Hello,
rad_recv: Access-Request packet from host ... port 32769, id=219, length=159 User-Name = "xy" [...] EAP-Message = 0x0202000b01737461646572
It would also help not to mangle the debug output by hand, if that's what happened here. The EAP-Message's EAP-Response/Identity says the username is "stader", while the RADIUS User-Name attribute says "xy"? If that is *really* what came in over the wire, your Controller is doing dumb things. If it was manual editing, please stop doing that, it really doesn't help us helping you. Or mangle the EAP-Response/Identity to be consistent with your other edit, at least :-) Greetings, Stefan Winter
Message-Authenticator = 0xe5b0ffbed84243bf27ac1ac9c9fcd0b5 server eduroam { # Executing section authorize from file /etc/freeradius/sites-enabled/eduroam +- entering group authorize {...} [suffix] No '@' in User-Name = "xy", looking up realm NULL [suffix] Found realm "NULL" [suffix] Adding Realm = "NULL" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[mschap] returns noop [eap] EAP packet type response id 2 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/eduroam +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled } # server eduroam Sending Access-Challenge of id 219 to ... port 32769 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3abc7e1c3abf6764392496688aff7b3f Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host ... port 32769, id=219, length=159 Sending duplicate reply to client WLC-TUT port 32769 - ID: 219 Sending Access-Challenge of id 219 to ... port 32769 Waking up in 2.0 seconds. Cleaning up request 0 ID 219 with timestamp +3 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x3abc7e1c3abf6764 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests.
eap.conf:
eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no
md5 { }
tls { certdir = /etc/hostcertkey cadir = /etc/cacert dh_file = ${certdir}/dh private_key_file = ${certdir}/roaming.key certificate_file = ${certdir}/roaming.pem CA_file = ${cadir}/chain.txt dh_file = ${certdir}/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" }
ttls { default_eap_type = mschapv2 copy_request_to_tunnel = yes #use_tunneled_reply = yes virtual_server = "eduroam-inner-tunnel" }
peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes #use_tunneled_reply = yes #proxy_tunneled_request_as_eap = yes virtual_server = "eduroam-inner-tunnel" }
mschapv2 { } }
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473