Never mind. I'm a dumb ass. I had a duplicate entry for this NAS in
/usr/local/etc/raddb/clients which was screwing things up (it had a different shared
secret).
So I'm stupid. It works fine. I'm going home. :-P
--J
> -----Original Message-----
> From: McNutt, Justin M.
> Sent: Monday, April 01, 2002 3:32 PM
> To: [EMAIL PROTECTED]
> Subject: EAP-MD5 - Can't seem to get it working.
>
>
> We always get this:
>
> Mon Apr 1 15:14:24 2002 : Error: Received packet from
> 128.206.95.215 with invalid Message-Authenticator!
>
> The password is hard-coded into the users profile in the
> raddb file and we've quadruple-checked the RADIUS shared
> secret. The NAS is a Nortel Business Policy Switch 2000 and
> the EAP client is a Windows XP laptop (username gilpina,
> password datiswak, domain [NULL]). Server is a Slackware 7.1
> box running FreeRADIUS 0.5 (release version).
>
> Ideas?
>
> Here's the section of the /usr/local/etc/raddb/users file for
> this user:
>
> gilpina Auth-Type := EAP, User-Password == "datiswak"
> Port-Priority = Platinum,
> Tunnel-Private-Group-Id = "201",
> Tunnel-Type = 13,
> Tunnel-Medium-Type = 6,
> Service-Type = Framed,
> NAS-Port-Type = Ethernet
>
> Here's what "radiusd -X -y" shows:
>
> Module: Instantiated unix (unix)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated prepro^[[A^[[A
> root@dnps-linux1:/var/log/radius# killall radiusd
> root@dnps-linux1:/var/log/radius# cd
> root@dnps-linux1:~# cat radiusd.debug.log
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/proxy.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/var"
> main: logdir = "/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/var/log/radius/radacct"
> main: hostname_lookups = no
> read_config_files: reading dictionary
> read_config_files: reading clients
> read_config_files: reading realms
> read_config_files: reading naslist
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 10240
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_auth = yes
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/var/run/radiusd.pid"
> main: user = "root"
> main: group = "root"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> security: max_attributes = 200
> security: reject_delay = 1
> main: debug_level = 0
> read_config_files: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> rlm_eap: Loaded and initialized the type md5
> Module: Instantiated eap (eap)
> Module: Loaded Pam
> pam: pam_auth = "radiusd"
> Module: Instantiated pam (pam)
> Module: Loaded System
> unix: cache = yes
> unix: passwd = "/etc/passwd"
> unix: shadow = "/etc/shadow"
> unix: group = "/etc/group"
> unix: radwtmp = "/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> HASH: Reinitializing hash structures and lists for caching...
> HASH: user root found in hashtable bucket 11726
> HASH: user bin found in hashtable bucket 86651
> HASH: user daemon found in hashtable bucket 11668
> HASH: user adm found in hashtable bucket 26466
> HASH: user lp found in hashtable bucket 54068
> HASH: user sync found in hashtable bucket 42895
> HASH: user shutdown found in hashtable bucket 71746
> HASH: user halt found in hashtable bucket 7481
> HASH: user mail found in hashtable bucket 79471
> HASH: user news found in hashtable bucket 5375
> HASH: user uucp found in hashtable bucket 38541
> HASH: user operator found in hashtable bucket 21748
> HASH: user games found in hashtable bucket 47657
> HASH: user ftp found in hashtable bucket 56226
> HASH: user gdm found in hashtable bucket 50360
> HASH: user nobody found in hashtable bucket 99723
> HASH: user mcnuttj found in hashtable bucket 94877
> HASH: user rohrss found in hashtable bucket 6971
> HASH: user jscan found in hashtable bucket 11447
> HASH: user gravess found in hashtable bucket 76481
> HASH: user graves found in hashtable bucket 64346
> HASH: user robertsmj found in hashtable bucket 85394
> HASH: user ridgwaye found in hashtable bucket 84016
> HASH: user irovicd found in hashtable bucket 10630
> HASH: user gilpina found in hashtable bucket 40370
> HASH: user blackwellta found in hashtable bucket 34722
> HASH: user simmonsw found in hashtable bucket 1161
> HASH: user waageb found in hashtable bucket 10993
> HASH: user perryd found in hashtable bucket 21500
> HASH: user Manager found in hashtable bucket 3361
> HASH: user northt found in hashtable bucket 21647
> HASH: Stored 31 entries from /etc/passwd
> HASH: Stored 23 entries from /etc/group
> Module: Instantiated unix (unix)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded files
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded detail
> detail: detailfile =
> "/var/log/radius/radacct/%{Client-IP-Address}/detail"
> detail: detailperm = 384
> detail: dirperm = 493
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = "/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> main: smux_password = ""
> main: snmp_write_access = no
> SMUX connect try 1
> Can't connect to SNMP agent with SMUX: Connection refused
> Initializing the thread pool...
