Hello guys, allways problems to convert EAP to non EAP requests. I try to do what those who helped me without succes. Is anybody could help me to understand how it works before I become crasy ?
This is my configuration files: *clients.conf* client 192.168.0.250 { secret = lrnp2tlm shortname = AP1 } *proxy.conf *realm jack { authhost = 192.168.0.252:1812 accthost = 192.168.0.252:1813 secret = lrnp2tlm } *eap.conf* default_eap_type = md5 (or peap - see tryings) ... peap { default_eap_type = mschapv2 copy_request_to_tunnel = yes *(or no, i don't see any difference)* use_tunneled_reply = yes *(or no, i don't see any difference)* proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" } *users* DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := jack *sites-enabled/default and sites-enabled/inner-tunnel* some tryings with or without suffix (see tryings later) That is what i have when "default_eap_type = peap" in eap.conf and suffix commented rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=26, length=239 Acct-Session-Id = "1f15e604-0000006e" NAS-Port = 111 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 User-Name = "t...@jack" Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User EAP-Message = 0x0202000e0174657374406a61636b Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 Message-Authenticator = 0x62375f6948b6efde2a86ec186367ca77 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "jack" for User-Name = "t...@jack" [suffix] Found realm "jack" [suffix] Adding Stripped-User-Name = "test" [suffix] Adding Realm = "jack" [suffix] Proxying request from user test to realm jack [suffix] Preparing to proxy authentication request to realm "jack" ++[suffix] returns updated [eap] Request is supposed to be proxied to Realm jack. Not doing EAP. ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop WARNING: Empty section. Using default return values. Sending Access-Request of id 43 to 192.168.0.252 port 1812 Acct-Session-Id = "1f15e604-0000006e" NAS-Port = 111 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 User-Name = "test" Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User EAP-Message = 0x0202000e0174657374406a61636b Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x3236 That is what i have when "default_eap_type = peap" in eap.conf and suffix commented rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=195, length=387 Acct-Session-Id = "1f15e604-00000067" NAS-Port = 104 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 User-Name = "t...@jack" Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User EAP-Message = 0x02c30090190017030100206ef157f1edb209ced6df7284ef870774d1adc808c2f7393a443abde91a4eb99017030100607d4d8d08c8c680d2d06afc57337fa4cce547e386b98106b6c80393c7d131a1279fe2d7a2db1721c7df77a9eaf71cf2a3cad712f2e48dabd36454632ea81428c537a746ae38f08546d6f06766fe8574365a5f87f3689cbde6763580e173ef60ce State = 0x939ea92a945db03a6035c51f15a10082 Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 Message-Authenticator = 0x89e1bcd7e7ce60181bdb737896d18bbe +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 195 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02c3004b1a02c300463160397ae5a1c3f5a575162355af3a810a00000000000000001c9fc0b11ba69c8647aef4a10cc29ffece47522c5bc98e94006a6163717565732e6e65745c74657374 server { PEAP: Setting User-Name to jacques.net\test Sending tunneled request EAP-Message = 0x02c3004b1a02c300463160397ae5a1c3f5a575162355af3a810a00000000000000001c9fc0b11ba69c8647aef4a10cc29ffece47522c5bc98e94006a6163717565732e6e65745c74657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "jacques.net\\test" State = 0xfbacdee0fb6fc428f0638ecd3474d47e Acct-Session-Id = "1f15e604-00000067" NAS-Port = 104 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] Request is supposed to be proxied to Realm jack. Not doing EAP. ++[eap] returns noop [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to jack PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty section. Using default return values. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. ERROR: Failed to proxy request 8 There was no response configured: rejecting request 8 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> t...@jack attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 195 to 192.168.0.250 port 32769 Waking up in 3.5 seconds. ^C That is what i have when "default_eap_type = mschapv2" in eap.conf rad_recv: Access-Request packet from host 192.168.0.250 port 32769, id=4, length=387 Acct-Session-Id = "1f15e604-00000062" NAS-Port = 99 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 User-Name = "t...@jack" Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User EAP-Message = 0x029c009019001703010020386a87a32d54ce789a58bf0797c8fec2146cab40657d2844f3c669d3ff74437317030100604ab4dde3619f7b2e4b7d8813d7bb491f9cda910d8d648759b9214dba32a2247c5fa5d7341f8f0c61150144b29e4d7d0a05d0afd057ceb43f5bfc81d8ae6b6028063bd44616c025592dbf694424da9e1420d26b07b6a3fd76ac3cba16a8cdc7fe State = 0x9495ab219309b2f8e681988bdb8e38dd Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 Message-Authenticator = 0x4e5c523271e20690afa7deb40b198fc6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 156 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x029c004b1a029c0046311d53cb59aa4d9b9b1bcbe6b548560779000000000000000037033132aa97f5429493f665e083a7691d6524037460f7a8006a6163717565732e6e65745c74657374 server { PEAP: Setting User-Name to jacques.net\test Sending tunneled request EAP-Message = 0x029c004b1a029c0046311d53cb59aa4d9b9b1bcbe6b548560779000000000000000037033132aa97f5429493f665e083a7691d6524037460f7a8006a6163717565732e6e65745c74657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "jacques.net\\test" State = 0x25cd979825518d94ace7ecd0c04358cd Acct-Session-Id = "1f15e604-00000062" NAS-Port = 99 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "AP1" NAS-IP-Address = 192.168.0.250 Framed-MTU = 1496 Calling-Station-Id = "00-13-02-C4-80-4C" Called-Station-Id = "00-0F-61-FE-EF-D2" Service-Type = Framed-User Colubris-AVPair = "ssid=test2" Colubris-AVPair = "vsc-unique-id=3" Colubris-AVPair = "phytype=IEEE802dot11g" Colubris-Attr-250 = 0x00000000 Colubris-Attr-249 = 0x00000000 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] Request is supposed to be proxied to Realm jack. Not doing EAP. ++[eap] returns noop [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to jack PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty section. Using default return values. ERROR: Failed to create a new socket for proxying requests. ERROR: Failed inserting request into proxy hash. ERROR: Failed to proxy request 8
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html