Linksys SLM248G
David Blackman
db at ece.ufl.edu
Tue Oct 7 15:15:54 CEST 2008
I have a lab that has wired ports that connect to a Linksys SLM248G
switch that supports 802.1x. What I want to do do is to set this switch
up to make the users authenticate to gain access to the network. The
users will have an accounts on the radius server which is a FreeBSD 7.0
system running FreeRadius 2.06. I would like them to be able to enter
their username and password to access the network. Should this be possible?
I get nothing from the radiusd -X if I have the windows xp EAP type: set
to MD5-Challenge or Smart card or other Certificates.
I get the following if I have the windows xp supplicant EAP type: set to
Protected EAP (PEAP) and Select Authentication Method: set to Secured
password (EAP-MSCHAP v2) configured to automatically use my windows
logon name...
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=83
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
EAP-Message = 0x0201000e014442335c64626c6163
Message-Authenticator = 0x829bab10f0c399313b4946fc47f6aa9c
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DB3\dblac at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message = 0x01020016041081b9c6b3f031cce93aac863f3383a0c1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255ecec605113c816ac1ff80419e2
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=93
Cleaning up request 12 ID 0 with timestamp +190
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
State = 0xec6255ecec605113c816ac1ff80419e2
EAP-Message = 0x020200060319
Message-Authenticator = 0x3156b6e297a2d81c38042450074ffa81
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DB3\dblac at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255eced614c13c816ac1ff80419e2
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=167
Cleaning up request 13 ID 0 with timestamp +190
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
State = 0xec6255eced614c13c816ac1ff80419e2
EAP-Message =
0x0203005019800000004616030100410100003d030148eb44b1c52d912b11d4d2bbd04b61fd302b03d22ba373beb33f2aa37b24248200001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xd3f4489233cacc67f8a062f7e24b05f7
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message =
0x0104040019c0000008bb160301004a02000046030148eb4379e9bfdee521dcb3928d8ca625b7d1f2cdfd1561c5deafbe6ce7ed6a52203eb5a90289c645a44ae02464f658a92024e0030a6fa06680d2536fc60819f4cf000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335315a170d3039303931393135303335315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bf1135e7403c91fce2e032ecca3a6a145563d12900aee0f492557dcd151f
EAP-Message =
0xa5ae2d8204eed48117170b963f923ff0fffd0912fe9e8e16684e410daf483f046ca000e41b7610d935f03d3a108b7ecd148dbd0aa410f35e72e1372195bbe307fa3d90482745b2bf0eb8bc8e6328c6c9947bb4f4ce24dde218475416ca55361c2e88a3647214ad165f70da12b0f40d754dc357ca812ab8f94bd8a58acf78a2280c478e0b9b403fe7d1ab55296b22869c581feb0c07a4ba0106e66e82025d210c9d6363a02e740f627e85446b7aeb29eed663768ba9c5e3463d97fe7f4790c562b9e3d28032bc09a448b0e9d65c08f0ef85c4e1d3710e9aa36e8d5f19b41bdd05a9750203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010104050003820101006b001b9f369b704d4eb7b8720d3db79dae602ca5eaa73ce38b8e8167e4da5a54762304a9a622f9381a8c2af8fe4ea5a0104e4a593a4ee607dc108d898d2c93122290c3c9948f20a19a3b8cbfb251d37e0b8cc0171270427639644546c71ccbfe8b1e64025ce560c70e030625349089138e8e08dc1a2b7d0d92c032b80fe1626a948789619ed1de6fc5a26dba9e978a12395b905b5d2f1e12428a58c75bbc3e0149bb3b724a3d866e2581656e6c939e6571570c67207ed46bfbbe7d37ac5b468ad6bb72d9b9aae7fd587679a814d47fdd15f5aecb6e3d20dc66effa359bf7ceb24db46b5f65bd
EAP-Message = 0xdd8b0d1ffbd9cfc10c334d0c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255ecee664c13c816ac1ff80419e2
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=93
Cleaning up request 14 ID 0 with timestamp +190
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
State = 0xec6255ecee664c13c816ac1ff80419e2
EAP-Message = 0x020400061900
Message-Authenticator = 0x886a8775435f25263f2aca201609785c
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message =
0x010503fc19407595a82abeae63e145f572782b550004ab308204a73082038fa003020102020900d9e21f5ee6835c3a300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335305a170d3038313031393135303335305a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c1f6ababdbb11157e01222cd06effd53fe6bbe93ccef710728fa7dbd748861ec895fafaed33ce581aa8d1988705e6360c00d238ed22cf23e36983af70411268f912abb3591519c8665e808d69c6774
EAP-Message =
0x13a97fa387a88c4ba3af3b53dee51a15e58864b9f5d1abc8522b091963193e3bf9d303e0860e906a3f0662c75696658f9fd91e6c0943c5cbeadd38a4646b121fa301031dcb90e1b03d6a01be8b525909dcd2225cb29b42a48c191403788b1e27a69e1af0dc87a25de82f549956980b3aba56984fde3a6f5cb88d4319de879f42595fd3e2836e4b8e0024ee3939197c5f2151c9399ba835599f1dbd01b8577bb8d1369c1498e80a47b784f6536e8f718c1d0203010001a381fb3081f8301d0603551d0e04160414dc814088224053f83c7a5b13a01af9512eb5deb93081c80603551d230481c03081bd8014dc814088224053f83c7a5b13a01af9512eb5
EAP-Message =
0xdeb9a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d9e21f5ee6835c3a300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010046ad1161afb688a9d15f6d856da942a6be08e914cb3e9ddcaf9170ef68be87b02567b291878202d4c903dbacdfbe311c6d3b
EAP-Message = 0x0be93902225236ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255ecef674c13c816ac1ff80419e2
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=93
Cleaning up request 15 ID 0 with timestamp +190
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
State = 0xec6255ecef674c13c816ac1ff80419e2
EAP-Message = 0x020500061900
Message-Authenticator = 0x676ce9988ddab71abb71ddbca2554610
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message =
0x010600d51900e0f91c11fb297731a6efe3a48a6be62f005b0571eab2bef69625fcc1ebc94d4d3b7ceeecc5977de9b83a4eb22ce44bf4388f8cc6f0ece7443e2f0ecd971251bebd2d70b3eef75100b2d2af7d217c3a674b984010ded7f1095ffc4d1aeff0efe8b7e948df9e3ada1ee3f8fcbeb7023a143772a3cfb077de90f7a7a7cf2d6e06f933be6b917795777e74e9e6691d5a95100b1a610e16cda1c2f8e3661c231aa6d2cb1ce8ed5096b5789a61ea5aef84d10e9dded9b338a826e950075ee8797f4099e6c1748e1d8716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255ece8644c13c816ac1ff80419e2
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 128.227.232.133 port 49154,
id=0, length=93
Cleaning up request 16 ID 0 with timestamp +190
NAS-IP-Address = 128.227.232.133
NAS-Port-Type = Ethernet
NAS-Port = 2
User-Name = "DB3\\dblac"
State = 0xec6255ece8644c13c816ac1ff80419e2
EAP-Message = 0x020600061900
Message-Authenticator = 0xd07720185412598787e85c2a753d4855
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
EAP-Message = 0x010700061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6255ece9654c13c816ac1ff80419e2
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 17 ID 0 with timestamp +190
Ready to process requests.
More information about the Freeradius-Users
mailing list