Hi, I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. i am really very new to linux and to free radius, can some one help me what i should do, because i can only move one further with my thesis if and only if i figure this out. Thank you for the help, really appreciate any kind of help or suggestion. Thanks once again, below are my conf files and screen output. HERE IS MY SCREEN OUTPUT FROM THE RADIUS SERVER Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x948a064fcafc2f8442938817c4f353d7 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x010100160410a3803def371cc0ea374b74fd8923747b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x47545c0a47555820cf82ad36ba08594f Finished request 0. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x47545c0a47555820cf82ad36ba08594f Message-Authenticator = 0x0d125e124530442dfbf043c5d6e55468 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 0 ID 0 with timestamp +28 Waking up in 0.9 seconds. Cleaning up request 1 ID 1 with timestamp +28 Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0xfbfadf8ca2d1f2729ac2cabcc17dee20 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x010100160410fd28d3fff4edc58e80c666087e278736 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x383b40dc383a4460283057087d150429 Finished request 2. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x383b40dc383a4460283057087d150429 Message-Authenticator = 0xc4d3cf883588c4ac6c34a66de5a82aa8 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 2 ID 0 with timestamp +154 Waking up in 0.9 seconds. Cleaning up request 3 ID 1 with timestamp +154 Ready to process requests. HERE IS MY SCREEN OUTPUT FROM EAPOL_TEST TOOL Reading configuration file 'eapol_test.conf.peap' Line: 1 - start of a new network block eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00 eapol_flags=0 (0x0) key_mgmt: 0x8 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=8): 70 61 73 73 77 6f 72 64 password ca_cert - hexdump_ascii(len=33): 2f 75 73 72 2f 6c 6f 63 61 6c 2f 65 74 63 2f 72 /usr/local/etc/r 61 64 64 62 2f 63 65 72 74 73 2f 63 61 2e 70 65 addb/certs/ca.pe 6d m phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 anonymous_identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous Priority group 0 id=0 ssid='' Authentication server 127.0.0.1:1812 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - hexdump(len=14): 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=126 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=16 Value: 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Attribute 80 (Message-Authenticator) length=18 Value: fb fa df 8c a2 d1 f2 72 9a c2 ca bc c1 7d ee 20 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) length=24 Value: 01 01 00 16 04 10 fd 28 d3 ff f4 ed c5 8e 80 c6 66 08 7e 27 87 36 Attribute 80 (Message-Authenticator) length=18 Value: 9c 1e f2 5d 0e 72 cd 49 88 c9 24 f5 2c bc ae 3a Attribute 24 (State) length=18 Value: 38 3b 40 dc 38 3a 44 60 28 30 57 08 7d 15 04 29 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=136 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 01 00 06 03 19 Attribute 24 (State) length=18 Value: 38 3b 40 dc 38 3a 44 60 28 30 57 08 7d 15 04 29 Attribute 80 (Message-Authenticator) length=18 Value: c4 d3 cf 88 35 88 c4 ac 6c 34 a6 6d e5 a8 2a a8 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=1 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 01 00 04 Attribute 80 (Message-Authenticator) length=18 Value: c2 b7 ec 8f d8 87 c9 c1 77 52 2d 40 8a 9e 9a a5 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 MPPE keys OK: 0 mismatch: 2 FAILURE root@ozzy3:/home/jreubens/wpa_supplicant-0.5.10# HERE IS MY EAPOL_TEST_PEAP CONF FILE root@ozzy3:/home/jreubens/wpa_supplicant-0.5.10# cat eapol_test.conf.peap network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity="testuser" password="password" ca_cert="/usr/local/etc/raddb/certs/ca.pem" phase2="auth=MSCHAPV2" anonymous_identity="anonymous" } HERE IS MY EAP.CONF FILE ON RADDB DIR eap { default_eap_type = md5 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = whatever private_key_file = ${certdir}/server.pem certificate_file = ${certdir}/server.pem CA_file = ${cadir}/ca.pem dh_file = ${certdir}/dh random_file = ${certdir}/random # fragment_size = 1024 # include_length = yes cipher_list = "DEFAULT" # make_cert_command = "${certdir}/bootstrap" } ttls { default_eap_type = md5 # allowed values: {no, yes} copy_request_to_tunnel = no # allowed values: {no, yes} use_tunneled_reply = no #virtual_server = "inner-tunnel" } peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } mschapv2 { } } sorry to ask you some naive question, i am really new to this. and one more question whenever i change something in my eap.conf, users and client.conf file i kill the existing radiusd running and start a new radiusd, is that right or is there anyways to restart the radiusd. Thank you all and thank you for your time, Regards, Jreuben -- View this message in context: http://www.nabble.com/a-newbie-testing-freeradius-need-help-tp16833079p16833... Sent from the FreeRadius - User mailing list archive at Nabble.com.
