Hey guys,
I reconfigured from the default radiusd.conf file and did this test again
with the same strange results from peap. I could certainly be doing something
stupid and would appreciate any further feedback. I have included my
radiusd.conf file and a new tcpdump from the server.
Sorry for the attachments.
Best wishes,
-=Bill
Michael Griego wrote:
> On Wed, 2003-11-19 at 13:09, Alan DeKok wrote:
> > From the debug output, it looks like you've managed to make the
> > server call the EAP module *twice* for the request, during the
> > "authenticate" stage. I have no clue how you managed to do this, but
> > it's definitely wrong.
>
> That's exactly what I'm seeing.
>
> Bill, You didn't by chance put "authorize" or an Autz-Type in the
> "authenticate" section did you? Based on the trace, it really looks
> like this is what happened. The server jumps into the authorize section
> upon receiving the request (as normal), then begins the authenticate
> phase, but it then jumps BACK into an authorize block again before
> coming back out of all the mess.
>
I double checked the syntax and don't think I was doing anything like above.
>
> --
>
> --Mike
>
> -----------------------------------
> Michael Griego
> Wireless LAN Project Manager
> The University of Texas at Dallas
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ôò¡ ê½?íY È È øf 0¶À~ E ºú >?tÑ?BØ
â ¦UT ?/ssÒ°©+¶°?Ûy÷.Ywer
ssid=Ntelos_AP_01Ñ?B000dbda1f1e9000dbd05196d uncklejam.cstone.net %
x= O
[EMAIL PROTECTED]@N¯Ø Ñ?Bâ bgúT Zm^zÖ?ìǾÚ-?·µsO PÎé|¯
â ÏV}TlÐÚá?j×ß)?Í»ÞÏ;O Cùj?ñ|~Üûñ Üó
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = no
usercollide = yes
lower_user = before
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = no
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
md5 {
}
leap {
}
tls {
private_key_password = thinngything
private_key_file = /usr/local/etc/raddb/blah.key
certificate_file = /usr/local/etc/raddb/blah.crt
CA_file = /usr/local/etc/raddb/blah.cacrt
dh_file = /usr/local/etc/raddb/my_imap.dh
random_file = /usr/local/etc/raddb/random
fragment_size = 1024
include_length = yes
check_crl = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
mschap {
authtype = MS-CHAP
}
realm suffix {
format = suffix
delimiter = "@"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = yes
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = yes
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
perm = 0600
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
}
}
instantiate {
expr
}
authorize {
preprocess
auth_log
chap
eap
suffix
files
mschap
}
authenticate {
eap
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
preacct {
preprocess
suffix
files
}
accounting {
acct_unique
detail
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}