problem in autehtication with EAP-MD5
hi all, i am trying to get autheticated by radius server using EAP-MD5 but i always get FAILURE and i m not able to figure out the problem, can anyone help me out!!!!! my client side shows out put like this:- EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 e5 b2 63 cb 4e 4f e7 d1 b1 4f 30 95 6c 21 cd a9 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 36 32 37 35 2d 31 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): e5 b2 63 cb 4e 4f e7 d1 b1 4f 30 95 6c 21 cd a9 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 4a f8 0b fc 31 7e 27 47 ac 95 4c 77 56 30 bf c6 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 4a f8 0b fc 31 7e 27 47 ac 95 4c 77 56 30 bf c6 EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 36 32 37 35 2d 31 00 EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 62 2a 69 09 f7 63 b3 30 cf 0b bd 05 83 73 4f 4f EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 36 32 37 35 2d 31 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 62 2a 69 09 f7 63 b3 30 cf 0b bd 05 83 73 4f 4f EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): bd c1 d1 e3 be 9e 4c 46 7d d1 c0 a3 72 11 b0 ff EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 bd c1 d1 e3 be 9e 4c 46 7d d1 c0 a3 72 11 b0 ff EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING CTRL_IFACE monitor detached - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 36 32 37 35 2d 31 00 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT
i dont know what is this cannot assign requested address,(i am not requesting for any address!!!) my supplicant file is like this:- ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel eapol_version=1 ap_scan=1 fast_reauth=1 network={ ssid="ATH182" scan_ssid=1 key_mgmt=WPA-EAP eap=MD5 identity="testuser" password="whatever" }
and correspondingly server side shows message like this:- Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.2.183:1079, id=0, length=177 Message-Authenticator = 0x48563b978d926b5c042592ec5eae4537 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000d017465737475736572 NAS-IP-Address = 192.168.2.183 NAS-Port = 2 NAS-Port-Id = "STA port # 2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.2.183 port 1079 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100160410457803a5fc7f8de5ad1e9065c4fec0b0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0eb6726b77f05929d54be6c45de1f52f Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 465abecc Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.2.183:1079, id=1, length=204 Message-Authenticator = 0xfbcd80decacba158727083a6ca513fac Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x0eb6726b77f05929d54be6c45de1f52f Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020100160410b6cac9199b585c8705d9230d18b93094 NAS-IP-Address = 192.168.2.183 NAS-Port = 2 NAS-Port-Id = "STA port # 2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Sending Access-Accept of id 1 to 192.168.2.183 port 1079 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 465abee0 Nothing to do. Sleeping until we see a request.
can any one help me out it is really important and urgent. if u need i will also tell u my radius.conf, eap.conf and users file!! thank you regards shantanu
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
Your request is accepted but you are picking up an IP adress of 255.255.255.254 from the DEFAULT entry in users file for Service-Type Framed-User. Assign a proper IP address or address pool in your user configuration. And put the user before DEFAULT entries. Ivan Kalik Kalik Informatika ISP ---snip ---
users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 users: Matched entry testuser at line 216 --- snip --- Sending Access-Accept of id 1 to 192.168.2.183 port 1079 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 465abee0 Nothing to do. Sleeping until we see a request.
