Hi
I found out what my problem was.
Small error in my XP configuration.
Regards,
Torkel
Fra: Torkel Mathisen
Sendt: 26. oktober 2005 16:41
Til: 'FreeRadius users mailing
list'
Emne: Authentication problems
between Cisco Aironet 1100 and freeradius
Hi
I got some problems getting EAP to work
with Cisco Aironet 1100 and Freeradius.
I’ve gotten freeradius to work I
think and I have configured Cisco Aironet 1100 AP according to Cisco.
When I try to connect too my WLAN with my
testuser. (User: testuser, Password: Secret149) it won’t
authenticate.
I’ve configured freeradius to use
PEAP-MSCHAPv2.
Anyone able to help me out?
Regards,
Torkel
This is the log I get when i run radiusd
–X:
rad_recv: Access-Request packet from host
10.0.0.1:21645, id=65, length=133
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "000e.8401.cd50"
Calling-Station-Id = "0011.0a80.41d1"
Message-Authenticator = 0x194f32c82aa7088f53cdfc8ac8a36151
EAP-Message = 0x0202000d017465737475736572
NAS-Port-Type = Wireless-802.11
NAS-Port = 478
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "testAP"
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for
request 63
modcall[authorize]: module
"preprocess" returns ok for request 63
modcall[authorize]: module
"chap" returns noop for request 63
modcall[authorize]: module
"mschap" returns noop for request 63
rlm_realm: No '@' in
User-Name = "testuser", looking up realm NULL
rlm_realm: No such
realm "NULL"
modcall[authorize]: module
"suffix" returns noop for request 63
rlm_eap: EAP packet type response
id 2 length 13
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module
"eap" returns updated for request 63
users: Matched entry
testuser at line 90
modcall[authorize]: module
"files" returns ok for request 63
modcall: group authorize returns updated
for request 63
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate for
request 63
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module
"eap" returns handled for request 63
modcall: group authenticate returns
handled for request 63
Sending Access-Challenge of id 65 to
10.0.0.1:21645
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x67a4b4a551592fcc14469ef9c70a4601
Finished request 63
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.0.1:21645, id=66, length=218
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "000e.8401.cd50"
Calling-Station-Id = "0011.0a80.41d1"
Message-Authenticator = 0xd5957923efcbfe4c3ee547a066e21d0a
EAP-Message = 0x0203005019800000004616030100410100003d0301435f8f34c71e673ecee95256802f571c6bfa86eaa89728f7d7f782809ef0f82600001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 478
State = 0x67a4b4a551592fcc14469ef9c70a4601
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "testAP"
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for
request 64
modcall[authorize]: module
"preprocess" returns ok for request 64
modcall[authorize]: module
"chap" returns noop for request 64
modcall[authorize]: module
"mschap" returns noop for request 64
rlm_realm: No '@' in
User-Name = "testuser", looking up realm NULL
rlm_realm: No such
realm "NULL"
modcall[authorize]: module
"suffix" returns noop for request 64
rlm_eap: EAP packet type response
id 3 length 80
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module
"eap" returns updated for request 64
users: Matched entry
testuser at line 90
modcall[authorize]: module
"files" returns ok for request 64
modcall: group authorize returns updated
for request 64
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate for
request 64
rlm_eap: Request found, released
from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept
initialization
TLS_accept:
before/accept initialization
rlm_eap_tls: <<< TLS 1.0
Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read
client hello A
rlm_eap_tls: >>> TLS 1.0
Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write
server hello A
rlm_eap_tls: >>> TLS 1.0
Handshake [length 0654], Certificate
TLS_accept: SSLv3 write
certificate A
rlm_eap_tls: >>> TLS 1.0
Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write
server done A
TLS_accept: SSLv3 flush
data
TLS_accept:error in
SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module
"eap" returns handled for request 64
modcall: group authenticate returns
handled for request 64
Sending Access-Challenge of id 66 to
10.0.0.1:21645
EAP-Message =
0x0104040a19c0000006b1160301004a020000460301435f8f1b11c01e5389f06ab782154f3759e70cc9bb2b320d320ab9c656d33f6e205816b685a712ff840d91baa1dbf8b9c0ec209492aecf22425643fafe1541596d00040016030106540b00065000064d0002b3308202af30820218a003020102020900b646b246bff02a86300d06092a864886f70d010104050030818d310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713044f534c4f310f300d060355040a130642425320415331133011060355040b130a66726565726164697573311b301906035504031312436c69656e74206365727469666963
EAP-Message = 0x617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f7374301e170d3035313032363132333432385a170d3036313032363132333432385a30818b310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713044f534c4f310f300d060355040a130642425320415331133011060355040b130a667265657261646975733119301706035504031310526f6f74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430819f300d06092a864886f70d010101050003818d0030818902818100eead5285b5e9f7b939a2dfc1b7fef60a
EAP-Message = 0xbd055de0ba27b2ef81244e0eabad60241727ff5fc724f36147d08ea5f9e3f0110dfb5a2397c3906a00ab8eb28509e4a672b2c948c0b8007785f550b3908c2f49d7a113d6e7198d9606e567fc38be816fb2acf60f18bfe56d0617ff7e651439ce9c8ed40363b5b1e4d0d96f59a468a6650203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810050aa5f1713a5025d21f128094104579eb85a9ded57072baf72b2c0e3fbea766eb53c62e9bc2a5d1bc22f2615cc1fe88487e2d0b7e5eaa045a8ae1734a85f28e6cd70d3340c2a51bfe7b974c13b9a1a4abebe373312d1d4b987e32368
