I guess, Windows XP client has been able to communicate (EAP problem has been fixed) according to the following log. However, the client has not been authenticated because of username and password problem, but its OK since my purpose is to authenticate based on client MAC address rather than username/password.
My question is how can I configure FreeRadius to authenticate client based on MAC address? Is there in possibility to use "unlang", if so how can I use unlang to authenticate client MAC address. thanks in advance. ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for PIDEL-3C5B30E9C\Administrator with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled Sending Access-Challenge of id 52 to 10.0.0.2 port 1027 EAP-Message = 0x010800261900170301001b916dabf876b637e708a5f0472e047d95636c8d755a4db6398bfd5a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5e8a10c0598209f9d72120367b73e4be Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.0.0.2 port 1027, id=53, length=221 User-Name = "PIDEL-3C5B30E9C\\Administrator" NAS-IP-Address = 10.0.0.2 NAS-Port = 0 Called-Station-Id = "00-1E-E5-9D-61-85:DEL_LR1" Calling-Station-Id = "00-21-00-0B-68-E3" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020800261900170301001b09c3f1df213e452b936c4d3a3a42a177644f14e998e6d36c128a55 State = 0x5e8a10c0598209f9d72120367b73e4be Message-Authenticator = 0xaa9d67c2641d1c6281c0b7e1dcff3aec +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "PIDEL-3C5B30E9C\Administrator", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> PIDEL-3C5B30E9C\Administrator attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 53 to 10.0.0.2 port 1027 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 8. Going to the next request On Sun, Aug 10, 2008 at 2:20 PM, Alan DeKok <[EMAIL PROTECTED]> wrote: > Ramot Lubis wrote: >> 1. Creating production certificate as described in >> http://deployingradius.com/documents/configuration/certificates.html >> 2. update hotfix as described in http://support.microsoft.com/kb/885453/en-us >> 3. Install certificate ca.der into Windows client. Use the new >> installed certificate in client when using PEAP from client. > > For instructions on debugging the client side, see: > > http://deployingradius.com/documents/configuration/eap-problems.html > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html