can any one help me out it is really important and urgent. if u need i will also tell u my radius.conf, eap.conf and users file!! thank you regards shantanu
i changed user file and now what i am getting is: on client or supplicant side EAP FAILURE :-( response: No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 12 e6 77 bb e2 c5 16 59 16 f3 d7 ed 57 79 14 9d EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 12 e6 77 bb e2 c5 16 59 16 f3 d7 ed 57 79 14 9d EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 8c 3f 26 07 9d 3a ad b5 37 fb 5a 61 8e a9 c9 04 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 8c 3f 26 07 9d 3a ad b5 37 fb 5a 61 8e a9 c9 04 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 c2 73 c1 bc 8f 95 e1 3e 31 e0 67 5a b0 4e 4b b7 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): c2 73 c1 bc 8f 95 e1 3e 31 e0 67 5a b0 4e 4b b7 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 7e fc ef e7 cd c7 3d 07 49 80 8a 43 11 10 3c d1 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 7e fc ef e7 cd c7 3d 07 49 80 8a 43 11 10 3c d1 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 04 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 05 00 16 04 10 01 2d 73 38 fb 62 76 d1 6f bd 47 50 9e bd 9f 21 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=5 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 01 2d 73 38 fb 62 76 d1 6f bd 47 50 9e bd 9f 21 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): af 0f d8 8c b5 ef 19 2d ac 34 15 84 20 21 6c 2e EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 05 00 16 04 10 af 0f d8 8c b5 ef 19 2d ac 34 15 84 20 21 6c 2e EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 05 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED it is getting an EAP-FAILURE and disconnected!!!!! on server side i am getting::- rad_recv: Access-Request packet from host 192.168.2.182:1028, id=1, length=177 Message-Authenticator = 0x4dbd919a94aef63f5f7c98a53564e16a Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 1 to 192.168.2.182 port 1028 EAP-Message = 0x0102001604100cb0085e760ad18f68b23c2841499fbc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7896162694484bb6e2351d3dd2fe9be6 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1028, id=2, length=204 Message-Authenticator = 0x85fab68d100d5316c3033ba5faeaacc1 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x7896162694484bb6e2351d3dd2fe9be6 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02020016041090f6880a694790dad2ff127e5e3841aa NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request. it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!! sorry for disturbing u again n again but can u help me out???? please!! shantanu tnt@kalik.co.yu wrote: Your request is accepted but you are picking up an IP adress of 255.255.255.254 from the DEFAULT entry in users file for Service-Type Framed-User. Assign a proper IP address or address pool in your user configuration. And put the user before DEFAULT entries. Ivan Kalik Kalik Informatika ISP ---snip ---
users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 172 users: Matched entry testuser at line 216 --- snip --- Sending Access-Accept of id 1 to 192.168.2.183 port 1079 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 465abee0 Nothing to do. Sleeping until we see a request.
can any one help me out it is really important and urgent. if u need i will also tell u my radius.conf, eap.conf and users file!! thank you regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc. Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config: testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc. Ivan Kalik Kalik Informatika ISP Dana 30/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše: --- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc. Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config: testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc. Ivan Kalik Kalik Informatika ISP Dana 30/5/2007, "shantanu choudhary" pi¹e: --- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" piše:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
this is server side output!!!! rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help, regards shantanu tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" pi¹e:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" pi¹e:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
You haven't posted your users file. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
this is server side output!!!!
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list ---
it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help,
regards shantanu
tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" piše:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
sorry, i tried to attach it but i think it didnt workrd!! this is my user file:- # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # testuser Password = "whatever" DEFAULT Auth-Type = System Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access. hope it help u to figure out the problem thanks again for ur help regards shantanu tnt@kalik.co.yu wrote: You haven't posted your users file. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" pi¹e:
this is server side output!!!!
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list ---
it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help,
regards shantanu
tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" pi¹e:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" pi¹e:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
Sorry, didn't see the atach. Have you restarted the server since changing user config? That DEFAULT entry for Framed-User should also match. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
this is server side output!!!!
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list ---
it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help,
regards shantanu
tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" piše:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is? regards shantanu tnt@kalik.co.yu wrote: Sorry, didn't see the atach. Have you restarted the server since changing user config? That DEFAULT entry for Framed-User should also match. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" pi¹e:
this is server side output!!!!
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list ---
it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help,
regards shantanu
tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" pi¹e:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" pi¹e:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
we tried to use service type, framed protocol, framed ip address(what are they used for???), framed ipnetmask but after making those changes, my server was unable to startup giving an error relate to some parsiing failure. can u tell me what should i add, and is it not supposed to work and i get an IP using DHCP client. with gui it is showing associated but i m not able to get IP. regards shantanu tnt@kalik.co.yu wrote: I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" pi¹e:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
There is a spelling mistake somewhere. Post that users file again. If you are using DHCP you don't need IP address and netmask. Just return the service type. Those parameters are to tell NAS how to make this connection and what type of user is it, what services can he use etc. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
we tried to use service type, framed protocol, framed ip address(what are they used for???), framed ipnetmask but after making those changes, my server was unable to startup giving an error relate to some parsiing failure. can u tell me what should i add, and is it not supposed to work and i get an IP using DHCP client. with gui it is showing associated but i m not able to get IP. regards shantanu
tnt@kalik.co.yu wrote: I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
this is the user file, i dont think there is any spelling mistake or else why server is giving access accept? is it problem with AP? # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # testuser Password = "whatever" DEFAULT Auth-Type = System Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access. tnt@kalik.co.yu wrote: There is a spelling mistake somewhere. Post that users file again. If you are using DHCP you don't need IP address and netmask. Just return the service type. Those parameters are to tell NAS how to make this connection and what type of user is it, what services can he use etc. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" pi¹e:
we tried to use service type, framed protocol, framed ip address(what are they used for???), framed ipnetmask but after making those changes, my server was unable to startup giving an error relate to some parsiing failure. can u tell me what should i add, and is it not supposed to work and i get an IP using DHCP client. with gui it is showing associated but i m not able to get IP. regards shantanu
tnt@kalik.co.yu wrote: I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" pi¹e:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- Looking for people who are YOUR TYPE? Find them here!
