problem in autehtication with EAP-MD5
shantanu choudhary
shantanu_843 at yahoo.co.in
Thu May 31 10:25:35 CEST 2007
sorry, i tried to attach it but i think it didnt workrd!!
this is my user file:-
# Please read the documentation file ../doc/processing_users_file,
# or 'man 5 users' (after installing the server) for more information.
#
# As of 1.1.4, you SHOULD NOT use Auth-Type. See "man rlm_pap"
# for a much better way of dealing with differing passwords.
# If you set Auth-Type, SOME AUTHENTICATION METHODS WILL NOT WORK.
# If you don't set Auth-Type, the server will figure out what to do,
# and will almost always do the right thing.
#
# This file contains authentication security and configuration
# information for each user. Accounting requests are NOT processed
# through this file. Instead, see 'acct_users', in this directory.
#
# The first field is the user's name and can be up to
# 253 characters in length. This is followed (on the same line) with
# the list of authentication requirements for that user. This can
# include password, comm server name, comm server port number, protocol
# type (perhaps set by the "hints" file), and huntgroup name (set by
# the "huntgroups" file).
#
# Indented (with the tab character) lines following the first
# line indicate the configuration values to be passed back to
# the comm server to allow the initiation of a user session.
# This can include things like the PPP configuration values
# or the host to log the user onto.
#
# If you are not sure why a particular reply is being sent by the
# server, then run the server in debugging mode (radiusd -X), and
# you will see which entries in this file are matched.
#
# When an authentication request is received from the comm server,
# these values are tested. Only the first match is used unless the
# "Fall-Through" variable is set to "Yes".
#
# A special user named "DEFAULT" matches on all usernames.
# You can have several DEFAULT entries. All entries are processed
# in the order they appear in this file. The first entry that
# matches the login-request will stop processing unless you use
# the Fall-Through variable.
#
# You can include another `users' file with `$INCLUDE users.other'
#
#
# For a list of RADIUS attributes, and links to their definitions,
# see:
#
# http://www.freeradius.org/rfc/attributes.html
#
#
# Deny access for a specific user. Note that this entry MUST
# be before any other 'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuser Auth-Type := Reject
# Reply-Message = "Your account has been disabled."
#
# Deny access for a group of users.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#DEFAULT Group == "disabled", Auth-Type := Reject
# Reply-Message = "Your account has been disabled."
#
#
# This is a complete entry for "steve". Note that there is no Fall-Through
# entry so that no DEFAULT entry will be used, and the user will NOT
# get any attributes in addition to the ones listed here.
#
#steve Cleartext-Password := "testing"
# Service-Type = Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address = 172.16.3.33,
# Framed-IP-Netmask = 255.255.255.0,
# Framed-Routing = Broadcast-Listen,
# Framed-Filter-Id = "std.ppp",
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobsen-TCP-IP
#
# This is an entry for a user with a space in their name.
# Note the double quotes surrounding the name.
#
#"John Doe" Cleartext-Password := "hello"
# Reply-Message = "Hello, %u"
#
# Dial user back and telnet to the default host for that port
#
#Deg Cleartext-Password := "ge55ged"
# Service-Type = Callback-Login-User,
# Login-IP-Host = 0.0.0.0,
# Callback-Number = "9,5551212",
# Login-Service = Telnet,
# Login-TCP-Port = Telnet
#
# Another complete entry. After the user "dialbk" has logged in, the
# connection will be broken and the user will be dialed back after which
# he will get a connection to the host "timeshare1".
#
#dialbk Cleartext-Password := "callme"
# Service-Type = Callback-Login-User,
# Login-IP-Host = timeshare1,
# Login-Service = PortMaster,
# Callback-Number = "9,1-800-555-1212"
#
# user "swilson" will only get a static IP number if he logs in with
# a framed protocol on a terminal server in Alphen (see the huntgroups file).
#
# Note that by setting "Fall-Through", other attributes will be added from
# the following DEFAULT entries
#
#swilson Service-Type == Framed-User, Huntgroup-Name == "alphen"