EAP-Message = 0x1edad7e4a54456fd7989e901485e9f2fcf7e8ed8e57fae97fb2fdd1fba5a50c683b7da7f00039430820390308202f9a003020102020900b646b246bff02a84300d06092a864886f70d010104050030818d310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713044f534c4f310f300d060355040a130642425320415331133011060355040b130a66726565726164697573311b301906035504031312436c69656e74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f7374301e170d3035313032363132333432335a170d303731303236313233343233
EAP-Message = 0x5a30818d310b3009060355040613024e4f310d300b06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd8223ab2cc29f1f3ad13843d71797409
Finished request 64
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.0.1:21645, id=67, length=144
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "000e.8401.cd50"
Calling-Station-Id = "0011.0a80.41d1"
Message-Authenticator = 0xcc2b18df4d9f3ad232f1d712d0fefa45
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 478
State = 0xd8223ab2cc29f1f3ad13843d71797409
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "testAP"
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for
request 65
modcall[authorize]: module
"preprocess" returns ok for request 65
modcall[authorize]: module
"chap" returns noop for request 65
modcall[authorize]: module
"mschap" returns noop for request 65
rlm_realm: No '@' in
User-Name = "testuser", looking up realm NULL
rlm_realm: No such
realm "NULL"
modcall[authorize]: module
"suffix" returns noop for request 65
rlm_eap: EAP packet type response
id 4 length 6
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module
"eap" returns updated for request 65
users: Matched entry
testuser at line 90
modcall[authorize]: module
"files" returns ok for request 65
modcall: group authorize returns updated
for request 65
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate for
request 65
rlm_eap: Request found, released
from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment
handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module
"eap" returns handled for request 65
modcall: group authenticate returns
handled for request 65
Sending Access-Challenge of id 67 to
10.0.0.1:21645
EAP-Message =
0x010502b719000355040813044f534c4f310d300b060355040713044f534c4f310f300d060355040a130642425320415331133011060355040b130a66726565726164697573311b301906035504031312436c69656e74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430819f300d06092a864886f70d010101050003818d0030818902818100bb9dc7f9a6b879ddde091ded35f3137693d1a9fa9d2e2f1e20e1e49c9daf077fd1c4066e8e409eda68baac046ff390baedad93e603fdde73046df106c9c3775eb0e024a2682faf6469e778758b9c782a11ad0dcc25edca8f9efdee96ccc1bc
EAP-Message =
0x84850d853d4435da9ab22ec6c3dc4e6d9137e0ec36d705c923055aa8b900d833350203010001a381f53081f2301d0603551d0e04160414227f0709429785a3169b9817627cd456d617f2283081c20603551d230481ba3081b78014227f0709429785a3169b9817627cd456d617f228a18193a4819030818d310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713044f534c4f310f300d060355040a130642425320415331133011060355040b130a66726565726164697573311b301906035504031312436c69656e74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c
EAP-Message =
0x6f63616c686f7374820900b646b246bff02a84300c0603551d13040530030101ff300d06092a864886f70d0101040500038181001fb7ec3488fd3b6349d6cc33b5c6451ce1c2e8ef8db6f4818cd017991f9649141c1767553c20303e262fec4bb351cda19b403bab78aa37236ffc78dace1a39089ff037eb911a5133bc6b1f0275cc9e68bc4c8f487a4d2cdc8e706134e512d7e715ca81c5a7bb6cc668ca8181e898befeab40773de8f3eb6629ecd2c79d5f74f116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6a28407c14613e4bb49a5c41aab60bfd
Finished request 65
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
10.0.0.1:21645, id=68, length=144
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "000e.8401.cd50"
Calling-Station-Id = "0011.0a80.41d1"
Message-Authenticator = 0x9a39ada2dab238ef570b8dc1dd3f3b6c
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 478
State = 0x6a28407c14613e4bb49a5c41aab60bfd
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "testAP"
Processing the authorize section of
radiusd.conf
modcall: entering group authorize for request
66
modcall[authorize]: module
"preprocess" returns ok for request 66
modcall[authorize]: module
"chap" returns noop for request 66
modcall[authorize]: module
"mschap" returns noop for request 66
rlm_realm: No '@' in
User-Name = "testuser", looking up realm NULL
rlm_realm: No such
realm "NULL"
modcall[authorize]: module
"suffix" returns noop for request 66
rlm_eap: EAP packet type response
id 5 length 6
rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation
modcall[authorize]: module
"eap" returns updated for request 66
users: Matched entry
testuser at line 90
modcall[authorize]: module
"files" returns ok for request 66
modcall: group authorize returns updated
for request 66
rad_check_password: Found
Auth-Type EAP
auth: type "EAP"
Processing the authenticate section
of radiusd.conf
modcall: entering group authenticate for
request 66
rlm_eap: Request found, released
from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment
handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module
"eap" returns handled for request 66
modcall: group authenticate returns
handled for request 66
Sending Access-Challenge of id 68 to
10.0.0.1:21645
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x029cb84784a586178ecaa439ab2c98ab
Finished request 66
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 63 ID 65 with
timestamp 435f8f1b
Cleaning up request 64 ID 66 with
timestamp 435f8f1b
Cleaning up request 65 ID 67 with
timestamp 435f8f1b
Cleaning up request 66 ID 68 with
timestamp 435f8f1b
Nothing to do. Sleeping until we see
a request.