jreubens wrote:
I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. ... rlm_eap: NAK asked for unsupported type 25
The system does not have the proper OpenSSL libraries installed. Install OpenSSL, and the development headers. Then re-build the server, and PEAP will work. Alan DeKok.
Thank you alan for your time, As i mentioned before i am new to linux too. I had installed openssl already and the libraries are in /usr/local/lib folder. i dont know how to enable this (path) in the server, because i guess there is another openssl (older version) installed, i had this problem when making eapol_test tool then i installed newer version in the specified directory. Then how can i restart the radiusd, is it ok to kill the demon and then start it again.... sorry for this naive question. thank you once again for the time you are taking for me, BR, Jreuben Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. ... rlm_eap: NAK asked for unsupported type 25
The system does not have the proper OpenSSL libraries installed. Install OpenSSL, and the development headers. Then re-build the server, and PEAP will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Am 23.04.2008 um 10:56 schrieb jennie susan:
Thank you alan for your time,
As i mentioned before i am new to linux too. I had installed openssl already and the libraries are in /usr/local/lib folder.
i dont know how to enable this (path) in the server, because i guess there is another openssl (older version) installed, i had this problem when making eapol_test tool then i installed newer version in the specified directory.
You could use the LD_LIBRARY_PATH environment varaible to set the path where to find a library. Be careful that this feature might be disabled by the linux distribution that you are using (mainly due to security reasons). In that case you have to change /etc/ld.so.conf (or something like that).
Then how can i restart the radiusd, is it ok to kill the demon and then start it again.... sorry for this naive question.
As far as I know it is the recommended way.
thank you once again for the time you are taking for me,
BR, Jreuben
Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. ... rlm_eap: NAK asked for unsupported type 25
The system does not have the proper OpenSSL libraries installed.
Install OpenSSL, and the development headers. Then re-build the server, and PEAP will work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
jennie susan wrote:
Thank you alan for your time,
As i mentioned before i am new to linux too. I had installed openssl already and the libraries are in /usr/local/lib folder.
As I said, you *also* need the development header files. Install those.
i dont know how to enable this (path) in the server, because i guess there is another openssl (older version) installed, i had this problem when making eapol_test tool then i installed newer version in the specified directory.
If you're not familiar with linux, I would strongly suggest not playing games with multiple versions of OpenSSL. Use the most recent one from your distribution. If it doesn't work, use another distribution. Alan DeKok.
