Hi all , my eap module authentication doesn't seem to work properly.
1st of all here is my configuration :
- AP : INTEL *PRO/Wireless 5000 LAN Access Point*
*** - Radius server :
Linux Mandrake 9.1 Beta with :
Openssl (and openssl-develop) : 0.9.7a-1.1
Freeradius : 0.9.0
Cert generation : openssl openssl-certgen-0.9.7-beta3
- Wifi client :
Windows 2000SP3 client with a pcmcia intel 5000 wireless LANSO,
after generating and installing freeradius, generating and installing certificates on server and client , I tried to initiate an EAP/TLS negociation but negocation failed after the 2nd frame :
"rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=203, length=84
Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024 - ID 203 : IGNORED"
My idea is : the EAP start has not be done and the challenge is not possible : **"rlm_eap: EAP Start not found"* * my question is : where am I wrong ????
Thanks a lot all !
In radiusd log I got :****
rad_recv: Access-Request packet from host 192.168.6.73:1024, id=209, length=157
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address = 10.0.10.1
Called-Station-Id = "00053C085BFF"
Calling-Station-Id = "00053C081C8C"
NAS-Identifier = "WDAP5000"
NAS-Port = 1
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02d0001d0141646d696e697374726174657572406f73697269732e6672
Message-Authenticator = 0x753bbcef45b7674e49cf5493743d7b24
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type notification id 208 length 29
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
rlm_realm: Looking up realm "osiris.fr" for User-Name = "[EMAIL PROTECTED]
is.fr"
rlm_realm: Found realm "osiris.fr"
rlm_realm: Adding Stripped-User-Name = "Administrateur"
rlm_realm: Proxying request from user Administrateur to realm osiris.fr
rlm_realm: Adding Realm = "osiris.fr"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 158
users: Matched Administrateur at 223
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: list_clean deleted one item
rlm_eap: EAP packet type notification id 208 length 29
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Sending Access-Challenge of id 209 to 192.168.6.73:1024
EAP-Message = 0x01d100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa13a1b3dc1e9b3750120ef9d9862851e7d654b3fe86a1ddfb96101aa4d067d
80103f6474
Finished request 60
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=209, length=84
Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024
Ethereal report :
0.000000 192.168.6.73 -> 192.168.6.38 RADIUS Access Request(1) (id=205, l=157)
0.489001 Intel_df:3b:b2 -> Broadcast ARP Who has 192.168.6.73? Tell 192.168.6.38
0.489210 3com_48:42:18 -> Intel_df:3b:b2 ARP 192.168.6.73 is at 00:50:04:48:42:18
0.489236 192.168.6.38 -> 192.168.6.73 RADIUS Access challenge(11) (id=205, l=84)
0.490142 192.168.6.73 -> 192.168.6.38 RADIUS Access challenge(11) (id=205, l=84)
2.482117 192.168.6.73 -> 192.168.6.38 RADIUS Access challenge(11) (id=205, l=84)
***
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
