problem in autehtication with EAP-MD5

shantanu choudhary shantanu_843 at yahoo.co.in
Thu May 31 10:25:35 CEST 2007


sorry, i tried to attach it but i think it didnt workrd!!
this is my user file:-

#    Please read the documentation file ../doc/processing_users_file,
#    or 'man 5 users' (after installing the server) for more information.
#
#    As of 1.1.4, you SHOULD NOT use Auth-Type.  See "man rlm_pap"
#    for a much better way of dealing with differing passwords.
#    If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK.
#    If you don't set Auth-Type, the server will figure out what to do,
#    and will almost always do the right thing.
#
#    This file contains authentication security and configuration
#    information for each user.  Accounting requests are NOT processed
#    through this file.  Instead, see 'acct_users', in this directory.
#
#    The first field is the user's name and can be up to
#    253 characters in length.  This is followed (on the same line) with
#    the list of authentication requirements for that user.  This can
#    include password, comm server name, comm server port number, protocol
#    type (perhaps set by the "hints" file), and huntgroup name (set by
#    the "huntgroups" file).
#
#    Indented (with the tab character) lines following the first
#    line indicate the configuration values to be passed back to
#    the comm server to allow the initiation of a user session.
#    This can include things like the PPP configuration values
#    or the host to log the user onto.
#
#    If you are not sure why a particular reply is being sent by the
#    server, then run the server in debugging mode (radiusd -X), and
#    you will see which entries in this file are matched.
#
#    When an authentication request is received from the comm server,
#    these values are tested. Only the first match is used unless the
#    "Fall-Through" variable is set to "Yes".
#
#    A special user named "DEFAULT" matches on all usernames.
#    You can have several DEFAULT entries. All entries are processed
#    in the order they appear in this file. The first entry that
#    matches the login-request will stop processing unless you use
#    the Fall-Through variable.
#
#    You can include another `users' file with `$INCLUDE users.other'
#

#
#    For a list of RADIUS attributes, and links to their definitions,
#    see:
#
#    http://www.freeradius.org/rfc/attributes.html
#

#
# Deny access for a specific user.  Note that this entry MUST
# be before any other 'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuser    Auth-Type := Reject
#        Reply-Message = "Your account has been disabled."

#
# Deny access for a group of users.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#DEFAULT    Group == "disabled", Auth-Type := Reject
#        Reply-Message = "Your account has been disabled."
#

#
# This is a complete entry for "steve". Note that there is no Fall-Through
# entry so that no DEFAULT entry will be used, and the user will NOT
# get any attributes in addition to the ones listed here.
#
#steve    Cleartext-Password := "testing"
#    Service-Type = Framed-User,
#    Framed-Protocol = PPP,
#    Framed-IP-Address = 172.16.3.33,
#    Framed-IP-Netmask = 255.255.255.0,
#    Framed-Routing = Broadcast-Listen,
#    Framed-Filter-Id = "std.ppp",
#    Framed-MTU = 1500,
#    Framed-Compression = Van-Jacobsen-TCP-IP

#
# This is an entry for a user with a space in their name.
# Note the double quotes surrounding the name.
#
#"John Doe"    Cleartext-Password := "hello"
#        Reply-Message = "Hello, %u"

#
# Dial user back and telnet to the default host for that port
#
#Deg    Cleartext-Password := "ge55ged"
#    Service-Type = Callback-Login-User,
#    Login-IP-Host = 0.0.0.0,
#    Callback-Number = "9,5551212",
#    Login-Service = Telnet,
#    Login-TCP-Port = Telnet

#
# Another complete entry. After the user "dialbk" has logged in, the
# connection will be broken and the user will be dialed back after which
# he will get a connection to the host "timeshare1".
#
#dialbk    Cleartext-Password := "callme"
#    Service-Type = Callback-Login-User,
#    Login-IP-Host = timeshare1,
#    Login-Service = PortMaster,
#    Callback-Number = "9,1-800-555-1212"