Hi all, I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radius make make install the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated. Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl. THE RADIUS SERVER SCREEN OUTPUT root@ozzy-3:/usr/src/802/radius/freeradius-server-2.0.3# /usr/local/radius/sbin/radiusd -X FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr 24 2008 at 16:14:51 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. Starting - reading configuration files ... including configuration file /usr/local/radius/etc/raddb/radiusd.conf including configuration file /usr/local/radius/etc/raddb/proxy.conf including configuration file /usr/local/radius/etc/raddb/clients.conf including configuration file /usr/local/radius/etc/raddb/snmp.conf including configuration file /usr/local/radius/etc/raddb/eap.conf including configuration file /usr/local/radius/etc/raddb/sql.conf including configuration file /usr/local/radius/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/radius/etc/raddb/sql/mysql/counter.conf including configuration file /usr/local/radius/etc/raddb/policy.conf including files in directory /usr/local/radius/etc/raddb/sites-enabled/ including configuration file /usr/local/radius/etc/raddb/sites-enabled/default including dictionary file /usr/local/radius/etc/raddb/dictionary main { prefix = "/usr/local/radius" localstatedir = "/usr/local/radius/var" logdir = "/usr/local/radius/var/log/radius" libdir = "/usr/local/radius/lib" radacctdir = "/usr/local/radius/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/radius/sbin/checkrad" debug_level = 0 proxy_requests = yes security { max_attributes = 200 reject_delay = 1 status_server = yes } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/radius/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. // I DONT UNDERSTAND THIS LINE rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/usr/local/radius/etc/raddb/huntgroups" hints = "/usr/local/radius/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/local/radius/etc/raddb/users" acctusersfile = "/usr/local/radius/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/radius/etc/raddb/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/usr/local/radius/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/radius/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/usr/local/radius/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x3c051a35fca13e7ec90c8b761239c323 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x0101001604100fa0e43bd9d995d4997691829810df87 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4936daa94937de363bd3bc9082ad2c21 Finished request 0. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0x4936daa94937de363bd3bc9082ad2c21 Message-Authenticator = 0x905951ffc284646db48502e79628d301 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 0 ID 0 with timestamp +2016 Waking up in 0.9 seconds. Cleaning up request 1 ID 1 with timestamp +2016 Ready to process requests. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0xd565ce0a9a8a6b265c4e86c7174150f3 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x0101001604101569ef5c5c5f8b48d1ba5d0d4632a3c5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb0f6f62cb0f7f2285dd60d33310fb6ce Finished request 2. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0xb0f6f62cb0f7f2285dd60d33310fb6ce Message-Authenticator = 0x5dee612e8c12d726ddf774572bd33550 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: NAK asked for unsupported type 25 // THE SAME AS ALAN MENTIONED PREVIOUSLY, BUT THIS TIME I HAVE CORRECT DEVELOPMENT HEADERS AND WORKING OPENSSL. rlm_eap: No common EAP types found. rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 3 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 3 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 2 ID 0 with timestamp +2118 Waking up in 0.9 seconds. Cleaning up request 3 ID 1 with timestamp +2118 Ready to process requests. THIS IS MY SCREEN OUTPUT FROM eapol_test root@ozzy-3:/home/jreubens/Desktop/wpa_supplicant-0.5.10# /usr/local/radius/bin/eapol_test -c eapol_test.conf.peap -a127.0.0.1 -p1812 -stesting123 -r1 Reading configuration file 'eapol_test.conf.peap' Line: 1 - start of a new network block eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00 eapol_flags=0 (0x0) key_mgmt: 0x8 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=8): 70 61 73 73 77 6f 72 64 password ca_cert - hexdump_ascii(len=40): 2f 75 73 72 2f 6c 6f 63 61 6c 2f 72 61 64 69 75 /usr/local/radiu 73 2f 65 74 63 2f 72 61 64 64 62 2f 63 65 72 74 s/etc/raddb/cert 73 2f 63 61 2e 70 65 6d s/ca.pem phase2 - hexdump_ascii(len=13): 61 75 74 68 3d 4d 53 43 48 41 50 56 32 auth=MSCHAPV2 anonymous_identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous Priority group 0 id=0 ssid='' Authentication server 127.0.0.1:1812 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=9): 61 6e 6f 6e 79 6d 6f 75 73 anonymous EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - hexdump(len=14): 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=126 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=16 Value: 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Attribute 80 (Message-Authenticator) length=18 Value: d5 65 ce 0a 9a 8a 6b 26 5c 4e 86 c7 17 41 50 f3 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) length=24 Value: 01 01 00 16 04 10 15 69 ef 5c 5c 5f 8b 48 d1 ba 5d 0d 46 32 a3 c5 Attribute 80 (Message-Authenticator) length=18 Value: 67 85 0c e7 4a 0d e5 62 30 96 0d ed 95 8c 19 33 Attribute 24 (State) length=18 Value: b0 f6 f6 2c b0 f7 f2 28 5d d6 0d 33 31 0f b6 ce STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 19 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 19 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=136 Attribute 1 (User-Name) length=11 Value: 'anonymous' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 01 00 06 03 19 Attribute 24 (State) length=18 Value: b0 f6 f6 2c b0 f7 f2 28 5d d6 0d 33 31 0f b6 ce Attribute 80 (Message-Authenticator) length=18 Value: 5d ee 61 2e 8c 12 d7 26 dd f7 74 57 2b d3 35 50 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=1 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 01 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 5e a3 cf e8 a2 64 36 a7 af 57 04 c1 8d 1c 33 9a STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 MPPE keys OK: 0 mismatch: 2 FAILURE i generated the test certificates as mentioned in the README doc in certs folder. i havnt changed anything in eap.conf except the ceritificates path, as you might have noticed i installed the freeradius in /usr/local/radius. and i deleted the make_cert_command. Thats all i did. Any help can be appreciated, i have to finish it for my thesis. Thank you for the time you are taking for me, Regards, Jreubens jreubens wrote:
Thank you alan for your time,
As i mentioned before i am new to linux too. I had installed openssl already and the libraries are in /usr/local/lib folder.
