Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel
bruno.kremel at gmail.com
Thu Apr 1 11:40:57 CEST 2010
2010/4/1 Matt Harlum <matt at cactuar.net>:
>
> On 01/04/2010, at 1:44 PM, Matt Harlum wrote:
>
> On 01/04/2010, at 7:39 AM, Bruno Kremel wrote:
>
> On Wednesday 31 March 2010 21:28:48 Alan DeKok wrote:
> What should be there?
> Beacuse I don't know I am using Daloradius web interafce for adding data to
> database, so I just loaded default daloradius sql which was intendet
> (according to readme od daloradius) for 2.X Freeradius... and added accounts
> in web interface...
>
> Here's an example from my radcheck table in the SQL Database
> id | UserName | Attribute | op | Value |
> +----+----------+---------------+----+------------+
> | 1 | exampleuser | User-Password | == | password123 |
> This is how yours should be set up, otherwise you will get the "validating"
> issue in Windows.
>
> I was wrong
> it should be
> Here's an example from my radcheck table in the SQL Database
> id | UserName | Attribute | op | Value |
> +----+----------+---------------+----+------------+
> | 1 | exampleuser | Cleartext-Password | := | password123 |
> My configuration was wrong it'd seem, I hadn't noticed as I'm primarily
> using EAP-TLS with EAP-TTLS as a fallback. didn't test it when I upgraded to
> 2.x
> Regards,
> Matt Harlum
>
>
> To me it seems that name/password was accepted so I have no clue where
>
> is the problem..
>
> The password was NOT accepted. It was *ignored*.
>
> And what is that Accept-Accept on the end of the log?... also radtest gives
> me
> Accept-Accept only on correct login and password so I think that it's not
> that
> SQL...
>
>
> As Alan said, it was simply ignored because of the misconfiguration
> Regards,
> Matt Harlum
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Thank you for answer.. You are right with that sql it is some mess in
daloradius, but I tryed to disable SQL and use /etc/freeradius/users
file instead, but I am stuck on Attempting to authenticate now.. log
says this:
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.3.1 port 1320, id=0,
length=137
Cleaning up request 39 ID 0 with timestamp +589
User-Name = "pokus"
NAS-IP-Address = 192.168.3.1
Called-Station-Id = "00259c523046"
Calling-Station-Id = "001e650eb532"
NAS-Identifier = "00259c523046"
NAS-Port = 9
Framed-MTU = 1400
State = 0x53b1704550ba694fbe3359243d2a2638
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020b00061900
Message-Authenticator = 0x5fde19c57e8672a11c18b0b34d8c3acd
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.3.1 port 1320
EAP-Message = 0x010c00061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x53b1704557bd694fbe3359243d2a2638
Finished request 40.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 40 ID 0 with timestamp +589
Ready to process requests.
That Access-Challenge should authenticate my client if I am not wrong,
but it still shows me validating identity and the attempting to
authenticate...
More information about the Freeradius-Users
mailing list