help with EAP MD5 wired authentication

anup_parkhi at hotmail.com anup_parkhi at hotmail.com
Thu Nov 24 14:00:56 CET 2005 

Hi,

I am struggling with EAP-MD5 wired authentication for last couple of days. I 
checked the web and archives but to no avail.

I am using XP supplicant. Tried with Funk's supplicant also but same result.

Any help will be highly appreciated.

Thanks
Anup

My users file has following towards the end

# On no match, the user is denied access.

a       User-Password == "a"

"test"  User-Password == "test"

"Administrator" User-Password == "pnbidm123!"

aparkhi Auth-Type := System, User-Password == "aparkhi"

DEFAULT Auth-Type := Accept
               Reply-Message = "All users are allowed, Welcome %u."

Radiusd.conf has

1. modules section
...
pap {
               encryption_scheme = crypt
       }

       # CHAP module
       #
       #  To authenticate requests containing a CHAP-Password attribute.
       #
       chap {
               authtype = CHAP
       }
...
$INCLUDE ${confdir}/eap.conf

mschap {
...
}

files {
...
}

...


The console output of radiusd -X -s is

Ready to process requests.
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76, 
length=214
       Framed-MTU = 1480
       NAS-IP-Address = 10.11.12.107
       NAS-Identifier = "HP ProCurve Switch 2824"
       User-Name = "test"
       Service-Type = Framed-User
       Framed-Protocol = PPP
       NAS-Port = 24
       NAS-Port-Type = Ethernet
       NAS-Port-Id = "24"
       Called-Station-Id = "00-0f-20-8d-04-c8"
       Calling-Station-Id = "00-c0-9f-0d-4a-1f"
       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
       Tunnel-Type:0 = VLAN
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Private-Group-Id:0 = "1010"
       EAP-Message = 0x020200090174657374
       Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
   users: Matched entry DEFAULT at line 152
   users: Matched entry DEFAULT at line 171
   users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 76 to 10.11.12.107:1024
       Framed-IP-Address = 255.255.255.254
       Framed-MTU = 576
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Framed-Compression = Van-Jacobson-TCP-IP
       EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x33fe6026586af730cd367983bb9ea8b6
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77, 
length=249
       Framed-MTU = 1480
       NAS-IP-Address = 10.11.12.107
       NAS-Identifier = "HP ProCurve Switch 2824"
       User-Name = "test"
       Service-Type = Framed-User
       Framed-Protocol = PPP
       NAS-Port = 24
       NAS-Port-Type = Ethernet
       NAS-Port-Id = "24"
       Called-Station-Id = "00-0f-20-8d-04-c8"
       Calling-Station-Id = "00-c0-9f-0d-4a-1f"
       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
       Tunnel-Type:0 = VLAN
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Private-Group-Id:0 = "1010"
       State = 0x33fe6026586af730cd367983bb9ea8b6
       EAP-Message = 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
       Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 26
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
   users: Matched entry DEFAULT at line 152
   users: Matched entry DEFAULT at line 171
   users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77, 
length=249
Sending Access-Reject of id 77 to 10.11.12.107:1024
       EAP-Message = 0x04030004
       Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 76 with timestamp 43826690
Cleaning up request 1 ID 77 with timestamp 43826690
Nothing to do.  Sleeping until we see a request.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2#Mime.822
Type: application/octet-stream
Size: 9916 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051124/c5ca48ca/attachment.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: GWAVADAT.TXT
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051124/c5ca48ca/attachment.ksh>

More information about the Freeradius-Users mailing list