This is the same one as before. Where is the one that gives parsing error? Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
this is the user file, i dont think there is any spelling mistake or else why server is giving access accept? is it problem with AP?
# Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' #
# # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html #
# # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled."
# # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." #
# # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP
# # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u"
# # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet
# # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212"
# # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes
# # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine
# # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. #
# # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). #
testuser Password = "whatever"
DEFAULT Auth-Type = System Fall-Through = 1
# # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes
#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes
# # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes
# # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP
# # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com
# # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User
# On no match, the user is denied access.
tnt@kalik.co.yu wrote: There is a spelling mistake somewhere. Post that users file again. If you are using DHCP you don't need IP address and netmask. Just return the service type.
Those parameters are to tell NAS how to make this connection and what type of user is it, what services can he use etc.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
we tried to use service type, framed protocol, framed ip address(what are they used for???), framed ipnetmask but after making those changes, my server was unable to startup giving an error relate to some parsiing failure. can u tell me what should i add, and is it not supposed to work and i get an IP using DHCP client. with gui it is showing associated but i m not able to get IP. regards shantanu
tnt@kalik.co.yu wrote: I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Looking for people who are YOUR TYPE? Find them here!
Server is giving access-accept because you have correct user and correct password. But for connection to work you need more parameters. Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
this is the user file, i dont think there is any spelling mistake or else why server is giving access accept? is it problem with AP?
# Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' #
# # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html #
# # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled."
# # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." #
# # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP
# # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u"
# # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet
# # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212"
# # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes
# # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine
# # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. #
# # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). #
testuser Password = "whatever"
DEFAULT Auth-Type = System Fall-Through = 1
# # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes
#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes
# # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes
# # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP
# # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com
# # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User
# On no match, the user is denied access.
tnt@kalik.co.yu wrote: There is a spelling mistake somewhere. Post that users file again. If you are using DHCP you don't need IP address and netmask. Just return the service type.
Those parameters are to tell NAS how to make this connection and what type of user is it, what services can he use etc.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
we tried to use service type, framed protocol, framed ip address(what are they used for???), framed ipnetmask but after making those changes, my server was unable to startup giving an error relate to some parsiing failure. can u tell me what should i add, and is it not supposed to work and i get an IP using DHCP client. with gui it is showing associated but i m not able to get IP. regards shantanu
tnt@kalik.co.yu wrote: I think that problem is that supplicant expects IP adress, netmask etc. in the accept packet. Witout those it cant configure the connection. Return appropriate parameters and connection should be established.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
we have restarted that server with this user file, one question i want to ask, what address is the client requesting for which it is failing, where do u thik the problem is?
regards shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Looking for people who are YOUR TYPE? Find them here!
