Authentication Failed

Wed Jan 20 08:52:04 CET 2010

Hi Ivan,

I cant seem to authenticate my Windows XP client using EAP authentication. I
have folllowed the steps in /etc/raddb/certs

This is my radius start up
Module: Instantiating
eap-tls
   tls
{

        rsa_key_exchange =
no
        dh_key_exchange =
yes
        rsa_key_length =
512
        dh_key_length =
512
        verify_depth =
0
        pem_file_type =
yes
        private_key_file =
"/etc/raddb/certs/server.pem"
        certificate_file =
"/etc/raddb/certs/server.pem"
        CA_file =
"/etc/raddb/certs/ca.pem"
        private_key_password =
"myettelap"
        dh_file =
"/etc/raddb/certs/dh"
        random_file =
"/etc/raddb/certs/random"
        fragment_size =
1024
        include_length =
yes
        check_crl =
no
        cipher_list =
"DEFAULT"
        make_cert_command =
"/etc/raddb/certs/bootstrap"
    cache
{

        enable =
no
        lifetime =
24
        max_entries =
255

}

}

 Module: Linked to sub-module
rlm_eap_ttls
 Module: Instantiating
eap-ttls
   ttls
{

        default_eap_type =
"md5"
        copy_request_to_tunnel =
no
        use_tunneled_reply =
no
        virtual_server =
"inner-tunnel"

}

 Module: Linked to sub-module
rlm_eap_peap
 Module: Instantiating
eap-peap
   peap
{

        default_eap_type =
"mschapv2"
        copy_request_to_tunnel =
no
        use_tunneled_reply =
no
        proxy_tunneled_request_as_eap =
yes
        virtual_server =
"inner-tunnel"

}

 Module: Linked to sub-module
rlm_eap_mschapv2
 Module: Instantiating
eap-mschapv2
   mschapv2
{

        with_ntdomain_hack =
no

}

 Module: Checking authorize {...} for more modules to
load
 Module: Linked to module
rlm_realm
 Module: Instantiating
suffix
  realm suffix
{
        format =
"suffix"
        delimiter =
"@"
        ignore_default =
no
        ignore_null =
no

}

 Module: Linked to module
rlm_files
 Module: Instantiating
files
  files
{

        usersfile =
"/etc/raddb/users"
        acctusersfile =
"/etc/raddb/acct_users"
        preproxy_usersfile =
"/etc/raddb/preproxy_users"
        compat =
"no"

}

 Module: Checking session {...} for more modules to
load
 Module: Linked to module
rlm_radutmp
 Module: Instantiating
radutmp
  radutmp
{

        filename =
"/var/log/radius/radutmp"
        username =
"%{User-Name}"
        case_sensitive =
yes
        check_with_nas =
yes
        perm =
384
        callerid =
yes

}

 Module: Checking post-proxy {...} for more modules to
load
 Module: Checking post-auth {...} for more modules to
load
 Module: Linked to module
rlm_attr_filter
 Module: Instantiating
attr_filter.access_reject
  attr_filter attr_filter.access_reject
{
        attrsfile =
"/etc/raddb/attrs.access_reject"
        key =
"%{User-Name}"

}

 }

}

 modules
{

 Module: Checking authenticate {...} for more modules to
load
 Module: Checking authorize {...} for more modules to
load
 Module: Linked to module
rlm_preprocess
 Module: Instantiating
preprocess
  preprocess
{

        huntgroups =
"/etc/raddb/huntgroups"
        hints =
"/etc/raddb/hints"
        with_ascend_hack =
no
        ascend_channels_per_line =
23
        with_ntdomain_hack =
no
        with_specialix_jetstream_hack =
no
        with_cisco_vsa_hack =
no
        with_alvarion_vsa_hack =
no

}

 Module: Checking preacct {...} for more modules to
load
 Module: Linked to module
rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
^[[6~^[[6~

2010/1/20 Devinder Singh <devinbhullar at gmail.com>

> Hi Ivan,
>
> I created the certificates basd on the README file in etc/raddb and copied
> ca.der and client.p12 to Windows XP
>
> I also also made changed to the Makefile which runs on XP but when i
> connect to the SSID i get authentication failde and the radius does not seem
> to get any response from the Proxim AP.
>
>
>
> --
> Devinder
>

-- 
Devinder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100120/a393c85d/attachment.html>