Hi, On 04/09/2006, at 11:36 AM, Alan DeKok wrote:
Loukas Kalenderidis <loukas@hb.com.au> wrote:
I've been trying to use an existing user that works with dialup access, but kept having authorization rejected, so I decided to try configuring that test user with Auth-Type:= Accept to simplify the problem. Bad idea? I was under the impression I don't need certificates unless I'm using TLS, is this incorrect?
As I said in my previous message, you need to configure users, passwords, and certificates for it to work.
You can believe me, or you can continue doing what you're doing now, which doesn't work.
I asked you questions relating to your statement in your previous message and you didn't really answer them. Can you elaborate on "configure users, passwords and certificates for it to work" please? Do you mean the users file needs specific configuration to work with WPA-EAP? And as I said before, I was under the impression I don't need certificates unless I'm using TLS, am I wrong? I'm happy to follow your advice, if you give me some that isn't just "configure stuff dude". This is what the debug log says when I connect now: rad_recv: Access-Request packet from host 10.0.0.100:1026, id=0, length=193 Message-Authenticator = 0x5206d718f6573c1eb840261956ec4ed5 Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound for request 0 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 0 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=0, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 0 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 10.0.0.100:1026, id=1, length=193 Message-Authenticator = 0x593aef9381f04eb85805621b1ee22f6d Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 1 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 44fcba57 Waking up in 4 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=1, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 1 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 44fcba5b Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.0.100:1026, id=2, length=193 Message-Authenticator = 0xf0a27f90359498a1ec16af5eb7268366 Service-Type = Framed-User User-Name = "pants" Framed-MTU = 1488 Called-Station-Id = "00-11-95-DB-37-0B:TestWPA" Calling-Station-Id = "00-0D-93-86-48-8E" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0202000a0170616e7473 NAS-IP-Address = 10.0.0.100 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_realm: No '@' in User-Name = "pants", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 radius_xlat: 'pants' rlm_sql (sql): sql_set_user escaped user --> 'pants' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM dialup_radcheck WHERE Username = 'pants' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User pants not found in radcheck radius_xlat: 'SELECT dialup_radgroupcheck.id,dialup_radgroupcheck.GroupName,dialup_radgroupch eck.Attribute,dialup_radgroupcheck.Value,dialup_radgroupcheck.op FROM dialup_radgroupcheck,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupcheck.GroupName ORDER BY dialup_radgroupcheck.id' radius_xlat: 'SELECT dialup_radgroupreply.id,dialup_radgroupreply.GroupName,dialup_radgroupre ply.Attribute,dialup_radgroupreply.Value,dialup_radgroupreply.op FROM dialup_radgroupreply,dialup_usergroup WHERE dialup_usergroup.Username = 'pants' AND dialup_usergroup.GroupName = dialup_radgroupreply.GroupName ORDER BY dialup_radgroupreply.id' rlm_sql (sql): User pants not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns notfound for request 2 users: Matched entry pants at line 47 users: Matched entry DEFAULT at line 156 users: Matched entry DEFAULT at line 175 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Sending Access-Accept of id 2 to 10.0.0.100:1026 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 10.0.0.100:1026, id=2, length=38 Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1026 - ID 2 : IGNORED --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 2 with timestamp 44fcba61 Nothing to do. Sleeping until we see a request. Thanks, Loukas