sorry for the confusion and delay!! i am attaching user file, server output and client output. server is still giving access accept, but client is displaying cant assign requested address!! one thing what parameters should i add and what does framed ip address used for?? now this user file is giving no error and is rserver is running without any problem! user file:- # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # testuser Password = "whatever" Service-Type = Framed-User, # Framed-IP-Address = 192.168.2.32+, # Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 1438 DEFAULT Auth-Type = System Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132+, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = No # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access. Server side output:- rad_recv: Access-Request packet from host 192.168.2.183:1031, id=0, length=177 Message-Authenticator = 0x589528b2bceeed66a2d4d26fefe7bf2c Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000d017465737475736572 NAS-IP-Address = 192.168.2.183 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.2.183 port 1031 Service-Type = Framed-User Framed-MTU = 1438 EAP-Message = 0x010100160410c321416d83ead87330b8226effb8b924 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x658952967ab1a3f98332d7b9a168e752 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.183:1031, id=1, length=204 Message-Authenticator = 0x351c009d3401181ca0410e9cd1971a24 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x658952967ab1a3f98332d7b9a168e752 Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201001604101df014c337b67c17a0f7a7df8564814c NAS-IP-Address = 192.168.2.183 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Sending Access-Accept of id 1 to 192.168.2.183 port 1031 Service-Type = Framed-User Framed-MTU = 1438 EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 465fabbe Cleaning up request 1 ID 1 with timestamp 465fabbe Nothing to do. Sleeping until we see a request. Client side output:- Initializing interface 'ath0' conf '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A' Configuration file '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' -> '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' Reading configuration file '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group='wheel' (DEPRECATED) eapol_version=1 ap_scan=1 fast_reauth=1 Line: 6 - start of a new network block ssid - hexdump_ascii(len=6): 41 54 48 31 38 33 ATH183 scan_ssid=1 (0x1) key_mgmt: 0x1 eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=8): [REMOVED] Priority group 0 id=0 ssid='ATH183' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 SIOCGIWRANGE: WE(compiled)=22 WE(source)=13 enc_capa=0xf capabilities: key_mgmt 0xf enc 0xf WEXT: Operstate: linkmode=1, operstate=5 Own MAC address: 00:03:7f:05:c0:9c wpa_driver_wext_set_wpa wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_countermeasures wpa_driver_wext_set_drop_unencrypted Setting scan request: 0 sec 100000 usec ctrl_interface_group=10 (from group name 'wheel') Added interface ath0 RTM_NEWLINK: operstate=0 ifi_flags=0x1002 () Wireless event: cmd=0x8b06 len=8 Ignore event for foreign ifindex 3 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: DISCONNECTED -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated with 00:00:00:00:00:00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:00:00:00:00:00 into blacklist CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 CTRL_IFACE monitor attached - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 RX ctrl_iface - hexdump_ascii(len=10): 49 4e 54 45 52 46 41 43 45 53 INTERFACES RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: DISCONNECTED -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:7e No keys have been configured - skip key clearing Network configuration found for the current AP WPA: No WPA/RSN IE available from association info WPA: Set cipher suites based on configuration WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: clearing AP RSN IE WPA: using GTK CCMP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 EAPOL: External notification - portControl=Auto Associated with 00:03:7f:09:60:7e CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 c3 21 41 6d 83 ea d8 73 30 b8 22 6e ff b8 b9 24 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): c3 21 41 6d 83 ea d8 73 30 b8 22 6e ff b8 b9 24 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 1d f0 14 c3 37 b6 7c 17 a0 f7 a7 df 85 64 81 4c EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 1d f0 14 c3 37 b6 7c 17 a0 f7 a7 df 85 64 81 4c EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING CTRL-EVENT-TERMINATING - signal 2 received CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 Removing interface ath0 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_deauthenticate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 wpa_driver_wext_set_wpa wpa_driver_wext_set_drop_unencrypted wpa_driver_wext_set_countermeasures No keys have been configured - skip key clearing CTRL_IFACE wait for attached monitors to receive messages EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit Removed BSSID 00:00:00:00:00:00 from blacklist (clear) Cancelling scan request Cancelling authentication timeout WEXT: Operstate: linkmode=0, operstate=6 --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
Yes, radius is now working fine. What are you using (? going to use) to assign an IP address to the client - radius or DHCP? If you are using DHCP something is wrong with address/netmask assignment. If you are not using anything at the moment you will need to pick one. As for wpasupplicant log - it doesn't mean much to me (our WiFi lot is all XP). At a glance, you fail to associate with an AP even before radius traffic starts. It's complaining about IP address from the start. Are you sure that's working properly? Framed-IP-Address and Framed-IP-Netmask are used to assign them to the client if NAS is not doing DHCP. Ivan Kalik Kalik Informatika ISP Dana 1/6/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
sorry for the confusion and delay!! i am attaching user file, server output and client output. server is still giving access accept, but client is displaying cant assign requested address!! one thing what parameters should i add and what does framed ip address used for?? now this user file is giving no error and is rserver is running without any problem!
user file:-
# Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap" # for a much better way of dealing with differing passwords. # If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK. # If you don't set Auth-Type, the server will figure out what to do, # and will almost always do the right thing. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # You can include another `users' file with `$INCLUDE users.other' #
# # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html #
# # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled."
# # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." #
# # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP
# # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Cleartext-Password := "hello" # Reply-Message = "Hello, %u"
# # Dial user back and telnet to the default host for that port # #Deg Cleartext-Password := "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet
# # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Cleartext-Password := "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212"
# # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes
# # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # # Note that authenticating against an /etc/passwd file works ONLY for PAP, # and not for CHAP, MS-CHAP, or EAP. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine
# # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. #
# # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). #
testuser Password = "whatever"
Service-Type = Framed-User, # Framed-IP-Address = 192.168.2.32+, # Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 1438 DEFAULT Auth-Type = System Fall-Through = 1
# # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes
#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes
# # Defaults for all framed connections. # DEFAULT Service-Type == Framed-User Framed-IP-Address = 192.168.2.132+, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = No
# # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP
# # Default for SLIP: dynamic IP address, SLIP mode. # DEFAULT Hint == "SLIP" Framed-Protocol = SLIP
# # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com
# # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User
# On no match, the user is denied access.
Server side output:-
rad_recv: Access-Request packet from host 192.168.2.183:1031, id=0, length=177 Message-Authenticator = 0x589528b2bceeed66a2d4d26fefe7bf2c Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000d017465737475736572 NAS-IP-Address = 192.168.2.183 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 192.168.2.183 port 1031 Service-Type = Framed-User Framed-MTU = 1438 EAP-Message = 0x010100160410c321416d83ead87330b8226effb8b924 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x658952967ab1a3f98332d7b9a168e752 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.183:1031, id=1, length=204 Message-Authenticator = 0x351c009d3401181ca0410e9cd1971a24 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x658952967ab1a3f98332d7b9a168e752 Called-Station-Id = "00-03-7F-09-60-7E:ATH183" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201001604101df014c337b67c17a0f7a7df8564814c NAS-IP-Address = 192.168.2.183 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 1 modcall: leaving group authenticate (returns ok) for request 1 Sending Access-Accept of id 1 to 192.168.2.183 port 1031 Service-Type = Framed-User Framed-MTU = 1438 EAP-Message = 0x03010004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 465fabbe Cleaning up request 1 ID 1 with timestamp 465fabbe Nothing to do. Sleeping until we see a request.
Client side output:-
Initializing interface 'ath0' conf '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A' Configuration file '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' -> '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' Reading configuration file '/etc/wpa_supplicant/WPA_EAP_TLS1.conf' ctrl_interface='/var/run/wpa_supplicant' ctrl_interface_group='wheel' (DEPRECATED) eapol_version=1 ap_scan=1 fast_reauth=1 Line: 6 - start of a new network block ssid - hexdump_ascii(len=6): 41 54 48 31 38 33 ATH183 scan_ssid=1 (0x1) key_mgmt: 0x1 eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser password - hexdump_ascii(len=8): [REMOVED] Priority group 0 id=0 ssid='ATH183' Initializing interface (2) 'ath0' EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 SIOCGIWRANGE: WE(compiled)=22 WE(source)=13 enc_capa=0xf capabilities: key_mgmt 0xf enc 0xf WEXT: Operstate: linkmode=1, operstate=5 Own MAC address: 00:03:7f:05:c0:9c wpa_driver_wext_set_wpa wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_countermeasures wpa_driver_wext_set_drop_unencrypted Setting scan request: 0 sec 100000 usec ctrl_interface_group=10 (from group name 'wheel') Added interface ath0 RTM_NEWLINK: operstate=0 ifi_flags=0x1002 () Wireless event: cmd=0x8b06 len=8 Ignore event for foreign ifindex 3 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: DISCONNECTED -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated with 00:00:00:00:00:00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:00:00:00:00:00 into blacklist CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 CTRL_IFACE monitor attached - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 RX ctrl_iface - hexdump_ascii(len=10): 49 4e 54 45 52 46 41 43 45 53 INTERFACES RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: DISCONNECTED -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:7e No keys have been configured - skip key clearing Network configuration found for the current AP WPA: No WPA/RSN IE available from association info WPA: Set cipher suites based on configuration WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: clearing AP RSN IE WPA: using GTK CCMP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 EAPOL: External notification - portControl=Auto Associated with 00:03:7f:09:60:7e CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 c3 21 41 6d 83 ea d8 73 30 b8 22 6e ff b8 b9 24 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): c3 21 41 6d 83 