802.1x authentication

Pradeep Sengar pradeep.sengar at gmail.com
Sat Jul 8 10:55:10 CEST 2006 

just do google everything is there


Pradeep

Date: Fri, 7 Jul 2006 09:32:17 -0500
> From: "Jin Fan" <jfan at cwlab.com>
> Subject: RE: 802.1x authentication
> To: "FreeRadius users mailing list"
>         <freeradius-users at lists.freeradius.org>
> Message-ID:
>         <F26421BAB0F1D146BABD4977D6159084012CA1B0 at ctiexch.ctinet.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi, all:
>
> To further describe my challenge, here is debugging output from
> freeradius.  One line says, "rlm_eap: Failed in EAP select".  I must have
> set up eap wrong.  Could anyone help me out here?  Btw, in the following
> example, user "TRPZEDU\\jfan" tries to authenticate through 802.1x
> .  Thanks.
>
> Jin
>
> rad_recv: Access-Request packet from host 192.168.3.26:20000, id=89,
> length=157
>         NAS-Port-Id = "1/1"
>         Calling-Station-Id = "00-0B-BE-D4-50-46"
>         Called-Station-Id = "00-0B-0E-13-74-C0:hotspot"
>         Service-Type = Framed-User
>         User-Name = "TRPZEDU\\jfan"
>         State = 0xdcfe3f22dc8680c7b0e05b3d498b6090
>         EAP-Message = 0x020200060319
>         NAS-Identifier = "Trapeze"
>         NAS-Port-Type = Wireless-802.11
>         NAS-IP-Address = 192.168.3.26
>         Message-Authenticator = 0xc846da111c9f48b4a5570fff318767a2
>   Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 6
>   modcall[authorize]: module "preprocess" returns ok for request 6
>   modcall[authorize]: module "chap" returns noop for request 6
>   modcall[authorize]: module "mschap" returns noop for request 6
>     rlm_realm: No '@' in User-Name = "TRPZEDU\jfan", looking up realm NULL
>     rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 6
>   rlm_eap: EAP packet type response id 2 length 6
>   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>   modcall[authorize]: module "eap" returns updated for request 6
>     users: Matched entry DEFAULT at line 152
>     users: Matched entry DEFAULT at line 171
>     users: Matched entry TRPZEDU\jfan at line 228
>   modcall[authorize]: module "files" returns ok for request 6
> radius_xlat:  'TRPZEDU\\jfan'
> rlm_sql (sql): sql_set_user escaped user --> 'TRPZEDU\\jfan'
> radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'TRPZEDU=5C=5C=5C=5Cjfan' ORDER BY id'
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql (sql): User TRPZEDU\\jfan not found in radcheck
> radius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,
> radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM
> radgroupcheck,usergroup WHERE usergroup.Username =
> 'TRPZEDU=5C=5C=5C=5Cjfan' AND usergroup.GroupName =
> radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,
> radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM
> radgroupreply,usergroup WHERE usergroup.Username =
> 'TRPZEDU=5C=5C=5C=5Cjfan' AND usergroup.GroupName =
> radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql (sql): User TRPZEDU\\jfan not found in radgroupcheck
> rlm_sql (sql): User not found
> rlm_sql (sql): Released sql socket id: 3
>   modcall[authorize]: module "sql" returns notfound for request 6
> modcall: group authorize returns updated for request 6
>   rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
>   Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 6
>   rlm_eap: Request found, released from the list
>   rlm_eap: EAP NAK
> rlm_eap: EAP-NAK asked for EAP-Type/peap
> rlm_eap: No such EAP type peap
>   rlm_eap: Failed in EAP select
>   modcall[authenticate]: module "eap" returns invalid for request 6
> modcall: group authenticate returns invalid for request 6
> auth: Failed to validate the user.
> Delaying request 6 for 1 seconds
> Finished request 6
> Going to the next request
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Sending Access-Reject of id 89 to 192.168.3.26:20000
>         EAP-Message = 0x04020004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         Trapeze-VLAN-Name = "vlan10"
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 5 ID 88 with timestamp 44ae6d5d
> Cleaning up request 6 ID 89 with timestamp 44ae6d5d
> Nothing to do.  Sleeping until we see a request.
>
>
> ________________________________
>
> From: freeradius-users-bounces+jfan=cwlab.com at lists.freeradius.org on
> behalf of Jin Fan
> Sent: Thu 7/6/2006 5:22 PM
> To: FreeRadius users mailing list
> Subject: 802.1x authentication
>
>
>
> Hi, All:
>
>         I need some pointers on how to set up 802.1x (PEAP/MSCHAP v.2)
> authentication in freeradius.  Generating certificates? Modifying
> configurations?
>
> Jin
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/ms-tnef
> Size: 7486 bytes
> Desc: not available
> Url :
> https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060707/9c97739f/attachment.bin
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 15, Issue 19
> ************************************************
>



-- 
Regards
Pradeep Singh
+91-9320216000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060708/d6f17a82/attachment.html>

More information about the Freeradius-Users mailing list