Thanks for your prompt response. eapol_test has been built with all EAP modules. See log below:
Do you know what the problem can be? I've tried almost everything now!
It's hard to tell what's going on with only a portion of the log. Send the logs for both eapol_test and FreeRADIUS in debug mode. Send it to the list. It's better to have multiple people look at the problem. Tim
Thanks again.
Sergio.
--- o ---
eapol_test -c md5.conf -s testing123
Reading configuration file 'md5.conf' Line: 1 - start of a new network block ssid - hexdump_ascii(len=7): 45 78 61 6d 70 6c 65 Example eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00
00
00 eapol_flags=0 (0x0) key_mgmt: 0x1 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=6): 74 65 73 74 70 77 testpw ca_cert - hexdump_ascii(len=40): 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 52 6f c/raddb/certs/Ro 6f 74 43 41 2e 70 65 6d otCA.pem client_cert - hexdump_ascii(len=38): 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 75 73 c/raddb/certs/us 65 72 2e 64 65 72 er.der private_key - hexdump_ascii(len=42): 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 75 73 c/raddb/certs/us 65 72 2d 6b 65 79 2e 64 65 72 er-key.der phase2 - hexdump_ascii(len=11): 61 75 74 68 65 61 70 3d 4d 44 35 autheap=MD5 anonymous_identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous Priority group 0 id=0 ssid='Example' Authentication server 127.0.0.1:1812 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE CTRL_IFACE - test - wait for monitor Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - hexdump(len=14): 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=126 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=16 Value: 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Attribute 80 (Message-Authenticator) length=18 Value: 29 8c 2f d2 bc e7 e4 4f 38 ff 02 28 4f 38 f5 61 Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE Received 64 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=64 Attribute 79 (EAP-Message) length=8 Value: 01 01 00 06 0d 20 Attribute 80 (Message-Authenticator) length=18 Value: ca c5 9f c8 7c a3 4f 44 0a ab b1 3b f2 7c 1f 17 Attribute 24 (State) length=18 Value: 6d 9b 65 d3 6d 9a 68 84 2b 53 ce 97 ac 1c e2 81 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP- Request-TLS (13) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=13 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 EAP: Initialize selected EAP method: vendor 0 method 13 (TLS) TLS: using phase1 config options TLS: Trusted root certificate(s) loaded OpenSSL: SSL_use_certificate_file (DER) --> OK OpenSSL: SSL_use_PrivateKey_File (DER) --> OK SSL: Private key loaded successfully CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected EAP: EAP entering state METHOD SSL: Received packet(len=6) - Flags 0x20 EAP-TLS: Start SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 210 bytes pending from ssl_out SSL: 210 bytes left to be sent out (of total 210 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=216) TX EAP -> RADIUS - hexdump(len=216): 02 01 00 d8 0d 00 16 03 01 00 cd 01 00 00 c9 03 01 4e 9b 60 82 ce 26 51 18 1a 0f fd 61 c0 4c 56 44 2e a2 ed da d9 cd 0b a9 3f f4 97 dd 76 0a 58 be 00 00 5c c0 14 c0 0a 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 23 00 00 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=346 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=218 Value: 02 01 00 d8 0d 00 16 03 01 00 cd 01 00 00 c9 03 01 4e 9b 60 82 ce 26 51 18 1a 0f fd 61 c0 