i dont know how to enable this (path) in the server, because i guess there is another openssl (older version) installed, i had this problem when making eapol_test tool then i installed newer version in the specified directory.
Then how can i restart the radiusd, is it ok to kill the demon and then start it again.... sorry for this naive question.
thank you once again for the time you are taking for me,
BR, Jreuben
Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. ... rlm_eap: NAK asked for unsupported type 25
The system does not have the proper OpenSSL libraries installed.
Install OpenSSL, and the development headers. Then re-build the server, and PEAP will work.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/a-newbie-testing-freeradius-need-help-tp16833079p16894... Sent from the FreeRadius - User mailing list archive at Nabble.com.
jreubens wrote:
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \
Did it *find* the OpenSSL includes and libraries? The output of the "configure" process will tell you this.
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl. ... rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. // I DONT UNDERSTAND THIS LINE
What part is unclear? The server was not built with OpenSSL support. Exactly *why* this happened is a question for the "configure" script. See the output of "configure", and the "config.log" file. Maybe there's something wrong with your OpenSSL installation. Does your OS have a pre-packaged version of OpenSSL?
i generated the test certificates as mentioned in the README doc in certs folder. i havnt changed anything in eap.conf except the ceritificates path, as you might have noticed i installed the freeradius in /usr/local/radius. and i deleted the make_cert_command. Thats all i did.
What OS are you using? Why is it impossible to use a version of OpenSSL that comes with the OS? Alan DeKok.
Hi alan, i found some thing in the config.log file and i think the path is identified. here with i am attaching a part of the config.log (i dont want to crowd the mailling list). if you give me an hint that would highly appreciable. Thank you. I am using linux (ubuntu 7.10), it has a pre packed openssl which is a "e" version, i read in a article and it says that it is a engine version "You are probably not interested in engine ("e") version neither as it is mostly for crypto _hardware_." quoting from the orginal article the url was kind of big so i am not posting the url. Before my original post i relied on the pre packed version of the openssl, then when i wanted to use eapol_test, it asked for a openssl, then i installed a new one. After the first (eapol_test) test failed, you suggested to use the one that come with the distribution... but i didnt see any development headers and binaries. So i over write the OS and made a fresh install of ubuntu then tired to install openssl lastest version and free radius. now i am getting the same error. Thank you for the time you are taking on me, Regards, Jreubens Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \
Did it *find* the OpenSSL includes and libraries? The output of the "configure" process will tell you this.
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl. ... rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. // I DONT UNDERSTAND THIS LINE
What part is unclear? The server was not built with OpenSSL support. Exactly *why* this happened is a question for the "configure" script. See the output of "configure", and the "config.log" file. Maybe there's something wrong with your OpenSSL installation. Does your OS have a pre-packaged version of OpenSSL?
i generated the test certificates as mentioned in the README doc in certs folder. i havnt changed anything in eap.conf except the ceritificates path, as you might have noticed i installed the freeradius in /usr/local/radius. and i deleted the make_cert_command. Thats all i did.
What OS are you using? Why is it impossible to use a version of OpenSSL that comes with the OS? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Hi,
Before my original post i relied on the pre packed version of the openssl, then when i wanted to use eapol_test, it asked for a openssl, then i installed a new one.
After the first (eapol_test) test failed, you suggested to use the one that come with the distribution... but i didnt see any development headers and binaries. So i over write the OS and made a fresh install of ubuntu then tired to install openssl lastest version and free radius. now i am getting the same error.
ubuntu? you'll need to install "libssl-dev" package alan
Am 25.04.2008 um 14:59 schrieb jennie susan:
Hi alan,
i found some thing in the config.log file and i think the path is identified. here with i am attaching a part of the config.log (i dont want to crowd the mailling list). if you give me an hint that would highly appreciable. Thank you.
