Is freeradius-server works through wifi?
Hi all! I'm using this nice program on an old, linux nas and it works perfectly. But now I bought a dongle and attached to the nas. And I tried to connect to my wifi but I Cannot do that, because it gives me an Access-reject... Is it possible to use that through wifi? Here is a debugger output: ... adding new socket proxy address * port 5527 Listening on authentication interface wlan0 address * port 1812 Listening on accounting address * port 1813 Listening on command file /ffp/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0, length=123 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a016775657374 Message-Authenticator = 0x1cdcf108446d0aed96f7d19e90a2ddea # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 30 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 30 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 47778 EAP-Message = 0x01010016041059dc9dc980e2a025b5879c8e7dcebcd2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x327b67de327a635682a37fa2c5a9f0b6 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0, length=137 Cleaning up request 0 ID 0 with timestamp +13 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x327b67de327a635682a37fa2c5a9f0b6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02010006030d Message-Authenticator = 0xfba748e19ef2d0c85f62a9c686c6a45b # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 29 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 29 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/tls [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 47778 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x327b67de33796a5682a37fa2c5a9f0b6 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0, length=137 Cleaning up request 1 ID 0 with timestamp +13 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x327b67de33796a5682a37fa2c5a9f0b6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060300 Message-Authenticator = 0x5b93793510020b8d51688f1ecd803739 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 28 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 28 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for bad type 0 [eap] Failed in EAP select ++[eap] = invalid +} # group authenticate = invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /ffp/etc/raddb/sites-enabled/default +group REJECT { [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' [sql] expand: %{User-Password} -> [sql] ... expanding second conditional [sql] expand: %{Chap-Password} -> [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'guest', '', 'Access-Reject', '2016-06-15 15:02:33') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'guest', '', 'Access-Reject', '2016-06-15 15:02:33') rlm_sql (sql): Reserving sql socket id: 27 rlm_sql (sql): Released sql socket id: 27 ++[sql] = ok [eap] Reply already contained an EAP-Message, not inserting EAP-Failure ++[eap] = noop [attr_filter.access_reject] expand: %{User-Name} -> guest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] = updated +} # group REJECT = updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 0 to 192.168.1.1 port 47778 EAP-Message = 0x04020004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 2 ID 0 with timestamp +13 Ready to process requests. With wired connection, it works So cool... Thanks!
On Jun 15, 2016, at 9:04 AM, Mr Dini <diniboy74@gmail.com> wrote:
I'm using this nice program on an old, linux nas and it works perfectly. But now I bought a dongle and attached to the nas. And I tried to connect to my wifi but I Cannot do that, because it gives me an Access-reject...
Is it possible to use that through wifi?
Yes.
Here is a debugger output: ... rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0, length=137 Cleaning up request 1 ID 0 with timestamp +13 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x327b67de33796a5682a37fa2c5a9f0b6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060300
That's wrong.
[eap] EAP NAK [eap] NAK asked for bad type 0 [eap] Failed in EAP select
The client PC is broken. it's not doing EAP properly. Alan DeKok.
