I do not have "raduser" configured in my proxy users file. If it is configuration problem on the Home-Server why does it work if I use radeapclient/radclient. I see following on my host on running eapol_test. Whay is NAS-IP-Address set as 127.0.0.1 in this case? Reading configuration file '/tmp/eapol.conf' Line: 1 - start of a new network block key_mgmt: 0x4 eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser@mytes 74 2e 63 6f 6d t.com password - hexdump_ascii(len=7): 70 61 73 73 31 32 33 pass123 Priority group 0 id=0 ssid='' Authentication server 192.168.6.134:1812 RADIUS local address: 192.168.6.181:32771 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 raduser@mytes 74 2e 63 6f 6d t.com EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=26) TX EAP -> RADIUS - hexdump(len=26): 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=150 Attribute 1 (User-Name) length=23 Value: 'raduser@mytest.com' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=28 Value: 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Attribute 80 (Message-Authenticator) length=18 Value: cb 60 23 ea b3 e1 3d 7d 11 81 f1 02 53 39 5d e1 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 129 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=129 Attribute 27 (Session-Timeout) length=6 Value: 6 Attribute 79 (EAP-Message) length=37 Value: 01 01 00 23 04 10 b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 52 4f 4f 54 54 45 53 54 4c 41 42 41 44 Attribute 24 (State) length=25 Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00 Attribute 80 (Message-Authenticator) length=18 Value: d8 fb 71 20 d9 1c ca 4d 61 a5 7d 7a e6 34 0c 4b Attribute 1 (User-Name) length=23 Value: 'raduser@mytest.com' STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=35) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=22) TX EAP -> RADIUS - hexdump(len=22): 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=171 Attribute 1 (User-Name) length=23 Value: 'raduser@mytest.com' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=24 Value: 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 Attribute 24 (State) length=25 Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00 Attribute 80 (Message-Authenticator) length=18 Value: 74 44 82 76 ad 4a 69 3f 63 5d 39 6e 92 19 c1 53 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=1 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 01 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 8f 2f ea 83 e9 df 05 6e 4b 01 be ee 65 a9 fc 6f STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: EAP key not available EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit MPPE keys OK: 0 mismatch: 1 FAILURE Thanks, Chidanand On Mon, Sep 6, 2010 at 1:45 PM, Alan Buxey <A.L.M.Buxey@lboro.ac.uk> wrote:
Hi,
<snip>
Sending Access-Request of id 177 to 192.168.7.40 port 1812
<cut>
rad_recv: Access-Reject packet from host 192.168.7.40 port 1812, id=177, length=47
seems quite simple. the home server that you proxied the request to has rejected it. check the logs on that server to see why - i suspect its because you are stripping the username and thus the EAP stuff wont be right....
you seem to also have that user in your local users file...and you also seem to be setting auth-type to accept - that wont work for EAP
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Chidanand Gangur Pune.