4c 56 44 2e a2 ed da d9 cd 0b a9 3f f4 97 dd 76 0a 58 be 00 00 5c c0 14 c0 0a 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 23 00 00 Attribute 24 (State) length=18 Value: 6d 9b 65 d3 6d 9a 68 84 2b 53 ce 97 ac 1c e2 81 Attribute 80 (Message-Authenticator) length=18 Value: 9e c4 a4 f0 55 8c 2a 18 4e 44 ee 10 2d 97 5d 0d Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE Received 1090 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=1 length=1090 Attribute 79 (EAP-Message) length=255 Value: 01 02 04 00 0d c0 00 00 0e af 16 03 01 00 31 02 00 00 2d 03 01 4e 9b 60 82 70 e6 76 5a ef e2 e5 37 6c d6 08 dd ee 9f b6 70 66 d2 df a8 0e 1f 2c e8 33 f3 07 f5 00 00 39 00 00 05 ff 01 00 01 00 16 03 01 0b eb 0b 00 0b e7 00 0b e4 00 06 5f 30 82 06 5b 30 82 05 43 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 81 dd 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 14 30 12 06 03 55 04 07 13 0b 57 65 73 74 6d 69 6e 73 74 65 72 31 1c 30 1a 06 03 55 04 0a 13 13 4d 61 74 65 41 52 20 49 54 20 53 6f 6c 75 74 69 6f 6e 73 31 17 30 15 06 03 55 04 0b 13 0e 50 4b 49 20 44 65 70 61 72 74 6d 65 6e 74 31 22 30 20 06 03 55 04 03 13 19 54 65 73 74 20 52 6f 6f 74 20 43 41 20 28 46 72 65 65 52 41 44 49 Attribute 79 (EAP-Message) length=255 Value: 55 53 29 31 20 30 1e 06 03 55 04 0d 13 17 54 65 73 74 20 52 6f 6f 74 43 41 20 43 65 72 74 69 66 69 63 61 74 65 31 1d 30 1b 06 09 2a 86 48 86 f7 0d 01 09 01 16 0e 69 6e 66 6f 40 6d 61 74 65 61 72 2e 65 75 31 0b 30 09 06 03 55 04 05 13 02 30 31 30 1e 17 0d 31 31 31 30 31 36 31 34 32 37 35 32 5a 17 0d 31 32 31 30 31 35 31 34 32 37 35 32 5a 30 81 f2 31 23 30 21 06 03 55 04 03 13 1a 55 4b 57 49 4e 32 30 30 38 52 32 2e 63 6f 72 70 2e 6d 61 74 65 61 72 2e 65 75 31 12 30 10 06 0a 09 92 26 89 93 f2 2c 64 01 19 16 02 45 55 31 1d 30 1b 06 09 2a 86 48 86 f7 0d 01 09 01 16 0e 69 6e 66 6f 40 6d 61 74 65 61 72 2e 65 75 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 14 30 12 06 03 55 04 07 13 0b 57 65 73 74 6d 69 6e 73 Attribute 79 (EAP-Message) length=255 Value: 74 65 72 31 16 30 14 06 03 55 04 0b 13 0d 49 54 20 44 65 70 61 72 74 6d 65 6e 74 31 16 30 14 06 03 55 04 05 13 0d 55 4b 4c 4f 4e 44 4f 4e 53 52 56 30 31 31 34 30 32 06 03 55 04 0d 13 2b 54 65 73 74 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 20 28 50 45 41 50 20 2d 20 46 72 65 65 52 41 44 49 55 53 29 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 d0 91 2b e9 29 81 af 2f 9e e8 e1 c8 27 c3 0b 70 a9 71 04 63 fb e0 52 bd e4 1c 7a 96 af 52 bc 77 0a 83 da a7 bb c2 86 da 3b ef f1 f7 f7 13 94 c8 06 f0 21 4b 2b 1f ae 41 aa fb 04 5e fc 1e 49 b5 a7 00 82 fd 2e ac e9 f7 c0 98 db ea 77 7b 6b d8 d6 d8 0c 99 d4 2a 2a 61 84 f7 63 75 68 38 fa ff 97 04 87 37 f9 2b db c4 1c d8 03 e1 2e d1 7c c4 cf ed 29 57 97 d6 f6 Attribute 79 (EAP-Message) length=255 Value: db 79 9f 5b bc 4b 53 ce 81 02 03 01 00 01 a3 82 02 91 30 82 02 8d 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 02 01 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 03 f8 30 1d 06 03 55 1d 0e 04 16 04 14 c7 c5 14 ad 16 23 77 01 f6 29 bf 2c 1d 18 c2 4c 81 86 18 8f 30 82 01 0b 06 03 55 1d 23 04 82 01 02 30 81 ff 80 14 8c 04 28 72 c8 60 3f 29 a5 8a c1 4f db 9a 62 ff 9a ad c3 fa a1 81 e3 a4 81 e0 30 81 dd 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 14 30 12 06 03 55 04 07 13 0b 57 65 73 74 6d 69 6e 73 74 65 72 31 1c 30 1a 06 03 55 04 0a 13 13 4d 61 74 65 41 52 20 49 54 20 53 6f 6c 75 74 69 6f 6e 73 31 17 30 15 06 03 55 04 0b 13 0e 50 4b 49 20 44 65 70 61 72 74 6d 65 6e 74 31 22 30 20 06 