With another device it looks like this: ... adding new socket proxy address * port 5029 Listening on authentication interface wlan0 address * port 1812 Listening on accounting address * port 1813 Listening on command file /ffp/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=123 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200000a016775657374 Message-Authenticator = 0xf80f9fdc6096dd96349b54a76158b41d # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 30 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 30 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x010100160410cd8c15f2fd69b58fb4195d391898b596 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e399de459d22c81cf757f77c3 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=137 Cleaning up request 0 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e399de459d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0x0b5161841c40607ce96ba86663e7d9df # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 29 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 29 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e389ef959d22c81cf757f77c3 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=339 Cleaning up request 1 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e389ef959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200d01980000000c616030100c1010000bd030157615933b3693c0aea750b0ee6dd9dbf18d3de1572d4debe2b1567206506f0fe000054c014c00ac022c02100390038c00fc0050035c012c008c01cc01b00160013c00dc003000ac013c009c01fc01e00330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000040000b000403000102000a00340032000e000d0019000b000c00180009000a00160017000800060007001400150004000500120013000100020003000f00100011 Message-Authenticator = 0xbfa945eeecafb0c62a1f47c26fbd4637 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 208 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< Unknown TLS version [length 0005] [peap] <<< TLS 1.0 Handshake [length 00c1], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 Handshake [length 08d0], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: SSLv3 read client certificate A [peap] TLS_accept: Need to read more data: SSLv3 read client key exchange A [peap] TLS_accept: Need to read more data: SSLv3 read client key exchange A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x0103040019c000000a6c16030100390200003503016577e03d0a05338370a9862c952334eb8501593a6c8c8c3d07ff33c948df93dd00c01400000dff01000100000b00040300010216030108d00b0008cc0008c90003de308203da308202c2a003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966 EAP-Message = 0x696361746520417574686f72697479301e170d3136303531343134333630355a170d3137303531343134333630355a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e5f566152c45d3d08569a02a97ab5ee56d8bda6b4489b2bc12d230fec56f33274beda3d1dac958e12f7cf251d4f1ad EAP-Message = 0x4cba2c75d7bcefdd9cbfab161d20775efab8c5c1b3681742ed9f2f75e49e60b0e32d70d60192f3e62ec6596660b027eb8634a1e56b0ccbfd5104bf1f4a31fd6857128489bd58e150661d70ee0df641cfc50e51a9740da212fce7e4b87180e11fda4df462b02d5f6c69110756daac49abbda75325457105bc5c93ed452dd2ebac9c9c2dab9498e3def300f5ce057d5741b579b2b9ce6aad9abde3d8d7ea41ffed87620871991a6e7b0740a5189596346e135a7333e3e6b2a7efdd0ee2ec942c14ce93c68b3be85134e16cc66b7d2a210f710203010001a34f304d30130603551d25040c300a06082b0601050507030130360603551d1f042f302d302ba0 EAP-Message = 0x29a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101006bb079b545e45c8fbf795f76c14a96a64cf0b9b8e8773aa0befd15cdc8d4d6c768259c2586a523d24a1286f46049739dde58b47dcd32694a94f1a448571848e3bbad4a370cc3f7b333b39164d3b33cf8675110c25fc1b6fe261d47e44b48498ff8d12c7219de3f24184cf142ef5049bd16ac22a44a5d9fef42909db26da7da762374f54d64b13124269cdd6f87a1a93e665693abda02fcf72c28950f8477447f4cebdcce4a87ff238b2135c6852af4d2c450937f40e650188fa54fd55d89fc EAP-Message = 0x211226534d8d60af55bdfe60 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3b9ff959d22c81cf757f77c3 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=137 Cleaning up request 2 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e3b9ff959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xc48d956afbd172f7bb125bca0673ac40 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x010403fc19400918ca342c2f9259837b524bab816e6563dad2fcf662fbf0cb73a2cb339cb2b5d0e6a26c03fa3752386166b37b9dc979e2a790ba970004e5308204e1308203c9a0030201020209008d0d10e783eed109300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e