help with EAP MD5 wired authentication
Anup Parkhi
anup_parkhi at hotmail.com
Tue Nov 22 01:54:17 CET 2005
Hi,
I am struggling with EAP-MD5 wired authentication for last couple of days. I
checked the web and archives but to no avail.
I am using XP supplicant. Tried with Funk's supplicant also but same result.
Any help will be highly appreciated.
Thanks
Anup
My users file has following towards the end
# On no match, the user is denied access.
a User-Password == "a"
"test" User-Password == "test"
"Administrator" User-Password == "pnbidm123!"
aparkhi Auth-Type := System, User-Password == "aparkhi"
DEFAULT Auth-Type := Accept
Reply-Message = "All users are allowed, Welcome %u."
Radiusd.conf has
1. modules section
...
pap {
encryption_scheme = crypt
}
# CHAP module
#
# To authenticate requests containing a CHAP-Password attribute.
#
chap {
authtype = CHAP
}
...
$INCLUDE ${confdir}/eap.conf
mschap {
...
}
files {
...
}
...
The console output of radiusd -X -s is
Ready to process requests.
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
length=214
Framed-MTU = 1480
NAS-IP-Address = 10.11.12.107
NAS-Identifier = "HP ProCurve Switch 2824"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 24
NAS-Port-Type = Ethernet
NAS-Port-Id = "24"
Called-Station-Id = "00-0f-20-8d-04-c8"
Calling-Station-Id = "00-c0-9f-0d-4a-1f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1010"
EAP-Message = 0x020200090174657374
Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 76 to 10.11.12.107:1024
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33fe6026586af730cd367983bb9ea8b6
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
length=249
Framed-MTU = 1480
NAS-IP-Address = 10.11.12.107
NAS-Identifier = "HP ProCurve Switch 2824"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 24
NAS-Port-Type = Ethernet
NAS-Port-Id = "24"
Called-Station-Id = "00-0f-20-8d-04-c8"
Calling-Station-Id = "00-c0-9f-0d-4a-1f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1010"
State = 0x33fe6026586af730cd367983bb9ea8b6
EAP-Message = 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 26
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
length=249
Sending Access-Reject of id 77 to 10.11.12.107:1024
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 76 with timestamp 43826690
Cleaning up request 1 ID 77 with timestamp 43826690
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list