One question about Access-Request packet

Rafał Kamiński rafal.kaminski at blstream.com
Thu Jan 18 13:03:12 CET 2007 

Hi again,

I set EAP-TLS with cert. - i use that text
http://www.fredprod.com/affiche_howtos.php

but ...

i set in radius.conf

authorize {
	files
}

and

authenticate {
	eap
}

and in users file

"username-the same what in cert" Auth-Type := EAP

but in debug mode i see:



-------------------
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=135
        User-Name = "rka"
        NAS-IP-Address = 192.168.1.245
        Called-Station-Id = "001217694588"
        Calling-Station-Id = "0014a41e7112"
        NAS-Identifier = "001217694588"
        NAS-Port = 61
        Framed-MTU = 1400
        State = 0x7fb3974e3abaf6925a5284b2338f93a6
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020400061900
        Message-Authenticator = 0xd8e04dc8793f5401249372587b5867df
Thu Jan 18 11:42:51 2007 : Debug:   Processing the authorize section of
radiusd.conf
Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authorize for
request 3
Thu Jan 18 11:42:51 2007 : Debug:   modsingle[authorize]: calling files
(rlm_files) for request 3
Thu Jan 18 11:42:51 2007 : Debug:     users: Matched entry rka at line 141
Thu Jan 18 11:42:51 2007 : Debug:   modsingle[authorize]: returned from
files (rlm_files) for request 3
Thu Jan 18 11:42:51 2007 : Debug:   modcall[authorize]: module "files"
returns ok for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authorize
(returns ok) for request 3
Thu Jan 18 11:42:51 2007 : Debug:   rad_check_password:  Found Auth-Type EAP
Thu Jan 18 11:42:51 2007 : Debug: auth: type "EAP"
Thu Jan 18 11:42:51 2007 : Debug:   Processing the authenticate section
of radiusd.conf
Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authenticate
for request 3
Thu Jan 18 11:42:51 2007 : Debug:   modsingle[authenticate]: calling eap
(rlm_eap) for request 3
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap: Request found, released
from the list
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap: EAP/peap
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap: processing type peap
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap_peap: Authenticate
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap_tls: processing TLS
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap_tls: ack handshake fragment
handler
Thu Jan 18 11:42:51 2007 : Debug:   eaptls_verify returned 1
Thu Jan 18 11:42:51 2007 : Debug:   eaptls_process returned 13
Thu Jan 18 11:42:51 2007 : Debug:   rlm_eap_peap: EAPTLS_HANDLED
Thu Jan 18 11:42:51 2007 : Debug:   modsingle[authenticate]: returned
from eap (rlm_eap) for request 3
Thu Jan 18 11:42:51 2007 : Debug:   modcall[authenticate]: module "eap"
returns handled for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authenticate
(returns handled) for request 3
Sending Access-Challenge of id 0 to 192.168.1.245 port 3072
        EAP-Message = 0x010500061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xdaf79644eaea9256a1b9537be3c3f7bc
-------------------

What i must change to be good auth ?


And

How i must set authentication and authorize if i will use that in future
with ldap?


BR,

Rafal Kaminski

More information about the Freeradius-Users mailing list