EAP/MD5 with mysql authentication failed

henry1412 henry1412 at 163.com
Wed Dec 17 08:29:59 CET 2008


  EAP/MD5 with mysql authentication failed
 
My running environment is freeraius-2.1.3 and mysql-5.0.37. 
The authentication type is EAP/MD5. It's running well with individual 'user' file, however, If I enable the sql optioal, it rejects with '[eap]
Handler failed in EAP/md5'. The mysql module was loaded success and could connected with my database.
 
It could authorized in freeradius-1.0.5 and freeradius-1.1.7 with mysql, but failed in freeradius-2.1.3.
 
I paste my mainly configuration file and debug information below.
Thanks for your help!
 
IN radius.conf
----------------------
$INCLUDE sql.conf
 
IN sql.conf
----------------------
server = "localhost"
port = 3306
login = "radius"
password = "radius"
 
IN sites-enabled/inner-tunnel
----------------------
authorize {
eap {
                ok = return
    }
files
sql
expiration
logintime
}
 
authenticate {
eap
}
 
IN eap.conf
----------------------
eap {
default_eap_type = md5
timer_expire     = 60
ignore_unknown_eap_types = no
 max_sessions = 2048
md5 {
}
}
 
IN user
----------------------
DEFAULT Auth-Type := EAP
        Fall-Through = 1
 
IN radcheck table
----------------------
mysql> select * from radcheck;
+----+----------+--------------------+----+-------+
| id | username | attribute          | op | value |
+----+----------+--------------------+----+-------+
|  1 | test     | Cleartext-Password | := | test  | 

IN radreply table
----------------------
mysql> select * from radreply;
+----+----------+-------------------+----+---------------+
| id | username | attribute         | op | value         |
+----+----------+-------------------+----+---------------+
|  1 | test     | Framed-IP-Address | := | 192.168.1.55  | 
 
DEBUG information
----------------------
-----------Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=0, length=142
        User-Name = "test"
        NAS-IP-Address = 192.168.1.7
        NAS-Port = 0
        Called-Station-Id = "00-0F-1E-51-00-04:"
        Calling-Station-Id = "00-13-D7-20-00-90"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020000090174657374
        Message-Authenticator = 0xbfed0ae2dd3f0b2a36fe1a88cbd3569d
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 144
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.1.7 port 1024
        EAP-Message = 0x01010016041095e48ee00d7d5ecc1639d149c9aa7283
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x40ca4f4d40cb4b4734e42cbd94a7636b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.7 port 1024, id=1, length=173
        User-Name = "test"
        NAS-IP-Address = 192.168.1.7
        NAS-Port = 0
        Called-Station-Id = "00-0F-1E-51-00-04:"
        Calling-Station-Id = "00-13-D7-20-00-90"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020100160410f34f8c1c140e4f4b3846e691a7aa2175
        State = 0x40ca4f4d40cb4b4734e42cbd94a7636b
        Message-Authenticator = 0xa9e8279e3d299800129cc25ad426acce
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 144
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication
[eap] Handler failed in EAP/md5
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 1 to 192.168.1.7 port 1024
        EAP-Message = 0x04010004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.-----------

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081217/b8c29103/attachment.html>


More information about the Freeradius-Users mailing list