We are trying to authenticate via EAP (MD5) pulling passwords from
LDAP. Platform is Solaris 8 SPARC, using snapshot 20020520. LDAP is
iPlanet's Directory 4.12. Client is Win98 using Cisco software for LEAP
authentication.
In LDAP, the user's entry only have Username and Password (in clear
text). The AP is set up to give out DHCP addresses.
Our radiusd.conf is set up as:
authorize {
preprocess
ldap
eap
}
authenticate {
eap
}
It seems the RADIUS server is authenticating but somewhere the EAP
packet is missing something since the AP keeps on requesting it again.
The AP logs show Authenticated, Reassociated and it loops. Details show
'EAP Pending, Short preambles'.
I also tried using 'files' instead of ldap, and my entry in the users
file was:
testuser Auth-Type := Local, User-Password == "mypassword"
And same deal...
Any help is appreciated. Thanks in advance.
Here's a debug output of the transaction (for ldap in this case)
rad_recv: Access-Request packet from host nn.nn.nn.nn:1527, id=245,
length=126
User-Name = "testuser"
NAS-IP-Address = nn.nn.nn.nn
Called-Station-Id = "xxxxxxxxxxx"
Calling-Station-Id = "xxxxxxxxxxx"
NAS-Identifier = "Cisco_AP"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\036\000\013\001testuser"
Message-Authenticator = 0xc1b3cabb05678d80ce73732be3aaa1e9
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(uid=testuser)'
radius_xlat: 'o=MyOrg, c=US'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg,c=US, with filter (uid=testuser)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user testuser authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 245 to nn.nn.nn.nn:1527
EAP-Message =
"\001\365\000\026\004\020`\005\364`\251\016\270\316.\276r\
034\006\214<2"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x343c6704a6c6b4c1d20fc8ce0974a76c3ce95c9b638b062ae67da63da59045
a3067dd737
Finished request 433
Going to the next request
Waking up in 6 seconds...
begin:vcard
adr;dom:;;;Lawrenceville;NJ;08648;
adr:;;2083 Lawreceville Road;Lawrenceville;NJ;08648;
n:Stella;Ricardo
tel;fax:1-208-330-8297
tel;work:1-609-896-5000 x7436
x-mozilla-html:FALSE
url:http://poseidon.rider.edu
org:Rider University;O.I.T.
version:2.1
title:Manager
x-mozilla-cpt:;-3024
fn:Ricardo Stella
end:vcard
