Sending Access-Challenge
Laszlo Fekete
blackluck at ktk.bme.hu
Fri Apr 10 12:25:59 CEST 2009
Hello!
I'm new to this list and don't found archive or something where maybe
somebody answered my question.
So I want a radius server to wifi auth with eap-ttls/peap, ldap and not
plain-text passwords. I downloaded 2.1.4 source and create debian
package without modification, do some basic configuration and testing,
radtest from local is fine, but radeapclient eap-md5 testing fail.
I saw this on server side:
rad_recv: Access-Request packet from host 127.0.0.1 port 52650, id=76,
length=69
User-Name = "steve"
NAS-IP-Address = 127.0.0.1
Message-Authenticator = 0xafa8ae1b1aaa6fb0a6cbd0719b507e94
NAS-Port = 0
EAP-Message = 0x02d2000a017374657665
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "steve", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 210 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry steve at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 76 to 127.0.0.1 port 52650
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 76 with timestamp +94
Ready to process requests.
And this on client side (local):
# radeapclient -s -X localhost auth testing123 About to send encoded packet:
User-Name = "steve"
Cleartext-Password = "testing"
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "steve"
Message-Authenticator = 0x30
NAS-Port = 0
Received response ID 76, code 11, length = 131
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
<+++ EAP decoded packet:
Service-Type = Framed-User
Framed-Protocol = SLIP
Framed-IP-Address = 192.20.126.200
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83
Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
EAP-Id = 211
EAP-Code = Request
EAP-Type-MD5 = 0x10b7703d97cfb88bff2835ec9a9aedde83
+++> About to send encoded packet:
User-Name = "steve"
Cleartext-Password = "testing"
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Type-MD5 = 0x106e2008d8fc099a16335131c045fc6df6
State = 0xae48086bae9b0cd33d7dacc7cd15f18d
^C
# cat re.txt
User-Name = "steve"
Cleartext-Password = "testing"
NAS-IP-Address = 127.0.0.1
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "steve"
Message-Authenticator = 0
NAS-Port = 0
What's wrong with the configuration?
Thank you:
blackluck
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090410/87933a99/attachment.pgp>
More information about the Freeradius-Users
mailing list