> I'm in the process of testing FreeRADIUS 2.1.11, just basic/standard setup. > I've been following the following user guide: > http://deployingradius.com/documents/configuration/pap.html. Very > useful, by the way. > > PAP, MSCHAP and MSCHAPv2 work ok, but I'm unable to get any EAP tests to > pass. I've tries almost everything, including: > http://deployingradius.com/documents/configuration/eap-problems.html > > radtest -t eap-md5 ....... (it works ok) >
OK. The means the eap-md5 worked for radtest and FreeRADIUS. > --------- EAP-MD5 test --------- > > http://deployingradius.com/scripts/eapol_test/ > > > eapol_test.exe -c md5.conf -s testing123 ( it doesn't work!) OK. Since eap-md5 worked for FreeRADIUS and radeaptest above, but not for eapol_test and FreeRADIUS, this is most likely a problem with eapol_test not supporting eap-md5. > EAPOL: SUPP_BE entering state RECEIVE > Received 80 bytes from RADIUS server > Received RADIUS message > RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 > Attribute 79 (EAP-Message) length=24 > Value: 01 01 00 16 04 10 2d 5a 5e ca fd 46 31 37 33 67 ef 5f ec 14 64 c3 > Attribute 80 (Message-Authenticator) length=18 > Value: 37 83 06 12 9c 7b 2d 98 9a e8 6b 81 79 03 ce 63 > Attribute 24 (State) length=18 > Value: cb 7a ce 96 cb 7b ca 0b 07 a3 2c 75 4a 0c c4 c6 STA 02:00:00:00:00:01: > Received RADIUS packet matched with a pending request, round trip time > 0.00 sec > > RADIUS packet matching with station > decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP- > Request-MD5 (4) RADIUS Server proposed using eap-md5. > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 > EAP: EAP entering state GET_METHOD > EAP: configuration does not allow: vendor 0 method 4 > EAP: vendor 0 method 4 not allowed eapol_test said it's configuration does not support "method 4" (aka eap-md5). > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK > EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) > EAP: allowed methods - hexdump(len=1): 15 > EAP: EAP entering state SEND_RESPONSE eapol_test sends a NAK back to the FreeRADIUS because it does not support eap-md5 (or any other eap method sent back by FR). Verify that eapol_test was successfully built with support for eap-md5. Look for error messages during the build process. You will probably see error messages saying that it could not find the OpenSSL libraries and/or headers. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html