EAP-Message = 0x170d3136303531343134333630355a170d3137303531343134333630355a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cbf1e21f268315aeff2f5bb05b29526075eed3469ea4ed717043980fa16b01ec3b999924eeced6ec EAP-Message = 0x4b4badaac384575b04caadc971eb57426979f3ac28ebb3fa6ac17252ad99686e8ae7713d8123985ca161382040f6af694b6608140cce7f8ef421abc7263fa9c773ee048e6dbd9d9b506008d39aec86869ca01e72dd7c7948184331e5da796ca5dda68624b15d0eb7f9c70e28ba1de07cb739c7409f28dfe7d02c40d789c0d791779875782eafaf2c75563d038123d11c8715fb2e1e923d0ae87f4846aee8679336fc4b4ec057f198cd662f0aec771b46ba0db7baba1081a45dddd4831244aa9b6878ccf6074bb91e5abb0e6d8fd57dd0ed72b6f0ffec9ded0203010001a382013430820130301d0603551d0e04160414d34bf9f912a71013a6f589bbd1 EAP-Message = 0xc75bcf181082db3081c80603551d230481c03081bd8014d34bf9f912a71013a6f589bbd1c75bcf181082dba18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504030c1d4578616d706c6520436572746966696361746520417574686f726974798209008d0d10e783eed109300c0603551d13040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f777777 EAP-Message = 0x2e6578616d706c65 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3a98f959d22c81cf757f77c3 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=137 Cleaning up request 3 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e3a98f959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0x62c22bde0e4bfb05d502dc6796372be3 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x0105028619002e636f6d2f6578616d706c655f63612e63726c300d06092a864886f70d01010b050003820101007624eb27403040536834dced5ac23ecb3009a1398a2230570b8b44ca1d18b1a0f55277ff3fef2afe32d8c22c5c15ded6c408b8e73ae8aa0ca82f5cca7d070993ffb0691fa25923b1428a30b3d9ed1fac451b986c6a9651d8eda1b5d73a417fac92bdae8a25df4a2b3667538c405c177476ce054899e77f0cce0fa9e8cba061165b411f1c717832cbc43af6fb57cc3817ada969d9543f80773159d4b8e4be488f2fd5a52adf35f8e7c228fe43944e10500ec518c3217a1c1412275b3091b55af21f5a94b67fe92e91adf98eb014c366de EAP-Message = 0xc9f5bdb08298a39a5b5f495fce6a53f0f6b90b4f9582511755351a758de29cef97c539d34ef88a24edea97652d7fcee4160301014b0c00014703001741047c28b553851a5af81bf21cca63be551e5e19a99762001b62848ed45152ba5ec57326a8dc278e4c2affaefabd6b369d91aad7ec877c7c4a365f80a420c8d4706f010074f545562a3780188c585dad286775e941af05548d0687d542f08c0c0d8f72baa846e63bbe03183f4b787ac378430a353e41ab03fa82d908d346a1236c1752328e2e7cbd4ae092db457adfa68a35b6b88ac12e31950c97efd7a955aa856f573af958d25ec98106340b94f6cb0367503df80ed00e9ac33dc811737b79c0 EAP-Message = 0x6805b910d041483efa5da53a18a81dd6edbae191983fc51f2142d6fb8d664ef36d226481223629cd193c83e0ec7b7f42da0447ef7605c4853e54df10e3d99856b0f5fdf93bf5689885412c84ad684368f76fe3166279a4b2fc219c85d363c440688e4dd93c37fa5f97602f43945bff46b2e05ff78197e31f99e0363459196281739b6416030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3d99f959d22c81cf757f77c3 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=275 Cleaning up request 4 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e3d99f959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500901980000000861603010046100000424104f8cac159ae9389aac3c823d0e9c75c601e1443f3629a3bd87f4b0d307cf693646b78fea7a463d68b4f4a9b73903ee57949e1b1feb13764776b0fbc0224a2bda01403010001011603010030f4fc6c0350b8fae2e8dc515bc471c683c4cde7b61b474dc5f9d6e0b64da74509b723e0d16c7fe09d5947d2e970f5c453 Message-Authenticator = 0xbb507a7752d31babeb4866e90e5c68bc # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< Unknown TLS version [length 0005] [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] TLS_accept: SSLv3 read certificate verify A [peap] <<< Unknown TLS version [length 0005] [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< Unknown TLS version [length 0005] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> Unknown TLS version [length 0005] [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x010600411900140301000101160301003050e0427d790f142ba1596763159e82c6567009ead7120bd992f302fc8cad71b8190ca9231665a3578dcd0a3d1006248a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3c9af959d22c81cf757f77c3 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=137 Cleaning up request 5 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e3c9af959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600061900 Message-Authenticator = 0x70f1a9e5c3ba0b4a15f9d513785a5497 