Re : How to configure EAP Identity in 1.1.3
Why is the Code field of the EAP message 01? Isn't that a REQUEST message? Please correct me if I am wrong, but I thought the RADIUS server should get a Response packet with Code 2 and Type should be 1 (EAP Resp/Identity packet). May be it didnt get the Identity packet, and hence it cannot verify the Identity. Regards - Kedar Gaonkar Date: Mon, 16 Jul 2007 15:58:57 +0000 (GMT) From: Eshun Benjamin <bkeshun@yahoo.fr> Subject: Re : How to configure EAP Identity in 1.1.3 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <952625.72889.qm@web26009.mail.ukl.yahoo.com> Content-Type: text/plain; charset="iso-8859-1" Check on your AP, client.conf and naslist ================================================== Benjamin K. Eshun ----- Message d'origine ---- De : Govardhana K N <govardhan.nagarajaiah@gmail.com> ? : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoy? le : Lundi, 16 Juillet 2007, 13h28mn 28s Objet : How to configure EAP Identity in 1.1.3 I changed it but the same error is still coming. On 7/16/07, Eshun Benjamin <bkeshun@yahoo.fr> wrote: You have misconfigured the Nas-Identifier
govardhana Nas-Identifier == nas, Nas-Port-Type == 15
You have NAS-Identifier = "jrcnas" ================================================== Benjamin K. Eshun ----- Message d'origine ---- De : Govardhana K N < govardhan.nagarajaiah@gmail.com> ? : FreeRadius <freeradius-users@lists.freeradius.org
Envoy? le : Lundi, 16 Juillet 2007, 12h24mn 09s Objet : How to configure EAP Identity in 1.1.3 Hi, I was trying to configure FreeRadius server with EAP authentication. AS mentioned in "eap.conf", I didn't change the Auth-Type, but I was sending a EAP message, and Message-Authenticator attributes in Access-Request. When i tried sending an Access-Request with EAP-Message, I got the following error "rlm_eap: Identity Unknown, authentication failed". How to configure the Identity for EAP? debug log from server: --------------------------------- Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = no exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 127.0.0.1:1812 Listening on accounting 127.0.0.1:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32813, id=179, length=95 User-Name = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x64c5851b699cd2c027877bbb94fe7f8b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jrc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type request id 16 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 178 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity Unknown, authentication failed rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 179 to 127.0.0.1 port 32813 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 179 with timestamp 469b9233 Nothing to do. Sleeping until we see a request. debug log from Client: ------------------------------------- cheux301:/home/govardhana# radeapclient -x localhost auth jrcsecret <access-request +++> About to send encoded packet: User-Name = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00 Sending Access-Request of id 179 to 127.0.0.1 port 1812 User-Name = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=179, length=20 rlm_eap: EAP-Message not found <+++ EAP decoded packet: Thanks & Regards, Govardhana K N -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kedar, I have used response becoz, I will be sending a EAP-Identity reponse packet to the Radius Server. So the code field is not Request it should be Response. All, Thanks for the help. I was able send the EAP message with EAP-Type-Identity field. I have got an Access-Challenge response from the server, and the Access-Request sent in response to this challenge is failing (Access-Reject is sent by the server). Below i have given the debug log from the server, -------------------------------------------------------------------------------------------------------------------------------- rad_recv: Access-Request packet from host 127.0.0.1:32825, id=60, length=113 User-Name = "jrc" User-Password = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" Message-Authenticator = 0xaff453c7f7e3dc3639458de9740366a1 EAP-Message = 0x02d20008016a7263 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "jrc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 210 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 179 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 60 to 127.0.0.1 port 32825 CUI = "jrccui" Class = 0x6a7263636c617373 State = 0x6a72637374617465 Framed-MTU = 1400 Framed-IP-Address = 1.2.3.4 Service-Type = Framed-User Session-Timeout = 30 MS-MPPE-Send-Key = 0x6a72636d736b MS-MPPE-Recv-Key = 0x6a7263726563766d736b AAA-Session-Id = "jrcmultisessionid" HA-IP-MIP4 = 1.1.1.1 DHCPv4-Server = 2.2.2.2 MN-HA-MIP4-KEY = "jrcmipkey" MN-HA-MIP4-SPI = "jrcmipspi" DHCP-RK = "jrcdhcprk" DHCP-RK-KEY-ID = "jrcdhcpkey" DHCP-RK-LIFETIME = "20" EAP-Message = 