Hello!
I'm new to this list and don't found archive or something where maybe somebody answered my question. So I want a radius server to wifi auth with eap-ttls/peap, ldap and not plain-text passwords. I downloaded 2.1.4 source and create debian package without modification, do some basic configuration and testing, radtest from local is fine, but radeapclient eap-md5 testing fail. I saw this on server side: rad_recv: Access-Request packet from host 127.0.0.1 port 52650, id=76, length=69 User-Name = "steve" NAS-IP-Address = 127.0.0.1 Message-Authenticator = 0xafa8ae1b1aaa6fb0a6cbd0719b507e94 NAS-Port = 0 EAP-Message = 0x02d2000a017374657665 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 210 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 206 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 76 to 127.0.0.1 port 52650 Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae48086bae9b0cd33d7dacc7cd15f18d Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 76 with timestamp +94 Ready to process requests. And this on client side (local): # radeapclient -s -X localhost auth testing123 About to send encoded packet: User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "steve" Message-Authenticator = 0x30 NAS-Port = 0 Received response ID 76, code 11, length = 131 Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37 State = 0xae48086bae9b0cd33d7dacc7cd15f18d <+++ EAP decoded packet: Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37 State = 0xae48086bae9b0cd33d7dacc7cd15f18d EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10b7703d97cfb88bff2835ec9a9aedde83 +++> About to send encoded packet: User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x00000000000000000000000000000000 NAS-Port = 0 EAP-Type-MD5 = 0x106e2008d8fc099a16335131c045fc6df6 State = 0xae48086bae9b0cd33d7dacc7cd15f18d ^C # cat re.txt User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "steve" Message-Authenticator = 0 NAS-Port = 0 What's wrong with the configuration? Thank you: blackluck
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html