912abb3591519c8665e808d69c6774 EAP-Message = 0x13a97fa387a88c4ba3af3b53dee51a15e58864b9f5d1abc8522b091963193e3bf9d303e0860e906a3f0662c75696658f9fd91e6c0943c5cbeadd38a4646b121fa301031dcb90e1b03d6a01be8b525909dcd2225cb29b42a48c191403788b1e27a69e1af0dc87a25de82f549956980b3aba56984fde3a6f5cb88d4319de879f42595fd3e2836e4b8e0024ee3939197c5f2151c9399ba835599f1dbd01b8577bb8d1369c1498e80a47b784f6536e8f718c1d0203010001a381fb3081f8301d0603551d0e04160414dc814088224053f83c7a5b13a01af9512eb5deb93081c80603551d230481c03081bd8014dc814088224053f83c7a5b13a01af9512eb5 EAP-Message = 0xdeb9a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d9e21f5ee6835c3a300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010046ad1161afb688a9d15f6d856da942a6be08e914cb3e9ddcaf9170ef68be87b02567b291878202d4c903dbacdfbe311c6d3b EAP-Message = 0x0be93902225236ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255ecef674c13c816ac1ff80419e2 Finished request 15. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=93 Cleaning up request 15 ID 0 with timestamp +190 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" State = 0xec6255ecef674c13c816ac1ff80419e2 EAP-Message = 0x020500061900 Message-Authenticator = 0x676ce9988ddab71abb71ddbca2554610 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x010600d51900e0f91c11fb297731a6efe3a48a6be62f005b0571eab2bef69625fcc1ebc94d4d3b7ceeecc5977de9b83a4eb22ce44bf4388f8cc6f0ece7443e2f0ecd971251bebd2d70b3eef75100b2d2af7d217c3a674b984010ded7f1095ffc4d1aeff0efe8b7e948df9e3ada1ee3f8fcbeb7023a143772a3cfb077de90f7a7a7cf2d6e06f933be6b917795777e74e9e6691d5a95100b1a610e16cda1c2f8e3661c231aa6d2cb1ce8ed5096b5789a61ea5aef84d10e9dded9b338a826e950075ee8797f4099e6c1748e1d8716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255ece8644c13c816ac1ff80419e2 Finished request 16. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49154, id=0, length=93 Cleaning up request 16 ID 0 with timestamp +190 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 2 User-Name = "DB3\\dblac" State = 0xec6255ece8644c13c816ac1ff80419e2 EAP-Message = 0x020600061900 Message-Authenticator = 0xd07720185412598787e85c2a753d4855 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49154 EAP-Message = 0x010700061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec6255ece9654c13c816ac1ff80419e2 Finished request 17. Going to the next request Waking up in 4.9 seconds. Cleaning up request 17 ID 0 with timestamp +190 Ready to process requests.