# Framed-IP-Address = 192.168.1.65,
# Fall-Through = Yes
#
# If the user logs in as 'username.shell', then authenticate them
# against the system database, give them shell access, and stop processing
# the rest of the file.
#
# Note that authenticating against an /etc/passwd file works ONLY for PAP,
# and not for CHAP, MS-CHAP, or EAP.
#
#DEFAULT Suffix == ".shell", Auth-Type := System
# Service-Type = Login-User,
# Login-Service = Telnet,
# Login-IP-Host = your.shell.machine
#
# The rest of this file contains the several DEFAULT entries.
# DEFAULT entries match with all login names.
# Note that DEFAULT entries can also Fall-Through (see first entry).
# A name-value pair from a DEFAULT entry will _NEVER_ override
# an already existing name-value pair.
#
#
# First setup all accounts to be checked against the UNIX /etc/passwd.
# (Unless a password was already given earlier in this file).
#
testuser Password = "whatever"
DEFAULT Auth-Type = System
Fall-Through = 1
#
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen"
# Framed-IP-Address = 192.168.1.32+,
# Fall-Through = Yes
#DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft"
# Framed-IP-Address = 192.168.2.32+,
# Fall-Through = Yes
#
# Defaults for all framed connections.
#
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 192.168.2.132,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
#
# Default for PPP: dynamic IP address, PPP mode, VJ-compression.
# NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
#
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression.
#
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
#
# Default for SLIP: dynamic IP address, SLIP mode.
#
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
#
# Last default: rlogin to our main server.
#
#DEFAULT
# Service-Type = Login-User,
# Login-Service = Rlogin,
# Login-IP-Host = shellbox.ispdomain.com
# #
# # Last default: shell on the local terminal server.
# #
# DEFAULT
# Service-Type = Shell-User
# On no match, the user is denied access.
hope it help u to figure out the problem
thanks again for ur help
regards
shantanu
tnt at kalik.co.yu wrote: You haven't posted your users file.
Ivan Kalik
Kalik Informatika ISP
Dana 31/5/2007, "shantanu choudhary" pi¹e:
>this is server side output!!!!
>
>rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177
> Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982
> Service-Type = Framed-User
> User-Name = "testuser"
> Framed-MTU = 1488
> Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
> Calling-Station-Id = "00-03-7F-05-C0-9C"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = 0x0204000d017465737475736572
> NAS-IP-Address = 192.168.2.182
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 20
> modcall[authorize]: module "preprocess" returns ok for request 20
> modcall[authorize]: module "chap" returns noop for request 20
> modcall[authorize]: module "mschap" returns noop for request 20
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 20
> rlm_eap: EAP packet type response id 4 length 13
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 20
> users: Matched entry testuser at line 155
> modcall[authorize]: module "files" returns ok for request 20
>rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for request 20
>modcall: leaving group authorize (returns updated) for request 20
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 20
> rlm_eap: EAP Identity
> rlm_eap: processing type md5
>rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 20
>modcall: leaving group authenticate (returns handled) for request 20
>Sending Access-Challenge of id 4 to 192.168.2.182 port 1027
> EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x4f68ec51f7791041fc61be6441d9ea92
>Finished request 20
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204
> Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc
> Service-Type = Framed-User
> User-Name = "testuser"
> Framed-MTU = 1488
> State = 0x4f68ec51f7791041fc61be6441d9ea92
> Called-Station-Id = "00-03-7F-09-60-A0:ATH182"
> Calling-Station-Id = "00-03-7F-05-C0-9C"
> NAS-Port-Type = Wireless-802.11
> Connect-Info = "CONNECT 54Mbps 802.11g"
> EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1
> NAS-IP-Address = 192.168.2.182
> NAS-Port = 1
> NAS-Port-Id = "STA port # 1"
> Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 21
> modcall[authorize]: module "preprocess" returns ok for request 21
> modcall[authorize]: module "chap" returns noop for request 21
> modcall[authorize]: module "mschap" returns noop for request 21
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for request 21
> rlm_eap: EAP packet type response id 5 length 22
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 21
> users: Matched entry testuser at line 155
> modcall[authorize]: module "files" returns ok for request 21
>rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for request 21
>modcall: leaving group authorize (returns updated) for request 21
> rad_check_password: Found Auth-Type EAP
>auth: type "EAP"
> Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 21
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/md5
> rlm_eap: processing type md5
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns ok for request 21
>modcall: leaving group authenticate (returns ok) for request 21
>Sending Access-Accept of id 5 to 192.168.2.182 port 1027
> EAP-Message = 0x03050004
> Message-Authenticator = 0x00000000000000000000000000000000
> User-Name = "testuser"
>Finished request 21
>Going to the next request
>Waking up in 6 seconds...
