eap don't work

Wed Mar 8 14:48:37 CET 2006

hi everybody, i have problems using freeradius 1.0.5, i cann't get it works 
as i hope.  well i installed freeradius in my server and tried to see if 
clients can authenticate, so first tried test over server, my ip is 
192.168.10.1, i generate certificates to use TLS.

this is my users file:

"mec01" 	Auth-Type := EAP

and clients.conf file:

client 192.168.10.1 {
        secret         = clue
        shortname      = www.kill.com

}

i tried put in shortname localhost too, but nothing happen

eap.conf file:

tls {
private_key_file = ${raddbdir}/certs/www.kill.com.pem
certificate_file = ${raddbdir}/certs/www.kill.com.pem
CA_file = ${raddbdir}/certs/demoCA/root.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
...
}

so, i do this:

www:~# radtest mec01 clue www.kill.com 0 clue
Sending Access-Request of id 49 to 192.168.10.1 port 1812
        User-Name = "mec01"
        User-Password = "clue"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_recv: Access-Reject packet from host 192.168.10.1:1812, id=49, length=20

in messages from radius i see this:

rad_recv: Access-Request packet from host 192.168.10.1:32768, id=49, 
length=62        User-Name = "mec01"
        User-Password = "clue"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
rad_rmspace_pair:  User-Password now 'clue'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "mec01", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry mec01 at line 97
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
  modcall[authenticate]: module "eap" returns fail for request 1
modcall: leaving group authenticate (returns fail) for request 1
auth: Failed to validate the user.
Login incorrect: [mec01/clue] (from client localhost port 0)
rad_lowerpair:  User-Name now 'mec01'
rad_rmspace_pair:  User-Name now 'mec01'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "mec01", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry mec01 at line 97
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
  modcall[authenticate]: module "eap" returns fail for request 1
modcall: leaving group authenticate (returns fail) for request 1
auth: Failed to validate the user.
Login incorrect: [mec01/clue] (from client localhost port 0)
Delaying request 1 for 1 seconds
Finished request 1

so i reviewed keys and shared secret and they are correct in server, client 
and CA, i even generate them again.  i see radius says: rlm_eap:Malformed 
EAP Message, so may be i install freeradius in a bad way? or what is 
happening? why server don't authenticate users?

thanks in advance.

_________________________________________________________________
MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/