> Then it doesn't do EAP properly.
I have double checked with 3com to confirm they did not "microsoft" the EAP
standard and I am told it is completely compliant with standard EAP. After
reviewing the url posted by John Lindsay, I see that Cisco Aironet working
with freeradius and I have found a curious item in dump of freeradius. The
3com access point is sending back a response to the challenge but the radius
server is getting an error in the rlm_eap modules. The following is a full
dump of the transaction:
rad_recv: Access-Request packet from host 64.214.69.235:5001, id=29,
length=67
EAP-Message = "\002\001\000\t\001junk"
Message-Authenticator = 0x391509740ecb0d9e19fa22520f29ee1a
NAS-IP-Address = 192.168.100.170
User-Name = "junk"
Framed-MTU = 1400
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
users: Matched junk at 67
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type md5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 29 to 64.214.69.235:5001
EAP-Message =
"\001\035\000\026\004\020#\237\300j\320\225\376<\2639\262\265\340\333F\243"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0xd3a5063b0b3c477241aa038a1bd600d50ac8913cf4210ec4828ecd3a5430359074e4689b
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 64.214.69.235:5001, id=30,
length=108
EAP-Message =
"\002\035\000\032\004\020\364<\366\257\206F\017@Nb\tV\251.\314\334junk"
Message-Authenticator = 0x465a58897948e060466ca171349e5911
NAS-IP-Address = 192.168.100.170
User-Name = "junk"
State = 0xd3a5063b0b3c477241aa038a1bd600d50ac8913cf421
Framed-MTU = 1400
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
users: Matched junk at 67
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: State verification failed.
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Sending Access-Reject of id 30 to 64.214.69.235:5001
Finished request 1
Going to the next request
Waking up in 6 seconds...
How can I track down what is causing the failure in the eap module?
Eric
----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 14, 2002 2:33 PM
Subject: Re: 3com Wirless Access Point and FreeRadius
> "Eric John Seneca" <[EMAIL PROTECTED]> wrote:
> > The reason there is not response back is because the 3com access point
> > interprets challenge as a failure.
>
> Then it doesn't do EAP properly.
>
> > Is there any special setting I must define for the user? The access
point
> > and client only has one setting which is EAP-MD5. I do not have any
DEFAULT
> > setting for EAP. There seems to be setting for SLIP and other protocols
in
> > the users file. Am I missing something in the configuration of the
radius
> > server?
>
> No. The NAS is asking to do EAP, and then complaining when it gets
> an EAP response.
>
> Fix the NAS to do EAP properly. Poking the RADIUS server won't do
> anything.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
