FreeRADIUS + EAP-MD5 +WindowsXP supplicant ERROR!

Wed, 02 Apr 2003 07:59:19 -0800 

Hi,

i'm trying FreeRADIUS with HostAP and OpenLDAP to build a 'secure' AP.
I've configured it to work with EAP-TLS and it work's fine with the Windows
XP supplicant.
But if I configure it to work with EAP-MD5, it seems not to work:
 - the Windows XP client is configured with EAP-MD5
 - it takes login and password from user
 - FreeRADIUS seems to validate him correctly (here is the log):

rad_recv: Access-Request packet from host 192.168.49.222:1029, id=3,
length=231
        User-Name = "Nombre2 Apellido2"
        NAS-IP-Address = 192.168.49.222
        NAS-Port = 1
        Called-Station-Id = "00-50-C2-10-92-82:SecureAP"
        Calling-Station-Id = "00-0B-46-26-1B-E2"
        Framed-MTU = 2304
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message =
"\002\004\000'\004\020\226f\026\271\\\235\202\247\206~^\367\026pV\242Nombre2
Apellido2"
        State =
0x548fc174e88138adeecadde08ef4263f2e078b3ee6798cd2f2fd877659244ef7889a108c
        Message-Authenticator = 0x3da5ed71acd933e4d3f404747dae12ee
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Nombre2 Apellido2
radius_xlat:  '(uid=Nombre2 Apellido2)'
radius_xlat:  'ou=Wireless,dc=sgi,dc=es'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=Wireless,dc=sgi,dc=es, with filter
(uid=Nombre2 Apellido2)
rlm_ldap: Added password izadisan in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusExpiration as Expiration, value 11 & op=21
rlm_ldap: Adding radiusAuthType as Auth-Type, value EAP & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Nombre2 Apellido2 authorized to use remote access
ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Accept of id 3 to 192.168.49.222:1029
        EAP-Message = "\003\004\000\004"
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 30
Going to the next request
Waking up in 6 seconds...

 - Windows XP client thinks itself it's authenticated, because don't try to
login more
 - but the network is not accesible for the client...

Which could be the problem ?


Israel Cárdenas Romero


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to