ea d8 73 30 b8 22 6e ff b8 b9 24 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 1d f0 14 c3 37 b6 7c 17 a0 f7 a7 df 85 64 81 4c EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 1d f0 14 c3 37 b6 7c 17 a0 f7 a7 df 85 64 81 4c EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS ioctl[SIOCGIFADDR]: Cannot assign requested address RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING CTRL-EVENT-TERMINATING - signal 2 received CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 33 39 31 32 2d 37 35 00 Removing interface ath0 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_deauthenticate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 wpa_driver_wext_set_wpa wpa_driver_wext_set_drop_unencrypted wpa_driver_wext_set_countermeasures No keys have been configured - skip key clearing CTRL_IFACE wait for attached monitors to receive messages EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit Removed BSSID 00:00:00:00:00:00 from blacklist (clear) Cancelling scan request Cancelling authentication timeout WEXT: Operstate: linkmode=0, operstate=6
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
well i m using DHCP to get an ip. now i have retried and now i m not getting any message like cannot assign requested address but i m still getting that EAP-FAILIURE message. i m sending you output for client side hope u can trace the problem thanks for ur help! Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11 selected based on WPA IE Trying to associate with 00:03:7f:09:60:7e (SSID='ATH183' freq=2462 MHz) CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 WPA: using IEEE 802.11i/D3.0 WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1 proto 1 WPA: set AP WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 WPA: clearing AP RSN IE WPA: using GTK TKIP WPA: using PTK TKIP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:7e No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:7e CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 a5 9b 8e 83 0e 3c fd aa 30 e8 29 32 07 e2 c3 c5 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): a5 9b 8e 83 0e 3c fd aa 30 e8 29 32 07 e2 c3 c5 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 13 e3 bb c0 31 ca a7 ad 5c d0 4d 54 d7 5b 57 32 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 13 e3 bb c0 31 ca a7 ad 5c d0 4d 54 d7 5b 57 32 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b06 len=8 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b19 len=8 Received 2199 bytes of scan results (9 BSSes) Scan results: 9 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=24 rsn_ie_len=0 caps=0x11 selected based on WPA IE Already associated with the selected AP. RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 Setting scan request: 0 sec 100000 usec Added BSSID 00:03:7f:09:60:7e into blacklist CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:7e State: DISCONNECTED -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:7e No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:7e CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING EAPOL: startWhen --> 0 RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state RETRANSMIT EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 93 4a 43 e7 27 aa b2 cc f6 ad ca 6e e6 3d 21 53 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected CTRL_IFACE monitor send - hexdump(len=22): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 31 38 33 39 37 2d 35 00 EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 93 4a 43 e7 27 aa b2 cc f6 ad ca 6e e6 3d 21 53 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): cd 26 41 20 f8 fa 95 cb 00 2b 02 81 7d be b0 47 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 cd 26 41 20 f8 fa 95 cb 00 2b 02 81 7d be b0 47 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:7e RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=13): 4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53 LIST_NETWORKS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=6): 53 54 41 54 55 53 STATUS RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING RX ctrl_iface - hexdump_ascii(len=4): 50 49 4e 47 PING CTRL-EVENT-TERMINATING - signal 2 received regards shantanu tnt@kalik.co.yu wrote: Yes, radius is now working fine. What are you using (? going to use) to assign an IP address to the client - radius or DHCP? If you are using DHCP something is wrong with address/netmask assignment. If you are not using anything at the moment you will need to pick one. As for wpasupplicant log - it doesn't mean much to me (our WiFi lot is all XP). At a glance, you fail to associate with an AP even before radius traffic starts. It's complaining about IP address from the start. Are you sure that's working properly? Framed-IP-Address and Framed-IP-Netmask are used to assign them to the client if NAS is not doing DHCP. Ivan Kalik Kalik Informatika ISP --------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
This looks OK now: State: DISCONNECTED -> ASSOCIATING .. State: ASSOCIATING -> ASSOCIATED .. EAP: EAP entering state INITIALIZE .. EAPOL: SUPP_PAE entering state AUTHENTICATING This is now a supplicant issue > EAP is failing despite Access-Accept. Something is broken there. You will need to post your question to wpasupplicant list. I don't know anything about that supplicant. Ivan Kalik Kalik Informatika ISP Dana 1/6/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
well i m using DHCP to get an ip. now i have retried and now i m not getting any message like cannot assign requested address but i m still getting that EAP-FAILIURE message. i m sending you output for client side hope u can trace the problem thanks for ur help!
