FreeRadius2 issue when deployed as proxy for EAP-TLS

Matthew Newton mcn4 at leicester.ac.uk
Tue Apr 14 15:11:41 CEST 2015


On Tue, Apr 14, 2015 at 12:57:48PM +0000, Muhammad Faisal wrote:
> Do excuse me for sending wrong file. I have attached a correct file within now.

That's much better, thanks.

If you read that output, you'll notice the packet that was proxied
on is identical to the packet that was received.

Therefore FreeRADIUS is doing its job correctly. You need to
investigate what is broken on your other RADIUS server.

It either doesn't understand eap, or doesn't have eap configured
correctly.

Matthew


> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.52.75 port 10034, id=71, length=235
> 	User-Name = "001C1127E021 at setuptest.com"
> 	NAS-IP-Address = 192.168.52.75
> 	Calling-Station-Id = "001c1127e021"
> 	NAS-Identifier = "HW-WASN"
> 	Event-Timestamp = "Apr 14 2015 17:10:55 PKT"
> 	EAP-Message = 0x0217001f01303031433131323745303231407175626565746573742e636f6d
> 	WiMAX-Release = "1.1"
> 	WiMAX-Accounting-Capabilities = Flow-Based
> 	WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> 	WiMAX-Idle-Mode-Notification-Cap = Supported
> 	WiMAX-Attr-1281 = 0x01
> 	BS-Id = 0x303030303037303031313130
> 	WiMAX-GMT-Timezone-offset = 18000
> 	NAS-Port-Type = Wireless-802.16
> 	WiMAX-Available-In-Client = 99
> 	Service-Type = Framed-User
> 	Chargeable-User-Identity = "\000\000"
> 	Message-Authenticator = 0x1a5e73e60c133a6586d7adb34776c7c5
> # Executing section authorize from file /etc/raddb/sites-enabled/default


...


> +- entering group pre-proxy {...}
> [pre_proxy_log] 	expand: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -> /var/log/radius/radacct/192.168.52.75/pre-proxy-detail-20150414
> [pre_proxy_log] /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.52.75/pre-proxy-detail-20150414
> [pre_proxy_log] 	expand: %t -> Tue Apr 14 17:20:23 2015
> ++[pre_proxy_log] returns ok
> Sending Access-Request of id 66 to 192.168.51.6 port 1812
> 	User-Name = "001C1127E021 at setuptest.com"
> 	NAS-IP-Address = 192.168.52.75
> 	Calling-Station-Id = "001c1127e021"
> 	NAS-Identifier = "HW-WASN"
> 	Event-Timestamp = "Apr 14 2015 17:10:55 PKT"
> 	EAP-Message = 0x0217001f01303031433131323745303231407175626565746573742e636f6d
> 	WiMAX-Release = "1.1"
> 	WiMAX-Accounting-Capabilities = Flow-Based
> 	WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> 	WiMAX-Idle-Mode-Notification-Cap = Supported
> 	WiMAX-Attr-1281 = 0x01
> 	BS-Id = 0x303030303037303031313130
> 	WiMAX-GMT-Timezone-offset = 18000
> 	NAS-Port-Type = Wireless-802.16
> 	WiMAX-Available-In-Client = 99
> 	Service-Type = Framed-User
> 	Chargeable-User-Identity = "\000\000"
> 	Message-Authenticator = 0x00000000000000000000000000000000
> 	Proxy-State = 0x3731
> Proxying request 0 to home server 192.168.51.6 port 1812
> Sending Access-Request of id 66 to 192.168.51.6 port 1812
> 	User-Name = "001C1127E021 at setuptest.com"
> 	NAS-IP-Address = 192.168.52.75
> 	Calling-Station-Id = "001c1127e021"
> 	NAS-Identifier = "HW-WASN"
> 	Event-Timestamp = "Apr 14 2015 17:10:55 PKT"
> 	EAP-Message = 0x0217001f01303031433131323745303231407175626565746573742e636f6d
> 	WiMAX-Release = "1.1"
> 	WiMAX-Capability = 0x0105312e31020302030301040301
> 	WiMAX-Accounting-Capabilities = Flow-Based
> 	WiMAX-Hotlining-Capabilities = Hotline-Profile-Id
> 	WiMAX-Idle-Mode-Notification-Cap = Supported
> 	WiMAX-Attr-1281 = 0x01
> 	BS-Id = 0x303030303037303031313130
> 	WiMAX-GMT-Timezone-offset = 18000
> 	NAS-Port-Type = Wireless-802.16
> 	WiMAX-Available-In-Client = 99
> 	PPAC = 0x010600000063
> 	Service-Type = Framed-User
> 	Chargeable-User-Identity = "\000\000"
> 	Message-Authenticator = 0x00000000000000000000000000000000
> 	Proxy-State = 0x3731
> Going to the next request
> Waking up in 0.9 seconds.
> rad_recv: Access-Reject packet from host 192.168.51.6 port 1812, id=66, length=38
> 	Reply-Message = "Invalid Password"


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>


More information about the Freeradius-Users mailing list