Hi Alan Thank you,it can reply correct attribute. some more question pls. 1.sometimes it can login while sometimes failure, it is random. I am using the same user/password for PEAP authentication and totally the same configuration both server and client PC/user. 2.after user success login, sometimes it will re-authentication automatically. It seems client issue the authentication itself but I wonder. 3.looking for the log below,it seems finish authentication by FR but the result is failure. why sending Access-Challenge to NAS(192.168.21.223) after success? ***************************************************************** rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok } # server inner-tunnel [peap] Got tunneled reply code 2 Auth-Type := Local Service-Type := Framed-User Framed-IP-Address := 255.255.255.254 Framed-IP-Netmask := 255.255.255.0 Bandwidth-Max-Up := 2097152 Bandwidth-Max-Down := 2097152 Redirection-URL := "http://speedtest.net" Idle-Timeout := 60 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xe8e6189faa5581198681e65eab0a0270 MS-MPPE-Recv-Key = 0x0ea859d9cf1789a14e71ea9f41cfa8e0 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "gary" [peap] Got tunneled reply RADIUS code 2 Auth-Type := Local Service-Type := Framed-User Framed-IP-Address := 255.255.255.254 Framed-IP-Netmask := 255.255.255.0 Bandwidth-Max-Up := 2097152 Bandwidth-Max-Down := 2097152 Redirection-URL := "http://speedtest.net" Idle-Timeout := 60 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xe8e6189faa5581198681e65eab0a0270 MS-MPPE-Recv-Key = 0x0ea859d9cf1789a14e71ea9f41cfa8e0 EAP-Message = 0x030c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "gary" [peap] Tunneled authentication was successful. [peap] SUCCESS [peap] Saving tunneled attributes for later ++[eap] returns handled Sending Access-Challenge of id 117 to 192.168.21.223 port 1812 EAP-Message = 0x010d00261900170301001bb702fe1896d6726825ec785647a34e3d8126e49337f16e73596446 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f1a077a27171e8af826d2444a0b0c36 Finished request 79. Going to the next request Waking up in 2.8 seconds. Cleaning up request 71 ID 109 with timestamp +1967 Cleaning up request 72 ID 110 with timestamp +1967 Cleaning up request 73 ID 111 with timestamp +1967 Cleaning up request 74 ID 112 with timestamp +1967 Cleaning up request 75 ID 113 with timestamp +1967 Cleaning up request 76 ID 114 with timestamp +1967 Waking up in 0.8 seconds. Cleaning up request 77 ID 115 with timestamp +1968 Cleaning up request 78 ID 116 with timestamp +1968 Waking up in 1.0 seconds. Cleaning up request 79 ID 117 with timestamp +1969 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x2f1a077a27171e8a did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. *********************************************************************** Best Regards Gary ----- Original Message ----- From: "Alan DeKok" <aland@deployingradius.com> To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Sent: Thursday, September 01, 2011 8:48 PM Subject: Re: EAP-TLS/PEAP authentication problem(can notreply correctattribute)
gary wrote:
I do not define my private attribute while I follow the WISPr such as "Bandwidth-Max-Up" and "Bandwidth-Max-Down". It is no problem that I use UAM method(user login with login page by user name/password) and freeradius can reply correct attribute. But when I use PEAP authentication,after user login it can not reply correct attribute that I configure in the radgroupreply table. Can anyone give some idea?
See "use_tunneled_reply" in raddb/eap.conf.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html