0x01d300160410e0ccb378852f7a673815379d2f819db1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8343fbb52835fa0fb7fb84cab7f7a0db Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32825, id=61, length=155 User-Name = "jrc" User-Password = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" Message-Authenticator = 0x8dc52d59961b5eb7d8789f7cb4dbea5a State = 0x6a72637374617465 State = 0x8343fbb52835fa0fb7fb84cab7f7a0db EAP-Message = 0x02d300160410d3ab9cde585da0c10b343d38433fa0db Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "jrc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 211 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 179 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 2 modcall: leaving group authenticate (returns invalid) for request 2 auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32825, id=61, length=155 Sending Access-Reject of id 61 to 127.0.0.1 port 32825 -------------------------------------------------------------------------------------------------------------------------------- Thanks & Regards, Govardhana K N On 7/16/07, Gaonkar, Kedar <kgaonkar@qualcomm.com> wrote:
Why is the Code field of the EAP message 01? Isn't that a REQUEST message? Please correct me if I am wrong, but I thought the RADIUS server should get a Response packet with Code 2 and Type should be 1 (EAP Resp/Identity packet). May be it didnt get the Identity packet, and hence it cannot verify the Identity.
Regards - Kedar Gaonkar
Date: Mon, 16 Jul 2007 15:58:57 +0000 (GMT) From: Eshun Benjamin <bkeshun@yahoo.fr> Subject: Re : How to configure EAP Identity in 1.1.3 To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <952625.72889.qm@web26009.mail.ukl.yahoo.com> Content-Type: text/plain; charset="iso-8859-1"
Check on your AP, client.conf and naslist
================================================== Benjamin K. Eshun
----- Message d'origine ---- De : Govardhana K N <govardhan.nagarajaiah@gmail.com> ? : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoy? le : Lundi, 16 Juillet 2007, 13h28mn 28s Objet : How to configure EAP Identity in 1.1.3
I changed it but the same error is still coming.
On 7/16/07, Eshun Benjamin <bkeshun@yahoo.fr> wrote:
You have misconfigured the Nas-Identifier
govardhana Nas-Identifier == nas, Nas-Port-Type == 15
You have NAS-Identifier = "jrcnas"
==================================================
Benjamin K. Eshun
----- Message d'origine ---- De : Govardhana K N < govardhan.nagarajaiah@gmail.com> ? : FreeRadius <freeradius-users@lists.freeradius.org
Envoy? le : Lundi, 16 Juillet 2007, 12h24mn 09s Objet : How to configure EAP Identity in 1.1.3
Hi,
I was trying to configure FreeRadius server with EAP authentication. AS mentioned in "eap.conf", I didn't change the Auth-Type, but I was sending a EAP message, and Message-Authenticator attributes in Access-Request. When i tried sending an Access-Request with EAP-Message, I got the following error "rlm_eap: Identity Unknown, authentication failed".
How to configure the Identity for EAP?
debug log from server:
---------------------------------
Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024
main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/var/log/freeradius/radius.log" main: log_auth = no main: log_auth_badpass = no
main: log_auth_goodpass = no main: pidfile = "/var/run/freeradius/freeradius.pid" main: bind_address = 127.0.0.1 IP address [127.0.0.1] main: user = "freerad" main: group = "freerad"
main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no
security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = no exec: program = "(null)"
exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr)
Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no
mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System
unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no
unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no
realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493
detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes
radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 127.0.0.1:1812 Listening on accounting 127.0.0.1:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:32813, id=179, length=95 User-Name = "jrc" NAS-Identifier = "jrcnas"
NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263
Message-Authenticator = 0x64c5851b699cd2c027877bbb94fe7f8b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "jrc", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type request id 16 length 8
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry jrc at line 178
modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP"
Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity Unknown, authentication failed rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 0
modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list ---
Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 179 to 127.0.0.1 port 32813 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 179 with timestamp 469b9233 Nothing to do. Sleeping until we see a request.
