freeradius 1.0.4 and Cisco WLSE
Alan DeKok
aland at ox.org
Fri Aug 12 01:02:19 CEST 2005
jck-freeradius at southwestern.edu wrote:
> I am trying to speak between my Freeradius server and a Cisco WLSE.
> I am seeing EAP timeouts while WLSE is trying to authenticate
> through Freeradius.
Short summary: the supplicant is broken.
> Sending Access-Challenge of id 3 to 192.168.254.10:32815
> EAP-Message = 0x010100221a0101001d10b063da2c8f5c52273cd537b0c09d69e5776c736561636374
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8c90735921dd51b22bc8ef97379845b8
...
> rad_recv: Access-Request packet from host 192.168.254.10:32815, id=3, length=125
> User-Name = "wlseacct"
> NAS-IP-Address = 192.168.254.10
> Called-Station-Id = "ABBAABBAABBA"
> Calling-Station-Id = "ABBAABBAABBA"
> NAS-Identifier = "Cisco Secure II"
> NAS-Port = 29
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x020300060311
> Message-Authenticator = 0x070f8a208866000f797e64be5bd48f48
The client is sending a NACK, and asking for another EAP type. But
it's changing the EAP ID in a broken way, which means that the AP
doesn't add the State attribute from the previous challenge.
In the last packet, FreeRADIUS is seeing the middle of a
conversation, without any way to know what the conversation was about.
The supplicant is broken. Use another one.
Alan DeKok.
More information about the Freeradius-Users
mailing list