EAP-TTLS and PEAP auth problem ... sorry!!

Gandalf the Gray gtheg1 at yahoo.com
Tue Jul 5 10:51:14 CEST 2005 


--- Alan DeKok <aland at ox.org> wrote:

> Gandalf the Gray <gtheg1 at yahoo.com> wrote:
> > It seems no EAP-challenge is really going on.
> > this is the output from tre radius server after a
> try
> > made by AEGIS client under windows XP, with PEAP
> > MSCHAPv2.
> 
>   The AEGIS client works with FreeRADIUS.
> 
>   What the debug log shows Is that the client is not
> seeing the
> response from FreeRADIUS.  It's probably because you
> have multiple
> IP's on the radius server, and the client is sending
> to one address,
> and seeing the response from another.
> 
>   Use 'tcpdump' to verify the problem, and make the
> server listen on
> only one IP.
> 
>   Alan DeKok.

I checked and set a single IP address on my freeradius
server.
But it seems always the same result...
this is my log by radiusd -X:

rad_recv: Access-Request packet from host
192.168.127.36:21646, id=123, length=131
        User-Name = "attoo"
        Framed-MTU = 1400
        Called-Station-Id = "00-12-D9-B3-26-90"
        Calling-Station-Id = "00-50-FC-F1-7A-91"
        Message-Authenticator =
0x17e90f1da3ab8ca6003b033cdfa7926d
        EAP-Message = 0x0202000a016174746f6f
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 337
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.127.36
        NAS-Identifier = "appi"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok
for request 1
  modcall[authorize]: module "mschap" returns noop for
request 1
    rlm_realm: No '@' in User-Name = "attoo", skipping
NULL due to config.
  modcall[authorize]: module "suffix" returns noop for
request 1
  rlm_eap: EAP packet type response id 2 length 10
  rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
  modcall[authorize]: module "eap" returns updated for
request 1
    users: Matched entry DEFAULT at line 152
  modcall[authorize]: module "files" returns ok for
request 1
modcall: group authorize returns updated for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled
for request 1
modcall: group authenticate returns handled for
request 1
Sending Access-Challenge of id 123 to
192.168.127.36:21646
        EAP-Message = 0x010300061920
        Message-Authenticator =
0x00000000000000000000000000000000
        State = 0x305eceed6a3b96ee99d532871dffa83f
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
192.168.127.36:21646, id=123, length=131
Sending duplicate reply to client appi:21646 - ID: 123
Re-sending Access-Challenge of id 123 to
192.168.127.36:21646
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 123 with timestamp 42ca647d
Nothing to do.  Sleeping until we see a request.

thank you for your attention!



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Freeradius-Users mailing list