Hi all,
I use freeradius-snapshot-20031003 version of FREERADIUS for testing
EAP-TTLS with it.
I try to make TTLS authentication. This is gone with PAP/EAP-MD5 in tunneled
mode but only if the PAP/EAP-MD5 credentials
were on the same maschine.
If I try to put the user credentials on other freeradius server and try to
make proxing it don't go any more.
There seems be a problem with proxing becouse no proxy request isn't send to
other radius server.
Below is useful listing (end part with eror and proxy setting). On other
second RADIUS server is TTLS radius server configured as client.
Please help.
----------------------------------------------------------------------------
------
rad_recv: Access-Request packet from host 10.0.0.173:1645, id=44, length=237
User-Name = "anonymous"
Framed-MTU = 1400
Called-Station-Id = "0007.85b3.63ac"
Calling-Station-Id = "000b.5f63.c145"
Message-Authenticator = 0xcf583fe883a5aa08b4aeadbd25ba0764
EAP-Message =
0x0206005715800000004d1703010048a022a4a5787533a644314a6f27a481deea37b5269793
31f24828f73e5b0791d0a73115ba87baee9ba7011c1f3ea98a14e497e6961991099590a610e9
78f1b72f68ee7f9034d820ce
NAS-Port-Type = Virtual
NAS-Port = 497
State = 0xd6c081b0b2fbf275d73554a94fbab8e9
NAS-IP-Address = 10.0.0.173
NAS-Identifier = "System_room_5510_AP1200"
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 87
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled
attributes.
TTLS: Got tunneled request
User-Name = "[EMAIL PROTECTED]"
User-Password = "kasslatter"
Freeradius-Proxied-To = 127.0.0.1
TTLS: Sending tunneled request
User-Name = "[EMAIL PROTECTED]"
User-Password = "kasslatter"
Freeradius-Proxied-To = 127.0.0.1
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 5
rlm_realm: Looking up realm "servprov.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "servprov.com"
rlm_realm: Adding Stripped-User-Name = "fritz"
rlm_realm: Proxying request from user fritz to realm servprov.com
rlm_realm: Adding Realm = "servprov.com"
rlm_realm: Preparing to proxy authentication request to realm
"servprov.com"
modcall[authorize]: module "suffix" returns updated for request 5
modcall[authorize]: module "mschap" returns noop for request 5
modcall: group authorize returns updated for request 5
TTLS: Got tunneled reply RADIUS code 0
TTLS: Rejecting tunneled user
rlm_eap: Handler failed in EAP type 21
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
proxy.conf:
realm servprov.com {
type = radius
authhost = 10.0.0.20:1812
accthost = 10.0.0.20:1813
secret = radius_proxy
strip
}
----------------------------------------------------------------------------
------
regards
Roman
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