03 55 04 03 13 19 54 65 Attribute 79 (EAP-Message) length=14 Value: 73 74 20 52 6f 6f 74 20 43 41 20 28 Attribute 80 (Message-Authenticator) length=18 Value: eb 77 c8 8e ab 89 28 65 cf 6b ea d1 ce 32 b6 2e Attribute 24 (State) length=18 Value: 6d 9b 65 d3 6c 99 68 84 2b 53 ce 97 ac 1c e2 81 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station decapsulated EAP packet (code=1 id=2 len=1024) from RADIUS server: EAP- Request-TLS (13) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=13 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=1024) - Flags 0xc0 SSL: TLS Message Length: 3759 SSL: Need 2745 bytes more input data SSL: Building ACK (type=13 id=2 ver=0) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 02 00 06 0d 00 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=136 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 02 00 06 0d 00 Attribute 24 (State) length=18 Value: 6d 9b 65 d3 6c 99 68 84 2b 53 ce 97 ac 1c e2 81 Attribute 80 (Message-Authenticator) length=18 Value: a9 7e 43 1c 85 51 4b 08 e5 45 69 b9 85 a6 a6 16 Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 STA 02:00:00:00:00:01: Resending RADIUS message (id=2)
Next RADIUS client retransmit in 6 seconds STA 02:00:00:00:00:01: Resending RADIUS message (id=2)
Next RADIUS client retransmit in 12 seconds STA 02:00:00:00:00:01: Resending RADIUS message (id=2)
Next RADIUS client retransmit in 24 seconds EAPOL test timed out EAPOL: EAP key not available EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 0 FAILURE
From: tim.sylvester@networkradius.com To: freeradius-users@lists.freeradius.org Subject: RE: EAP Testing - Newbie Date: Sun, 16 Oct 2011 12:37:20 -0700
I'm in the process of testing FreeRADIUS 2.1.11, just basic/standard setup. I've been following the following user guide: http://deployingradius.com/documents/configuration/pap.html. Very useful, by the way.
PAP, MSCHAP and MSCHAPv2 work ok, but I'm unable to get any EAP tests to pass. I've tries almost everything, including: http://deployingradius.com/documents/configuration/eap- problems.html
radtest -t eap-md5 ....... (it works ok)
OK. The means the eap-md5 worked for radtest and FreeRADIUS.
--------- EAP-MD5 test ---------
http://deployingradius.com/scripts/eapol_test/
eapol_test.exe -c md5.conf -s testing123 ( it doesn't work!)
OK. Since eap-md5 worked for FreeRADIUS and radeaptest above, but not for eapol_test and FreeRADIUS, this is most likely a problem with eapol_test not supporting eap-md5.
EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) length=24 Value: 01 01 00 16 04 10 2d 5a 5e ca fd 46 31 37 33 67 ef 5f ec 14 64 c3 Attribute 80 (Message-Authenticator) length=18 Value: 37 83 06 12 9c 7b 2d 98 9a e8 6b 81 79 03 ce 63 Attribute 24 (State) length=18 Value: cb 7a ce 96 cb 7b ca 0b 07 a3 2c 75 4a 0c c4 c6 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP- Request-MD5 (4)
RADIUS Server proposed using eap-md5.
EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed
eapol_test said it's configuration does not support "method 4" (aka eap-md5).
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 15 EAP: EAP entering state SEND_RESPONSE
eapol_test sends a NAK back to the FreeRADIUS because it does not support eap-md5 (or any other eap method sent back by FR).
Verify that eapol_test was successfully built with support for eap-md5. Look for error messages during the build process. You will probably see error messages saying that it could not find the OpenSSL libraries and/or headers.
