Peap(inner eap-GTC)//: Re: Peap (inner eap-popt) issue

Hangjun He elmerhe at yahoo.com.cn
Fri Feb 1 09:17:37 CET 2008 

Hi ,
        Use eap-GTC as Peap inner eap-type. Got error message too. See below.Thanks.
   
   
  rad_recv: Access-Request packet from host 10.155.20.84:1040, id=27, length=210
        User-Name = "hhe123"
        NAS-IP-Address = 10.155.20.84
        NAS-Identifier = "AH-000030"
        NAS-Port = 0
        Called-Station-Id = "00-19-77-00-00-31:hhe"
        Calling-Station-Id = "00-19-E0-80-A5-5A"
        Framed-MTU = 1500
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0210002b19001703010020fa82601d02aeb434f977c693f3b15669cc64e1a7ad240381f70aca16f54cc411
        State = 0x443b0c2424a63b6bbcb865bc5beb0a2f
        Message-Authenticator = 0x596fe7a72eeebd5e58ec6d29e7ba85e0
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
  modcall[authorize]: module "mschap" returns noop for request 27
  rlm_eap: EAP packet type response id 16 length 43
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 27
    users: Matched entry hhe123 at line 95
  modcall[authorize]: module "files" returns ok for request 27
modcall: leaving group authorize (returns updated) for request 27
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type gtc
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message = 0x0210000b06686865313233
  PEAP: Setting User-Name to hhe123
  PEAP: Adding old state with 71 e4
  PEAP: Sending tunneled request
        EAP-Message = 0x0210000b06686865313233
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "hhe123"
        State = 0x71e4120f420e1eea12c8ad78728c974c
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
  modcall[authorize]: module "mschap" returns noop for request 27
  rlm_eap: EAP packet type response id 16 length 11
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 27
    users: Matched entry hhe123 at line 95
  modcall[authorize]: module "files" returns ok for request 27
modcall: leaving group authorize (returns updated) for request 27
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/gtc
  rlm_eap: processing type gtc
  ERROR: Unknown value specified for Auth-Type.  Cannot perform requested action.
 rlm_eap: Handler failed in EAP/gtc
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 27
modcall: leaving group authenticate (returns invalid) for request 27
auth: Failed to validate the user.
  PEAP: Got tunneled reply RADIUS code 3
        Reply-Message = "Hello"
        EAP-Message = 0x04100004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 0x8150ec8 3
        Reply-Message = "Hello"
        EAP-Message = 0x04100004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 27
modcall: leaving group authenticate (returns handled) for request 27
Sending Access-Challenge of id 27 to 10.155.20.84 port 1040
        Reply-Message = "Hello"
        EAP-Message = 0x0111002b190017030100203a72821eb5dfc3a916d860a38e9ea1e339b0ef886f315fcd5f369d138e600a5e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x917adbb2a47421f8a387e5b7dfa5d3e7
Finished request 27
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1040, id=28, length=210
        User-Name = "hhe123"
        NAS-IP-Address = 10.155.20.84
        NAS-Identifier = "AH-000030"
        NAS-Port = 0
        Called-Station-Id = "00-19-77-00-00-31:hhe"
        Calling-Station-Id = "00-19-E0-80-A5-5A"
        Framed-MTU = 1500
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x0211002b190017030100200dae6db09d400aff4db8b832bdc308e58f32d44878802cb305b8245cbafe2b56
        State = 0x917adbb2a47421f8a387e5b7dfa5d3e7
        Message-Authenticator = 0x9c0d713729c522b7cce89c4b6af3ba26
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 28
  modcall[authorize]: module "mschap" returns noop for request 28
  rlm_eap: EAP packet type response id 17 length 43
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 28
    users: Matched entry hhe123 at line 95
  modcall[authorize]: module "files" returns ok for request 28
modcall: leaving group authorize (returns updated) for request 28
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 28
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 28
modcall: leaving group authenticate (returns invalid) for request 28
auth: Failed to validate the user.
Sending Access-Reject of id 28 to 10.155.20.84 port 1040
        EAP-Message = 0x04110004
        Message-Authenticator = 0x00000000000000000000000000000000
        Reply-Message = "Hello"
Finished request 28
Going to the next request
Waking up in 6 seconds...
   
   
  John
  

Alan DeKok <aland at deployingradius.com> 写道:
  Hangjun He wrote:
> hi,
> I am using Odyssey Client Manager and freeRADIUS 1.1.6.
> When I set peap with inner eap-mschap-v2, It works well.When I change
> inner eap type to eap-popt, seems can not work.

Why do you think FreeRADIUS supports EAP-POPT?
...
> rlm_eap: NAK asked for bad type 32
> rlm_eap: Failed in EAP select

FreeRADIUS doesn't support that EAP type.

Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


       
---------------------------------
雅虎邮箱传递新年祝福,个性贺卡送亲朋! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080201/c7b6ac21/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: eap.conf
Type: application/octet-stream
Size: 715 bytes
Desc: 1198961258-eap.conf
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080201/c7b6ac21/attachment.obj>

More information about the Freeradius-Users mailing list