#
# user "swilson" will only get a static IP number if he logs in with
# a framed protocol on a terminal server in Alphen (see the huntgroups file).
#
# Note that by setting "Fall-Through", other attributes will be added from
# the following DEFAULT entries
#
#swilson    Service-Type == Framed-User, Huntgroup-Name == "alphen"
#        Framed-IP-Address = 192.168.1.65,
#        Fall-Through = Yes

#
# If the user logs in as 'username.shell', then authenticate them
# against the system database, give them shell access, and stop processing
# the rest of the file.
#
# Note that authenticating against an /etc/passwd file works ONLY for PAP,
# and not for CHAP, MS-CHAP, or EAP.
#
#DEFAULT    Suffix == ".shell", Auth-Type := System
#        Service-Type = Login-User,
#        Login-Service = Telnet,
#        Login-IP-Host = your.shell.machine


#
# The rest of this file contains the several DEFAULT entries.
# DEFAULT entries match with all login names.
# Note that DEFAULT entries can also Fall-Through (see first entry).
# A name-value pair from a DEFAULT entry will _NEVER_ override
# an already existing name-value pair.
#

#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#

testuser        Password = "whatever"

DEFAULT    Auth-Type = System
    Fall-Through = 1

#
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULT    Service-Type == Framed-User, Huntgroup-Name == "alphen"
#        Framed-IP-Address = 192.168.1.32+,
#        Fall-Through = Yes

#DEFAULT    Service-Type == Framed-User, Huntgroup-Name == "delft"
#        Framed-IP-Address = 192.168.2.32+,
#        Fall-Through = Yes

#
# Defaults for all framed connections.
#
DEFAULT    Service-Type == Framed-User
    Framed-IP-Address = 192.168.2.132,
    Framed-MTU = 576,
    Service-Type = Framed-User,
    Fall-Through = Yes

#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
#    by the terminal server in which case there may not be a "P" suffix.
#    The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT    Framed-Protocol == PPP
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT    Hint == "CSLIP"
    Framed-Protocol = SLIP,
    Framed-Compression = Van-Jacobson-TCP-IP

#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT    Hint == "SLIP"
    Framed-Protocol = SLIP

#
# Last default: rlogin to our main server.
#
#DEFAULT
#    Service-Type = Login-User,
#    Login-Service = Rlogin,
#    Login-IP-Host = shellbox.ispdomain.com

# #
# # Last default: shell on the local terminal server.
# #
# DEFAULT
#     Service-Type = Shell-User

# On no match, the user is denied access.
hope it help u to figure out the problem
thanks again for ur help
regards 
shantanu

tnt at kalik.co.yu wrote: You haven't posted your users file.

Ivan Kalik
Kalik Informatika ISP


Dana 31/5/2007, "shantanu choudhary"  pi¹e:

