Hi!
My users don't use windows xp "zero configuration"
service for wifi. They use Ralink Configurator with profiles.
Auth EAP/PEAP.
Sometimes after reboot AP or 'unhibernate' Windows
XP freeradius logs packets with no User-Name attribute:
rad_recv: Access-Request packet from host
10.10.10.9:2048, id=115,
length=155
NAS-IP-Address = 10.10.10.9 NAS-Port = 0 Called-Station-Id = "00304f41e217" Calling-Station-Id = "000e2e74b798" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000501 Message-Authenticator = 0xebaa8690af8e44f2aa18020db98b43a2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 340 modcall[authorize]: module "preprocess" returns ok for request 340 radius_xlat: '/usr/local/var/log/radius/radacct/10.10.10.9/auth-detail-20060304' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.10.10.9/auth-detail-20060304 modcall[authorize]: module "auth_log" returns ok for request 340 modcall[authorize]: module "chap" returns noop for request 340 modcall[authorize]: module "mschap" returns noop for request 340 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "suffix" returns noop for request 340 rlm_eap: EAP packet type response id 0 length 5 !!!!!! rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 340 modcall[authorize]: module "files" returns notfound for request 340 !!!!!! rlm_sql (sql): zero length username not permitted modcall[authorize]: module "sql" returns invalid for request 340 modcall: leaving group authorize (returns invalid) for request 340 !!!!!! Invalid user: [<no User-Name attribute>] (from client AP9 port 0 cli 000e2e74b798) Delaying request 340 for 1 seconds And user must restart computer to connect to
AP...
It is possible to set freeradius not to check
User-Name? I use User-Name for logging purposes only. freeradius gets login and
password from PEAP and authorize even if User-Name is anything.
What should I do?
Norbert
|
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html