Tim
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi, ...please dont send eapol_test output - send the output from radiusd -X from the log sent it looks like the client isnt get a response from the server (note the 3 default timeouts at the end....) alan
First of all, thanks for your help. radiusd.conf - eap section : .... .... eap { default_eap_type = ttls md5 { } mschapv2 { } tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 pem_file_type = yes include_length = yes CA_path = ${db_dir}/certs CA_file = ${db_dir}/certs/rootca.pem certificate_file = ${db_dir}/certs/server.pem private_key_file = ${db_dir}/certs/server-key.pem random_file = ${db_dir}/certs/random dh_file = ${db_dir}/certs/dh check_crl = no verify_depth = 0 cipher_list = "DEFAULT" } ttls { default_eap_type = md5 copy_request_to_tunnel = no use_tunneled_reply = no } peap { default_eap_type = mschapv2 } } ----- users file: the first line reads: testuser Cleartext-Password := "testpw" Reply-Message = "Hello, %{User-Name}" -------- then, i type: eapol_test -c md5.conf -s testing123 ; I'm using md5.conf from here: http://deployingradius.com/scripts/eapol_test/ Find below radiusd -X output: Starting - reading configuration files ... including configuration file ..\etc\raddb/radiusd.conf including configuration file ../etc/raddb/clients.conf including configuration file ../etc/raddb/policy.conf including dictionary file ..\etc\raddb/dictionary main { name = "radiusd" prefix = ".." localstatedir = "../var" sbindir = "../sbin" logdir = "../var/log/radius" run_dir = "../var/run/radiusd" libdir = "../lib" radacctdir = "../var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "../var/run/radiusd/radiusd.pid" checkrad = "../sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file ..\etc\raddb/radiusd.conf Module: Linked to module rlm_expr Module: Instantiating module "expr" from file ..\etc\raddb/radiusd.conf } radiusd: #### Loading Virtual Servers #### server { # from file ..\etc\raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file ..\etc\raddb/radiusd.conf Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file ..\etc\raddb/radiusd.conf Module: Linked to module rlm_eap Module: Instantiating module "eap" from file ..\etc\raddb/radiusd.conf Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "auth_log" from file ..\etc\raddb/radiusd.conf Module: Linked to module rlm_files Module: Instantiating module "files" from file ..\etc\raddb/radiusd.conf Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file ..\etc\raddb/radiusd.conf Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file ..\etc\raddb/radiusd.conf } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Ready to process requests. # Executing section authorize from file ..\etc\raddb/radiusd.conf +- entering group authorize {...} [auth_log] ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.log expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20111017.log ++[auth_log] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ++[mschap] returns noop ++[files] returns noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated Found Auth-Type = EAP # Executing group from file ..\etc\raddb/radiusd.conf +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Finished request 0. Going to the next request Waking up in 4.10 seconds. # Executing section authorize from file ..\etc\raddb/radiusd.conf +- entering group authorize {...} [auth_log] ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d.log expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20111017.log ++[auth_log] returns ok [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ++[mschap] returns noop ++[files] returns noop [eap] EAP packet type response id 1 length 216 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file ..\etc\raddb/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] (other): before/accept initialization [ttls] TLS_accept: before/accept initialization [ttls] TLS_accept: SSLv3 read client hello A [ttls] TLS_accept: SSLv3 write server hello A [ttls] TLS_accept: SSLv3 write certificate A [ttls] TLS_accept: SSLv3 write key exchange A [ttls] TLS_accept: SSLv3 write server done A [ttls] TLS_accept: SSLv3 flush data [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A [ttls] eaptls_process returned 13 ++[eap] returns handled Finished request 1. Going to the next request Waking up in 4.7 seconds. Waking up in 4.4 seconds. Waking up in 1.4 seconds. Cleaning up request 0 ID 0 with timestamp +27 Waking up in 0.2 seconds. Cleaning up request 1 ID 1 with timestamp +27 Ready to process requests. Ready to process requests. