Hi All,
I am new to Radius Servers and have a Project to get Radius Server
configured in the organization for authenticating users through an
Access Point which is based on Mikrotik. I have setup freeradius
(version 1.0.1) server and have defined a user in the "users" file. When
I test the configuration using the "radtest" command, it works fine and
says "Access-Accept". However, when I try to authentcate the user
through the access point, I am prompted for Username and Password at the
client, but Debug mode on radius server shows "request rejected". It
says "no User-Password attribute". (However, the the debug mode is
showing correct Username as entered from the client)
I checked lot of Forums, but none of the solutions worked for me. I have
stored user password in clear-text in the users file. Also, I am not
using any certificate (TLS) in the setup.
The confiurations are as follows:
_*Radius Server:*_
##################################################################################
_*radiusd.conf:*_
##################################################################################
*_modules_*{
pap {
encryption_scheme = clear
}
pap md5{
encryption_scheme = md5
}
}
chap {
authtype = CHAP
}
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
}
_*authenticate*_
{
eap
}
_*authorize*_
{
preprocess
eap
files
}
##################################################################################
##################################################################################
_*eap.conf*_
##################################################################################
eap {
default_eap_type = mschapv2
mschapv2 {
Auth-Type = PAP
}
}
##################################################################################
_*users*_
##################################################################################
"radtest1" Cleartext-Password == "password"
#(also tried User-Password instead of Cleartext-password, but no luck !!)
##################################################################################
_*clients.conf*_
##################################################################################
client 192.168.xxx.xxx {
secret = test
shortname = private-network
nastype = other
}
##################################################################################
##################################################################################
_*Access Point Configuration:*_
##################################################################################
Network Authentication: WPA with Radius
Data Encryption: TKIP
Have given Radius Server IP, Port and shared key(Which is same as
mentioned in clients.conf)
##################################################################################
_*Client Machine Configuration:*_
##################################################################################
The client machine is a Windows Vista OS, and have the following
configurations for Wireless Network:
Security Type: WPA-Enterprise
Encryption: TKIP
Authentication Method: PEAP (Secured Password MSCHAPv2)
##################################################################################
_*Debug mode of Radius Server says this:*_
User-Name = "radtest1"
NAS-IP-Address = 192.168.1.254
NAS-Port = 0
Called-Station-Id = "00-21-DE-00-17-B2:Wireless1"
Calling-Station-Id = "00-19-D2-AD-4A-BF"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201000d017261647465737431
Message-Authenticator = 0x2376aab3c18a8a9cbe0320fc1add824a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_eap: EAP packet type response id 1 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched radtest1 at 100
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 0 to 192.168.104.168:3111
EAP-Message =
0x010200221a0102001d10f60a0398e4f61c9beba89b3dbcefde677261647465737431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc02709d0e2c702124f02a4d451d0a59d
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.104.168:3111, id=0,
length=159
Sending duplicate reply to client private-network:3111 - ID: 0
Re-sending Access-Challenge of id 0 to 192.168.104.168:3111
--- Walking the entire request list ---
Would appreciate if someone could suggest me the resolution for the
problem. ALso, if someone can get me a working copy of freeradius server
with Mikrotik (or otherwise Linksys) Access Point, it would be of great
help.
Thanks and Regards,
SaN
sanka...@tulip.net
DISCLAIMER: This e-mail and any files transmitted with it are for the sole use
of the intended recipient(s) and may containconfidential and privileged
information. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies and the original message. Any
unauthorized review, use, disclosure, dissemination, forwarding, printing or
copying of this email or any action taken in reliance on this e-mail is
strictly prohibited and may be unlawful. The recipient acknowledges that Tulip
Telecom Limited is unable to exercise control or ensure or guarantee the
integrity of/overthe contents of the information contained in e-mail
transmissions and further acknowledges that any views expressed in this message
are those of the individual sender and no binding nature of the message shall
be implied or assumed unless the sender does so expressly with due authority of
Tulip Telecom Limited. Before opening any attachments please check them for
viruses!
and defects.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
