Realm - since you are not using realms it is as expected. You can forget about that one.
EAP - yes, your AP doesn't have EAP (802.1x) enabled. Ivan Kalik Kalik Informatika ISP Dana 16/9/2007, "Piero Giobbi" <[EMAIL PROTECTED]> piše: >Hi again all, sorry for spamming the list. > >I have two questions regarding EAP an REALM, realm first. > >In every request i get: > rlm_realm: No '@' in User-Name = "00-17-f2-ea-b1-3e", looking up >realm NULL > rlm_realm: No such realm "NULL" > >I wonder what that mean if/how to turn that off? Or should i even care? > >EAP: >I'm trying to get EAP working with my Proxim AP4000. When i auth. i >get (Everything works great thou, but i want the "secure line" >between NAS and server (If i got it right? I don't like clear text.)): > >rad_recv: Access-Request packet from host 10.0.5.200:6001, id=4, >length=151 > User-Name = "00-17-f2-ea-b1-3e" > User-Password = "00-17-f2-ea-b1-3e" > NAS-IP-Address = 10.0.5.200 > Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B" > Calling-Station-Id = "00-17-f2-ea-b1-3e" > NAS-Port = 9 > NAS-Port-Type = Wireless-802.11 > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "00-17-f2-ea-b1-3e", looking up >realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > users: Matched entry 00-17-f2-ea-b1-3e at line 96 > modcall[authorize]: module "files" returns ok for request 0 > modcall[authorize]: module "pap" returns updated for request 0 >modcall: leaving group authorize (returns updated) for request 0 > rad_check_password: Found Auth-Type pap >auth: type "PAP" > Processing the authenticate section of radiusd.conf >modcall: entering group PAP for request 0 >rlm_pap: login attempt with password 00-17-f2-ea-b1-3e >rlm_pap: Using clear text password "00-17-f2-ea-b1-3e". >rlm_pap: User authenticated successfully > modcall[authenticate]: module "pap" returns ok for request 0 >modcall: leaving group PAP (returns ok) for request 0 >Sending Access-Accept of id 4 to 10.0.5.200 port 6001 > Calling-Station-Id == "00-17-f2-ea-b1-3e" > NAS-IP-Address = 82.182.120.201 > Called-Station-Id = "00-20-a6-6f-93-bf:My Wireless Network B" > NAS-Port = 9 > NAS-Port-Type = Wireless-802.11 > Service-Type = Framed-User > Framed-Routing = Broadcast-Listen >Finished request 0 >Going to the next request >--- Walking the entire request list --- >Waking up in 6 seconds.. > >Does that mean that AP4000 doesn't sends a EAP-request or is my >config somehow broken? Is there any way to tell? I Tried make my own >cerificates with CA.all in the script folder, but i got stuck on one >place: > >error while loading serial number > >I read somewhere that i could put a file in demoCA-folder with >numbers in but that doesn't work, the file serial "disappears" and >the same error comes up. Anyone solved this? > >Error-message: >+ openssl ca -policy policy_anything -out newcert.pem -passin >pass:whatever -key whatever -extensions xpserver_ext -extfile >xpextensions -infiles newreq.pem >Using configuration from /usr/local/ssl/openssl.cnf >../demoCA/serial: No such file or directory >error while loading serial number >31237:error:02001002:system library:fopen:No such file or >directory:bss_file.c:352:fopen('./demoCA/serial','r') >31237:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354: >+ openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert- >srv.p12 -clcerts -passin pass:whatever -passout pass:whatever >No certificate matches private key >+ openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin >pass:whatever -passout pass:whatever >31239:error:0D07207B:asn1 encoding routines:ASN1_get_object:header >too long:asn1_lib.c:150: >+ openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert- >srv.der >unable to load certificate >31240:error:0906D06C:PEM routines:PEM_read_bio:no start >line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE >+ echo -e '\n\t\t##################\n' > > >Again; Many thx for all help! > >p > > >Startup info (Yes, i know the EAP WARNINGS but i can't even get an >eap-message/error): >debian:~# /usr/sbin/radiusd -v >radiusd: FreeRADIUS Version 1.1.7, for host powerpc-unknown-linux- >gnu, built on Sep 15 2007 at 09:59:30 >Copyright (C) 2000-2007 The FreeRADIUS server project. >There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A >PARTICULAR PURPOSE. >You may redistribute copies of FreeRADIUS under the terms of the >GNU General Public License. >For more information about these matters, see the file named COPYRIGHT. >debian:~# /usr/sbin/radiusd -X -f -d /etc/raddb/ >Starting - reading configuration files ... >reread_config: reading radiusd.conf >Config: including file: /etc/raddb/proxy.conf >Config: including file: /etc/raddb/clients.conf >Config: including file: /etc/raddb/snmp.conf >Config: including file: /etc/raddb/eap.conf >Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = no > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 >read_config_files: reading dictionary >read_config_files: reading naslist >Using deprecated naslist file. Support for this will go away soon. >read_config_files: reading clients >read_config_files: reading realms >radiusd: entering modules setup >Module: Library search path is /usr/lib >Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" >rlm_exec: Wait=yes but no output defined. Did you mean output=none? >Module: Instantiated exec (exec) >Module: Loaded expr >Module: Instantiated expr (expr) >Module: Loaded PAP > pap: encryption_scheme = "crypt" > pap: auto_header = yes >Module: Instantiated pap (pap) >Module: Loaded CHAP >Module: Instantiated chap (chap) >Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: ntlm_auth = "(null)" >Module: Instantiated mschap (mschap) >Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 >Module: Instantiated unix (unix) >Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no >rlm_eap: Loaded and initialized type md5 >rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" >rlm_eap: Loaded and initialized type gtc > tls: rsa_key_exchange = no > tls: dh_key_exchange = yes > tls: rsa_key_length = 512 > tls: dh_key_length = 512 > tls: verify_depth = 0 > tls: CA_path = "(null)" > tls: pem_file_type = yes > tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" > tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" > tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" > tls: private_key_password = "whatever" > tls: dh_file = "/etc/raddb/certs/dh" > tls: random_file = "/etc/raddb/certs/random" > tls: fragment_size = 1024 > tls: include_length = yes > tls: check_crl = no > tls: check_cert_cn = "(null)" > tls: cipher_list = "(null)" > tls: check_cert_issuer = "(null)" >rlm_eap_tls: Loading the certificate file as a chain >WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites >may not work! >WARNING: Fix this by running the OpenSSL command listed in eap.conf >rlm_eap: Loaded and initialized type tls > mschapv2: with_ntdomain_hack = no >rlm_eap: Loaded and initialized type mschapv2 >Module: Instantiated eap (eap) >Module: Loaded preprocess > preprocess: huntgroups = "/etc/raddb/huntgroups" > preprocess: hints = "/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > preprocess: with_alvarion_vsa_hack = no >Module: Instantiated preprocess (preprocess) >Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no >Module: Instantiated realm (suffix) >Module: Loaded files > files: usersfile = "/etc/raddb/users" > files: acctusersfile = "/etc/raddb/acct_users" > files: preproxy_usersfile = "/etc/raddb/preproxy_users" > files: compat = "no" >Module: Instantiated files (files) >Module: Loaded Acct-Unique-Session-Id > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, >Client-IP-Address, NAS-Port" >Module: Instantiated acct_unique (acct_unique) >Module: Loaded detail > detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/ >detail-%Y%m%d" > detail: detailperm = 384 > detail: dirperm = 493 > detail: locking = no >Module: Instantiated detail (detail) >Module: Loaded radutmp > radutmp: filename = "/var/log/radius/radutmp" > radutmp: username = "%{User-Name}" > radutmp: case_sensitive = yes > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes >Module: Instantiated radutmp (radutmp) >Listening on authentication *:1812 >Listening on accounting *:1813 >Listening on proxy 127.0.0.1:1814 > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html