Authentication Failed

Devinder Singh devinbhullar at gmail.com
Wed Jan 20 09:29:24 CET 2010 

When i click on my SSID i get authentication failed. The Proxim AP reports
Radius not connected and i dont get to see any reply on Radius Server


2010/1/20 Devinder Singh <devinbhullar at gmail.com>

> ######################################################################
> #
> #  Create a new client certificate, signed by the the above server
> #  certificate.
> #
> ######################################################################
> client.csr client.key: client.cnf
>         openssl req -new  -out client.csr -keyout client.key -config
> ./client.cnf
>
> client.crt: client.csr ca.pem ca.key index.txt serial
>         openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr  -key
> $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
> xpextensions -config ./client.cnf
>
> client.p12: client.crt
>         openssl pkcs12 -export -in client.crt -inkey client.key -out
> client.p12  -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
>
> client.pem: client.p12
>         openssl pkcs12 -in client.p12 -out client.pem -passin
> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
>         cp client.pem $(USER_NAME).pem
>
> .PHONY: server.vrfy
> client.vrfy: ca.pem client.pem
>         c_rehash .
>         openssl verify -CApath . client.pem
>
>
>
> 2010/1/20 Devinder Singh <devinbhullar at gmail.com>
>
>> Hi Ivan,
>>
>> I cant seem to authenticate my Windows XP client using EAP authentication.
>> I have folllowed the steps in /etc/raddb/certs
>>
>> This is my radius start up
>> Module: Instantiating
>> eap-tls
>>    tls
>> {
>>
>>         rsa_key_exchange =
>> no
>>         dh_key_exchange =
>> yes
>>         rsa_key_length =
>> 512
>>         dh_key_length =
>> 512
>>         verify_depth =
>> 0
>>         pem_file_type =
>> yes
>>         private_key_file =
>> "/etc/raddb/certs/server.pem"
>>         certificate_file =
>> "/etc/raddb/certs/server.pem"
>>         CA_file =
>> "/etc/raddb/certs/ca.pem"
>>         private_key_password =
>> "myettelap"
>>         dh_file =
>> "/etc/raddb/certs/dh"
>>         random_file =
>> "/etc/raddb/certs/random"
>>         fragment_size =
>> 1024
>>         include_length =
>> yes
>>         check_crl =
>> no
>>         cipher_list =
>> "DEFAULT"
>>         make_cert_command =
>> "/etc/raddb/certs/bootstrap"
>>     cache
>> {
>>
>>         enable =
>> no
>>         lifetime =
>> 24
>>         max_entries =
>> 255
>>
>> }
>>
>>
>> }
>>
>>  Module: Linked to sub-module
>> rlm_eap_ttls
>>  Module: Instantiating
>> eap-ttls
>>    ttls
>> {
>>
>>         default_eap_type =
>> "md5"
>>         copy_request_to_tunnel =
>> no
>>         use_tunneled_reply =
>> no
>>         virtual_server =
>> "inner-tunnel"
>>
>> }
>>
>>  Module: Linked to sub-module
>> rlm_eap_peap
>>  Module: Instantiating
>> eap-peap
>>    peap
>> {
>>
>>         default_eap_type =
>> "mschapv2"
>>         copy_request_to_tunnel =
>> no
>>         use_tunneled_reply =
>> no
>>         proxy_tunneled_request_as_eap =
>> yes
>>         virtual_server =
>> "inner-tunnel"
>>
>> }
>>
>>  Module: Linked to sub-module
>> rlm_eap_mschapv2
>>  Module: Instantiating
>> eap-mschapv2
>>    mschapv2
>> {
>>
>>         with_ntdomain_hack =
>> no
>>
>> }
>>
>>  Module: Checking authorize {...} for more modules to
>> load
>>  Module: Linked to module
>> rlm_realm
>>  Module: Instantiating
>> suffix
>>   realm suffix
>> {
>>         format =
>> "suffix"
>>         delimiter =
>> "@"
>>         ignore_default =
>> no
>>         ignore_null =
>> no
>>
>> }
>>
>>  Module: Linked to module
>> rlm_files
>>  Module: Instantiating
>> files
>>   files
>> {
>>
