ERROR in the EAP/PEAP test of eapol_test
Hi ! I meet a ERROR in the test of EAP/PEAP radtest sqluser 123 localhost 1812 testing123 is OK ,I just delete the # before 'eap' in radiusd.conf and default files. the test eapol_test -c peap.txt -s testing123 my peap.txt is network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity=sqluser password=123 ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem phase2=auth=MSCHAPV2 anonymous_identity=anonymous } The result is(too long I cut it,all the messages which contain 'fail'and'warning' are here) rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=0, length=126 User-Name = anonymous NAS-IP-Address = 127.0.0.1 Calling-Station-Id = 02-00-00-00-00-01 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x020e01616e6f6e796d6f7573 Message-Authenticator = 0x028746a6804037ea96543cd3853748ca # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = anonymous, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} - anonymous [sql] sql_set_user escaped user -- 'anonymous' rlm_sql (sql): Reserving sql socket id: 3 …… [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 127.0.0.1 port 40004 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x2e0cc3a22f0eda51cc2cadc82e7658db Finished request 2. Going to the next request …… Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: sqluser [mschap] Told to do MS-CHAPv2 for sqluser with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 8 to 127.0.0.1 port 40004 EAP-Message = 0x0109003b190017030100302ab43a32e6ec7ff42289efbdfda591f3a3562799d9559589146b128457125284645e7d72ef66bb121d8dbb003bdab8ab Message-Authenticator = 0x State = 0x2e0cc3a22605da51cc2cadc82e7658db Finished request 9. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=9, length=226 User-Name = anonymous NAS-IP-Address = 127.0.0.1 Calling-Station-Id = 02-00-00-00-00-01 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x0209006019001703010020b314a72f4acdfaf2dd08dcf94fd6c7082929e8fd0472499fb3f0ba7b79cae39517030100300bbd73ce8691181df7af8f7caabe39c7c75fa967f055a40ba68caf2780dbcf60a2f6b8be08e9d789e433758deacb3e88 State = 0x2e0cc3a22605da51cc2cadc82e7658db Message-Authenticator = 0x6b7fca3ade7064bc39fb78dc05a9d319 # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = anonymous, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP
EAP: method process - ignore=FALSE methodState=MAY_CONT decision=FAIL
Hi ! I meet a ERROR in the test of PEAP eapol_test -c peap.txt -s testing123 my peap.txt is network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity=sqluser password=123 ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem phase2=auth=MSCHAPV2 anonymous_identity=anonymous } the result: RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP) TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00 TLS: using phase1 config options TLS: Trusted root certificate(s) loaded CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected EAP: EAP entering state METHOD SSL: Received packet(len=6) - Flags 0x20 EAP-PEAP: Start (server ver=0, own ver=1) EAP-PEAP: Using PEAP version 0 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0x) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 95 bytes pending from ssl_out SSL: 95 bytes left to be sent out (of total 95 bytes) EAP: method process - ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp …… RADIUS packet matching with station decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 EAPOL: EAP key not available EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE I am a *freshman ,I do not know how to fix it. * *THANK YOU!* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, how to cooperate with a wireless AP( system is linux, openwrt)
Hi,I want to build a wireless network with radius server . server computer is ubuntu , wireless router is a linux system-openwrt.So i need to install something in the router,So what is it? Can somebody know something about it? please do me a favor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Something about the commonName of client certificate
Hi! I want to build eap/tls so i need to produce a client certificate. in the certs catalog there are ca.pem and server.pem,but not client.pem.so I should use command make client.pem. in the README file there are some words:Be sure that the commonName field here is the User-Name that will be used for logins! Does it mean ommonName must the same with the login name in the eapol_test ? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR in the EAP/PEAP test of eapol_test
Hi ! I meet a ERROR in the test of EAP/PEAP radtest sqluser 123 localhost 1812 testing123 is OK ,I just delete the # before 'eap' in radiusd.conf and default files. the test eapol_test -c peap.txt -s testing123 my peap.txt is network={ eap=PEAP eapol_flags=0 key_mgmt=IEEE8021X identity=sqluser password=123 ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem phase2=auth=MSCHAPV2 anonymous_identity=anonymous } The result is(too long I cut it,all the messages which contain 'fail'and'warning' are here) rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=0, length=126 User-Name = anonymous NAS-IP-Address = 127.0.0.1 Calling-Station-Id = 02-00-00-00-00-01 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x020e01616e6f6e796d6f7573 Message-Authenticator = 0x028746a6804037ea96543cd3853748ca # Executing section authorize from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = anonymous, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] EAP packet type response id 0 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} - anonymous [sql] sql_set_user escaped user -- 'anonymous' rlm_sql (sql): Reserving sql socket id: 3 …… [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 127.0.0.1 port 40004 EAP-Message = 0x010100160410d8844619dd6d7c77c5de455754592c0b Message-Authenticator = 0x State = 0x2e0cc3a22e0dc751cc2cadc82e7658db Finished request 1 .…… rlm_sql (sql): Released sql socket id: 2 [sql] User anonymous not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 127.0.0.1 port 40004 EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x2e0cc3a22f0eda51cc2cadc82e7658db Finished request 2. Going to the next request …… Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 127.0.0.1 port 40004 EAP-Message = 0x0103040019c00ab41603010031022d03014da1adfaa31490e821fdfa4885df0c8fc2d0ddd363a209a6143ab7d68062c39739010005ff01000100160301085e0b00085a0008570003a6308203a23082028 …… [eap] EAP packet type response id 5 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/freeradius/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11