> thread: start_servers = 5
> thread: max_servers = 32
> thread: min_spare_servers = 3
> thread: max_spare_servers = 10
> thread: max_requests_per_server = 0
> thread: cleanup_delay = 5
> Thread 1 waiting to be assigned a request
> Thread spawned new child 1. Total threads in pool: 1
> Thread spawned new child 2. Total threads in pool: 2
> Thread 2 waiting to be assigned a request
> Thread 3 waiting to be assigned a request
> Thread spawned new child 3. Total threads in pool: 3
> Thread 4 waiting to be assigned a request
> Thread spawned new child 4. Total threads in pool: 4
> Thread spawned new child 5. Total threads in pool: 5
> Listening on IP address *, ports 1645/udp and 1646/udp, with
> proxy on 1647/udp.
> Ready to process requests.
> Thread 5 waiting to be assigned a request
> rad_recv: Access-Request packet from host
> 128.206.95.215:1024, id=14, length=111
> Thread 1 assigned request 0
> SMUX connect try 2
> Thread 1 handling request 0, (1 handled so far)
> Received packet from 128.206.95.215 with invalid
> Message-Authenticator!
> Server rejecting request 0.
> Finished request 0
> Going to the next request
> Thread 1 waiting to be assigned a request
> Can't connect to SNMP agent with SMUX: Connection refused
> --- Walking the entire request list ---
> Threads: total/active/spare threads = 5/0/5
> Waking up in 1 seconds...
> SMUX connect try 3
> Can't connect to SNMP agent with SMUX: Connection refused
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host
> 128.206.95.215:1024, id=14, length=111
> Sending duplicate authentication reply to client
> 128.206.95.215:1024 - ID: 14
> Sending Access-Reject of id 14 to 128.206.95.215:1024
> --- Walking the entire request list ---
> Sending Access-Reject of id 14 to 128.206.95.215
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 14 with timestamp 3ca8cf3d
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host
> 128.206.95.215:1024, id=15, length=111
> Thread 2 assigned request 2
> Thread 2 handling request 2, (1 handled so far)
> Received packet from 128.206.95.215 with invalid
> Message-Authenticator!
> Server rejecting request 2.
> Finished request 2
> Going to the next request
> Thread 2 waiting to be assigned a request
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> rad_recv: Access-Request packet from host
> 128.206.95.215:1024, id=15, length=111
> Sending duplicate authentication reply to client
> 128.206.95.215:1024 - ID: 15
> Sending Access-Reject of id 15 to 128.206.95.215:1024
> --- Walking the entire request list ---
> Sending Access-Reject of id 15 to 128.206.95.215
> Waking up in 4 seconds...
> --- Walking the entire request list ---
> Cleaning up request 2 ID 15 with timestamp 3ca8cf6b
> Nothing to do. Sleeping until we see a request.
> MASTER: exit.
>
> Later...
>
> Justin McNutt
> Network Systems Analyst - Expert
> DNPS, Mizzou Telecom
> (573) 882-5183
>
> One IP to rule them all, one IP to find them,
> One IP to bring them all, and in the darkness BIND them,
> In the land of Ether, where the packets fly.
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
