i am trying to authenticate users via eap md5 for just testing purposes. i use winxp supplicant (i know that after sp1 they dont support md5).
i ran the radius server in the debug mode. here is the output.
rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43, length=176
User-Name = "onur"
Cisco-AVPair = "ssid=deneme1"
NAS-IP-Address = 193.140.193.133
Called-Station-Id = "00409658c568"
Calling-Station-Id = "00601d23ac50"
NAS-Identifier = "mobile1.mast.boun.edu.tr"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Authenticate-Only
EAP-Message = 0x0276001a04105039fc16b3f07964ed389fdcb541b3d86f6e7572
Message-Authenticator = 0x331a683c47109fa7665f3af45a3b83ff
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type notification id 118 length 26
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
users: Matched onur at 9
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 118 length 26
rlm_eap: EAP Start not found
rlm_eap: NO State Attribute found: Cannot match EAP packet to any existing conversation.
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 54 for 1 seconds
Finished request 54
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43, length=176
Sending Access-Reject of id 43 to 193.140.193.133:1084
Reply-Message = "boo-3"
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 52 ID 41 with timestamp 407f0c20
Cleaning up request 53 ID 42 with timestamp 407f0c20
Cleaning up request 54 ID 43 with timestamp 407f0c20
Nothing to do. Sleeping until we see a request.
i am using cisco ap 350 and wavelan cards. the user is defined but i connot figure out where the problem is. in the users file i set the reply message to "boo-3" so i think it figures correctly the username password. and i have no idea what
"rlm_eap: EAP Start not found
rlm_eap: NO State Attribute found: Cannot match EAP packet to any existing conversation."
means...
thanks in advance onur simsek
ps: the config file V ********************************************************************************************* ## ## radiusd.conf -- FreeRADIUS server configuration file. ## prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct
# Location of config and logfiles. confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = /usr/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = yes log_auth_goodpass = yes usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 shadow = /etc/shadow radwtmp = ${logdir}/radwtmp } eap {
md5 { } } mschap { authtype = MS-CHAP } ldap { server = "ldap.your.domain" basedn = "o=My Org,c=UA" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "dialupAccess" dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
timeout = 4
timelimit = 3
net_timeout = 1
}
realm realmslash {
format = prefix
delimiter = "/"
}
realm suffix {
format = suffix
delimiter = "@"
}
realm realmpercent {
format = suffix
delimiter = "%"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no }
# ANSI X9.9 token support. Not included by default. # $INCLUDE ${confdir}/x99.conf
}
instantiate { expr } authorize {
preprocess
eap
files
} authenticate {
eap
} preacct { preprocess suffix files } accounting { acct_unique
detail
unix # wtmp file
radutmp } session { radutmp } post-auth { } pre-proxy { } post-proxy { eap }
***********************************************************************************
"Fear gives me wings..." Max Payne
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html