>--- Walking the entire request list ---
>
>it is sending an access accept packet!!!
>my user file is like this:-
>its an attachment(users)
>thanks for ur help,
>
>regards
>shantanu
>
>tnt at kalik.co.yu wrote: Client output isn't showing Access-Accept packet content. Post radiusd
>-X output and your users file.
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 31/5/2007, "shantanu choudhary" pi¹e:
>
>>hello,
>>this is my client side output:
>>Authentication with 00:03:7f:09:60:a0 timed out.
>>Added BSSID 00:03:7f:09:60:a0 into blacklist
>>State: ASSOCIATED -> DISCONNECTED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>wpa_driver_wext_disassociate
>>No keys have been configured - skip key clearing
>>EAPOL: External notification - portEnabled=0
>>EAPOL: SUPP_PAE entering state DISCONNECTED
>>EAPOL: SUPP_BE entering state INITIALIZE
>>EAP: EAP entering state DISABLED
>>EAPOL: External notification - portValid=0
>>Setting scan request: 0 sec 0 usec
>>State: DISCONNECTED -> SCANNING
>>Starting AP scan (specific SSID)
>>Scan SSID - hexdump_ascii(len=6):
>> 41 54 48 31 38 32 ATH182
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:00:00:00:00:00
>>BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2
>>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
>>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
>>State: SCANNING -> DISCONNECTED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>EAPOL: External notification - portEnabled=0
>>EAPOL: External notification - portValid=0
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b19 len=8
>>Received 1844 bytes of scan results (7 BSSes)
>>Scan results: 7
>>Selecting BSS from priority group 0
>>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>> skip - SSID mismatch
>>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>> skip - blacklisted
>>2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>> skip - no WPA/RSN IE
>>3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>> skip - no WPA/RSN IE
>>4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>> skip - no WPA/RSN IE
>>5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>> skip - no WPA/RSN IE
>>6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1
>> skip - no WPA/RSN IE
>>No APs found - clear blacklist and try again
>>Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear)
>>Selecting BSS from priority group 0
>>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
>> skip - SSID mismatch
>>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11
>> selected based on RSN IE
>>Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz)
>>Cancelling scan request
>>WPA: clearing own WPA/RSN IE
>>Automatic auth_alg selection: 0x1
>>RSN: using IEEE 802.11i/D9.0
>>WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2
>>WPA: clearing AP WPA IE
>>WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac 02 00 0f ac 04 01 00 00 0f ac 01 01 00
>>WPA: using GTK TKIP
>>WPA: using PTK CCMP
>>WPA: using KEY_MGMT 802.1X
>>WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00
>>No keys have been configured - skip key clearing
>>wpa_driver_wext_set_drop_unencrypted
>>State: DISCONNECTED -> ASSOCIATING
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>wpa_driver_wext_associate
>>Setting authentication timeout: 10 sec 0 usec
>>EAPOL: External notification - portControl=Auto
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b06 len=8
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b04 len=12
>>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
>>Wireless event: cmd=0x8b1a len=14
>>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>>Wireless event: cmd=0x8b15 len=20
>>Wireless event: new AP: 00:03:7f:09:60:a0
>>State: ASSOCIATING -> ASSOCIATED
>>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
>>WEXT: Operstate: linkmode=-1, operstate=5
>>Associated to a new BSS: BSSID=00:03:7f:09:60:a0
>>No keys have been configured - skip key clearing
>>Associated with 00:03:7f:09:60:a0
>>WPA: Association event - clear replay counter
>>EAPOL: External notification - portEnabled=0
>>EAPOL: External notification - portValid=0
>>EAPOL: External notification - portEnabled=1
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>Setting authentication timeout: 10 sec 0 usec
>>Cancelling scan request
>>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
>>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01
>>Setting authentication timeout: 70 sec 0 usec
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>> 74 65 73 74 75 73 65 72 testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0
>>EAP: EAP entering state GET_METHOD
>>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>>EAP: EAP entering state METHOD
