Freeradius +MS Win XP (EAP) problems

Sergio Belkin sebelk at gmail.com
Tue Sep 18 21:16:33 CEST 2007 

Hi,
I want to configure freeradius (Linux) in order to authenticate and
authorize MS Windows XP clients (people connect to Access Point
Linksys). I am using EAP-PEAP and MSCHAP fron Windows. If I perform
radtest from linux clients (using wired network) I have no problem to
access, but I cannot from Windows XP, this is the messages when I run
usinf radiusd -X:


rad_recv: Access-Request packet from host 10.30.1.151:1032, id=66, length=115
        User-Name = "sbelki"
        Calling-Station-Id = "00-0e-35-bf-51-18"
        EAP-Message = 0x020400061900
        Framed-MTU = 1287
        NAS-IP-Address = 192.168.1.1
        NAS-Port = 0
        NAS-Port-Type = Wireless-802.11
        State = 0xbee0745e6005b8a43128657ff16d08ea
        Message-Authenticator = 0xc6044fc3eb7975f75f9afd9edfcca489
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 55
  modcall[authorize]: module "preprocess" returns ok for request 55
  modcall[authorize]: module "chap" returns noop for request 55
  modcall[authorize]: module "mschap" returns noop for request 55
    rlm_realm: No '@' in User-Name = "sbelki", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 55
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 55
    users: Matched entry DEFAULT at line 159
  modcall[authorize]: module "files" returns ok for request 55
rlm_ldap: - authorize
rlm_ldap: performing user authorization for sbelki
radius_xlat:  '(uid=sbelki)'
radius_xlat:  'ou=people,dc=palermo,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=palermo,dc=edu, with
filter (uid=sbelki)
request 57 done
rlm_ldap: checking if remote access for sbelki is allowed by uid
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding userPassword as User-Password, value sample & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user sbelki authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 55
modcall: group authorize returns updated for request 55
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 55
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 55
modcall: group authenticate returns handled for request 55
Sending Access-Challenge of id 66 to 10.30.1.151:1032
        EAP-Message = 0x010500061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x06bc31779a10f85cd934953e650bc051
Finished request 55
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 52 ID 63 with timestamp 46f01fd7
Cleaning up request 53 ID 64 with timestamp 46f01fd7
Cleaning up request 54 ID 65 with timestamp 46f01fd7
Cleaning up request 55 ID 66 with timestamp 46f01fd7

***And This is the eap.conf: *********

	eap {		
		default_eap_type = mschapv2

		
		timer_expire     = 60

		
		ignore_unknown_eap_types = no

		
		cisco_accounting_username_bug = no

		
		md5 {
		}

		tls {
		private_key_password = ""
		private_key_file = /etc/pki/tls/certs/radius.key

		
		certificate_file = /etc/pki/tls/certs/radius.crt

		CA_file = /etc/pki/CA/cacert.pem

		dh_file = /etc/raddb/certs/dh
		random_file = /dev/urandom

			
			include_length = yes

			


		}

		
		ttls {
		
			default_eap_type = md5

			
		}

		peap {
			default_eap_type = mschapv2
		}

		mschapv2 {
		}
	}



Please tell me if something of this file is wrong.
Thanks in advance!!

-- 
--
Sergio Belkin -
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap.conf
Type: application/octet-stream
Size: 7773 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070918/a1e70da8/attachment.obj>

More information about the Freeradius-Users mailing list