Freeradius + PEAP.. stuck on validating identity..

Bruno Kremel bruno.kremel at gmail.com
Wed Mar 31 17:34:15 CEST 2010


Hi,
I have freeradius for WPA2 Enterprise authentification in small
network in library, it is stable version (2.0.4) on Debian Lenny
compiled from sources with OpenSSL support..
Everything seems to be OK, but when I try to connect to AP from laptop
with Windows XP after I enter name and password I am stuck on
Validating identity, same on Ubuntu machine...
My configuration is pretty much default except of enabling MySQL and
setting paths and passwords to certificates (generated with make
script in /etc/freeradius/certs, so they should be OK) and addresses
of clients.
This is what freeradius -X gives me when I try to connect to AP:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.3.1 port 1291, id=0,
length=123
User-Name = "pokus"
NAS-IP-Address = 192.168.3.1
Called-Station-Id = "00259c523046"
Calling-Station-Id = "001e650eb532"
NAS-Identifier = "00259c523046"
NAS-Port = 9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000a01706f6b7573
Message-Authenticator = 0x634f3b088572fda3a12eca56ed6035b9
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "pokus", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> pokus
rlm_sql (sql): sql_set_user escaped user --> 'pokus'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radcheck WHERE username = 'pokus' ORDER BY
id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE
username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username,
attribute, value, op FROM radreply WHERE username = 'pokus' ORDER BY
id
expand: SELECT groupname FROM radusergroup WHERE username =
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM
radusergroup WHERE username = 'pokus' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [pokus/<via Auth-Type = Accept>] (from client router port 9
cli 001e650eb532)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 0 to 192.168.3.1 port 1291
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +59
Ready to process requests.

To me it seems that name/password was accepted so I have no clue where
is the problem..
Thank you in advance for any help..



More information about the Freeradius-Users mailing list