playing with eap2 - access-challenge instead of access-accept

Ming-Ching Tiew mctiew at
Sat Sep 10 04:08:13 CEST 2011

I am playing with eap2 module using from the hostapd 0.7.3 stable ( plus Makefile modifications ). I have got it to a stage where it can be instantiated - despite a few other off topic issues. But when I put that 'eap2' in place of 'eap' in the authentication section, nothing happens, eap2 module is not invoked. So I changed it to :-

        Auth-Type eap {
The module is then invoked. But I am still not coming close to being able get it to authenticate, because when I tested the simplest case of eap md5, this is what I got from radius debug :-

Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group eap {...}
CTRL-EVENT-EAP-STARTED 00:00:00:00:00:00
==> Request
++[eap2] returns handled
Sending Access-Challenge of id 250 to port 52414
	EAP-Message = 0x01d300061920
	State = 0xe3c425eb267c641f82d999e1c9808ce1
	Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.

Verses this is what I get if I use 'eap' module :-

[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 160 to port 50702
	EAP-Message = 0x03d30004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "eapmd5"
Finished request 1.

Seems eap2 is always returning access-challenge while eap is able to complete with access-accept. Is it that the rlm_eap2.c source needs further modifications ?

Best regards.

More information about the Freeradius-Devel mailing list