Problem on WPA-EAP with Linux
Alexandros Gougousoudis
gougousoudis at kh-berlin.de
Mon Aug 13 15:16:02 CEST 2007
Hi,
I'am having trouble to authenticate my linux workstations with
wpa_supplicant to Freeradius (1.1). The Windows Stations are working
fine, but linux is making trouble. The AP is a Linksys WLAN Accesspoint,
as said WPA Radius works, because all Windows Notebooks can login.
I'am doing a WPA over EAP. And my Error is:
Error: rlm_eap: Either EAP-request timed out OR
EAP-response to an unknown EAP-request
After switching on my debug I see this:
rlm_eap: NAK asked for bad type 0
rlm_eap: Failed in EAP select
Which is most certanly the reason why the auth fails. But I'am far away
from knowing the solution. Can you help please?
Below the complete Log of the conversation:
rad_recv: Access-Request packet from host 10.48.244.28:3073, id=1,
length=131
User-Name = "scit-acer"
NAS-IP-Address = 10.48.244.28
Called-Station-Id = "0016b64f44cc"
Calling-Station-Id = "0016cfab64e4"
NAS-Identifier = "0016b64f44cc"
NAS-Port = 43
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000e01736369742d61636572
Message-Authenticator = 0x8b86db463306f78257b8e03600912a5b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry scit-acer at line 14
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 1 to 10.48.244.28 port 3073
EAP-Message = 0x010200060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2f2a1559ef1683126762202eeec3974
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.48.244.28:3073, id=1,
length=141
User-Name = "scit-acer"
NAS-IP-Address = 10.48.244.28
Called-Station-Id = "0016b64f44cc"
Calling-Station-Id = "0016cfab64e4"
NAS-Identifier = "0016b64f44cc"
NAS-Port = 43
Framed-MTU = 1400
State = 0xb2f2a1559ef1683126762202eeec3974
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060300
Message-Authenticator = 0x9a1a879ecba47ab01f2f3410625ceabc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry scit-acer at line 14
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: NAK asked for bad type 0
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: leaving group authenticate (returns invalid) for request 1
auth: Failed to validate the user.
Login incorrect: [scit-acer] (from client khb-buehring port 43 cli
0016cfab64e4)
Delaying request 1 for 1 seconds
Finished request 1
TIA
Alex
More information about the Freeradius-Users
mailing list