Freeradius doesn't detect EAP when authenticating against MySQL

Andrew Rowson freeradius at growse.com
Sat Sep 8 00:47:52 CEST 2007


Hi,

I'm trying to use my existing freeradius server and mysql database to 
add 802.1X PEAP functionality to my wireless network. Currently, it 
works great authenticating my cisco device logins. However, after 
setting the peap stuff up, when I try to log in with a user on the 
wireless, it -seems to get the wrong auth-type, and fails. Here's what 
happens:

 > rad_recv: Access-Request packet from host 192.168.1.10:2050, id=0, 
length=125
 >         User-Name = "growse"
 >         NAS-IP-Address = 192.168.1.10
 >         Called-Station-Id = "0016b6edfe1b"
 >         Calling-Station-Id = "000e35bd8c13"
 >         NAS-Identifier = "0016b6edfe1b"
 >         NAS-Port = 34
 >         Framed-MTU = 1400
 >         NAS-Port-Type = Wireless-802.11
 >         EAP-Message = <some stuff>
 >         Message-Authenticator = <more stuff>
 >   Processing the authorize section of radiusd.conf
 > modcall: entering group authorize for request 0
 >   modcall[authorize]: module "preprocess" returns ok for request 0
 >   modcall[authorize]: module "mschap" returns noop for request 0
 >     rlm_realm: No '@' in User-Name = "growse", looking up realm NULL
 >     rlm_realm: No such realm "NULL"
 >   modcall[authorize]: module "suffix" returns noop for request 0
 >   rlm_eap: EAP packet type response id 0 length 11
 >   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 >   modcall[authorize]: module "eap" returns updated for request 0
 > radius_xlat:  'growse'
 > rlm_sql (sql): sql_set_user escaped user --> 'growse'
 > radius_xlat:  'SELECT id, UserName, Attribute, Value, op 
FROM radcheck           WHERE Username = 'growse'           ORDER BY id'
 > rlm_sql (sql): Reserving sql socket id: 4
 > radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'growse' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
 > radius_xlat:  'SELECT id, UserName, Attribute, Value, op 
FROM radreply           WHERE Username = 'growse'           ORDER BY id'
 > radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'growse' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
 > rlm_sql (sql): Released sql socket id: 4
 >   modcall[authorize]: module "sql" returns ok for request 0
 >     users: Matched entry DEFAULT at line 155
 >   modcall[authorize]: module "files" returns ok for request 0
 > modcall: leaving group authorize (returns updated) for request 0
 >   rad_check_password:  Found Auth-Type Local
 > auth: type Local
 > auth: No User-Password or CHAP-Password attribute in the request
 > auth: Failed to validate the user.
 > Login incorrect: [growse] (from client wlan port 34 cli 000e35bd8c13)

However, if I put something like:

"testuser"      Auth-Type = EAP, User-Password := "test"

in the users file and use the test credentials on the wireless client, 
it works fine. I've read a bunch of things saying that the Auth-Type 
aatribute shouldn't need to be set and that it should figure out that 
it's EAP by itself. However when using the sql db as a credentials store 
it can't seem to figure out that it's an EAP request.

Any ideas how to fix this?

Thanks,

Andrew



More information about the Freeradius-Users mailing list