no username attribute

Norbert Grochal norboro at celpol.pl
Sat Mar 4 11:39:20 CET 2006 

Hi!

My users don't use windows xp "zero configuration" service for wifi. They use Ralink Configurator with profiles.
Auth EAP/PEAP.
Sometimes after reboot AP or 'unhibernate' Windows XP freeradius logs packets with no User-Name attribute:

rad_recv: Access-Request packet from host 10.10.10.9:2048, id=115, length=155
        NAS-IP-Address = 10.10.10.9
        NAS-Port = 0
        Called-Station-Id = "00304f41e217"
        Calling-Station-Id = "000e2e74b798"
        NAS-Identifier = "Realtek Access Point. 8181"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Service-Type = Framed-User
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0200000501
        Message-Authenticator = 0xebaa8690af8e44f2aa18020db98b43a2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 340
  modcall[authorize]: module "preprocess" returns ok for request 340
radius_xlat:  '/usr/local/var/log/radius/radacct/10.10.10.9/auth-detail-20060304'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.9/auth-detail-20060304
  modcall[authorize]: module "auth_log" returns ok for request 340
  modcall[authorize]: module "chap" returns noop for request 340
  modcall[authorize]: module "mschap" returns noop for request 340
    rlm_realm: Proxy reply, or no User-Name.  Ignoring.
  modcall[authorize]: module "suffix" returns noop for request 340
  rlm_eap: EAP packet type response id 0 length 5
!!!!!!  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 340
  modcall[authorize]: module "files" returns notfound for request 340
!!!!!! rlm_sql (sql): zero length username not permitted
  modcall[authorize]: module "sql" returns invalid for request 340
modcall: leaving group authorize (returns invalid) for request 340
!!!!!! Invalid user: [<no User-Name attribute>] (from client AP9 port 0 cli 000e2e74b798)
Delaying request 340 for 1 seconds

And user must restart computer to connect to AP...

It is possible to set freeradius not to check User-Name? I use User-Name for logging purposes only. freeradius gets login and password from PEAP and authorize even if User-Name is anything.
What should I do?

Norbert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060304/7b556598/attachment.html>

More information about the Freeradius-Users mailing list