about EAP using 1.1.7 and 2.0.3

Ryan Setiawan H ryan.setiawan at banknisp.com
Tue Jul 8 11:52:20 CEST 2008 

Hi All,
    I've an issue about EAP in 802.1X. right now, I'm trying EAP-MD5 for 
802.1X using freeradius 2.0.3 and procurve switch, sadly it doesn't 
work. but when I 'am using freeradius 1.1.7 it works smoothly .... I've 
tried not only using native windows XP SP 2 supplicant but also 
wpa_supplicant. both don't work using freeradius2. I've also tried 
reinstall the freeradius 2.0.3 ( i'm forget using mercurial ), I thought 
I misconfigure something..but. even using "fresh from the oven" 
configuration still just don't work. , here are the debug:

Sending duplicate reply to client test port 1024 - ID: 4
Cleaning up request 2 ID 4 with timestamp +46
Ready to process requests.
        Framed-MTU = 1480
        NAS-IP-Address = 192.168.12.130
        NAS-Identifier = "ProCurve Switch 2650"
        User-Name = "testing"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 1
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "1"
        Called-Station-Id = "00-1c-2e-73-85-00"
        Calling-Station-Id = "00-0a-e4-13-58-c7"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        EAP-Message = 0x023a000c0174657374696e67
        Message-Authenticator = 0x55d6fa8c198752bd6c62c351b234a57b
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 58 length 12
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
    users: Matched entry testing at line 102
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with 
Cleartext-Password.     !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known 
good"               !!!
!!! clear text password is in Cleartext-Password, and not in 
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
        Service-Type = Framed-User
        Framed-Protocol = PPP
        NAS-Port = 2
        NAS-Port-Type = Ethernet
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "101"
        EAP-Message = 0x013b001604101fee1ce904aea0659f790123de5bc761
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9e1dcf679e26cbc870b5fae6a11d133d
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Sending duplicate reply to client test port 1024 - ID: 4      <--- any 
clue what is it ?
Cleaning up request 3 ID 4 with timestamp +56
Ready to process requests.

from the wpa_supplicant's debug it broke right before EAP message 
method, so it (the supplicant) doesn't receive any MD5 Challenge from 
radius. anyone have same problem? really appreciate for any help
Thank you

Ryan Setiawan H

-- 
DISCLAIMER:

The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.

More information about the Freeradius-Users mailing list