I am working with freeradius-snapshot-20040601 on FreeBSD 5.2.1
This problem has been on the list several times but it seems the resolution
was never clear to me on passing the User-Password to the EAP module. Other
than making sure I have a userPassword from LDAP in clear text, which I do, I
am at a loss of how to proceed.
Everything works fine through receiving the Access-Request, finding items in
LDAP, matching in the users file and sending the Access-Challenge.
Another Access-Request packet is received. LDAP and the users file are once
again processed but now EAP complains that "User-Password is required for
EAP-MD5 authentication".
I get the same results whether using a WinXP supplicant or radeapclient. The
exchange of packets from radeapclient are enclose below.
I've tried to follow the documentation and understand the processing. I've
overlooked something simple, what is it?
Zoltan
__________________________
%radeapclient -x localhost auth testing123 < req.txt
+++> About to send encoded packet:
User-Name = "m0999999"
User-Password = "test123"
EAP-MD5-Password = "test123"
NAS-IP-Address = 147.133.230.16
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "m0999999"
Message-Authenticator = 0x00
NAS-Port = 0
lt-radeapclient in free(): warning: modified (chunk-) pointer
Sending Access-Request of id 96 to 127.0.0.1:1812
User-Name = "m0999999"
User-Password = "test123"
NAS-IP-Address = 147.133.230.16
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Message = 0x02d2000d016d30393939393939
rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=96, length=123
Filter-Id = "Enterasys:version=1:mgmt=:policy=Employee"
EAP-Message = 0x01d300160410f04c4ba33e9d9f3aca9af78b81f64a68
Message-Authenticator = 0x662e7992eeca12aa06d14b8a6b052c23
State = 0xe644a9cda29ed90a30f86689aad948b0
<+++ EAP decoded packet:
Filter-Id = "Enterasys:version=1:mgmt=:policy=Employee"
EAP-Message = 0x01d300160410f04c4ba33e9d9f3aca9af78b81f64a68
Message-Authenticator = 0x662e7992eeca12aa06d14b8a6b052c23
State = 0xe644a9cda29ed90a30f86689aad948b0
EAP-Id = 211
EAP-Code = Request
EAP-Type-MD5 = 0x10f04c4ba33e9d9f3aca9af78b81f64a68
+++> About to send encoded packet:
User-Name = "m0999999"
User-Password = "\254\357\345\026\203Zbc\225\344c)!\215\250["
EAP-MD5-Password = "test123"
NAS-IP-Address = 147.133.230.16
EAP-Code = Response
EAP-Id = 211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Type-MD5 = 0x10e6f368a0522d75a7a9bf169976998e6f
State = 0xe644a9cda29ed90a30f86689aad948b0
lt-radeapclient in free(): warning: modified (chunk-) pointer
Sending Access-Request of id 97 to 127.0.0.1:1812
User-Name = "m0999999"
User-Password = "test123"
NAS-IP-Address = 147.133.230.16
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
State = 0xe644a9cda29ed90a30f86689aad948b0
EAP-Message = 0x02d300160410e6f368a0522d75a7a9bf169976998e6f
Re-sending Access-Request of id 97 to 127.0.0.1:1812
User-Name = "m0999999"
User-Password = "\312Y\007h\267\351\340^m\031*B\232\344\344\032"
EAP-MD5-Password = "test123"
NAS-IP-Address = 147.133.230.16
EAP-Code = Response
EAP-Id = 211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Type-MD5 = 0x10e6f368a0522d75a7a9bf169976998e6f
State = 0xe644a9cda29ed90a30f86689aad948b0
EAP-Message = 0x02d300160410e6f368a0522d75a7a9bf169976998e6f
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=97, length=44
EAP-Message = 0x04d30004
Message-Authenticator = 0xca6ae166c955cb1aaf29ea1bdd5e823b
<+++ EAP decoded packet:
EAP-Message = 0x04d30004
Message-Authenticator = 0xca6ae166c955cb1aaf29ea1bdd5e823b
EAP-Id = 211
EAP-Code = Failure
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
