Calling eap_md5 to process EAP data in inner-tunnel

Oleksandr Yermolenko aae at sumix.com
Wed Oct 8 14:29:50 CEST 2014


On 10/08/2014 02:53 PM, Matthew Newton wrote:
> Hi,
>
> On Wed, Oct 08, 2014 at 11:08:37AM +0300, Oleksandr Yermolenko wrote:
>> users file
>>
>> stu    Cleartext-Password := "x3DdEhgN"
>> stu at sumix.com    Cleartext-Password := "x3DdEhgN"
>>
> As per the full debug output, your users file is
> /etc/raddb/mods-config/files/authorize - is that the one you
> altered?
>
> Did you add those lines to the top of the file?
>
> Matthew

cool, currently I have much better result ...  :-) I can build more 
custom thing with perl in inner--tunnel


(6)  eap_ttls : Got tunneled request
     EAP-Message = 0x02010016041009675fbad7352ecad216acaea5be5a12
(6)  eap_ttls : Sending tunneled request
(6)  server inner-tunnel {
(6)    Request:
     EAP-Message = 0x02010016041009675fbad7352ecad216acaea5be5a12
     User-Name = 'stu at sumix.com'
     State = 0x96d31d5996d219b178a0b4484d01383f
(6)  # Executing section authorize from file 
/etc/raddb/sites-enabled/inner-tunnel
(6)    authorize {
(6)   eap : Peer sent code Response (2) ID 1 length 22
(6)   eap : No EAP Start, assuming it's an on-going EAP conversation
(6)    [eap] = updated
(6)   files : users: Matched entry stu at sumix.com at line 2
(6)    [files] = ok
(6)   } #  authorize = updated
(6)  Found Auth-Type = EAP
(6)  # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
(6)    authenticate {
(6)   eap : Expiring EAP session with state 0x96d31d5996d219b1
(6)   eap : Finished EAP session with state 0x96d31d5996d219b1
(6)   eap : Previous EAP request found for state 0x96d31d5996d219b1, 
released from the list
(6)   eap : Peer sent method MD5 (4)
(6)   eap : EAP MD5 (4)
(6)   eap : Calling eap_md5 to process EAP data
(6)   eap : Freeing handler
(6)    [eap] = ok
(6)   } #  authenticate = ok
(6)  Login OK: [stu at sumix.com/<via Auth-Type = EAP>] (from client aae-vm 
port 0 via TLS tunnel)
(6)  # Executing section post-auth from file 
/etc/raddb/sites-enabled/inner-tunnel
(6)    Reply:
     EAP-Message = 0x03010004
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = 'stu at sumix.com'
(6)  } # server inner-tunnel
(6)  eap_ttls : Got tunneled Access-Accept
(6)  eap : Freeing handler
(6)   [eap] = ok
(6)  } #  authenticate = ok
(6) Login OK: [stu at sumix.com/<via Auth-Type = EAP>] (from client aae-vm 
port 80 cli 10.20.9.8[4500])
(6) # Executing section post-auth from file /etc/raddb/sites-enabled/default
(6)   post-auth {
(6)   [exec] = noop
(6)  } #  post-auth = noop
(6) Sending Access-Accept packet to host 127.0.0.1 port 53526, id=230, 
length=0
(6)     Message-Authenticator = 0x00000000000000000000000000000000
(6)     User-Name = 'stu at sumix.com'
(6)     MS-MPPE-Recv-Key = 
0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba6178083
(6)     MS-MPPE-Send-Key = 
0x8320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba
(6)     EAP-MSK = 
0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba61780838320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba
(6)     EAP-EMSK = 
0xa932fd253defe371a204bf8be8ed4214d0538232b8c16f2aa4c4d466afb351382e472eced957ba5778ca61b2aab137ca57caa6569e49738ce9572472b45a2d46
(6)     EAP-Session-Id = 
0x1554352c1966f914dd00af58f51964cf8dc10c9802988f14954d9ba4f375bbe92754352c199666f38e4d3ef44ef154331b7d69824775ea30ba31fe08bfcd635f40
(6)     EAP-Message = 0x03060004
Sending Access-Accept Id 230 from 127.0.0.1:1812 to 127.0.0.1:53526
     Message-Authenticator = 0x00000000000000000000000000000000
     User-Name = 'stu at sumix.com'
     MS-MPPE-Recv-Key = 
0x39315b8745ea304ef0fa604de15f5f8198f5d129b6f30de027213e3ba6178083
     MS-MPPE-Send-Key = 
0x8320ea33d80145fccce96da3b33497c6be6aab15e49c41e8ea9aecfa52e086ba
     EAP-Message = 0x03060004
(6) Finished request
Waking up in 0.2 seconds.
Waking up in 4.6 seconds.
(0) Cleaning up request packet ID 224 with timestamp +13
(1) Cleaning up request packet ID 225 with timestamp +13
(2) Cleaning up request packet ID 226 with timestamp +13
(3) Cleaning up request packet ID 227 with timestamp +13
(4) Cleaning up request packet ID 228 with timestamp +13
(5) Cleaning up request packet ID 229 with timestamp +13
(6) Cleaning up request packet ID 230 with timestamp +13



More information about the Freeradius-Users mailing list