Invalid EAP Type with Catalyst 2960G IOS 12.2

nf-vale nf-vale at critical-links.com
Mon Jul 28 18:19:08 CEST 2008 

Hi all,


I'm having a little trouble configuring a Cisco Switch - Catalyst 2960G
IOS 12.2 to work properly with EAP-PEAP clients.

I've tested the same radius configuration (freeradius 2.0.2) with an HP
Procurve 2626 Swicth  and all worked just fine. Windows XP clients can
authenticate with PEAP successfully.

The same clients connected to the Cisco Swicth that it's authenticating
in the same freeradius server can not authenticate because freeradius is
trying EAP-TLS instead of EAP-PEAP:



Ready to process requests.
rad_recv: Access-Request packet from host 192.168.2.1 port 1645, id=1,
length=129
        User-Name = "al00005"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Called-Station-Id = "00-1E-BD-62-B9-81"
        Calling-Station-Id = "00-1B-38-92-39-A0"
        EAP-Message = 0x0206000c01616c3030303035
        Message-Authenticator = 0xb8fb13899c9df58f7770efaeeeb9eb1a
        NAS-Port-Type = Ethernet
        NAS-Port = 50001
        NAS-IP-Address = 192.168.2.1
+- entering group authorize
++[preprocess] returns ok
    rlm_realm: No '@' in User-Name = "al00005", skipping NULL due to
config.
++[suffix] returns noop
    rlm_realm: No '\' in User-Name = "al00005", skipping NULL due to
config.
++[ntdomain] returns noop
  rlm_eap: EAP packet type response id 6 length 12
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[mschap] returns noop
        expand: %{Stripped-User-Name} -> 
        expand: %{User-Name} -> al00005
        expand: %{%{User-Name}:-none} -> al00005
        expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-none}} ->
al00005
rlm_sql (sql): sql_set_user escaped user --> 'al00005'
rlm_sql (sql): Reserving sql socket id: 0
        expand: SELECT id, UserName, Attribute, Value, Op   FROM
radcheck   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op   FROM radcheck   WHERE Username =
'al00005'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, UserName, Attribute, Value, Op   FROM
radreply   WHERE Username = '%{SQL-User-Name}'   ORDER BY id -> SELECT
id, UserName, Attribute, Value, Op   FROM radreply   WHERE Username =
'al00005'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
        expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='al00005' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
        expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupcheck   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT
id, GroupName, Attribute, Value, op   FROM radgroupcheck   WHERE
GroupName = 'Alunos'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 0 , fields = 5
rlm_sql (sql): User found in group Alunos
        expand: SELECT id, GroupName, Attribute, Value, op   FROM
radgroupreply   WHERE GroupName = '%{Sql-Group}'   ORDER BY id -> SELECT
id, GroupName, Attribute, Value, op   FROM radgroupreply   WHERE
GroupName = 'Alunos'   ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[files] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.2.1 port 1645
        Tunnel-Private-Group-Id:0 := "2"
        EAP-Message = 0x010700061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x12f8640712ff7d8ac69a15b3712e899e
Finished request 3.
Going to the next request
Waking up in 0.9 seconds. 
Waking up in 4.0 seconds. 
Cleaning up request 3 ID 1 with timestamp +501
Ready to process requests.



Does anybody have a clue on how to solve this problem? Is it a IOS
(version 12.2) problem?


Thx,


Nelson Vale

More information about the Freeradius-Users mailing list