The EAP Saga begins.

[Evan Vittitow]

Here is the result of my first attempt.  I added a Pukey-EAP entry in
the LDAP tree but it didn't do much good. And I can't tell whats the
matter with my CA.

rad_recv: Access-Request packet from host 192.168.0.250:1110, id=8,
length=159
        User-Name = "Pukey-EAP"
        Cisco-AVPair = "ssid=Pukey-EAP"
        NAS-IP-Address = 192.168.0.250
        Called-Station-Id = "004096285ceb"
        Calling-Station-Id = "00095b679ccf"
        NAS-Identifier = "AP340-285ceb"
        NAS-Port = 37
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Service-Type = Login-User
        EAP-Message = 0x020d000e0150756b65792d454150
        Message-Authenticator = 0xebe4683da315ee95109c4736a19a37cd
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Pukey-EAP
radius_xlat:  '(uid=Pukey-EAP)'
radius_xlat:  'dc=pukey'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=pukey, with filter (uid=Pukey-EAP)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns notfound for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "Pukey-EAP", looking up realm NULL
    rlm_realm: Found realm "NULL"
    rlm_realm: Adding Stripped-User-Name = "Pukey-EAP"
    rlm_realm: Proxying request from user Pukey-EAP to realm NULL
    rlm_realm: Adding Realm = "NULL"
    rlm_realm: Authentication realm is LOCAL.
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 13 length 14
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
  modcall[authorize]: module "files" returns notfound for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 8 to 192.168.0.250 port 1110
        EAP-Message = 0x010e00061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe5a40fabb5846577f6543672d9313801
Finished request 7
Going to the next request

Here is my /etc/xsupplicant.conf

network_list = all
default_netname = Pukey-EAP

Pukey-EAP
{
        type = wireless
        allow_types = eap_peap
        identity = Pukey-EAP
        eap-peap {
                random_file = /dev/urandom
                root_cert = /etc/raddb/certs/root.pem
                chunk_size = 1398
                allow_types = eap_mschapv2
        eap-mschapv2 {
                username = User
                password = Password
                }
        }
}

I've created a SSID called Pukey-EAP it requires EAP.