EAP-MD5client"rlm_eap_md5 : Password is required for EAP-MD5Authentication...

rick norman gumbo_2007 at bsdmail.com
Mon Aug 6 23:26:26 CEST 2007


Found the problem.  I drilled down and looked at the rlm_eap_md5.c code
and realized my client was building the challenge response improperly.
Thanks for your help.
Rick Norman
rnorman at ikaika.com

Thanks for your help.

> ----- Original Message -----
> From: tnt at kalik.co.yu
> To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Subject: Re: EAP-MD5client"rlm_eap_md5 : Password is required for	EAP-MD5Authentication...
> Date: Mon, 06 Aug 2007 21:20:53 +0100
> 
> 
> Send a (PAP) request with radtest. Does that work?
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> 
> Dana 6/8/2007, "rick norman" <gumbo_2007 at bsdmail.com> piše:
> 
> > I'm using freeradius version1.1.0_2 on freebsd 6.1.
> > The radius client is running locally and talks to radiusd through
> > loopback.
> > The users file in raddb contains the line
> >
> > con_d User-Password == con_d Following is radiusd -X output.  I 
> > don't understand the failure.
> >
> > rad_recv: Access-Request packet from host 127.0.0.1:56788, id=190, length=63
> >         User-Name = "con_d"
> >         NAS-Identifier = "rick"
> >         Message-Authenticator = 0x8427e9ce00df09446ca9130a3ade1de8
> >         EAP-Message = 0x0200000a01636f6e5f64
> >   Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 0
> >   modcall[authorize]: module "preprocess" returns ok for request 0
> >   modcall[authorize]: module "chap" returns noop for request 0
> >   modcall[authorize]: module "mschap" returns noop for request 0
> >     rlm_realm: No '@' in User-Name = "con_d", looking up realm NULL
> >     rlm_realm: No such realm "NULL"
> >   modcall[authorize]: module "suffix" returns noop for request 0
> >   rlm_eap: EAP packet type response id 0 length 10
> >   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> >   modcall[authorize]: module "eap" returns updated for request 0
> >     users: Matched entry con_d at line 138
> >   modcall[authorize]: module "files" returns ok for request 0
> > modcall: leaving group authorize (returns updated) for request 0
> >   rad_check_password:  Found Auth-Type EAP
> > auth: type "EAP"
> >   Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 0
> >   rlm_eap: EAP Identity
> >   rlm_eap: processing type md5
> > rlm_eap_md5: Issuing Challenge
> >   modcall[authenticate]: module "eap" returns handled for request 0
> > modcall: leaving group authenticate (returns handled) for request 0
> > Sending Access-Challenge of id 190 to 127.0.0.1 port 56788
> >         EAP-Message = 0x010100160410223177b20b1d22da8c79e2c0a8562196
> >         Message-Authenticator = 0x00000000000000000000000000000000
> >         State = 0x93fe786c1b3d77b98c0e87dc406bbd88
> > Finished request 0
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 127.0.0.1:56788, id=191, length=93
> >         User-Name = "con_d"
> >         NAS-Identifier = "rick"
> >         State = 0x93fe786c1b3d77b98c0e87dc406bbd88
> >         Message-Authenticator = 0xf3b427506614646b12ec161a2be00033
> >         EAP-Message = 0x02010016041037ab0f881c1fa98e477b0a5ad546b160
> >   Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 1
> >   modcall[authorize]: module "preprocess" returns ok for request 1
> >   modcall[authorize]: module "chap" returns noop for request 1
> >   modcall[authorize]: module "mschap" returns noop for request 1
> >     rlm_realm: No '@' in User-Name = "con_d", looking up realm NULL
> >     rlm_realm: No such realm "NULL"
> >   modcall[authorize]: module "suffix" returns noop for request 1
> >   rlm_eap: EAP packet type response id 1 length 22
> >   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> >   modcall[authorize]: module "eap" returns updated for request 1
> >     users: Matched entry con_d at line 138
> >   modcall[authorize]: module "files" returns ok for request 1
> > modcall: leaving group authorize (returns updated) for request 1
> >   rad_check_password:  Found Auth-Type EAP
> > auth: type "EAP"
> >   Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 1
> >   rlm_eap: Request found, released from the list
> >   rlm_eap: EAP/md5
> >   rlm_eap: processing type md5
> >   rlm_eap: Freeing handler
> >   modcall[authenticate]: module "eap" returns reject for request 1
> > modcall: leaving group authenticate (returns reject) for request 1
> > auth: Failed to validate the user.
> > Delaying request 1 for 1 seconds
> > Finished request 1
> > Going to the next request
> > Waking up in 6 seconds...
> > --- Walking the entire request list ---
> > Cleaning up request 0 ID 190 with timestamp 46b76f06
> > Sending Access-Reject of id 191 to 127.0.0.1 port 56788
> >         EAP-Message = 0x04010004
> >         Message-Authenticator = 0x00000000000000000000000000000000
> > Cleaning up request 1 ID 191 with timestamp 46b76f06
> > Nothing to do.  Sleeping until we see a request.
> >
> >
> > -- _______________________________________________
> > Get your free email from http://bsdmail.com
> >
> >
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

>


-- 
_______________________________________________
Get your free email from http://bsdmail.com




More information about the Freeradius-Users mailing list