Hi, I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. i am really very new to linux and to free radius, can some one help me what i should do, because i can only move one further with my thesis if and only if i figure this out. Thank you for the help, really appreciate any kind of help or suggestion. Thanks once again, below are my conf files and screen output. HERE IS MY SCREEN OUTPUT FROM THE RADIUS SERVER Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x948a064fcafc2f8442938817c4f353d7 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x010100160410a3803def371cc0ea374b74fd8923747b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47545c0a47555820cf82ad36ba08594f Finished request 0. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x47545c0a47555820cf82ad36ba08594f Message-Authenticator = 0x0d125e124530442dfbf043c5d6e55468 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 0 ID 0 with timestamp +28 Waking up in 0.9 seconds. Cleaning up request 1 ID 1 with timestamp +28 Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0xfbfadf8ca2d1f2729ac2cabcc17dee20 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x010100160410fd28d3fff4edc58e80c666087e278736 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x383b40dc383a4460283057087d150429 Finished request 2. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x383b40dc383a4460283057087d150429 Message-Authenticator = 0xc4d3cf883588c4ac6c34a66de5a82aa8 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 2 ID 0 with timestamp +154 Waking up in 0.9 seconds. Cleaning up request 3 ID 1 with timestamp +154 Ready to process requests. HERE IS MY SCREEN OUTPUT FROM EAPOL_TEST TOOL Reading configuration file 'eapol_test.conf.peap' Line: 1 - start of a new network block eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00 eapol_flags=0 (0x0) key_mgmt: 0x8 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=8): 70 61 73 73 77 6f 72 64 password ca_cert - hexdump_ascii(len=33): 2f 75 73 72 2f 6c 6f 63 61 6c 2f 65 74 63 2f 72 /usr/local/etc/r 61 64 64 62 2f 63 65 72 74 73 2f 63 61 2e 70 65 addb/certs/ca.pe 6d m phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 anonymous_identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous Priority group 0 id=0 ssid='' Authentication server 127.0.0.1:1812 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - hexdump(len=14): 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=126 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=16 Value: 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Attribute 80 (Message-Authenticator) length=18 Value: fb fa df 8c a2 d1 f2 72 9a c2 ca bc c1 7d ee 20 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) length=24 Value: 01 01 00 16 04 10 fd 28 d3 ff f4 ed c5 8e 80 c6 66 08 7e 27 87 36 Attribute 80 (Message-Authenticator) length=18 Value: 9c 1e f2 5d 0e 72 cd 49 88 c9 24 f5 2c bc ae 3a Attribute 24 (State) length=18 Value: 38 3b 40 dc 38 3a 44 60 28 30 57 08 7d 15 04 29 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=136 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 01 00 06 03 19 Attribute 24 (State) length=18 Value: 38 3b 40 dc 38 3a 44 60 28 30 57 08 7d 15 04 29 Attribute 80 (Message-Authenticator) length=18 Value: c4 d3 cf 88 35 88 c4 ac 6c 34 a6 6d e5 a8 2a a8 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=1 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 01 00 04 Attribute 80 (Message-Authenticator) length=18 Value: c2 b7 ec 8f d8 87 c9 c1 77 52 2d 40 8a 9e 9a a5 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 MPPE keys OK: 0 mismatch: 2 FAILURE root@ozzy3:/home/jreubens/wpa_supplicant-0.5.10# HERE IS MY EAPOL_TEST_PEAP CONF FILE root@ozzy3:/home/jreubens/wpa_supplicant-0.5.10# cat eapol_test.conf.peap network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="testuser" password="password" ca_cert="/usr/local/etc/raddb/certs/ca.pem" phase2="auth=MSCHAPV2" anonymous_identity="anonymous" } HERE IS MY EAP.CONF FILE ON RADDB DIR eap { default_eap_type = md5 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = whatever private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem CA_file = ${cadir}/ca.pem dh_file = ${certdir}/dh random_file = ${certdir}/random # fragment_size = 1024 # include_length = yes cipher_list = "DEFAULT" # make_cert_command = "${certdir}/bootstrap" } ttls { default_eap_type = md5 # allowed values: {no, yes} copy_request_to_tunnel = no # allowed values: {no, yes} use_tunneled_reply = no #virtual_server = "inner-tunnel" } peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } mschapv2 { } } sorry to ask you some naive question, i am really new to this. and one more question whenever i change something in my eap.conf, users and client.conf file i kill the existing radiusd running and start a new radiusd, is that right or is there anyways to restart the radiusd. Thank you all and thank you for your time, Regards, Jreuben -- View this message in context: http://www.nabble.com/a-newbie-testing-freeradius-need-help-tp16833079p16833... Sent from the FreeRadius - User mailing list archive at Nabble.com.