Hi All,

I am new to Radius Servers and have a Project to get Radius Server configured in the organization for authenticating users through an Access Point which is based on Mikrotik. I have setup freeradius (version 1.0.1) server and have defined a user in the "users" file. When I test the configuration using the "radtest" command, it works fine and says "Access-Accept". However, when I try to authentcate the user through the access point, I am prompted for Username and Password at the client, but Debug mode on radius server shows "request rejected". It says "no User-Password attribute". (However, the the debug mode is showing correct Username as entered from the client)

I checked lot of Forums, but none of the solutions worked for me. I have stored user password in clear-text in the users file. Also, I am not using any certificate (TLS) in the setup.

The confiurations are as follows:


Radius Server:
##################################################################################
radiusd.conf:
##################################################################################
modules{

 pap {
                encryption_scheme = clear
        }
        pap md5{
                encryption_scheme = md5
        }

}

 chap {
                authtype = CHAP
        }

$INCLUDE ${confdir}/eap.conf

mschap {
 authtype = MS-CHAP
}

authenticate
{
eap
}

authorize
{
    preprocess
    eap
    files
}

##################################################################################


##################################################################################
eap.conf
##################################################################################

eap {
default_eap_type = mschapv2
mschapv2 {
                Auth-Type = PAP
                }
}

##################################################################################
users
##################################################################################

"radtest1"       Cleartext-Password == "password"

#(also tried User-Password instead of Cleartext-password, but no luck !!)
##################################################################################
clients.conf
##################################################################################

client 192.168.xxx.xxx {
        secret          =    test
        shortname       = private-network
        nastype     =  other
}


##################################################################################
##################################################################################
Access Point Configuration:
##################################################################################

Network Authentication: WPA with Radius
Data Encryption: TKIP


Have given Radius Server IP, Port and shared key(Which is same as mentioned in clients.conf)


##################################################################################
Client Machine Configuration:
##################################################################################


The client machine is a Windows Vista OS, and have the following configurations for Wireless Network:
Security Type: WPA-Enterprise
Encryption: TKIP

Authentication Method: PEAP (Secured Password MSCHAPv2)

##################################################################################

Debug mode of Radius Server says this:


        User-Name = "radtest1"
        NAS-IP-Address = 192.168.1.254
        NAS-Port = 0
        Called-Station-Id = "00-21-DE-00-17-B2:Wireless1"
        Calling-Station-Id = "00-19-D2-AD-4A-BF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0201000d017261647465737431
        Message-Authenticator = 0x2376aab3c18a8a9cbe0320fc1add824a
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  rlm_eap: EAP packet type response id 1 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched radtest1 at 100
  modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 0 to 192.168.104.168:3111
        EAP-Message = 0x010200221a0102001d10f60a0398e4f61c9beba89b3dbcefde677261647465737431
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc02709d0e2c702124f02a4d451d0a59d
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.104.168:3111, id=0, length=159
Sending duplicate reply to client private-network:3111 - ID: 0
Re-sending Access-Challenge of id 0 to 192.168.104.168:3111
--- Walking the entire request list ---









Would appreciate if someone could suggest me the resolution for the problem. ALso, if someone can get me a working copy of freeradius server with Mikrotik (or otherwise Linksys) Access Point, it would be of great help.


Thanks and Regards,
SaN
sankalpk@tulip.net






DISCLAIMER: This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may containconfidential and privileged information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies and the original message. Any unauthorized review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly prohibited and may be unlawful. The recipient acknowledges that Tulip Telecom Limited is unable to exercise control or ensure or guarantee the integrity of/overthe contents of the information contained in e-mail transmissions and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of Tulip Telecom Limited. Before opening any attachments please check them for viruses! and defects.