Authentication Failed
Devinder Singh
devinbhullar at gmail.com
Wed Jan 20 09:57:29 CET 2010
After i had restarted my XP
i get to see Windows was unable to log you on to palstaff.
palstaff is my sssid
Devinder
2010/1/20 Devinder Singh <devinbhullar at gmail.com>
> When i click on my SSID i get authentication failed. The Proxim AP reports
> Radius not connected and i dont get to see any reply on Radius Server
>
>
>
> 2010/1/20 Devinder Singh <devinbhullar at gmail.com>
>
>> ######################################################################
>> #
>> # Create a new client certificate, signed by the the above server
>> # certificate.
>> #
>> ######################################################################
>> client.csr client.key: client.cnf
>> openssl req -new -out client.csr -keyout client.key -config
>> ./client.cnf
>>
>> client.crt: client.csr ca.pem ca.key index.txt serial
>> openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr
>> -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile
>> xpextensions -config ./client.cnf
>>
>> client.p12: client.crt
>> openssl pkcs12 -export -in client.crt -inkey client.key -out
>> client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
>>
>> client.pem: client.p12
>> openssl pkcs12 -in client.p12 -out client.pem -passin
>> pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
>> cp client.pem $(USER_NAME).pem
>>
>> .PHONY: server.vrfy
>> client.vrfy: ca.pem client.pem
>> c_rehash .
>> openssl verify -CApath . client.pem
>>
>>
>>
>> 2010/1/20 Devinder Singh <devinbhullar at gmail.com>
>>
>>> Hi Ivan,
>>>
>>> I cant seem to authenticate my Windows XP client using EAP
>>> authentication. I have folllowed the steps in /etc/raddb/certs
>>>
>>> This is my radius start up
>>> Module: Instantiating
>>> eap-tls
>>> tls
>>> {
>>>
>>> rsa_key_exchange =
>>> no
>>> dh_key_exchange =
>>> yes
>>> rsa_key_length =
>>> 512
>>> dh_key_length =
>>> 512
>>> verify_depth =
>>> 0
>>> pem_file_type =
>>> yes
>>> private_key_file =
>>> "/etc/raddb/certs/server.pem"
>>> certificate_file =
>>> "/etc/raddb/certs/server.pem"
>>> CA_file =
>>> "/etc/raddb/certs/ca.pem"
>>> private_key_password =
>>> "myettelap"
>>> dh_file =
>>> "/etc/raddb/certs/dh"
>>> random_file =
>>> "/etc/raddb/certs/random"
>>> fragment_size =
>>> 1024
>>> include_length =
>>> yes
>>> check_crl =
>>> no
>>> cipher_list =
>>> "DEFAULT"
>>> make_cert_command =
>>> "/etc/raddb/certs/bootstrap"
>>> cache
>>> {
>>>
>>> enable =
>>> no
>>> lifetime =
>>> 24
>>> max_entries =
>>> 255
>>>
>>> }
>>>
>>>
>>> }
>>>
>>> Module: Linked to sub-module
>>> rlm_eap_ttls
>>> Module: Instantiating
>>> eap-ttls
>>> ttls
>>> {
>>>
>>> default_eap_type =
>>> "md5"
>>> copy_request_to_tunnel =
>>> no
>>> use_tunneled_reply =
>>> no
>>> virtual_server =
>>> "inner-tunnel"
>>>
>>> }
>>>
>>> Module: Linked to sub-module
>>> rlm_eap_peap
>>> Module: Instantiating
>>> eap-peap
>>> peap
>>> {
>>>
>>> default_eap_type =
>>> "mschapv2"
>>> copy_request_to_tunnel =
>>> no
>>> use_tunneled_reply =
>>> no
>>> proxy_tunneled_request_as_eap =
>>> yes
>>> virtual_server =
>>> "inner-tunnel"
>>>
>>> }
>>>
>>> Module: Linked to sub-module
>>> rlm_eap_mschapv2
>>> Module: Instantiating
>>> eap-mschapv2
>>> mschapv2
>>> {
>>>
>>> with_ntdomain_hack =
>>> no
>>>
>>> }
>>>
>>> Module: Checking authorize {...} for more modules to
>>> load
>>> Module: Linked to module
>>> rlm_realm
>>> Module: Instantiating
>>> suffix
>>> realm suffix
>>> {
>>> format =
>>> "suffix"
>>> delimiter =
>>> "@"
>>> ignore_default =
>>> no
>>> ignore_null =
>>> no
>>>
>>> }
>>>
>>> Module: Linked to module
>>> rlm_files
