RE: help with EAP MD5 wired authentication

Tue, 22 Nov 2005 13:45:36 -0800 

Thanks for responding.

I tried that but did not work.  radiusd gave the same error message before.

If you have it working then please send your radiusd.conf, users file

My email is [EMAIL PROTECTED]

Anup





From: "MINODIER David RD-RESA-LAN" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>,"FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> 
Subject: RE: help with EAP MD5 wired authentication
Date: Tue, 22 Nov 2005 09:31:29 +0100

Since you're using EAP-MD5, you should have in your users file:

Xxx     Auth-Type := EAP, User-Password == "whatever"

David.


> -----Message d'origine-----
> De : [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] De la
> part de Anup Parkhi
> Envoyé : mardi 22 novembre 2005 01:54
> À : freeradius-users@lists.freeradius.org
> Objet : help with EAP MD5 wired authentication
>
> Hi,
>
> I am struggling with EAP-MD5 wired authentication for last
> couple of days. I checked the web and archives but to no avail.
>
> I am using XP supplicant. Tried with Funk's supplicant also
> but same result.
>
> Any help will be highly appreciated.
>
> Thanks
> Anup
>
> My users file has following towards the end
>
> # On no match, the user is denied access.
>
> a       User-Password == "a"
>
> "test"  User-Password == "test"
>
> "Administrator" User-Password == "pnbidm123!"
>
> aparkhi Auth-Type := System, User-Password == "aparkhi"
>
> DEFAULT Auth-Type := Accept
>                Reply-Message = "All users are allowed, Welcome %u."
>
> Radiusd.conf has
>
> 1. modules section
> ...
> pap {
>                encryption_scheme = crypt
>        }
>
>        # CHAP module
>        #
>        #  To authenticate requests containing a CHAP-Password
> attribute.
>        #
>        chap {
>                authtype = CHAP
>        }
> ...
> $INCLUDE ${confdir}/eap.conf
>
> mschap {
> ...
> }
>
> files {
> ...
> }
>
> ...
>
>
> The console output of radiusd -X -s is
>
> Ready to process requests.
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
> length=214
>        Framed-MTU = 1480
>        NAS-IP-Address = 10.11.12.107
>        NAS-Identifier = "HP ProCurve Switch 2824"
>        User-Name = "test"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 24
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "24"
>        Called-Station-Id = "00-0f-20-8d-04-c8"
>        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "1010"
>        EAP-Message = 0x020200090174657374
>        Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_eap: EAP packet type response id 2 length 9
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 0
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 183
> modcall[authorize]: module "files" returns ok for request 0
> modcall: group authorize returns updated for request 0
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled for request 0
> modcall: group authenticate returns handled for request 0
> Sending Access-Challenge of id 76 to 10.11.12.107:1024
>        Framed-IP-Address = 255.255.255.254
>        Framed-MTU = 576
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        Framed-Compression = Van-Jacobson-TCP-IP
>        EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x33fe6026586af730cd367983bb9ea8b6
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> length=249
>        Framed-MTU = 1480
>        NAS-IP-Address = 10.11.12.107
>        NAS-Identifier = "HP ProCurve Switch 2824"
>        User-Name = "test"
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        NAS-Port = 24
>        NAS-Port-Type = Ethernet
>        NAS-Port-Id = "24"
>        Called-Station-Id = "00-0f-20-8d-04-c8"
>        Calling-Station-Id = "00-c0-9f-0d-4a-1f"
>        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
>        Tunnel-Type:0 = VLAN
>        Tunnel-Medium-Type:0 = IEEE-802
>        Tunnel-Private-Group-Id:0 = "1010"
>        State = 0x33fe6026586af730cd367983bb9ea8b6
>        EAP-Message =
> 0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
>        Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok for request 1
> modcall[authorize]: module "chap" returns noop for request 1
> modcall[authorize]: module "mschap" returns noop for request 1
> rlm_eap: EAP packet type response id 3 length 26
> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> modcall[authorize]: module "eap" returns updated for request 1
>    users: Matched entry DEFAULT at line 152
>    users: Matched entry DEFAULT at line 171
>    users: Matched entry DEFAULT at line 183
> modcall[authorize]: module "files" returns ok for request 1
> modcall: group authorize returns updated for request 1
> rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/md5
> rlm_eap: processing type md5
> rlm_eap_md5: User-Password is required for EAP-MD5 authentication
> rlm_eap: Handler failed in EAP/md5
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 1
> modcall: group authenticate returns invalid for request 1
> auth: Failed to validate the user.
> Delaying request 1 for 1 seconds
> Finished request 1
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
> length=249
> Sending Access-Reject of id 77 to 10.11.12.107:1024
>        EAP-Message = 0x04030004
>        Message-Authenticator = 0x00000000000000000000000000000000
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 76 with timestamp 43826690 Cleaning
> up request 1 ID 77 with timestamp 43826690 Nothing to do.
> Sleeping until we see a request.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to