>this is server side output!!!!
>
>rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177
>        Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982
>        Service-Type = Framed-User
>        User-Name = "testuser"
>        Framed-MTU = 1488
>        Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
>        Calling-Station-Id = "00-03-7F-05-C0-9C"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = "CONNECT 54Mbps 802.11g"
>        EAP-Message = 0x0204000d017465737475736572
>        NAS-IP-Address = 192.168.2.182
>        NAS-Port = 1
>        NAS-Port-Id = "STA port # 1"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 20
>  modcall[authorize]: module "preprocess" returns ok for request 20
>  modcall[authorize]: module "chap" returns noop for request 20
>  modcall[authorize]: module "mschap" returns noop for request 20
>    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 20
>  rlm_eap: EAP packet type response id 4 length 13
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 20
>    users: Matched entry testuser at line 155
>  modcall[authorize]: module "files" returns ok for request 20
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 20
>modcall: leaving group authorize (returns updated) for request 20
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 20
>  rlm_eap: EAP Identity
>  rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
>  modcall[authenticate]: module "eap" returns handled for request 20
>modcall: leaving group authenticate (returns handled) for request 20
>Sending Access-Challenge of id 4 to 192.168.2.182 port 1027
>        EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x4f68ec51f7791041fc61be6441d9ea92
>Finished request 20
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204
>        Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc
>        Service-Type = Framed-User
>        User-Name = "testuser"
>        Framed-MTU = 1488
>        State = 0x4f68ec51f7791041fc61be6441d9ea92
>        Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
>        Calling-Station-Id = "00-03-7F-05-C0-9C"
>        NAS-Port-Type = Wireless-802.11
>        Connect-Info = "CONNECT 54Mbps 802.11g"
>        EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1
>        NAS-IP-Address = 192.168.2.182
>        NAS-Port = 1
>        NAS-Port-Id = "STA port # 1"
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 21
>  modcall[authorize]: module "preprocess" returns ok for request 21
>  modcall[authorize]: module "chap" returns noop for request 21
>  modcall[authorize]: module "mschap" returns noop for request 21
>    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 21
>  rlm_eap: EAP packet type response id 5 length 22
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 21
>    users: Matched entry testuser at line 155
>  modcall[authorize]: module "files" returns ok for request 21
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 21
>modcall: leaving group authorize (returns updated) for request 21
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 21
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/md5
>  rlm_eap: processing type md5
>  rlm_eap: Freeing handler
>  modcall[authenticate]: module "eap" returns ok for request 21
>modcall: leaving group authenticate (returns ok) for request 21
>Sending Access-Accept of id 5 to 192.168.2.182 port 1027
>        EAP-Message = 0x03050004
>        Message-Authenticator = 0x00000000000000000000000000000000
>        User-Name = "testuser"
>Finished request 21
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>
>it is sending an access accept packet!!!
>my user file is like this:-
>its an attachment(users)
>thanks for ur help,
>
>regards
>shantanu
>
>tnt at kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd
>-X output and your users file.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 31/5/2007, "shantanu choudhary"  pi¹e:
>
>>hello,
>>this is my client side output:
>>Authentication with 00:03:7f:09:60:a0 timed out.
>>Added BSSID 00:03:7f:09:60:a0 into blacklist
>>State: ASSOCIATED -> DISCONNECTED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>wpa_driver_wext_disassociate
>>No keys have been configured - skip key clearing
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
>>EAPOL: SUPP_BE entering state INITIALIZE
>>EAP: EAP entering state DISABLED
>>EAPOL: External notification - portValid=0
>>Setting scan request: 0 sec 0 usec
>>State: DISCONNECTED -> SCANNING
>>Starting AP scan (specific SSID)
>>Scan SSID - hexdump_ascii(len=6):
>>     41 54 48 31 38 32                                 ATH182
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2
>>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>>State: SCANNING -> DISCONNECTED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>EAPOL: External notification - portEnabled=0
>>EAPOL: External notification - portValid=0
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b19 len=8
>>Received 1844 bytes of scan results (7 BSSes)
>>Scan results: 7
>>Selecting BSS from priority group 0
>>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>>   skip - SSID mismatch
>>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>>   skip - blacklisted
>>2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>>   skip - no WPA/RSN IE
>>3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>>   skip - no WPA/RSN IE
>>4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>>   skip - no WPA/RSN IE
>>5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>>   skip - no WPA/RSN IE
>>6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>>   skip - no WPA/RSN IE
