problem in autehtication with EAP-MD5

shantanu choudhary shantanu_843 at yahoo.co.in
Wed May 30 12:35:36 CEST 2007


i changed user file and now what i am getting is:
on client or supplicant side  EAP FAILURE   :-(
response:
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: DISCONNECTED -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - portControl=Auto
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=14
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:03:7f:09:60:a0
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:03:7f:09:60:a0
No keys have been configured - skip key clearing
Associated with 00:03:7f:09:60:a0
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 12 e6 77 bb e2 c5 16 59 16 f3 d7 ed 57 79 14 9d
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): 12 e6 77 bb e2 c5 16 59 16 f3 d7 ed 57 79 14 9d
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 8c 3f 26 07 9d 3a ad b5 37 fb 5a 61 8e a9 c9 04
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 8c 3f 26 07 9d 3a ad b5 37 fb 5a 61 8e a9 c9 04
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 c2 73 c1 bc 8f 95 e1 3e 31 e0 67 5a b0 4e 4b b7
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): c2 73 c1 bc 8f 95 e1 3e 31 e0 67 5a b0 4e 4b b7
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): 7e fc ef e7 cd c7 3d 07 49 80 8a 43 11 10 3c d1
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 7e fc ef e7 cd c7 3d 07 49 80 8a 43 11 10 3c d1
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
EAPOL: SUPP_BE entering state TIMEOUT
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=8):
     74 65 73 74 75 73 65 72                           testuser
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=17): 01 00 00 0d 02 04 00 0d 01 74 65 73 74 75 73 65 72
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=26): 01 00 00 16 01 05 00 16 04 10 01 2d 73 38 fb 62 76 d1 6f bd 47 50 9e bd 9f 21
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
EAP: EAP entering state METHOD
EAP-MD5: Challenge - hexdump(len=16): 01 2d 73 38 fb 62 76 d1 6f bd 47 50 9e bd 9f 21
EAP-MD5: Generating Challenge Response
EAP-MD5: Response - hexdump(len=16): af 0f d8 8c b5 ef 19 2d ac 34 15 84 20 21 6c 2e
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=26): 01 00 00 16 02 05 00 16 04 10 af 0f d8 8c b5 ef 19 2d ac 34 15 84 20 21 6c 2e
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:03:7f:09:60:a0
RX EAPOL - hexdump(len=8): 01 00 00 04 04 05 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state DISCARD
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: startWhen --> 0
Authentication with 00:03:7f:09:60:a0 timed out.
Added BSSID 00:03:7f:09:60:a0 into blacklist
State: ASSOCIATED -> DISCONNECTED

it is getting an EAP-FAILURE and disconnected!!!!!
on server side i am getting::-

rad_recv: Access-Request packet from host 192.168.2.182:1028, id=1, length=177
        Message-Authenticator = 0x4dbd919a94aef63f5f7c98a53564e16a
        Service-Type = Framed-User
        User-Name = "testuser"
        Framed-MTU = 1488
        Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
        Calling-Station-Id = "00-03-7F-05-C0-9C"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x0201000d017465737475736572
        NAS-IP-Address = 192.168.2.182
        NAS-Port = 1
        NAS-Port-Id = "STA port # 1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 13
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry testuser at line 155
  modcall[authorize]: module "files" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 1 to 192.168.2.182 port 1028
        EAP-Message = 0x0102001604100cb0085e760ad18f68b23c2841499fbc
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7896162694484bb6e2351d3dd2fe9be6
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.182:1028, id=2, length=204
        Message-Authenticator = 0x85fab68d100d5316c3033ba5faeaacc1
        Service-Type = Framed-User
        User-Name = "testuser"
        Framed-MTU = 1488
        State = 0x7896162694484bb6e2351d3dd2fe9be6
        Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
        Calling-Station-Id = "00-03-7F-05-C0-9C"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x02020016041090f6880a694790dad2ff127e5e3841aa
        NAS-IP-Address = 192.168.2.182
        NAS-Port = 1
        NAS-Port-Id = "STA port # 1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry testuser at line 155
  modcall[authorize]: module "files" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/md5
  rlm_eap: processing type md5
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 1
modcall: leaving group authenticate (returns ok) for request 1
Sending Access-Accept of id 2 to 192.168.2.182 port 1028
        EAP-Message = 0x03020004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "testuser"
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 465d506e
Cleaning up request 1 ID 2 with timestamp 465d506e
Nothing to do.  Sleeping until we see a request.

it is sending ACCESS ACCEPT but no access reject or failure!!!!
and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!

sorry for disturbing u again n again but can u help me out????
please!!
shantanu

tnt at kalik.co.yu wrote: Your request is accepted but you are picking up an IP adress of
255.255.255.254 from the DEFAULT entry in users file for Service-Type
Framed-User. Assign a proper IP address or address pool in your user
configuration. And put the user before DEFAULT entries.

Ivan Kalik
Kalik Informatika ISP

---snip ---
>    users: Matched entry DEFAULT at line 153
>    users: Matched entry DEFAULT at line 172
>    users: Matched entry testuser at line 216
--- snip ---
>Sending Access-Accept of id 1 to 192.168.2.183 port 1079
>    Framed-IP-Address = 255.255.255.254
>    Framed-MTU = 576
>    Service-Type = Framed-User
>    EAP-Message = 0x03010004
>    Message-Authenticator = 0x00000000000000000000000000000000
>    User-Name = "testuser"
>Finished request 1
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>Cleaning up request 1 ID 1 with timestamp 465abee0
>Nothing to do.  Sleeping until we see a request.
>>>
>can any one help me out it is really important and urgent.
>if u need i will also tell u my radius.conf, eap.conf and users file!!
>thank you
>regards
>shantanu

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




       
---------------------------------
 Download prohibited? No problem! CHAT from any browser, without download.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070530/0c3d9284/attachment.html>


More information about the Freeradius-Users mailing list