I would guess that other development packages are missing. I am not sure where dlopen is, but probably in the C library. Have a nice day!
I am using linux (ubuntu 7.10), it has a pre packed openssl which is a "e" version, i read in a article and it says that it is a engine version "You are probably not interested in engine ("e") version neither as it is mostly for crypto _hardware_." quoting from the orginal article the url was kind of big so i am not posting the url.
Before my original post i relied on the pre packed version of the openssl, then when i wanted to use eapol_test, it asked for a openssl, then i installed a new one.
After the first (eapol_test) test failed, you suggested to use the one that come with the distribution... but i didnt see any development headers and binaries. So i over write the OS and made a fresh install of ubuntu then tired to install openssl lastest version and free radius. now i am getting the same error.
Thank you for the time you are taking on me,
Regards, Jreubens
Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \
Did it *find* the OpenSSL includes and libraries? The output of the "configure" process will tell you this.
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/ openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl. ... rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. // I DONT UNDERSTAND THIS LINE
What part is unclear? The server was not built with OpenSSL support.
Exactly *why* this happened is a question for the "configure" script. See the output of "configure", and the "config.log" file.
Maybe there's something wrong with your OpenSSL installation.
Does your OS have a pre-packaged version of OpenSSL?
i generated the test certificates as mentioned in the README doc in certs folder. i havnt changed anything in eap.conf except the ceritificates path, as you might have noticed i installed the freeradius in /usr/ local/radius. and i deleted the make_cert_command. Thats all i did.
What OS are you using? Why is it impossible to use a version of OpenSSL that comes with the OS?
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.<config.log_freeradius> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Am 25.04.2008 um 13:45 schrieb jreubens:
Hi all,
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radius make make install
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl.
Is your path (environment variable $PATH) also pointing to /usr/local/ bin ? Configuration often calls programs to see if a particular feature is there (and to get some other needed data). [...]
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Hi, Here is my PATH contents PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games" i have another doubt here, i have my check-rad, check-radiusd-config, radiusd,radwatch, rc.radiusd everything at /usr/local/radius/sbin... does that means that i have to change the environment variable to point to /usr/local/radius/sbin? Thank you for the time you are taking for me, BR, Jreubens Nicolas Goutte <nicolas.goutte@extragroup.de> wrote: Am 25.04.2008 um 13:45 schrieb jreubens:
Hi all,
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radius make make install
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl.
Is your path (environment variable $PATH) also pointing to /usr/local/ bin ? Configuration often calls programs to see if a particular feature is there (and to get some other needed data). [...]
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
Am 25.04.2008 um 15:32 schrieb jennie susan:
Hi,
Here is my PATH contents PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/ usr/games"
i have another doubt here, i have my check-rad, check-radiusd- config, radiusd,radwatch, rc.radiusd everything at /usr/local/ radius/sbin... does that means that i have to change the environment variable to point to /usr/local/radius/sbin?
At least at first it is not necessary, as you can start the programs with the full path, e.g.: /usr/local/radius/sbin/radiusd -X Have a nice day!
Thank you for the time you are taking for me,
BR, Jreubens
Nicolas Goutte <nicolas.goutte@extragroup.de> wrote:
Am 25.04.2008 um 13:45 schrieb jreubens:
Hi all,
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radius make make install
the radtest and the radeapclient test was through, i thought to test with the eapol_test, i have the following error (same error), any help will be appreciated.
Note: i have the development headers at /usr/local/include/openssl, the lib files at /usr/local/lib and the bin files at /usr/local/bin and finally the conf files at /usr/local/openssl.
Is your path (environment variable $PATH) also pointing to /usr/local/ bin ?
Configuration often calls programs to see if a particular feature is there (and to get some other needed data).
[...]
Nicolas Goutte
extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany
Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
Hi,
Hi all,
I installed new version of openssl and built the radius with the following command ./configure --with-openssl-includes=/usr/local/include/openssl \ --with-openssl-libraries=/usr/local/lib \ --prefix=/usr/local/radius
could you pipe that above command through gerp eg ./configure -blahblah blah | grep WARN
rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. // I DONT UNDERSTAND THIS LINE rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.