>>EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 73 8b 14
>>EAP-MD5: Generating Challenge Response
>>EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 25 19 35
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Failure
>>EAP: EAP entering state DISCARD
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RECEIVE
>>EAPOL: startWhen --> 0
>>EAPOL: authWhile --> 0
>>EAPOL: SUPP_BE entering state TIMEOUT
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>> 74 65 73 74 75 73 65 72 testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0
>>EAP: EAP entering state GET_METHOD
>>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5)
>>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected
>>EAP: EAP entering state METHOD
>>EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c 37 4d 40
>>EAP-MD5: Generating Challenge Response
>>EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>EAPOL: txSuppRsp
>>TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 cf eb 93
>>EAPOL: SUPP_BE entering state RECEIVE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Failure
>>EAP: EAP entering state DISCARD
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RECEIVE
>>EAPOL: startWhen --> 0
>>EAPOL: authWhile --> 0
>>EAPOL: SUPP_BE entering state TIMEOUT
>>EAPOL: SUPP_PAE entering state CONNECTING
>>EAPOL: SUPP_BE entering state IDLE
>>RX EAPOL from 00:03:7f:09:60:a0
>>RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01
>>EAPOL: Received EAP-Packet frame
>>EAPOL: SUPP_PAE entering state RESTART
>>EAP: EAP entering state INITIALIZE
>>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_PAE entering state AUTHENTICATING
>>EAPOL: SUPP_BE entering state REQUEST
>>EAPOL: getSuppRsp
>>EAP: EAP entering state RECEIVED
>>EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0
>>EAP: EAP entering state IDENTITY
>>CTRL-EVENT-EAP-STARTED EAP authentication started
>>EAP: EAP-Request Identity data - hexdump_ascii(len=0):
>>EAP: using real identity - hexdump_ascii(len=8):
>> 74 65 73 74 75 73 65 72 testuser
>>EAP: EAP entering state SEND_RESPONSE
>>EAP: EAP entering state IDLE
>>EAPOL: SUPP_BE entering state RESPONSE
>>
>>
>>the problem is i am getting EAP-FAILURE on client side even when server is giving ACCESS-ACCEPT!!!!
>>i am not able to figure out the problem output of server is same as that in earlier mail,
>>one more thing what will be end message of this, will it be authentication or association? When i run GUI for supplicant it is showing associated not authenticated! is it end of connection and after it should i get an IP from that AP, even if i try for DHCP i am not able to get an IP!!!!
>>it is all messed up, please do reply for this prob!!!
>>regards
>>shantanu
>>
>>tnt at kalik.co.yu wrote: Well, now you dont have any IP address in your accept packet. Not a
>>problem if you are doing DHCP. Otherwise you need to return IP address,
>>netmask, MTU, Service-Type, DNS servers etc.
>>
>>Leave that Framed-User DEFAULT entry alone - it should be there. You need
>>to add stuff to your user config:
>>
>>testuser Cleartext-Password:=yourpassword
>> Framed-IP-Address=1.2.3.4
>> Framed-MTU=yourMTU
>> Framed-IP-Netmask=255.255.255.255
>>etc.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>
>>Dana 30/5/2007, "shantanu choudhary" pi¹e:
>>
>>--- snip ---
>>>Sending Access-Accept of id 2 to 192.168.2.182 port 1028
>>> EAP-Message = 0x03020004
>>> Message-Authenticator = 0x00000000000000000000000000000000
>>> User-Name = "testuser"
>>>Finished request 1
>>>Going to the next request
>>>Waking up in 6 seconds...
>>>--- Walking the entire request list ---
>>>Cleaning up request 0 ID 1 with timestamp 465d506e
>>>Cleaning up request 1 ID 2 with timestamp 465d506e
>>>Nothing to do. Sleeping until we see a request.
>>>
>>>it is sending ACCESS ACCEPT but no access reject or failure!!!!
>>>and when i try to check AP statistics from server it is showing an entry for AUTHENTICATION FAILURE!!!!!!!
>>>
>>>sorry for disturbing u again n again but can u help me out????
>>>please!!
>>>shantanu
>>>
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>
>>
>>
>>---------------------------------
>> Did you know? You can CHAT without downloading messenger. Know how!
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>
>
>
>---------------------------------
> Download prohibited? No problem! CHAT from any browser, without download.
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---------------------------------
Download prohibited? No problem! CHAT from any browser, without download.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070531/1b37be8f/attachment.html>
More information about the Freeradius-Users
mailing list