i am trying to authenticate users via eap md5 for just testing purposes. i use winxp supplicant (i know that after sp1 they dont support md5).
i ran the radius server in the debug mode. here is the output.
rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43, length=176
User-Name = "onur"
Cisco-AVPair = "ssid=deneme1"
NAS-IP-Address = 193.140.193.133
Called-Station-Id = "00409658c568"
Calling-Station-Id = "00601d23ac50"
NAS-Identifier = "mobile1.mast.boun.edu.tr"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Authenticate-Only
EAP-Message = 0x0276001a04105039fc16b3f07964ed389fdcb541b3d86f6e7572
Message-Authenticator = 0x331a683c47109fa7665f3af45a3b83ff
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_eap: EAP packet type notification id 118 length 26
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated
users: Matched onur at 9
modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: EAP packet type notification id 118 length 26
rlm_eap: EAP Start not found
rlm_eap: NO State Attribute found: Cannot match EAP packet to any existing conversation.
modcall[authenticate]: module "eap" returns invalid
modcall: group authenticate returns invalid
auth: Failed to validate the user.
Delaying request 54 for 1 seconds
Finished request 54
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43, length=176
Sending Access-Reject of id 43 to 193.140.193.133:1084
Reply-Message = "boo-3"
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 52 ID 41 with timestamp 407f0c20
Cleaning up request 53 ID 42 with timestamp 407f0c20
Cleaning up request 54 ID 43 with timestamp 407f0c20
Nothing to do. Sleeping until we see a request.
i am using cisco ap 350 and wavelan cards. the user is defined but i connot figure out where the problem is. in the users file i set the reply message to "boo-3" so i think it figures correctly the username password. and i have no idea what
"rlm_eap: EAP Start not found
rlm_eap: NO State Attribute found: Cannot match EAP packet to any existing conversation."
means...
thanks in advance onur simsek
ps: the config file
V
*********************************************************************************************
##
## radiusd.conf -- FreeRADIUS server configuration file.
##
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct# Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
shadow = /etc/shadow
radwtmp = ${logdir}/radwtmp
}
eap { md5 {
}
}
mschap {
authtype = MS-CHAP
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmapldap_connections_number = 5
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
timeout = 4
timelimit = 3
net_timeout = 1
}
realm realmslash {
format = prefix
delimiter = "/"
}
realm suffix {
format = suffix
delimiter = "@"
}
realm realmpercent {
format = suffix
delimiter = "%"
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
} # ANSI X9.9 token support. Not included by default.
# $INCLUDE ${confdir}/x99.conf}
instantiate {
expr
}
authorize {preprocess
eap
files
}
authenticate {eap
}
preacct {
preprocess
suffix
files
}
accounting {
acct_uniquedetail
unix # wtmp file
radutmp
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}***********************************************************************************
"Fear gives me wings..."
Max Payne_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