^^^^^^^^^^^^^^^^^^ fairly simple. no OpenSSL support. radiusd not built with any ability that you want. alan
Hi all, I have succeed in configuring the server again with correct openssl libraries and development headers, the eapol_test is halfway successful, the tunnel was established, but i dont know why its didnt succeed after that, can you give me an hint please. Thank you all for helping me out. Br, Jreubens HERE IS MY RADIUSD OUTPUT NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000e01616e6f6e796d6f7573 Message-Authenticator = 0x7a6034cf7717a391ed27b2009f6183e6 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled EAP-Message = 0x010100160410b08675566bb4374960f4ad3d016012d5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd60cfd7fbb716c33077b06cd Finished request 0. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0xd60df96dd60cfd7fbb716c33077b06cd Message-Authenticator = 0x9ceebff3658f100773d5a1128d1eef4b +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd70fe07fbb716c33077b06cd Finished request 1. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0202005e190016030100530100004f0301481576fea1a0e81ff55753b5a3d70b37d5fb619e00eda78395931584ff53904400002800390038003500160013000a00330032002f000700050004001500120009001400110008000600030100 State = 0xd60df96dd70fe07fbb716c33077b06cd Message-Authenticator = 0x6e3b249941b1fb3f187b9e295b1aab5a +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 94 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0053], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x0103040019c000000acd160301004a020000460301481576fe4a42616ff1aa3c3e368c47f1953d4e395c016e0afaa80d8002d893f620bfc7267d47f0cb52cdb9e750d6c49bc36b41fe8174d2252b5ba9014a0d6da991003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303432383036333831395a170d3039303432383036333831395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b73f813e1c4513114fd57681f95a589ec71dd5233fec6d297528e304db12 EAP-Message = 0x3f97e2744e67126ac3d1d18e73526ba0a6e98d5596a5faeaa60121d447647eac0980fb58a1c5983326ff17733356544a06d0caffeff712135a1662c2cc874c957d9696d138cee915e016f070141988f94b5999c4ac313322a77c8ded2f1710a6c423c0b65654e580a5a933e8bfd10eb94232e6dffd3b780f8c7252940c17abe16e787c5bcc1bceace399fe891b0f3b60bb42b6e02ab0c0a2f55d6e3770d13ef70d43f580f6d28d8a16f9e63d781778f2788f07c01cd47382a63d2efdbecb37302f6dd12990bf1173366c48ffade5af186ee0682a8e6c27e649c30bf36ac1c1b471dd0203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101009eb8a287c4e90fea0927e476c47dd0f316e268bfb6ea7506615621bb3ebdaba3a3b2e9501406ae953d2ef55cfddd74b6ba82c513913b1c3e48f837d3e71b83202d3043fff035ac4dfb1020680ead19485e661f39ab380d2ef4fca3966188908209db546d9e98edd56b6e33adf38bc690d5d3b58d60c3d08753013162bfdc86ca4007eeadd6995fd779e67407a7ebcccb332c00b82609a603737badd5be659a8d2b12071b4c3225c075743998bf504ca558959fc94affb2507e2d1df57f1c481d7309c351ce0a826c686009540f45a8c0b298e8218d164ac1eb5b85e7bfe90fed6c6496721dc8 EAP-Message = 0x6f0bc4e9c50fdfa906951ba1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd40ee07fbb716c33077b06cd Finished request 2. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0xd60df96dd40ee07fbb716c33077b06cd Message-Authenticator = 0x8cbd5dacf77784d94a31d5221b737d9f +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010403fc194038f0229704270e800da08c5ede3a0004ab308204a73082038fa003020102020900d2e1c94d8db8983e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303432383036333831385a170d3038303532383036333831385a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c6b59079699bc648cf87e65921fff19be651ff6a718bc73a580f28d6ccda6d1d54eebfca271fa2c5f4b5f95f319511fa932b6a8c00d9fed43b0f1129443b22e9f25b4627aba846671329b1fbf73002 EAP-Message = 