>>> Module: Instantiating
>>> files
>>> files
>>> {
>>>
>>> usersfile =
>>> "/etc/raddb/users"
>>> acctusersfile =
>>> "/etc/raddb/acct_users"
>>> preproxy_usersfile =
>>> "/etc/raddb/preproxy_users"
>>> compat =
>>> "no"
>>>
>>> }
>>>
>>> Module: Checking session {...} for more modules to
>>> load
>>> Module: Linked to module
>>> rlm_radutmp
>>> Module: Instantiating
>>> radutmp
>>> radutmp
>>> {
>>>
>>> filename =
>>> "/var/log/radius/radutmp"
>>> username =
>>> "%{User-Name}"
>>> case_sensitive =
>>> yes
>>> check_with_nas =
>>> yes
>>> perm =
>>> 384
>>> callerid =
>>> yes
>>>
>>> }
>>>
>>> Module: Checking post-proxy {...} for more modules to
>>> load
>>> Module: Checking post-auth {...} for more modules to
>>> load
>>> Module: Linked to module
>>> rlm_attr_filter
>>> Module: Instantiating
>>> attr_filter.access_reject
>>> attr_filter attr_filter.access_reject
>>> {
>>> attrsfile =
>>> "/etc/raddb/attrs.access_reject"
>>> key =
>>> "%{User-Name}"
>>>
>>> }
>>>
>>> }
>>>
>>> }
>>>
>>> modules
>>> {
>>>
>>> Module: Checking authenticate {...} for more modules to
>>> load
>>> Module: Checking authorize {...} for more modules to
>>> load
>>> Module: Linked to module
>>> rlm_preprocess
>>> Module: Instantiating
>>> preprocess
>>> preprocess
>>> {
>>>
>>> huntgroups =
>>> "/etc/raddb/huntgroups"
>>> hints =
>>> "/etc/raddb/hints"
>>> with_ascend_hack =
>>> no
>>> ascend_channels_per_line =
>>> 23
>>> with_ntdomain_hack =
>>> no
>>> with_specialix_jetstream_hack =
>>> no
>>> with_cisco_vsa_hack =
>>> no
>>> with_alvarion_vsa_hack =
>>> no
>>>
>>> }
>>>
>>> Module: Checking preacct {...} for more modules to
>>> load
>>> Module: Linked to module
>>> rlm_acct_unique
>>> Module: Instantiating acct_unique
>>> acct_unique {
>>> key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>>> Client-IP-Address, NAS-Port"
>>> }
>>> Module: Checking accounting {...} for more modules to load
>>> Module: Linked to module rlm_detail
>>> Module: Instantiating detail
>>> detail {
>>> detailfile =
>>> "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>>> header = "%t"
>>> detailperm = 384
>>> dirperm = 493
>>> locking = no
>>> log_packet_header = no
>>> }
>>> Module: Instantiating attr_filter.accounting_response
>>> attr_filter attr_filter.accounting_response {
>>> attrsfile = "/etc/raddb/attrs.accounting_response"
>>> key = "%{User-Name}"
>>> }
>>> Module: Checking session {...} for more modules to load
>>> Module: Checking post-proxy {...} for more modules to load
>>> Module: Checking post-auth {...} for more modules to load
>>> }
>>> radiusd: #### Opening IP addresses and Ports ####
>>> listen {
>>> type = "auth"
>>> ipaddr = *
>>> port = 0
>>> }
>>> listen {
>>> type = "acct"
>>> ipaddr = *
>>> port = 0
>>> }
>>> Listening on authentication address * port 1812
>>> Listening on accounting address * port 1813
>>> Listening on proxy address * port 1814
>>> Ready to process requests.
>>> ^[[6~^[[6~
>>>
>>>
>>> 2010/1/20 Devinder Singh <devinbhullar at gmail.com>
>>>
>>> Hi Ivan,
>>>>
>>>> I created the certificates basd on the README file in etc/raddb and
>>>> copied ca.der and client.p12 to Windows XP
>>>>
>>>> I also also made changed to the Makefile which runs on XP but when i
>>>> connect to the SSID i get authentication failde and the radius does not seem
>>>> to get any response from the Proxim AP.
>>>>
>>>>
>>>>
>>>> --
>>>> Devinder
>>>>
>>>
>>>
>>>
>>> --
>>> Devinder
>>>
>>
>>
>>
>> --
>> Devinder
>>
>
>
>
> --
> Devinder
>
--
Devinder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100120/bc1f9c36/attachment.html>
More information about the Freeradius-Users
mailing list