using freradius 1.0.5 to secure an WLAN AP

Frank Buttner frank-buettner at gmx.net
Thu Dec 29 13:52:55 CET 2005


So here I have the hole output again. So long I see, there is no certificate
exchange??
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0200001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0xdd3d83f19e08787f6907798c30ef7b7c
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
  modcall[authorize]: module "auth_log" returns ok for request 0
  modcall[authorize]: module "attr_filter" returns noop for request 0
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 0 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010100060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xd69dcd7c75cc15eea53e2baca8acbce5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=163
        User-Name = "schneeball.netz-von-frank"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0014bfa57781"
        Calling-Station-Id = "000e2e3ee98f"
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0201001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0xf5f960c2cb0c4acc07d7f9d962b26fd9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
  modcall[authorize]: module "auth_log" returns ok for request 1
  modcall[authorize]: module "attr_filter" returns noop for request 1
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 1 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa87e53fdb3ded6be7a711bf1e3a79879
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=163
        User-Name = "schneeball.netz-von-frank"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0014bfa57781"
        Calling-Station-Id = "000e2e3ee98f"
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0201001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0x44c69b1ab2ae0e9c056eceedfb528543
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
  modcall[authorize]: module "auth_log" returns ok for request 2
  modcall[authorize]: module "attr_filter" returns noop for request 2
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 1 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0da316f282812e54cf900c9997cb7612
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=163
        User-Name = "schneeball.netz-von-frank"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0014bfa57781"
        Calling-Station-Id = "000e2e3ee98f"
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0201001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0x4b44441b0a991ef387981cbc5618e700
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
  modcall[authorize]: module "auth_log" returns ok for request 3
  modcall[authorize]: module "attr_filter" returns noop for request 3
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 1 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc7e720cf22b959e7a88e5c6ca2f33d38
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.2:2068, id=0, length=163
        User-Name = "schneeball.netz-von-frank"
        NAS-IP-Address = 192.168.1.2
        Called-Station-Id = "0014bfa57781"
        Calling-Station-Id = "000e2e3ee98f"
        NAS-Identifier = "0014bfa57781"
        NAS-Port = 24
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0201001e017363686e656562616c6c2e6e65747a2d766f6e2d6672616e6b
        Message-Authenticator = 0x62cf2cd7aa0ec7094f14f12d2a1d6613
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
radius_xlat:  '/var/log/radius/radacct/192.168.1.2/auth-detail-20051229'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.2/auth-detail-20051229
  modcall[authorize]: module "auth_log" returns ok for request 4
  modcall[authorize]: module "attr_filter" returns noop for request 4
    rlm_realm: No '@' in User-Name = "schneeball.netz-von-frank", looking up
realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 1 length 30
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
 rlm_eap_tls: Requiring client certificate
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 0 to 192.168.1.2:2068
        EAP-Message = 0x010200060d20
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x63a2c78c3eaec0e6c63696a54603ac45
Finished request 4
Going to the next request 

-----Original Message-----
From: freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
[mailto:freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
] On Behalf Of Frank Buttner
Sent: Thursday, December 29, 2005 9:57 AM
To: 'FreeRadius users mailing list'
Subject: RE: using freradius 1.0.5 to secure an WLAN AP 

But not client will get access. The Windows XP clients say that they can not
be verified. And my Windows 2000 Clients will send the request all time
because the request from the radius server seems not complete:( 

-----Original Message-----
From: freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
[mailto:freeradius-users-bounces+frank-buettner=gmx.net at lists.freeradius.org
] On Behalf Of Alan DeKok
Sent: Wednesday, December 28, 2005 11:47 PM
To: FreeRadius users mailing list
Subject: Re: using freradius 1.0.5 to secure an WLAN AP 

=?us-ascii?Q?Frank_Buttner?= <frank-buettner at gmx.net> wrote:
> Hello, I try to use freeradius to secure my WLAN. But it will not work.
> The clients talk to the ap and the ap to my radius Server. But the 
> answer of the radius server is not ok:(

  What's going wrong?  Your message doesn't include anything that I can see
is a problem.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list