--- Alan DeKok <aland@ox.org> wrote:
Gandalf the Gray <gtheg1@yahoo.com> wrote:
It seems no EAP-challenge is really going on. this is the output from tre radius server after a try made by AEGIS client under windows XP, with PEAP MSCHAPv2.
The AEGIS client works with FreeRADIUS.
What the debug log shows Is that the client is not seeing the response from FreeRADIUS. It's probably because you have multiple IP's on the radius server, and the client is sending to one address, and seeing the response from another.
Use 'tcpdump' to verify the problem, and make the server listen on only one IP.
Alan DeKok.
I checked and set a single IP address on my freeradius server. But it seems always the same result... this is my log by radiusd -X: rad_recv: Access-Request packet from host 192.168.127.36:21646, id=123, length=131 User-Name = "attoo" Framed-MTU = 1400 Called-Station-Id = "00-12-D9-B3-26-90" Calling-Station-Id = "00-50-FC-F1-7A-91" Message-Authenticator = 0x17e90f1da3ab8ca6003b033cdfa7926d EAP-Message = 0x0202000a016174746f6f NAS-Port-Type = Wireless-802.11 NAS-Port = 337 Service-Type = Framed-User NAS-IP-Address = 192.168.127.36 NAS-Identifier = "appi" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "attoo", skipping NULL due to config. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 10 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 123 to 192.168.127.36:21646 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x305eceed6a3b96ee99d532871dffa83f Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.127.36:21646, id=123, length=131 Sending duplicate reply to client appi:21646 - ID: 123 Re-sending Access-Challenge of id 123 to 192.168.127.36:21646 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 123 with timestamp 42ca647d Nothing to do. Sleeping until we see a request. thank you for your attention! __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com