>We are having some issues in setting up freeradius to support EAP-TLS, >EAP-TTLS and EAP-PEAP. >Our goal is to have our authentication server providing those three Auth-Type >simultaneously. >To support EAP-TLS, we generate our CA and certificates via TinyCA. > >We also add radius' log after an authentication attempt from windows XP OS > >using windows built in supplicant by supplying a username and password stored >in > >our /etc/passwd file. But the authentication failed with this error message : > >rlm_eap: identity does not match User-Name, setting from EAP identity > >Thu Dec 11 14:59:10 2008 : Debug: radiusd: #### Loading Realms and Home >Servers #### >Thu Dec 11 14:59:10 2008 : Debug: proxy server { >Thu Dec 11 14:59:10 2008 : Debug:      retry_delay = 5 >Thu Dec 11 14:59:10 2008 : Debug:      retry_count = 3 >Thu Dec 11 14:59:10 2008 : Debug:      default_fallback = no >Thu Dec 11 14:59:10 2008 : Debug:      dead_time = 120 >Thu Dec 11 14:59:10 2008 : Debug:      wake_all_if_all_dead = no >Thu Dec 11 14:59:10 2008 : Debug: } >Thu Dec 11 14:59:10 2008 : Debug: home_server localhost { >Thu Dec 11 14:59:10 2008 : Debug:      ipaddr = 127.0.0.1 >Thu Dec 11 14:59:10 2008 : Debug:      port = 1812 >Thu Dec 11 14:59:10 2008 : Debug:      type = "auth" >Thu Dec 11 14:59:10 2008 : Debug:      secret = "testing123" >Thu Dec 11 14:59:10 2008 : Debug:      response_window = 20 >Thu Dec 11 14:59:10 2008 : Debug:      max_outstanding = 65536 >Thu Dec 11 14:59:10 2008 : Debug:      zombie_period = 40 >Thu Dec 11 14:59:10 2008 : Debug:      status_check = "status-server" >Thu Dec 11 14:59:10 2008 : Debug:      ping_check = "none" >Thu Dec 11 14:59:10 2008 : Debug:      ping_interval = 30 >Thu Dec 11 14:59:10 2008 : Debug:      check_interval = 30 >Thu Dec 11 14:59:10 2008 : Debug:      num_answers_to_alive = 3 >Thu Dec 11 14:59:10 2008 : Debug:      num_pings_to_alive = 3 >Thu Dec 11 14:59:10 2008 : Debug:      revive_interval = 120 >Thu Dec 11 14:59:10 2008 : Debug:      status_check_timeout = 4 >Thu Dec 11 14:59:10 2008 : Debug: } >Thu Dec 11 14:59:10 2008 : Debug: home_server_pool my_auth_failover { >Thu Dec 11 14:59:10 2008 : Debug:      type = fail-over >Thu Dec 11 14:59:10 2008 : Debug:      home_server = localhost >Thu Dec 11 14:59:10 2008 : Debug: } >Thu Dec 11 14:59:10 2008 : Debug: realm uac.bj { >Thu Dec 11 14:59:10 2008 : Debug:      auth_pool = my_auth_failover >Thu Dec 11 14:59:10 2008 : Debug: }
You have configured the server to proxy requests to itself. Don't do that. Configure it as local realm (just {}). .. >rad_recv: Access-Request packet from host 172.21.1.251 port 1035, id=233, >length=145 >Â Â Â Â Â Â Â User-Name = "[EMAIL PROTECTED]" >Â Â Â Â Â Â Â NAS-IP-Address = 172.21.1.251 >Â Â Â Â Â Â Â Connect-Info = "CONNECT 802.11" >Â Â Â Â Â Â Â Called-Station-Id = "0060b33573b4" >Â Â Â Â Â Â Â Calling-Station-Id = "000e35dfc4c9" >Â Â Â Â Â Â Â NAS-Identifier = "ap" >Â Â Â Â Â Â Â NAS-Port-Type = Wireless-802.11 >Â Â Â Â Â Â Â NAS-Port = 40 >Â Â Â Â Â Â Â NAS-Port-Id = "40" >Â Â Â Â Â Â Â Framed-MTU = 1400 >Â Â Â Â Â Â Â EAP-Message = 0x0269001001746f746f407561632e626a >Â Â Â Â Â Â Â Message-Authenticator = 0x4047d95682a4670d24da3c2fa434814e .. >Thu Dec 11 15:00:37 2008 : Debug: rlm_passwd: Added MD5-Password: >'HsrtQesmWHodM:14211::::::' to config_items That's not going to work with PEAP. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html