problem in autehtication with EAP-MD5

tnt at kalik.co.yu tnt at kalik.co.yu
Thu May 31 08:52:39 CEST 2007


Client output isn't showing Access-Accept packet content. Post radiusd
-X output and your users file.

Ivan Kalik
Kalik Informatika ISP


Dana 31/5/2007, "shantanu choudhary" <shantanu_843 at yahoo.co.in> piše:

>hello,
>this is my client side output:
>Authentication with 00:03:7f:09:60:a0 timed out.
>Added BSSID 00:03:7f:09:60:a0 into blacklist
>State: ASSOCIATED -> DISCONNECTED
>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>WEXT: Operstate: linkmode=-1, operstate=5
>wpa_driver_wext_disassociate
>No keys have been configured - skip key clearing
>EAPOL: External notification - portEnabled=0
>EAPOL: SUPP_PAE entering state DISCONNECTED
>EAPOL: SUPP_BE entering state INITIALIZE
>EAP: EAP entering state DISABLED
>EAPOL: External notification - portValid=0
>Setting scan request: 0 sec 0 usec
>State: DISCONNECTED -> SCANNING
>Starting AP scan (specific SSID)
>Scan SSID - hexdump_ascii(len=6):
>     41 54 48 31 38 32                                 ATH182
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>Wireless event: cmd=0x8b15 len=20
>Wireless event: new AP: 00:00:00:00:00:00
>BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2
>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
>wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
>wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>State: SCANNING -> DISCONNECTED
>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>WEXT: Operstate: linkmode=-1, operstate=5
>EAPOL: External notification - portEnabled=0
>EAPOL: External notification - portValid=0
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>Wireless event: cmd=0x8b19 len=8
>Received 1844 bytes of scan results (7 BSSes)
>Scan results: 7
>Selecting BSS from priority group 0
>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>   skip - SSID mismatch
>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>   skip - blacklisted
>2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>   skip - no WPA/RSN IE
>3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>   skip - no WPA/RSN IE
>4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>   skip - no WPA/RSN IE
>5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>   skip - no WPA/RSN IE
>6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>   skip - no WPA/RSN IE
>No APs found - clear blacklist and try again
>Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear)
>Selecting BSS from priority group 0
>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>   skip - SSID mismatch
>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>   selected based on RSN IE
>Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz)
>Cancelling scan request
>WPA: clearing own WPA/RSN IE
>Automatic auth_alg selection: 0x1
>RSN: using IEEE 802.11i/D9.0
>WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2
>WPA: clearing AP WPA IE
>WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00
>WPA: using GTK TKIP
>WPA: using PTK CCMP
>WPA: using KEY_MGMT 802.1X
>WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
>No keys have been configured - skip key clearing
>wpa_driver_wext_set_drop_unencrypted
>State: DISCONNECTED -> ASSOCIATING
>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>WEXT: Operstate: linkmode=-1, operstate=5
>wpa_driver_wext_associate
>Setting authentication timeout: 10 sec 0 usec
>EAPOL: External notification - portControl=Auto
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>Wireless event: cmd=0x8b06 len=8
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>Wireless event: cmd=0x8b04 len=12
>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>Wireless event: cmd=0x8b1a len=14
>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>Wireless event: cmd=0x8b15 len=20
>Wireless event: new AP: 00:03:7f:09:60:a0
>State: ASSOCIATING -> ASSOCIATED
>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>WEXT: Operstate: linkmode=-1, operstate=5
>Associated to a new BSS: BSSID=00:03:7f:09:60:a0
>No keys have been configured - skip key clearing
>Associated with 00:03:7f:09:60:a0
>WPA: Association event - clear replay counter
>EAPOL: External notification - portEnabled=0
>EAPOL: External notification - portValid=0
>EAPOL: External notification - portEnabled=1
>EAPOL: SUPP_PAE entering state CONNECTING
>EAPOL: SUPP_BE entering state IDLE
>EAP: EAP entering state INITIALIZE
>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>EAP: EAP entering state IDLE
>Setting authentication timeout: 10 sec 0 usec
>Cancelling scan request
>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01
>Setting authentication timeout: 70 sec 0 usec
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_PAE entering state RESTART
>EAP: EAP entering state INITIALIZE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_PAE entering state AUTHENTICATING
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
>EAP: EAP entering state IDENTITY
>CTRL-EVENT-EAP-STARTED EAP authentication started
>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>EAP: using real identity - hexdump_ascii(len=8):
>     74 65 73 74 75 73 65 72                           testuser