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x0107002b19001703010020e6ad688c95c43bf4b949c963209c365efc77ef61505d117ca6dcf149cb8ad65f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3f9bf959d22c81cf757f77c3 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.1 port 1567, id=0, length=211 Cleaning up request 6 ID 0 with timestamp +5 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x399ce09e3f9bf959d22c81cf757f77c3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207005019001703010020727843770bfb43acd09b2d0146b08fb3e564637617674b9dc0f216081e3ca2b31703010020d4bd000658bae62b7db4182dd786df6e0cfb415caa003b54f416dc4d87240474 Message-Authenticator = 0x053b9032f1c5286b9f050b218739f2d2 # Executing section authorize from file /ffp/etc/raddb/sites-enabled/default +group authorize { ++[preprocess] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< Unknown TLS version [length 0005] [peap] <<< Unknown TLS version [length 0005] [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - guest [peap] Got inner identity 'guest' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0207000a016775657374 server { [peap] Setting User-Name to guest Sending tunneled request EAP-Message = 0x0207000a016775657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "guest" server inner-tunnel { # Executing section authorize from file /ffp/etc/raddb/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "guest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 7 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [sql] expand: %{User-Name} -> guest [sql] sql_set_user escaped user --> 'guest' rlm_sql (sql): Reserving sql socket id: 28 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'guest' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'guest' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'guest' ORDER BY priority rlm_sql (sql): Released sql socket id: 28 ++[sql] = ok ++[expiration] = noop ++[logintime] = noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /ffp/etc/raddb/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0108001f1a0108001a10e0b2cc6218e6864f7592a0ee12067e166775657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3aaee72a3a2f44a99a4fecc70268dce [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x0108001f1a0108001a10e0b2cc6218e6864f7592a0ee12067e166775657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa3aaee72a3a2f44a99a4fecc70268dce [peap] Got tunneled Access-Challenge [peap] >>> Unknown TLS version [length 0005] ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 192.168.1.1 port 1567 EAP-Message = 0x0108003b19001703010030a5f3970f9e04ae51edd933fd97d22aaf21d765091d1243bdae8400503c8f274bdd41d480dd265f218c44b7ef76a67272 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x399ce09e3e94f959d22c81cf757f77c3 Finished request 7. Going to the next request Waking up in 4.9 seconds. Cleaning up request 7 ID 0 with timestamp +5 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x399ce09e3e94f959 did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. 2016-06-15 15:12 GMT+02:00 Alan DeKok <aland@deployingradius.com>:
On Jun 15, 2016, at 9:04 AM, Mr Dini <diniboy74@gmail.com> wrote:
I'm using this nice program on an old, linux nas and it works perfectly. But now I bought a dongle and attached to the nas. And I tried to connect to my wifi but I Cannot do that, because it gives me an Access-reject...
Is it possible to use that through wifi?
Yes.
Here is a debugger output: ... rad_recv: Access-Request packet from host 192.168.1.1 port 47778, id=0, length=137 Cleaning up request 1 ID 0 with timestamp +13 User-Name = "guest" NAS-IP-Address = 192.168.1.1 Called-Station-Id = "1eb72cd00f4f" Calling-Station-Id = "00e3b22aafa3" NAS-Identifier = "1eb72cd00f4f" NAS-Port = 38 Framed-MTU = 1400 State = 0x327b67de33796a5682a37fa2c5a9f0b6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060300
That's wrong.
[eap] EAP NAK [eap] NAK asked for bad type 0 [eap] Failed in EAP select
The client PC is broken. it's not doing EAP properly.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Is it possible to use that through wifi?
with configuration (server and/or client) yes
++[eap] = invalid
your server tried MD5 by default...for EAP...and has cinfig stating the auth is PAP your wireless client isnt doing the required stuff.....so ensure its using required eg EAP-TTLS/PAP - or ensure the server can deal with the method the client uses. alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Mr Dini