0xd72c8f64d7f42d397aafdef1b90ccc11ce02d388630b0308d9f6200664d20abdeaf4df7ec118715cc3e5cf0a5a478a0b67c27835f0ca73da36623c585ae92e199e3185ad82d96e44228fa9a3c946d8d393b6960a878685c93c5275cd2bb8a33ed8bdfc38b01100dc589a170838d6a91e73e555661588e3d0bc113bfd4e4a1ba508ad7dba6d7000dae88da8f1790caca76143917681aeaeb5007425ef62a472d5782d8051c3b3af4a39a3f98dc04065d2830203010001a381fb3081f8301d0603551d0e04160414a5239e4e47a510e04397abcc5ef2805e8b7013923081c80603551d230481c03081bd8014a5239e4e47a510e04397abcc5ef2805e8b70 EAP-Message = 0x1392a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d2e1c94d8db8983e300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100c1008469b9fc28bc657c258af579f60aeb738ba818035517718f49abcfa20e8aa84df50f56f1bf8bb7b4bf8aa1073647342c EAP-Message = 0x05bb4ff107d513af Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd509e07fbb716c33077b06cd Finished request 3. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0xd60df96dd509e07fbb716c33077b06cd Message-Authenticator = 0x66db1b3ebb30646425959e855b852f33 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010502e719003d546bfed8f35aacef395f9a61ef442a7372bb7df2328c16a9dffc1e24291fba4aa6c130a659283e18b202088b2c1d351918ced264a395283361c835aa69754efe70ab3a4e2198bdb9b2cc72a1649861c94f4358b26e6169374c06dddab84b54f746353ae2485085f39e93d5d1aa469f46b5dca9b2b4ed1365ac6a6f40deffca9ff774b47c3033ff7acecf106b4c99217988413d946a858ed3fc61ece78ca0eb09a6e5d586101dc4a4e31749fed4eaa24c1d8b85ab49ecbfce570656a319f733f0309dc98323160301020d0c0002090080b99e959ee2f52c1df2f11189b1c93b75c38311ddeddd851167d62779412cb845f39e3cd3b2b6 EAP-Message = 0xc9c61586199a723f394522d0e100048cab7c393abed793b722c98c775df2ddb91edb90a3af560ac4ce94fc8d1f7c9a12da20e35441137f062d300447392a6aecc7c906805cb2af950f9607a0a8f45a258e0d0d871825881ec33b0001020080143d062c495084822ff2765d43b93f76ef168883ba8938ffef98c9eae20a1421edaddb3460c0f16f0d0b4ff434712652fcb749fdd1b056c1d1b8b6986b165842e7f5980ea41d77808b6f1b12a55af9440a33cc66f710d80dc283d47d1a88dbc28e639852f8238562fece831fc4f95b82838c5f33d787c670ebf61ab63232820501003dbacde2133efcc46c322b9002284b4ac00e9b8e1f0c86b55f866e1f EAP-Message = 0x584f2e693e8db16a2e821ea87e12f2bbda45bda0cde2bb00fec3d22b4154202d018484c0745a20b1a58453f3a6144af2d6983f406e4841627daca4017fbafaedeb27bbc69ec3bd8831b0fa60106fa754fca1af63e3208ba1c3642cc6000efcb062730633c164d421c50eeafd78b73273ff2433362473d5d676b25e651f30daf7967ccd80c2a45efd2f7b2929ce4a9ff371d4f72d671958f60db52f7b0ff564848510141ddd6af08fac70e7e3cc7c803d7373645255e30a091e8bcb2db0bffeb8775cc81842afa24f20a5b178cc52f4957ef5eb32c7852aa0b077f4a81da001e1377a816716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd208e07fbb716c33077b06cd Finished request 4. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500cc1900160301008610000082008088a0c83ed9fff3d6c1cd3387dc6fcaccd44290777eb6eedd45e55c77171a709d8b22224f12e88b763daf1d5a5759ded7e3213da767a2ddb251105985b1594cacf74e80d5b638d765ee5d6b04323d0e4674e9c7d2c0a768ba70597484d81747e369be44cfe95e3d0d8145d1331b813c2629ea68cc6ad66d2c0124f46c6a72aea61403010001011603010030d00fd85fa77486333f9d28409d029b72081bdc7ab031d26b82a5eaf4f79307f6c7e6f52f9acae6f54e2c74338731ec9e State = 0xd60df96dd208e07fbb716c33077b06cd Message-Authenticator = 0x3d3b5ab6c6eff675275c9be53d1962bb +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 204 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled EAP-Message = 0x010600411900140301000101160301003085527844557527b77fe0ec6a25eb0afcb093f067e3db28fead4a48eec10face50f0da001f236cf4950d82995f676b544 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd30be07fbb716c33077b06cd Finished request 5. