Hello, I hate to ask this, but I'm running out of time on this project and I'm completely new to RADIUS. I would be really happy if someone could just point me to a detailed HOW TO for what I need. I have freeRADIUS set up with an external MySQL user database and it's successfully authorizing requests from NTRadPing. Now I need to actually try it out "In the field". I need people running XP, Vista (ugh), and Apple laptops to be able to auth using the MySQL database that I have set up. So far I'm not having any luck, and I don't mind saying that I'm a little over my head at this point. Someone familiar with this will probably see glaring problems. I will provide all the details I can think of, but please let me know if you need more. Server: FreeRADIUS 1.1.7 with MySQL module. Database: Remote MySQL Access Point: D-Link DWL-7100AP (Ciscos coming in January) WPA-EAP TKIP Client Laptop: WPA Enterprise TKIP PEAP (Other options: EAP-SIM, TLS, TTLS, LEAP, EAP-FAST) MS-CHAP-V2 (Other options: GTC, TLS) I set up an AP to use RADIUS, and the requests get through to the RADIUS server, but they always fail. Posted below is the debug output from the failed attempt.
Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.1:1030, id=0, length=193 Message-Authenticator = 0xf9c41895a382161a1d31b4a47bd830e0 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DA-16-A6:SUSOM" Calling-Station-Id = "00-1B-77-28-B3-CF" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11a" EAP-Message = 0x0200000b01746261727468 NAS-IP-Address = 192.168.0.1 NAS-Port = 1 NAS-Port-Id = "STA port # 1" rad_lowerpair: User-Name now 'testuser' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'testuser' rlm_sql (sql): sql_set_user escaped user --> 'testuser' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'testuser' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'testuser' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.0.1 port 1030 Framed-Protocol := PPP Service-Type := Framed-User Framed-MTU := 1500 Framed-Compression := Van-Jacobson-TCP-IP EAP-Message = 0x0101001604104e273ea966f4fb77466b296f9c607385 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x149370a5228b3ae0acdd9dc3fb4a25a4 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1, length=206 Message-Authenticator = 0xc9926863cf3df06ac150bbb6f77208eb Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x149370a5228b3ae0acdd9dc3fb4a25a4 Called-Station-Id = "00-11-95-DA-16-A6:SUSOM" Calling-Station-Id = "00-1B-77-28-B3-CF" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11a" EAP-Message = 0x020100060319 NAS-IP-Address = 192.168.0.1 NAS-Port = 1 NAS-Port-Id = "STA port # 1" rad_lowerpair: User-Name now 'testuser' Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 radius_xlat: 'testuser' rlm_sql (sql): sql_set_user escaped user --> 'testuser' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'testuser' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'testuser' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: No such EAP type peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1, length=206 Sending Access-Reject of id 1 to 192.168.0.1 port 1030 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000