> Then it doesn't do EAP properly. I have double checked with 3com to confirm they did not "microsoft" the EAP standard and I am told it is completely compliant with standard EAP. After reviewing the url posted by John Lindsay, I see that Cisco Aironet working with freeradius and I have found a curious item in dump of freeradius. The 3com access point is sending back a response to the challenge but the radius server is getting an error in the rlm_eap modules. The following is a full dump of the transaction: rad_recv: Access-Request packet from host 64.214.69.235:5001, id=29, length=67 EAP-Message = "\002\001\000\t\001junk" Message-Authenticator = 0x391509740ecb0d9e19fa22520f29ee1a NAS-IP-Address = 192.168.100.170 User-Name = "junk" Framed-MTU = 1400 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated modcall[authorize]: module "suffix" returns ok users: Matched junk at 67 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type md5 modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 29 to 64.214.69.235:5001 EAP-Message = "\001\035\000\026\004\020#\237\300j\320\225\376<\2639\262\265\340\333F\243" Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd3a5063b0b3c477241aa038a1bd600d50ac8913cf4210ec4828ecd3a5430359074e4689b Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 64.214.69.235:5001, id=30, length=108 EAP-Message = "\002\035\000\032\004\020\364<\366\257\206F\017@Nb\tV\251.\314\334junk" Message-Authenticator = 0x465a58897948e060466ca171349e5911 NAS-IP-Address = 192.168.100.170 User-Name = "junk" State = 0xd3a5063b0b3c477241aa038a1bd600d50ac8913cf421 Framed-MTU = 1400 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated modcall[authorize]: module "suffix" returns ok users: Matched junk at 67 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: State verification failed. modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Sending Access-Reject of id 30 to 64.214.69.235:5001 Finished request 1 Going to the next request Waking up in 6 seconds...
How can I track down what is causing the failure in the eap module? Eric ----- Original Message ----- From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 14, 2002 2:33 PM Subject: Re: 3com Wirless Access Point and FreeRadius > "Eric John Seneca" <[EMAIL PROTECTED]> wrote: > > The reason there is not response back is because the 3com access point > > interprets challenge as a failure. > > Then it doesn't do EAP properly. > > > Is there any special setting I must define for the user? The access point > > and client only has one setting which is EAP-MD5. I do not have any DEFAULT > > setting for EAP. There seems to be setting for SLIP and other protocols in > > the users file. Am I missing something in the configuration of the radius > > server? > > No. The NAS is asking to do EAP, and then complaining when it gets > an EAP response. > > Fix the NAS to do EAP properly. Poking the RADIUS server won't do > anything. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html