Hi,
I am trying authenticate XP supplicants with freeradius, but I have found a problem I am not sure if is a bug (I donīt think so) or I am configuring something wrong.
When I authenticate a nuser using XP client , The Radius authentication is success and the NAS open the port. But the problem is that the client doesnīt realize that it has been authenticated and continue sending EAP-Request frames in order grand connection.
I am not sure, but I thing that is a problem with the EAP Id field in the EAP-Success frame. Here you have a resume of the conversation writing into parenthesis the eap id.
NAS RADIUS
--> RAD-Req/EAP-Resp(id=1) -------->
<-- RAD-Chall/EAP-Req (id=c1) <----
--> RAD-Req/EAP-Resp (id=c1) ------>
<-- RAD-Acept/EAP-Success (id=c2)-->
I have checked with other radius rervers and the conversation is as follows.
NAS RADIUS
--> RAD-Req/EAP-Resp(id=1) -------->
<-- RAD-Chall/EAP-Req (id=c1) <----
--> RAD-Req/EAP-Resp (id=c1) ------>
<-- RAD-Acept/EAP-Success (id=c1)-->
Has anybody found this problem before? (BTW, I have read and follow all the steps described in eap-md5 how-to ;-))
Thanks in advance.
Jorge.
PS. I don't know if it is necessary, but here there is a copy of ./radiusd -X log. Regards.
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 134.141.221.252:1042, id=22, length=75
Message-Authenticator = 0x4854f73892ec16e8bd0da4eb55ffbc8f
User-Name = "jorge"
NAS-IP-Address = 134.141.221.252
NAS-Port = 1
EAP-Message = "\002\001\000\n\001jorge"
Framed-MTU = 1000
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
users: Matched jorge at 106
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 22 to 134.141.221.252:1042
Filter-Id = "Enterasys;version=1;mgmt=su"
EAP-Message = "\001\026\000\026\004\020\250(r\267bE*Y\017\025v\253\305LUD"
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcf889d6182c3b228d524b102a660c5c8
Finished request 0
Going to the next request
SMUX connect try 2
Can't connect to SNMP agent with SMUX: Connection refused
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 134.141.221.252:1042, id=23, length=110
Message-Authenticator = 0x4bf7ee8fc92e1d30f3a2b516a0b76ddf
User-Name = "jorge"
State = 0xcf889d6182c3b228d524b102a660c5c8
NAS-IP-Address = 134.141.221.252
NAS-Port = 1
Framed-MTU = 1000
EAP-Message = "\002\026\000\033\004\020J\274\311\024\367\305x\273k\007l^\345\220\324.jorge"
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
users: Matched jorge at 106
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "eap" returns updated
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 23 to 134.141.221.252:1042
Filter-Id = "Enterasys;version=1;mgmt=su"
EAP-Message = "\003\027\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1
Going to the next request
SMUX connect try 3
Can't connect to SNMP agent with SMUX: Connection refused
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 22 with timestamp 3da2eccc
Cleaning up request 1 ID 23 with timestamp 3da2eccc
Nothing to do. Sleeping until we see a request.
