help with EAP MD5 wired authentication

MINODIER David RD-RESA-LAN david.minodier at francetelecom.com
Tue Nov 22 09:31:29 CET 2005 

Since you're using EAP-MD5, you should have in your users file:

Xxx	Auth-Type := EAP, User-Password == "whatever"

David.


> -----Message d'origine-----
> De : freeradius-users-bounces at lists.freeradius.org 
> [mailto:freeradius-users-bounces at lists.freeradius.org] De la 
> part de Anup Parkhi
> Envoyé : mardi 22 novembre 2005 01:54
> À : freeradius-users at lists.freeradius.org
> Objet : help with EAP MD5 wired authentication
> 
> Hi,
> 
> I am struggling with EAP-MD5 wired authentication for last 
> couple of days. I checked the web and archives but to no avail.
> 
> I am using XP supplicant. Tried with Funk's supplicant also 
> but same result.
> 
> Any help will be highly appreciated.
> 
> Thanks
> Anup
> 
> My users file has following towards the end
> 
> # On no match, the user is denied access.
> 
> a       User-Password == "a"
> 
> "test"  User-Password == "test"
> 
> "Administrator" User-Password == "pnbidm123!"
> 
> aparkhi Auth-Type := System, User-Password == "aparkhi"
> 
> DEFAULT Auth-Type := Accept
>                Reply-Message = "All users are allowed, Welcome %u."
> 
> Radiusd.conf has
> 
> 1. modules section
> ...
> pap {
>                encryption_scheme = crypt
>        }
> 
>        # CHAP module
>        #
>        #  To authenticate requests containing a CHAP-Password 
> attribute.
>        #
>        chap {
>                authtype = CHAP
>        }
> ...
> $INCLUDE ${confdir}/eap.conf
> 
> mschap {
> ...
> }
> 
> files {
> ...
> }
> 
> ...
> 
> 
> The console output of radiusd -X -s is
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
> length=214
>        Framed-MTU = 1480
>        NAS-IP-Address = 10.11.12.107
>        NAS-Identifier = "HP ProCurve Switch 2824"
>        User-Name = "test"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 24
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "24"
>        Called-Station-Id = "00-0f-20-8d-04-c8"
>        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "1010"
>        EAP-Message = 0x020200090174657374
>        Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_eap: EAP packet type response id 2 length 9
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 183
> modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns updated for request 0
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 0
> modcall: group authenticate returns handled for request 0 
> Sending Access-Challenge of id 76 to 10.11.12.107:1024
>        Framed-IP-Address = 255.255.255.254
>        Framed-MTU = 576
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        Framed-Compression = Van-Jacobson-TCP-IP
>        EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x33fe6026586af730cd367983bb9ea8b6
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> length=249
>        Framed-MTU = 1480
>        NAS-IP-Address = 10.11.12.107
>        NAS-Identifier = "HP ProCurve Switch 2824"
>        User-Name = "test"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 24
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "24"
>        Called-Station-Id = "00-0f-20-8d-04-c8"
>        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "1010"
>        State = 0x33fe6026586af730cd367983bb9ea8b6
>        EAP-Message = 
> 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
>        Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> modcall[authorize]: module "mschap" returns noop for request 1
> rlm_eap: EAP packet type response id 3 length 26
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 1
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 183
> modcall[authorize]: module "files" returns ok for request 1
> modcall: group authorize returns updated for request 1
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/md5
> rlm_eap: processing type md5
> rlm_eap_md5: User-Password is required for EAP-MD5 authentication
> rlm_eap: Handler failed in EAP/md5
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 1
> modcall: group authenticate returns invalid for request 1
> auth: Failed to validate the user.
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> length=249
> Sending Access-Reject of id 77 to 10.11.12.107:1024
>        EAP-Message = 0x04030004
>        Message-Authenticator = 0x00000000000000000000000000000000
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 76 with timestamp 43826690 Cleaning 
> up request 1 ID 77 with timestamp 43826690 Nothing to do.  
> Sleeping until we see a request.
> 
> 
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list