Has any one had this issue? Large users file appx 900 users with each users template as follows I don't know if its a corrupt line some where or not but the file is auto generated by Rodopi so i would think its not that heres what the users template is.. # 2353731881 -- First User testuser Password = "testpw" Framed-Protocol = PPP, Service-Type = Framed-User, Session-Timeout = 14400, Port-Limit = 1, Ascend-Data-Filter = "ip in forward tcp est", Ascend-Data-Filter = "ip in forward dstip 74.218.65.132/32", Ascend-Data-Filter = "ip in forward dstip 74.218.65.133/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in drop tcp dstport = 25", Ascend-Data-Filter = "ip in forward"
What doesn't work? Can you post radiusd -X output for the test user. In 1.1.6 you should use Cleartext-Password as attribute and := as operator. If those reply items are the same for all the users you can put them in a single DEFAULT entry and not in every user config. You already have such entries for Framed-User and PPP in original users file. Ivan Kalik Kalik Informatika ISP Dana 2/6/2007, "Jeff" <jeffa@jahelpdesk.com> piše:
Has any one had this issue? Large users file appx 900 users with each users template as follows I don't know if its a corrupt line some where or not but the file is auto generated by Rodopi so i would think its not that
heres what the users template is..
# 2353731881 -- First User testuser Password = "testpw" Framed-Protocol = PPP, Service-Type = Framed-User, Session-Timeout = 14400, Port-Limit = 1, Ascend-Data-Filter = "ip in forward tcp est", Ascend-Data-Filter = "ip in forward dstip 74.218.65.132/32", Ascend-Data-Filter = "ip in forward dstip 74.218.65.133/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in drop tcp dstport = 25", Ascend-Data-Filter = "ip in forward"
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
That was it, thanks the := --- I have another question. I am trying to get the script posted in the faq page at www.freeradius.org to update users file as a cron job For some reason none of this is working under opensuse operating system Any Suggestions???? It doesn't like the find users -nt .last-reload the part -nt From: tnt@kalik.co.yu To: FreeRadius users mailing list [mailto:freeradius-users@lists.freeradius.org] Sent: Sat, 02 Jun 2007 17:03:37 -0400 Subject: Re: won't work on large users file What doesn't work? Can you post radiusd -X output for the test user. In 1.1.6 you should use Cleartext-Password as attribute and := as operator. If those reply items are the same for all the users you can put them in a single DEFAULT entry and not in every user config. You already have such entries for Framed-User and PPP in original users file. Ivan Kalik Kalik Informatika ISP Dana 2/6/2007, "Jeff" <jeffa@jahelpdesk.com> piše:
Has any one had this issue? Large users file appx 900 users with each users template as follows I don't know if its a corrupt line some where or not but the file is auto generated by Rodopi so i would think its not that
heres what the users template is..
# 2353731881 -- First User testuser Password = "testpw" Framed-Protocol = PPP, Service-Type = Framed-User, Session-Timeout = 14400, Port-Limit = 1, Ascend-Data-Filter = "ip in forward tcp est", Ascend-Data-Filter = "ip in forward dstip 74.218.65.132/32", Ascend-Data-Filter = "ip in forward dstip 74.218.65.133/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in forward dstip 204.13.240.3/32", Ascend-Data-Filter = "ip in drop tcp dstport = 25", Ascend-Data-Filter = "ip in forward"
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what is final state or message of this authentication? is it associated or authenticated?? regards shantanu --------------------------------- Heres a new way to find what you're looking for - Yahoo! Answers
Associated is only the first stage. You then need to get authenticated, authorized ... Ivan Kalik Kalik Informatiaka ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
what is final state or message of this authentication? is it associated or authenticated?? regards shantanu
--------------------------------- Heres a new way to find what you're looking for - Yahoo! Answers
OK, change you testuser entry to: steve Cleartext-Password := "whatever" Service-Type = Framed-User, Framed-IP-Address = 192.168.2.132, Framed-IP-Netmask = 255.255.255.255, Framed-MTU = 1438 Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <shantanu_843@yahoo.co.in> piše:
this is server side output!!!!
rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204000d017465737475736572 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 modcall[authorize]: module "preprocess" returns ok for request 20 modcall[authorize]: module "chap" returns noop for request 20 modcall[authorize]: module "mschap" returns noop for request 20 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 20 rlm_eap: EAP packet type response id 4 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 20 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4f68ec51f7791041fc61be6441d9ea92 Finished request 20 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc Service-Type = Framed-User User-Name = "testuser" Framed-MTU = 1488 State = 0x4f68ec51f7791041fc61be6441d9ea92 Called-Station-Id = "00-03-7F-09-60-A0:ATH182" Calling-Station-Id = "00-03-7F-05-C0-9C" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 NAS-IP-Address = 192.168.2.182 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 modcall[authorize]: module "preprocess" returns ok for request 21 modcall[authorize]: module "chap" returns noop for request 21 modcall[authorize]: module "mschap" returns noop for request 21 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 21 rlm_eap: EAP packet type response id 5 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 users: Matched entry testuser at line 155 modcall[authorize]: module "files" returns ok for request 21 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 21 modcall: leaving group authenticate (returns ok) for request 21 Sending Access-Accept of id 5 to 192.168.2.182 port 1027 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 21 Going to the next request Waking up in 6 seconds... --- Walking the entire request list ---
it is sending an access accept packet!!! my user file is like this:- its an attachment(users) thanks for ur help,
regards shantanu
tnt@kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd -X output and your users file.
