802.1x host/machine authentication

Chidanand Gangur chidanand.gangur at gmail.com
Wed Oct 20 16:10:10 CEST 2010


Hi,

Is it fine to do some jugglery with the user-name and convert it to a format
which can be proxied to home server ?

Thanks,
Chidanand

On Wed, Oct 20, 2010 at 4:52 PM, Chidanand Gangur <
chidanand.gangur at gmail.com> wrote:

> Hi,
>
> I have following setup
>
> where windows host  is connected to Cisco 2960  which is connected to
> Microsoft AD via RADIUS proxy
>
> Windows host (XP SP3) -> Cisco 2960 -> freeRADIUS proxy (2.1.10) ->
> Microsoft AD (2003)
>
> In the above setup user authentication goes fine. I am using PEAP v1
> authentication.
>
> I am struggling hard to make host authentication successful.
>
> When the machine boots I see radius Access-Request with User-Name = "host/
> radhost1.testad1.com" which qualifies to IPASS type realm and searches for
> realm as "host" and things do not work.
>
> Please point me to links/docs or give me pointer where/how to start.
>
> rad_recv: Access-Request packet from host 192.168.6.200 port 1645, id=141,
> length=165
> User-Name = "host/radhost1.testad1.com"
> Service-Type = Framed-User
> Framed-MTU = 1500
> Called-Station-Id = "00-21-D7-00-51-89"
> Calling-Station-Id = "00-13-20-38-33-27"
> EAP-Message =
> 0x021a001e01686f73742f726164686f7374312e746573746164312e636f6d
> Message-Authenticator = 0x2deded3294b409a59441b3e5777a9a87
> NAS-Port-Type = Ethernet
> NAS-Port = 50009
> NAS-IP-Address = 192.168.6.200
> Wed Oct 20 07:27:48 2010 : Info: # Executing section authorize from file
> /usr/local/etc/raddb/sites-enabled/default
> Wed Oct 20 07:27:48 2010 : Info: +- entering group authorize {...}
> Wed Oct 20 07:27:48 2010 : Info: ++[preprocess] returns ok
> Wed Oct 20 07:27:48 2010 : Info: ++[chap] returns noop
> Wed Oct 20 07:27:48 2010 : Info: ++[mschap] returns noop
> Wed Oct 20 07:27:48 2010 : Info: [IPASS] Looking up realm "host" for
> User-Name = "host/radhost1.testad1.com"
> Wed Oct 20 07:27:48 2010 : Info: [IPASS] Found realm "DEFAULT"
> Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Stripped-User-Name = "
> radhost1.testad1.com"
> Wed Oct 20 07:27:48 2010 : Info: [IPASS] Adding Realm = "DEFAULT"
> Wed Oct 20 07:27:48 2010 : Info: [IPASS] Authentication realm is LOCAL.
> Wed Oct 20 07:27:48 2010 : Info: ++[IPASS] returns ok
> Wed Oct 20 07:27:48 2010 : Info: [suffix] Request already proxied.
> Ignoring.
> Wed Oct 20 07:27:48 2010 : Info: ++[suffix] returns ok
> Wed Oct 20 07:27:48 2010 : Info: [ntdomain] Request already proxied.
> Ignoring.
> Wed Oct 20 07:27:48 2010 : Info: ++[ntdomain] returns ok
> Wed Oct 20 07:27:48 2010 : Info: [realmpercent] Request already proxied.
> Ignoring.
> Wed Oct 20 07:27:48 2010 : Info: ++[realmpercent] returns ok
> Wed Oct 20 07:27:48 2010 : Info: [eap] EAP packet type response id 26
> length 30
> Wed Oct 20 07:27:48 2010 : Info: [eap] No EAP Start, assuming it's an
> on-going EAP conversation
> Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns updated
> Wed Oct 20 07:27:48 2010 : Info: ++[unix] returns notfound
> Wed Oct 20 07:27:48 2010 : Info: ++[files] returns noop
> Wed Oct 20 07:27:48 2010 : Info: ++[expiration] returns noop
> Wed Oct 20 07:27:48 2010 : Info: ++[logintime] returns noop
> Wed Oct 20 07:27:48 2010 : Info: [pap] WARNING! No "known good" password
> found for the user. Authentication may fail because of this.
> Wed Oct 20 07:27:48 2010 : Info: ++[pap] returns noop
> Wed Oct 20 07:27:48 2010 : Info: Found Auth-Type = EAP
> Wed Oct 20 07:27:48 2010 : Info: # Executing group from file
> /usr/local/etc/raddb/sites-enabled/default
> Wed Oct 20 07:27:48 2010 : Info: +- entering group authenticate {...}
> Wed Oct 20 07:27:48 2010 : Info: [eap] EAP Identity
> Wed Oct 20 07:27:48 2010 : Info: [eap] processing type md5
> Wed Oct 20 07:27:48 2010 : Debug: rlm_eap_md5: Issuing Challenge
> Wed Oct 20 07:27:48 2010 : Info: ++[eap] returns handled
> Sending Access-Challenge of id 141 to 192.168.6.200 port 1645
> EAP-Message = 0x011b001604100675c546c11b2ad0f1a7341b757af909
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x6d4e1d1a6d5519217cdc7f95e535c25b
> Wed Oct 20 07:27:48 2010 : Info: Finished request 48.
> Wed Oct 20 07:27:48 2010 : Debug: Going to the next request
> Wed Oct 20 07:27:48 2010 : Debug: Waking up in 4.9 seconds.
>
>
> Thanks & Regards
>
> --
> Chidanand Gangur
> Pune.
>



-- 
Chidanand Gangur
Pune.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101020/a9046679/attachment.html>


More information about the Freeradius-Users mailing list