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 58118, id=0, length=126 User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0xfe5e2cea30ed69e3ebb5597d9c677bcf Sending Access-Challenge of id 0 to 127.0.0.1 port 58118 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x26b3a7ae26b2b26bc177f1c70c867315 rad_recv: Access-Request packet from host 127.0.0.1 port 58118, id=1, length=346 User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100d8150016030100cd010000c903014e9bf235ba7f9efdc193f071e50186c14a010f47a15bd3e3897a7fd552820b8c00005cc014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 State = 0x26b3a7ae26b2b26bc177f1c70c867315 Message-Authenticator = 0xc51bb1dac6f978b85e3f41a1357b4ca0 Sending Access-Challenge of id 1 to 127.0.0.1 port 58118 EAP-Message = 0x0102040015c000000dc116030100310200002d03014e9bf2356d72da691120cc7a5be6fa242c914777e7a6cddfadb8e39923496e78000039000005ff010001001603010beb0b000be7000be400065f3082065b30820543a003020102020102300d06092a864886f70d01010505003081dd310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73746572311c301a060355040a13134d617465415220495420536f6c7574696f6e7331173015060355040b130e504b49204465706172746d656e7431223020060355040313195465737420526f6f7420434120284672656552414449 EAP-Message = 0x5553293120301e060355040d13175465737420526f6f744341204365727469666963617465311d301b06092a864886f70d010901160e696e666f406d61746561722e6575310b3009060355040513023031301e170d3131313031363134323735325a170d3132313031353134323735325a3081f2312330210603550403131a554b57494e3230303852322e636f72702e6d61746561722e657531123010060a0992268993f22c64011916024555311d301b06092a864886f70d010901160e696e666f406d61746561722e6575310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73 EAP-Message = 0x74657231163014060355040b130d4954204465706172746d656e74311630140603550405130d554b4c4f4e444f4e535256303131343032060355040d132b5465737420536572766572204365727469666963617465202850454150202d20467265655241444955532930819f300d06092a864886f70d010101050003818d0030818902818100d0912be92981af2f9ee8e1c827c30b70a9710463fbe052bde41c7a96af52bc770a83daa7bbc286da3beff1f7f71394c806f0214b2b1fae41aafb045efc1e49b5a70082fd2eace9f7c098dbea777b6bd8d6d80c99d42a2a6184f763756838faff97048737f92bdbc41cd803e12ed17cc4cfed295797d6f6 EAP-Message = 0xdb799f5bbc4b53ce810203010001a38202913082028d300f0603551d130101ff04053003020100300e0603551d0f0101ff0404030203f8301d0603551d0e04160414c7c514ad16237701f629bf2c1d18c24c8186188f3082010b0603551d23048201023081ff80148c042872c8603f29a58ac14fdb9a62ff9aadc3faa181e3a481e03081dd310b3009060355040613024742310f300d060355040813064c6f6e646f6e311430120603550407130b576573746d696e73746572311c301a060355040a13134d617465415220495420536f6c7574696f6e7331173015060355040b130e504b49204465706172746d656e7431223020060355040313195465 EAP-Message = 0x737420526f6f742043412028 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x26b3a7ae27b1b26bc177f1c70c867315 ---------- I've tried almost everything. I'd appreciate any pointers/help here. Is there any other tool I could use instead of eapol_test? Thanks again. Sergio.
Date: Mon, 17 Oct 2011 09:30:32 +0100 From: A.L.M.Buxey@lboro.ac.uk To: tim.sylvester@networkradius.com; freeradius-users@lists.freeradius.org CC: sfhacker@hotmail.com Subject: Re: EAP Testing - Newbie
hi,
...please dont send eapol_test output - send the output from radiusd -X
from the log sent it looks like the client isnt get a response from the server (note the 3 default timeouts at the end....)
alan
hi, your radiusd -X output was not all there... it just stopped. need to see it all to see where/when the fail is occuring. alan
Hi Alan, Thanks for your reply. That's all ... after the following lines: EAP-Message = 0x737420526f6f742043412028 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x26b3a7ae27b1b26bc177f1c70c867315 I just get: Finished request 1 Going to the next request Waking up in 4.8 seconds Cleaning up request 0 ID 0 with timestamp ..... Waking up in 0.1 seconds Cleaning up request 1 ID 1 with timestamp .... Ready to process requests. That's all. No more output! Any help is greatly appreciated! Ciao.
Date: Mon, 17 Oct 2011 11:56:34 +0100 From: A.L.M.Buxey@lboro.ac.uk To: sfhacker@hotmail.com CC: tim.sylvester@networkradius.com; freeradius-users@lists.freeradius.org Subject: Re: EAP Testing - Newbie
hi,
your radiusd -X output was not all there... it just stopped. need to see it all to see where/when the fail is occuring.
alan
participants (3)
-
Alan Buxey -
Sergio NNX -
Tim Sylvester