>>No APs found - clear blacklist and try again
>>Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear)
>>Selecting BSS from priority group 0
>>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>>   skip - SSID mismatch
>>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>>   selected based on RSN IE
>>Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz)
>>Cancelling scan request
>>WPA: clearing own WPA/RSN IE
>>Automatic auth_alg selection: 0x1
>>RSN: using IEEE 802.11i/D9.0
>>WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2
>>WPA: clearing AP WPA IE
>>WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00
>>WPA: using GTK TKIP
>>WPA: using PTK CCMP
>>WPA: using KEY_MGMT 802.1X
>>WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
>>No keys have been configured - skip key clearing
>>wpa_driver_wext_set_drop_unencrypted
>>State: DISCONNECTED -> ASSOCIATING
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>wpa_driver_wext_associate
>>Setting authentication timeout: 10 sec 0 usec
>>EAPOL: External notification - portControl=Auto
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b06 len=8
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b04 len=12
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b1a len=14
>>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:03:7f:09:60:a0
>>State: ASSOCIATING -> ASSOCIATED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>Associated to a new BSS: BSSID=00:03:7f:09:60:a0
>>No keys have been configured - skip key clearing
>>Associated with 00:03:7f:09:60:a0
>>WPA: Association event - clear replay counter
>>EAPOL: External notification - portEnabled=0
>>EAPOL: External notification - portValid=0
>>EAPOL: External notification - portEnabled=1
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>Setting authentication timeout: 10 sec 0 usec
>>Cancelling scan request
>>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01
>>Setting authentication timeout: 70 sec 0 usec
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>>     74 65 73 74 75 73 65 72                           testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
>>EAP: EAP entering state GET_METHOD
>>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>>EAP: EAP entering state METHOD
>>EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>>EAP-MD5: Generating Challenge Response
>>EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Failure
>>EAP: EAP entering state DISCARD
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RECEIVE
>>EAPOL: startWhen --> 0
>>EAPOL: authWhile --> 0
>>EAPOL: SUPP_BE entering state TIMEOUT
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>>     74 65 73 74 75 73 65 72                           testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0
>>EAP: EAP entering state GET_METHOD
>>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>>EAP: EAP entering state METHOD
>>EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>>EAP-MD5: Generating Challenge Response
>>EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Failure
>>EAP: EAP entering state DISCARD
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RECEIVE
>>EAPOL: startWhen --> 0
>>EAPOL: authWhile --> 0
>>EAPOL: SUPP_BE entering state TIMEOUT
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>>     74 65 73 74 75 73 65 72                           testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>
>>
>>the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!!
>>i am not able to figure out the problem output of server is same as that in earlier mail,
>>one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!!
>>it is all messed up, please do reply for this prob!!!
>>regards
>>shantanu
>>
>>tnt at kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a
>>problem if you are doing DHCP. Otherwise you need to return IP address,
>>netmask, MTU, Service-Type, DNS servers etc.
>>
>>Leave that Framed-User DEFAULT entry alone - it should be there. You need
>>to add stuff to your user config:
>>
>>testuser   Cleartext-Password:=yourpassword
>>                Framed-IP-Address=1.2.3.4
>>                Framed-MTU=yourMTU
>>                Framed-IP-Netmask=255.255.255.255
>>etc.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 30/5/2007, "shantanu choudhary"  pi¹e:
>>
>>--- snip ---
>>>Sending Access-Accept of id 2 to 192.168.2.182 port 1028
>>>        EAP-Message = 0x03020004
>>>        Message-Authenticator = 0x00000000000000000000000000000000
>>>        User-Name = "testuser"
>>>Finished request 1
>>>Going to the next request
>>>Waking up in 6 seconds...
>>>--- Walking the entire request list ---
>>>Cleaning up request 0 ID 1 with timestamp 465d506e
>>>Cleaning up request 1 ID 2 with timestamp 465d506e
>>>Nothing to do.  Sleeping until we see a request.
>>>
>>>it is sending ACCESS ACCEPT but no access reject or failure!!!!
>>>and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
>>>
>>>sorry for disturbing u again n again but can u help me out????
>>>please!!
>>>shantanu
>>>
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>>---------------------------------
>> Did you know? You can CHAT without downloading messenger.  Know how!
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
>---------------------------------
> Download prohibited? No problem! CHAT from any browser, without download.
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




       
---------------------------------
 Download prohibited? No problem! CHAT from any browser, without download.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070531/1b37be8f/attachment.html>


More information about the Freeradius-Users mailing list