Ivan Kalik Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" piše:
hello, this is my client side output: Authentication with 00:03:7f:09:60:a0 timed out. Added BSSID 00:03:7f:09:60:a0 into blacklist State: ASSOCIATED -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_disassociate No keys have been configured - skip key clearing EAPOL: External notification - portEnabled=0 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 Setting scan request: 0 sec 0 usec State: DISCONNECTED -> SCANNING Starting AP scan (specific SSID) Scan SSID - hexdump_ascii(len=6): 41 54 48 31 38 32 ATH182 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:00:00:00:00:00 BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 State: SCANNING -> DISCONNECTED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b19 len=8 Received 1844 bytes of scan results (7 BSSes) Scan results: 7 Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 skip - blacklisted 2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE 6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 skip - no WPA/RSN IE No APs found - clear blacklist and try again Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) Selecting BSS from priority group 0 0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 skip - SSID mismatch 1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 selected based on RSN IE Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) Cancelling scan request WPA: clearing own WPA/RSN IE Automatic auth_alg selection: 0x1 RSN: using IEEE 802.11i/D9.0 WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 WPA: clearing AP WPA IE WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00 WPA: using GTK TKIP WPA: using PTK CCMP WPA: using KEY_MGMT 802.1X WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 No keys have been configured - skip key clearing wpa_driver_wext_set_drop_unencrypted State: DISCONNECTED -> ASSOCIATING wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 wpa_driver_wext_associate Setting authentication timeout: 10 sec 0 usec EAPOL: External notification - portControl=Auto RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b06 len=8 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b04 len=12 RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) Wireless event: cmd=0x8b1a len=14 RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) Wireless event: cmd=0x8b15 len=20 Wireless event: new AP: 00:03:7f:09:60:a0 State: ASSOCIATING -> ASSOCIATED wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) WEXT: Operstate: linkmode=-1, operstate=5 Associated to a new BSS: BSSID=00:03:7f:09:60:a0 No keys have been configured - skip key clearing Associated with 00:03:7f:09:60:a0 WPA: Association event - clear replay counter EAPOL: External notification - portEnabled=0 EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE Setting authentication timeout: 10 sec 0 usec Cancelling scan request RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 Setting authentication timeout: 70 sec 0 usec EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93 EAPOL: SUPP_BE entering state RECEIVE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 EAPOL: authWhile --> 0 EAPOL: SUPP_BE entering state TIMEOUT EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE RX EAPOL from 00:03:7f:09:60:a0 RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=8): 74 65 73 74 75 73 65 72 testuser EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE
the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!! i am not able to figure out the problem output of server is same as that in earlier mail, one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!! it is all messed up, please do reply for this prob!!! regards shantanu
tnt@kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a problem if you are doing DHCP. Otherwise you need to return IP address, netmask, MTU, Service-Type, DNS servers etc.
Leave that Framed-User DEFAULT entry alone - it should be there. You need to add stuff to your user config:
testuser Cleartext-Password:=yourpassword Framed-IP-Address=1.2.3.4 Framed-MTU=yourMTU Framed-IP-Netmask=255.255.255.255 etc.
Ivan Kalik Kalik Informatika ISP
Dana 30/5/2007, "shantanu choudhary" piše:
--- snip ---
Sending Access-Accept of id 2 to 192.168.2.182 port 1028 EAP-Message = 0x03020004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testuser" Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 465d506e Cleaning up request 1 ID 2 with timestamp 465d506e Nothing to do. Sleeping until we see a request.
it is sending ACCESS ACCEPT but no access reject or failure!!!! and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
sorry for disturbing u again n again but can u help me out???? please!! shantanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Did you know? You can CHAT without downloading messenger. Know how!
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--------------------------------- Download prohibited? No problem! CHAT from any browser, without download.
participants (3)
-
Jeff -
shantanu choudhary -
tnt@kalik.co.yu