help with EAP MD5 wired authentication
Anup Parkhi
anup_parkhi at hotmail.com
Thu Nov 24 01:36:31 CET 2005
Ok. I finally figured out
1. Comment out the following lines as shown below
OR
2. Put your users before these lines.
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
# >>>>COMMENTS BEGIN
#DEFAULT Framed-Protocol == PPP
# Framed-Protocol = PPP,
# Framed-Compression = Van-Jacobson-TCP-IP
# >>>>COMMENTS END
>From: "Anup Parkhi" <anup_parkhi at hotmail.com>
>Reply-To: anup_parkhi at hotmail.com, FreeRadius users mailing
>list<freeradius-users at lists.freeradius.org>
>To: david.minodier at francetelecom.com, freeradius-users at lists.freeradius.org
>Subject: RE: help with EAP MD5 wired authentication
>Date: Tue, 22 Nov 2005 21:11:22 +0000
>
>Thanks for responding.
>
>I tried that but did not work. radiusd gave the same error message before.
>
>If you have it working then please send your radiusd.conf, users file
>
>My email is anup_parkhi at hotmail.com
>
>Anup
>
>
>
>
>>From: "MINODIER David RD-RESA-LAN" <david.minodier at francetelecom.com>
>>To: <anup_parkhi at hotmail.com>,"FreeRadius users mailing list"
>><freeradius-users at lists.freeradius.org>
>>Subject: RE: help with EAP MD5 wired authentication
>>Date: Tue, 22 Nov 2005 09:31:29 +0100
>>
>>Since you're using EAP-MD5, you should have in your users file:
>>
>>Xxx Auth-Type := EAP, User-Password == "whatever"
>>
>>David.
>>
>>
>> > -----Message d'origine-----
>> > De : freeradius-users-bounces at lists.freeradius.org
>> > [mailto:freeradius-users-bounces at lists.freeradius.org] De la
>> > part de Anup Parkhi
>> > Envoyé : mardi 22 novembre 2005 01:54
>> > À : freeradius-users at lists.freeradius.org
>> > Objet : help with EAP MD5 wired authentication
>> >
>> > Hi,
>> >
>> > I am struggling with EAP-MD5 wired authentication for last
>> > couple of days. I checked the web and archives but to no avail.
>> >
>> > I am using XP supplicant. Tried with Funk's supplicant also
>> > but same result.
>> >
>> > Any help will be highly appreciated.
>> >
>> > Thanks
>> > Anup
>> >
>> > My users file has following towards the end
>> >
>> > # On no match, the user is denied access.
>> >
>> > a User-Password == "a"
>> >
>> > "test" User-Password == "test"
>> >
>> > "Administrator" User-Password == "pnbidm123!"
>> >
>> > aparkhi Auth-Type := System, User-Password == "aparkhi"
>> >
>> > DEFAULT Auth-Type := Accept
>> > Reply-Message = "All users are allowed, Welcome %u."
>> >
>> > Radiusd.conf has
>> >
>> > 1. modules section
>> > ...
>> > pap {
>> > encryption_scheme = crypt
>> > }
>> >
>> > # CHAP module
>> > #
>> > # To authenticate requests containing a CHAP-Password
>> > attribute.
>> > #
>> > chap {
>> > authtype = CHAP
>> > }
>> > ...
>> > $INCLUDE ${confdir}/eap.conf
>> >
>> > mschap {
>> > ...
>> > }
>> >
>> > files {
>> > ...
>> > }
>> >
>> > ...
>> >
>> >
>> > The console output of radiusd -X -s is
>> >
>> > Ready to process requests.
>> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
>> > length=214
>> > Framed-MTU = 1480
>> > NAS-IP-Address = 10.11.12.107
>> > NAS-Identifier = "HP ProCurve Switch 2824"
>> > User-Name = "test"
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > NAS-Port = 24
>> > NAS-Port-Type = Ethernet
>> > NAS-Port-Id = "24"
>> > Called-Station-Id = "00-0f-20-8d-04-c8"
>> > Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>> > Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>> > Tunnel-Type:0 = VLAN
>> > Tunnel-Medium-Type:0 = IEEE-802
>> > Tunnel-Private-Group-Id:0 = "1010"
>> > EAP-Message = 0x020200090174657374
>> > Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
>> > Processing the authorize section of radiusd.conf
>> > modcall: entering group authorize for request 0
>> > modcall[authorize]: module "preprocess" returns ok for request 0
>> > modcall[authorize]: module "chap" returns noop for request 0
>> > modcall[authorize]: module "mschap" returns noop for request 0
>> > rlm_eap: EAP packet type response id 2 length 9
>> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>> > modcall[authorize]: module "eap" returns updated for request 0
>> > users: Matched entry DEFAULT at line 152
>> > users: Matched entry DEFAULT at line 171
>> > users: Matched entry DEFAULT at line 183
>> > modcall[authorize]: module "files" returns ok for request 0
>> > modcall: group authorize returns updated for request 0
>> > rad_check_password: Found Auth-Type EAP
>> > auth: type "EAP"
>> > Processing the authenticate section of radiusd.conf
>> > modcall: entering group authenticate for request 0
>> > rlm_eap: EAP Identity
>> > rlm_eap: processing type md5
>> > rlm_eap_md5: Issuing Challenge
>> > modcall[authenticate]: module "eap" returns handled for request 0
>> > modcall: group authenticate returns handled for request 0
>> > Sending Access-Challenge of id 76 to 10.11.12.107:1024
>> > Framed-IP-Address = 255.255.255.254
>> > Framed-MTU = 576
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > Framed-Compression = Van-Jacobson-TCP-IP
>> > EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
>> > Message-Authenticator = 0x00000000000000000000000000000000
>> > State = 0x33fe6026586af730cd367983bb9ea8b6
>> > Finished request 0
>> > Going to the next request
>> > --- Walking the entire request list ---
>> > Waking up in 6 seconds...
>> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
>> > length=249
>> > Framed-MTU = 1480
>> > NAS-IP-Address = 10.11.12.107
>> > NAS-Identifier = "HP ProCurve Switch 2824"
>> > User-Name = "test"
>> > Service-Type = Framed-User
>> > Framed-Protocol = PPP
>> > NAS-Port = 24
>> > NAS-Port-Type = Ethernet
>> > NAS-Port-Id = "24"
>> > Called-Station-Id = "00-0f-20-8d-04-c8"
>> > Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>> > Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>> > Tunnel-Type:0 = VLAN
>> > Tunnel-Medium-Type:0 = IEEE-802
>> > Tunnel-Private-Group-Id:0 = "1010"
>> > State = 0x33fe6026586af730cd367983bb9ea8b6
>> > EAP-Message =
>> > 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
>> > Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
>> > Processing the authorize section of radiusd.conf
>> > modcall: entering group authorize for request 1
>> > modcall[authorize]: module "preprocess" returns ok for request 1
>> > modcall[authorize]: module "chap" returns noop for request 1
>> > modcall[authorize]: module "mschap" returns noop for request 1
>> > rlm_eap: EAP packet type response id 3 length 26
>> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>> > modcall[authorize]: module "eap" returns updated for request 1
>> > users: Matched entry DEFAULT at line 152
>> > users: Matched entry DEFAULT at line 171
>> > users: Matched entry DEFAULT at line 183
>> > modcall[authorize]: module "files" returns ok for request 1
>> > modcall: group authorize returns updated for request 1
>> > rad_check_password: Found Auth-Type EAP
>> > auth: type "EAP"
>> > Processing the authenticate section of radiusd.conf
>> > modcall: entering group authenticate for request 1
>> > rlm_eap: Request found, released from the list
>> > rlm_eap: EAP/md5
>> > rlm_eap: processing type md5
>> > rlm_eap_md5: User-Password is required for EAP-MD5 authentication
>> > rlm_eap: Handler failed in EAP/md5
>> > rlm_eap: Failed in EAP select
>> > modcall[authenticate]: module "eap" returns invalid for request 1
>> > modcall: group authenticate returns invalid for request 1
>> > auth: Failed to validate the user.
>> > Delaying request 1 for 1 seconds
>> > Finished request 1
>> > Going to the next request
>> > Waking up in 6 seconds...
>> > rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
>> > length=249
>> > Sending Access-Reject of id 77 to 10.11.12.107:1024
>> > EAP-Message = 0x04030004
>> > Message-Authenticator = 0x00000000000000000000000000000000
>> > --- Walking the entire request list ---
>> > Waking up in 1 seconds...
>> > --- Walking the entire request list ---
>> > Cleaning up request 0 ID 76 with timestamp 43826690 Cleaning
>> > up request 1 ID 77 with timestamp 43826690 Nothing to do.
>> > Sleeping until we see a request.
>> >
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> > http://www.freeradius.org/list/users.html
>> >
>
>
>- List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list