Sending Access-Challenge

Laszlo Fekete blackluck at ktk.bme.hu
Fri Apr 10 16:54:29 CEST 2009


Alan DeKok wrote:

>   Don't use radeapclient.  See my web page for instructions on setting
> up EAP:
>
> 	http://deployingradius.com
>   

I tried the eapol_test from the web page (
http://deployingradius.com/scripts/eapol_test/ ).

With Eap-ttls pap/chap/ms-chap said success:

RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): f6 97 5f 08 83 c3 6f 4d db 4b
85 d9 9a 1b 89 b6 6a 93 3e 49 39 bc 5e 2b fc 43 4f b8 d7 35 c5 2a
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0
b4 f3 3f e1 92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73
decapsulated EAP packet (code=3 id=6 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0 b4 f3 3f e1
92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 1  mismatch: 0
SUCCESS

But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2
it fails:

RADIUS packet matching with station
decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=0
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0  mismatch: 1
FAILURE


If need I put the whole output, or if its easier pls tell where should I
search the problem?

Thank you:
blackluck

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090410/cec13d14/attachment.pgp>


More information about the Freeradius-Users mailing list