Hi,
maybe somebody can help me in my attempt to authenticate supplicant PC (WinXP SP2 with enabled 802.1x authentication using PEAP and Authentication Mehtod "Secured password EAP-MSCHAP v2") using Free RADIUS Version 2.1.10. RADIUS client is ONT (GPON, 802.1x enabled on it's Ethernet port). I have modified 3 RADIUS configuration files: *********** 1.eap.conf* *********** deafault_eap_type = peap *************** 2.clients.conf* *************** Added new client (PC is connected to ONT which further forwards requests to BLM acting as client). client 10.223.0.131 { ipaddr = 10.223.0.131 secret = hello123 require_message_authenticator = no nastype = other # localhost isn't usually a NAS... } Secret password "hello123" is also configured on related client (ONT): RADIUS proxy address | 100.1.1.1 RADIUS proxy secret | ont343 RADIUS auth server 1 | 10.223.0.13 RADIUS auth secret 1 | hello123 RADIUS auth port 1 | 1812 RADIUS auth server 2 | 0.0.0.0 RADIUS auth secret 2 | - RADIUS auth port 2 | 0 RADIUS auth server 3 | 0.0.0.0 RADIUS auth secret 3 | - RADIUS auth port 3 | 0 ******** 3.users* ******** Added new entry for PC using its MAC address for credentials: 00:02:a5:f8:70:29 Cleartext-Password := "00:02:a5:f8:70:29" When I try to authenticate PC by entering its MAC address as user name/password RADIUS Access-Reject message is generated by Free RADIUS and in debug window following output is obtained: rad_recv: Access-Request packet from host 10.223.0.131 port 65534, id=71, length=142 NAS-IP-Address = 100.1.1.1 NAS-Port-Id = "1.2" Framed-MTU = 1024 User-Name = "00-02-A5-F8-70-29" Calling-Station-Id = "00-02-A5-F8-70-29" Message-Authenticator = 0xe990ef46d4eaddc9760eff3924f3613e EAP-Message = 0x025200160130303a30323a61353a66383a37303a3239 NAS-Identifier = "PENKALA" Ericsson-Attr-101 = 0x4552494353534f4e # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "00-02-A5-F8-70-29", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 82 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Identity does not match User-Name, setting from EAP Identity. [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 00-02-A5-F8-70-29 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 71 to 10.223.0.131 port 65534 Waking up in 4.9 seconds. Cleaning up request 0 ID 71 with timestamp +160 Ready to process requests. Please can you help me with this issue, I assume I missed something related to configuration.. BR, Irena ---------------------- T - C o m - - W e b m a i l ---------------------- Ova poruka poslana je upotrebom T-Com Webmail usluge Uzivajte u shoppingu ne napustajuci udobnost svoga doma! http://shopping.tportal.hr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html