Hi , Use eap-GTC as Peap inner eap-type. Got error message too. See below.Thanks. rad_recv: Access-Request packet from host 10.155.20.84:1040, id=27, length=210 User-Name = "hhe123" NAS-IP-Address = 10.155.20.84 NAS-Identifier = "AH-000030" NAS-Port = 0 Called-Station-Id = "00-19-77-00-00-31:hhe" Calling-Station-Id = "00-19-E0-80-A5-5A" Framed-MTU = 1500 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0210002b19001703010020fa82601d02aeb434f977c693f3b15669cc64e1a7ad240381f70aca16f54cc411 State = 0x443b0c2424a63b6bbcb865bc5beb0a2f Message-Authenticator = 0x596fe7a72eeebd5e58ec6d29e7ba85e0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 modcall[authorize]: module "mschap" returns noop for request 27 rlm_eap: EAP packet type response id 16 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 27 users: Matched entry hhe123 at line 95 modcall[authorize]: module "files" returns ok for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type gtc rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0210000b06686865313233 PEAP: Setting User-Name to hhe123 PEAP: Adding old state with 71 e4 PEAP: Sending tunneled request EAP-Message = 0x0210000b06686865313233 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "hhe123" State = 0x71e4120f420e1eea12c8ad78728c974c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 modcall[authorize]: module "mschap" returns noop for request 27 rlm_eap: EAP packet type response id 16 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 27 users: Matched entry hhe123 at line 95 modcall[authorize]: module "files" returns ok for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request found, released from the list rlm_eap: EAP/gtc rlm_eap: processing type gtc ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Handler failed in EAP/gtc rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 27 modcall: leaving group authenticate (returns invalid) for request 27 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 Reply-Message = "Hello" EAP-Message = 0x04100004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x8150ec8 3 Reply-Message = "Hello" EAP-Message = 0x04100004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 27 modcall: leaving group authenticate (returns handled) for request 27 Sending Access-Challenge of id 27 to 10.155.20.84 port 1040 Reply-Message = "Hello" EAP-Message = 0x0111002b190017030100203a72821eb5dfc3a916d860a38e9ea1e339b0ef886f315fcd5f369d138e600a5e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x917adbb2a47421f8a387e5b7dfa5d3e7 Finished request 27 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.155.20.84:1040, id=28, length=210 User-Name = "hhe123" NAS-IP-Address = 10.155.20.84 NAS-Identifier = "AH-000030" NAS-Port = 0 Called-Station-Id = "00-19-77-00-00-31:hhe" Calling-Station-Id = "00-19-E0-80-A5-5A" Framed-MTU = 1500 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0211002b190017030100200dae6db09d400aff4db8b832bdc308e58f32d44878802cb305b8245cbafe2b56 State = 0x917adbb2a47421f8a387e5b7dfa5d3e7 Message-Authenticator = 0x9c0d713729c522b7cce89c4b6af3ba26 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 28 modcall[authorize]: module "mschap" returns noop for request 28 rlm_eap: EAP packet type response id 17 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 28 users: Matched entry hhe123 at line 95 modcall[authorize]: module "files" returns ok for request 28 modcall: leaving group authorize (returns updated) for request 28 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 28 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 28 modcall: leaving group authenticate (returns invalid) for request 28 auth: Failed to validate the user. Sending Access-Reject of id 28 to 10.155.20.84 port 1040 EAP-Message = 0x04110004 Message-Authenticator = 0x00000000000000000000000000000000 Reply-Message = "Hello" Finished request 28 Going to the next request Waking up in 6 seconds... John
Alan DeKok <[EMAIL PROTECTED]> 写道: Hangjun He wrote: > hi, > I am using Odyssey Client Manager and freeRADIUS 1.1.6. > When I set peap with inner eap-mschap-v2, It works well.When I change > inner eap type to eap-popt, seems can not work. Why do you think FreeRADIUS supports EAP-POPT? ... > rlm_eap: NAK asked for bad type 32 > rlm_eap: Failed in EAP select FreeRADIUS doesn't support that EAP type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --------------------------------- 雅虎邮箱传递新年祝福,个性贺卡送亲朋!
eap.conf
Description: 1198961258-eap.conf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html