>EAP: EAP entering state SEND_RESPONSE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RESPONSE
>EAPOL: txSuppRsp
>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72
>EAPOL: SUPP_BE entering state RECEIVE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
>EAP: EAP entering state GET_METHOD
>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>EAP: EAP entering state METHOD
>EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>EAP-MD5: Generating Challenge Response
>EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>EAP: EAP entering state SEND_RESPONSE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RESPONSE
>EAPOL: txSuppRsp
>TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>EAPOL: SUPP_BE entering state RECEIVE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Failure
>EAP: EAP entering state DISCARD
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RECEIVE
>EAPOL: startWhen --> 0
>EAPOL: authWhile --> 0
>EAPOL: SUPP_BE entering state TIMEOUT
>EAPOL: SUPP_PAE entering state CONNECTING
>EAPOL: SUPP_BE entering state IDLE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_PAE entering state RESTART
>EAP: EAP entering state INITIALIZE
>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_PAE entering state AUTHENTICATING
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0
>EAP: EAP entering state IDENTITY
>CTRL-EVENT-EAP-STARTED EAP authentication started
>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>EAP: using real identity - hexdump_ascii(len=8):
>     74 65 73 74 75 73 65 72                           testuser
>EAP: EAP entering state SEND_RESPONSE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RESPONSE
>EAPOL: txSuppRsp
>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72
>EAPOL: SUPP_BE entering state RECEIVE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0
>EAP: EAP entering state GET_METHOD
>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>EAP: EAP entering state METHOD
>EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>EAP-MD5: Generating Challenge Response
>EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>EAP: EAP entering state SEND_RESPONSE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RESPONSE
>EAPOL: txSuppRsp
>TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>EAPOL: SUPP_BE entering state RECEIVE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Failure
>EAP: EAP entering state DISCARD
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RECEIVE
>EAPOL: startWhen --> 0
>EAPOL: authWhile --> 0
>EAPOL: SUPP_BE entering state TIMEOUT
>EAPOL: SUPP_PAE entering state CONNECTING
>EAPOL: SUPP_BE entering state IDLE
>RX EAPOL from 00:03:7f:09:60:a0
>RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01
>EAPOL: Received EAP-Packet frame
>EAPOL: SUPP_PAE entering state RESTART
>EAP: EAP entering state INITIALIZE
>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_PAE entering state AUTHENTICATING
>EAPOL: SUPP_BE entering state REQUEST
>EAPOL: getSuppRsp
>EAP: EAP entering state RECEIVED
>EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0
>EAP: EAP entering state IDENTITY
>CTRL-EVENT-EAP-STARTED EAP authentication started
>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>EAP: using real identity - hexdump_ascii(len=8):
>     74 65 73 74 75 73 65 72                           testuser
>EAP: EAP entering state SEND_RESPONSE
>EAP: EAP entering state IDLE
>EAPOL: SUPP_BE entering state RESPONSE
>
>
>the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!!
>i am not able to figure out the problem output of server is same as that in earlier mail,
>one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!!
>it is all messed up, please do reply for this prob!!!
>regards
>shantanu
>
>tnt at kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a
>problem if you are doing DHCP. Otherwise you need to return IP address,
>netmask, MTU, Service-Type, DNS servers etc.
>
>Leave that Framed-User DEFAULT entry alone - it should be there. You need
>to add stuff to your user config:
>
>testuser   Cleartext-Password:=yourpassword
>                Framed-IP-Address=1.2.3.4
>                Framed-MTU=yourMTU
>                Framed-IP-Netmask=255.255.255.255
>etc.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 30/5/2007, "shantanu choudhary"  piše:
>
>--- snip ---
>>Sending Access-Accept of id 2 to 192.168.2.182 port 1028
>>        EAP-Message = 0x03020004
>>        Message-Authenticator = 0x00000000000000000000000000000000
>>        User-Name = "testuser"
>>Finished request 1
>>Going to the next request
>>Waking up in 6 seconds...
>>--- Walking the entire request list ---
>>Cleaning up request 0 ID 1 with timestamp 465d506e
>>Cleaning up request 1 ID 2 with timestamp 465d506e
>>Nothing to do.  Sleeping until we see a request.
>>
>>it is sending ACCESS ACCEPT but no access reject or failure!!!!
>>and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
>>
>>sorry for disturbing u again n again but can u help me out????
>>please!!
>>shantanu
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
>---------------------------------
> Did you know? You can CHAT without downloading messenger.  Know how!
>




More information about the Freeradius-Users mailing list