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600061900 State = 0xd60df96dd30be07fbb716c33077b06cd Message-Authenticator = 0x07f8b9d3f401d0c77b4f4915d71e0cc5 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled EAP-Message = 0x0107002b190017030100202b0249c2f447cef8bda6f3224fa8fe081f2c3f7023634612e1ebb286a0d24f66 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd00ae07fbb716c33077b06cd Finished request 6. Going to the next request Waking up in 4.9 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0207005019001703010020a3c24219d2d7538038cf9b5b6d7074617a8a27b72a997ffb9222bbc99a926acf1703010020e42a4ec295bb3220f5cf014ba10eaccb4d66d36049fcf540c2edcfee58b254fe State = 0xd60df96dd00ae07fbb716c33077b06cd Message-Authenticator = 0x193fe8df30309c4c39fdf59c84b0ed77 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testuser PEAP: Got tunneled identity of testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testuser auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Login incorrect: [testuser/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled EAP-Message = 0x0108002b19001703010020780d7d621e66a7b28ed554db2b02d0f6148e695d4e72e2cb21e5d2d9f1861fa1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd60df96dd105e07fbb716c33077b06cd Finished request 7. Going to the next request Waking up in 4.8 seconds. User-Name = "anonymous" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02080050190017030100208e89b5ad71f59acce21781ba90062f7b2eae1d2dde31e725035fa48bba1a087b170301002009b75048e477fab4d8cba9d8da02baa314106bce519ebcbb1c196f22e964ca83 State = 0xd60df96dd105e07fbb716c33077b06cd Message-Authenticator = 0xbd49953b548d48fc48da3e10aa48ddf1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [anonymous/<via Auth-Type = EAP>] (from client localhost port 0 cli 02-00-00-00-00-01) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> anonymous attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 0 ID 0 with timestamp +58 Cleaning up request 1 ID 1 with timestamp +58 Cleaning up request 2 ID 2 with timestamp +58 Cleaning up request 3 ID 3 with timestamp +58 Cleaning up request 4 ID 4 with timestamp +58 Cleaning up request 5 ID 5 with timestamp +58 Cleaning up request 6 ID 6 with timestamp +58 Cleaning up request 7 ID 7 with timestamp +58 Waking up in 1.0 seconds. Cleaning up request 8 ID 8 with timestamp +58 Ready to process requests. Ready to process requests. Exiting... Alan DeKok <aland@deployingradius.com> wrote: jreubens wrote:
I am newbie trying to test free radius for my master thesis, i installed free radius two days ago and did some initial testing, the initial test was through so the radius server is running properly, before i move on i wanted to test the eap modules, so i tried to test with the help of eapol_test tool that comes with the wpasupplicant, i cannot succeed i get failure message. ... rlm_eap: NAK asked for unsupported type 25
The system does not have the proper OpenSSL libraries installed. Install OpenSSL, and the development headers. Then re-build the server, and PEAP will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
jennie susan wrote:
I have succeed in configuring the server again with correct openssl libraries and development headers, the eapol_test is halfway successful, the tunnel was established, but i dont know why its didnt succeed after that, can you give me an hint please.
In 2.0.3 you have to copy the files from the *source* raddb/sites-available/* to the final installed location: /etc/raddb/sites-available, or /usr/local/etc/... This is fixed in CVS head. Alan DeKok.
Hello lists, I configure the FreeRADIUS successfully and happy with the support. Thank you list for your support, /jreubens Alan DeKok <aland@deployingradius.com> wrote: jennie susan wrote:
I have succeed in configuring the server again with correct openssl libraries and development headers, the eapol_test is halfway successful, the tunnel was established, but i dont know why its didnt succeed after that, can you give me an hint please.
In 2.0.3 you have to copy the files from the *source* raddb/sites-available/* to the final installed location: /etc/raddb/sites-available, or /usr/local/etc/... This is fixed in CVS head. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
jennie susan -
jreubens -
Nicolas Goutte