>>         usersfile =
>> "/etc/raddb/users"
>>         acctusersfile =
>> "/etc/raddb/acct_users"
>>         preproxy_usersfile =
>> "/etc/raddb/preproxy_users"
>>         compat =
>> "no"
>>
>> }
>>
>>  Module: Checking session {...} for more modules to
>> load
>>  Module: Linked to module
>> rlm_radutmp
>>  Module: Instantiating
>> radutmp
>>   radutmp
>> {
>>
>>         filename =
>> "/var/log/radius/radutmp"
>>         username =
>> "%{User-Name}"
>>         case_sensitive =
>> yes
>>         check_with_nas =
>> yes
>>         perm =
>> 384
>>         callerid =
>> yes
>>
>> }
>>
>>  Module: Checking post-proxy {...} for more modules to
>> load
>>  Module: Checking post-auth {...} for more modules to
>> load
>>  Module: Linked to module
>> rlm_attr_filter
>>  Module: Instantiating
>> attr_filter.access_reject
>>   attr_filter attr_filter.access_reject
>> {
>>         attrsfile =
>> "/etc/raddb/attrs.access_reject"
>>         key =
>> "%{User-Name}"
>>
>> }
>>
>>  }
>>
>> }
>>
>>  modules
>> {
>>
>>  Module: Checking authenticate {...} for more modules to
>> load
>>  Module: Checking authorize {...} for more modules to
>> load
>>  Module: Linked to module
>> rlm_preprocess
>>  Module: Instantiating
>> preprocess
>>   preprocess
>> {
>>
>>         huntgroups =
>> "/etc/raddb/huntgroups"
>>         hints =
>> "/etc/raddb/hints"
>>         with_ascend_hack =
>> no
>>         ascend_channels_per_line =
>> 23
>>         with_ntdomain_hack =
>> no
>>         with_specialix_jetstream_hack =
>> no
>>         with_cisco_vsa_hack =
>> no
>>         with_alvarion_vsa_hack =
>> no
>>
>> }
>>
>>  Module: Checking preacct {...} for more modules to
>> load
>>  Module: Linked to module
>> rlm_acct_unique
>>  Module: Instantiating acct_unique
>>   acct_unique {
>>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>> Client-IP-Address, NAS-Port"
>>   }
>>  Module: Checking accounting {...} for more modules to load
>>  Module: Linked to module rlm_detail
>>  Module: Instantiating detail
>>   detail {
>>         detailfile =
>> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>>         header = "%t"
>>         detailperm = 384
>>         dirperm = 493
>>         locking = no
>>         log_packet_header = no
>>   }
>>  Module: Instantiating attr_filter.accounting_response
>>   attr_filter attr_filter.accounting_response {
>>         attrsfile = "/etc/raddb/attrs.accounting_response"
>>         key = "%{User-Name}"
>>   }
>>  Module: Checking session {...} for more modules to load
>>  Module: Checking post-proxy {...} for more modules to load
>>  Module: Checking post-auth {...} for more modules to load
>>  }
>> radiusd: #### Opening IP addresses and Ports ####
>> listen {
>>         type = "auth"
>>         ipaddr = *
>>         port = 0
>> }
>> listen {
>>         type = "acct"
>>         ipaddr = *
>>         port = 0
>> }
>> Listening on authentication address * port 1812
>> Listening on accounting address * port 1813
>> Listening on proxy address * port 1814
>> Ready to process requests.
>> ^[[6~^[[6~
>>
>>
>> 2010/1/20 Devinder Singh <devinbhullar at gmail.com>
>>
>> Hi Ivan,
>>>
>>> I created the certificates basd on the README file in etc/raddb and
>>> copied ca.der and client.p12 to Windows XP
>>>
>>> I also also made changed to the Makefile which runs on XP but when i
>>> connect to the SSID i get authentication failde and the radius does not seem
>>> to get any response from the Proxim AP.
>>>
>>>
>>>
>>> --
>>> Devinder
>>>
>>
>>
>>
>> --
>> Devinder
>>
>
>
>
> --
> Devinder
>



-- 
Devinder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100120/8d4a8097/attachment.html>

More information about the Freeradius-Users mailing list