Raghu,
Thanks much for your prompt reply.
Could you please also post the relevent config entries for user "raghu" to
do EAP-MD5 authentication?
I believe I have some missing config entries. I used the TLS URL provided
as a base to configure the following...
users
-----
eapuser Auth-Type := EAP ///In this how to specify the challenge
password?
radiusd.conf
-------------
eap {
default_eap_type = md5
md5 {
}
}
clients
-------
client xxx.xxx.xxx.xxx {
secret = whatever
shortname = myNAS
}
Regards.
- Sunil
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Raghu
Sent: Tuesday, April 09, 2002 7:47 PM
To: [EMAIL PROTECTED]
Subject: Re: FreeRADIUS EAP debug output..
Sunil Chitnis wrote:
>
> Could someone post the debug output of radiusd for a complete valid
> authentication/authorization using EAP. Please erase any security related
> information from the output before posting. I want to verify the types of
> attributes being passed back and forth (including VSAs).
>
For EAP-TLS debug o/p check
http://www.missl.cs.umd.edu/~adam/802
Typical, EAP-MD5 debug o/p
rad_recv: Access-Request packet from host 192.168.1.225:1034, id=0,
length=119
User-Name = "raghu"
NAS-IP-Address = 192.20.100.1
Called-Station-Id = "000XXXXXXXXX"
Calling-Station-Id = "000XXXXXXXXX"
NAS-Identifier = "ATMO02A1"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\203\000\n\001raghu"
Message-Authenticator = 0x6dd277e211ebd26747aa2ba634b3a9d2
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
users: Matched raghu at 13
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 1 to 192.168.1.225:1035
Class = 0x01
EAP-Message =
"\001\001\000\026\004\020%\223\334\014\032\260\005.\\D\363\362'\336\034"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x0710f9a066479548ffd1961a1ff4faa9689bb33c63ded6080a3453955089c2
6ef09dea43
Finished request 95
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.225:1036, id=2,
length=174
User-Name = "raghu"
NAS-IP-Address = 172.20.100.1
Called-Station-Id = "000XXXXXXXXX"
Calling-Station-Id = "000XXXXXXXXX"
NAS-Identifier = "ATMO02A1"
NAS-Port = 29
Framed-MTU = 1400
State =
0x0710f9a066479548ffd1961a1ff4faa9689bb33c63ded6080a3453955089c26ef09dea43
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002\001\000\033\004\020\317\250<\305E\254~z\355y\235R\256\242\372$raghu"
Message-Authenticator = 0x666676b74b0c038e07b29355eec4a834
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
users: Matched raghu at 13
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 2 to 192.168.1.225:1036
Class = 0x01
EAP-Message = "\003\002\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 96
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 94 ID 0 with timestamp 3cb39b68
Cleaning up request 95 ID 1 with timestamp 3cb39b68
Cleaning up request 96 ID 2 with timestamp 3cb39b68
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
