hi
the following line seems to be principally correct (don't use
explicit Auth-Type):
a User-Password == "a"
the eap module fails in authentication because it can't find the User-
Password for the user. Make sure that the "files" module is used in
authorize i.e. that the users file is actually used.
the modules pap and mschap are of no interest whatsoever. also, i
don't understand the DEFAULT accept policy - imho it's nonsense.
hope this helps
artur
1. modules section
...
pap {
encryption_scheme = crypt
}
# CHAP module
#
# To authenticate requests containing a CHAP-Password
attribute.
#
chap {
authtype = CHAP
}
...
$INCLUDE ${confdir}/eap.conf
mschap {
...
}
files {
...
}
...
The console output of radiusd -X -s is
Ready to process requests.
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=76,
length=214
Framed-MTU = 1480
NAS-IP-Address = 10.11.12.107
NAS-Identifier = "HP ProCurve Switch 2824"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 24
NAS-Port-Type = Ethernet
NAS-Port-Id = "24"
Called-Station-Id = "00-0f-20-8d-04-c8"
Calling-Station-Id = "00-c0-9f-0d-4a-1f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1010"
EAP-Message = 0x020200090174657374
Message-Authenticator = 0xb12214c2d6fb14f33c7cc758ccfb54b7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 76 to 10.11.12.107:1024
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x0103001604100118f4899111b27fc08900284095e5e2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x33fe6026586af730cd367983bb9ea8b6
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
length=249
Framed-MTU = 1480
NAS-IP-Address = 10.11.12.107
NAS-Identifier = "HP ProCurve Switch 2824"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 24
NAS-Port-Type = Ethernet
NAS-Port-Id = "24"
Called-Station-Id = "00-0f-20-8d-04-c8"
Calling-Station-Id = "00-c0-9f-0d-4a-1f"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1010"
State = 0x33fe6026586af730cd367983bb9ea8b6
EAP-Message =
0x0203001a04101c913399463bebf9f6dc2d0af18f0c7974657374
Message-Authenticator = 0x2592cd875d1068f5b16fe7999f451769
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 26
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
users: Matched entry DEFAULT at line 183
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap_md5: User-Password is required for EAP-MD5 authentication
rlm_eap: Handler failed in EAP/md5
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.11.12.107:1024, id=77,
length=249
Sending Access-Reject of id 77 to 10.11.12.107:1024
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 76 with timestamp 43826690
Cleaning up request 1 ID 77 with timestamp 43826690
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
<2#Mime.822>
<GWAVADAT.TXT>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