debug log from Client:
-------------------------------------
cheux301:/home/govardhana# radeapclient -x localhost auth jrcsecret <access-request
+++> About to send encoded packet: User-Name = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User
Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00 Sending Access-Request of id 179 to 127.0.0.1 port 1812 User-Name = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400
Calling-Station-Id = "1:1:1:1:1:1" EAP-Message = 0x01100008016a7263 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=179, length=20 rlm_eap: EAP-Message not found <+++ EAP decoded packet:
Thanks & Regards,
Govardhana K N
-- With Regards, Govardhana K N
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- With Regards, Govardhana K N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- With Regards, Govardhana K N
Govardhana K N wrote
I have got an Access-Challenge response from the server, and the Access-Request sent in response to this challenge is failing (Access-Reject is sent by the server). Below i have given the debug log from the server,
Are you writing a 802.1x supplicant? It looks like it. Also, note that the server does NOT support WiMAX attributes. You can create a WiMAX dictionary, but the attributes in the packet will NOT be in the WiMAX format. Also, many of the WiMAX attributes have sub-attributes, and those are definitely not supported. Alan DeKok.
If that is the case, How can I add the WiMAX support in Free Radius? What are the changes I should make in order to have WiMAX support? On 7/17/07, Alan DeKok <aland@deployingradius.com> wrote:
Govardhana K N wrote
I have got an Access-Challenge response from the server, and the Access-Request sent in response to this challenge is failing (Access-Reject is sent by the server). Below i have given the debug log from the server,
Are you writing a 802.1x supplicant? It looks like it.
Also, note that the server does NOT support WiMAX attributes. You can create a WiMAX dictionary, but the attributes in the packet will NOT be in the WiMAX format. Also, many of the WiMAX attributes have sub-attributes, and those are definitely not supported.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- With Regards, Govardhana K N
Govardhana K N wrote:
If that is the case, How can I add the WiMAX support in Free Radius?
Send a patch, or pay someone to do the work.
What are the changes I should make in order to have WiMAX support?
Read the WiMAX specifications, and read the code to FreeRADIUS. do the work to figure out what has to be done. So far, no one has done that, so there's no WiMAX support. Alan DeKok.
rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 60 to 127.0.0.1 port 32825 CUI = "jrccui" Class = 0x6a7263636c617373 State = 0x6a72637374617465 Framed-MTU = 1400 Framed-IP-Address = 1.2.3.4 Service-Type = Framed-User Session-Timeout = 30 MS-MPPE-Send-Key = 0x6a72636d736b MS-MPPE-Recv-Key = 0x6a7263726563766d736b AAA-Session-Id = "jrcmultisessionid" HA-IP-MIP4 = 1.1.1.1 DHCPv4-Server = 2.2.2.2 MN-HA-MIP4-KEY = "jrcmipkey" MN-HA-MIP4-SPI = "jrcmipspi" DHCP-RK = "jrcdhcprk" DHCP-RK-KEY-ID = "jrcdhcpkey" DHCP-RK-LIFETIME = "20" EAP-Message = 0x01d300160410e0ccb378852f7a673815379d2f819db1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8343fbb52835fa0fb7fb84cab7f7a0db Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:32825, id=61, length=155 User-Name = "jrc" User-Password = "jrc" NAS-Identifier = "jrcnas" NAS-Port-Type = Ethernet CUI = "0" Service-Type = Framed-User Framed-MTU = 1400 Calling-Station-Id = "1:1:1:1:1:1" Message-Authenticator = 0x8dc52d59961b5eb7d8789f7cb4dbea5a State = 0x6a72637374617465 State = 0x8343fbb52835fa0fb7fb84cab7f7a0db EAP-Message = 0x02d300160410d3ab9cde585da0c10b343d38433fa0db
Something is wrong with your client. There are two State entries in this reply. The one that doesn't match the Challenge is breaking EAP conversation. Ivan Kalik Kalik Informatika ISP
participants (4)
-
Alan DeKok -
Gaonkar, Kedar -
Govardhana K N -
tnt@kalik.co.yu