Peap(inner eap-GTC)//: Re: Peap (inner eap-popt ) issue
Hi , Use eap-GTC as Peap inner eap-type. Got error message too. See below.Thanks. rad_recv: Access-Request packet from host 10.155.20.84:1040, id=27, length=210 User-Name = hhe123 NAS-IP-Address = 10.155.20.84 NAS-Identifier = AH-30 NAS-Port = 0 Called-Station-Id = 00-19-77-00-00-31:hhe Calling-Station-Id = 00-19-E0-80-A5-5A Framed-MTU = 1500 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x0210002b19001703010020fa82601d02aeb434f977c693f3b15669cc64e1a7ad240381f70aca16f54cc411 State = 0x443b0c2424a63b6bbcb865bc5beb0a2f Message-Authenticator = 0x596fe7a72eeebd5e58ec6d29e7ba85e0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 modcall[authorize]: module mschap returns noop for request 27 rlm_eap: EAP packet type response id 16 length 43 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 27 users: Matched entry hhe123 at line 95 modcall[authorize]: module files returns ok for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type gtc rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x021b06686865313233 PEAP: Setting User-Name to hhe123 PEAP: Adding old state with 71 e4 PEAP: Sending tunneled request EAP-Message = 0x021b06686865313233 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = hhe123 State = 0x71e4120f420e1eea12c8ad78728c974c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 modcall[authorize]: module mschap returns noop for request 27 rlm_eap: EAP packet type response id 16 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 27 users: Matched entry hhe123 at line 95 modcall[authorize]: module files returns ok for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request found, released from the list rlm_eap: EAP/gtc rlm_eap: processing type gtc ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. rlm_eap: Handler failed in EAP/gtc rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 27 modcall: leaving group authenticate (returns invalid) for request 27 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 Reply-Message = Hello EAP-Message = 0x0414 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x8150ec8 3 Reply-Message = Hello EAP-Message = 0x0414 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module eap returns handled for request 27 modcall: leaving group authenticate (returns handled) for request 27 Sending Access-Challenge of id 27 to 10.155.20.84 port 1040 Reply-Message = Hello EAP-Message = 0x0111002b190017030100203a72821eb5dfc3a916d860a38e9ea1e339b0ef886f315fcd5f369d138e600a5e Message-Authenticator = 0x State = 0x917adbb2a47421f8a387e5b7dfa5d3e7 Finished request 27 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.155.20.84:1040, id=28, length=210 User-Name = hhe123 NAS-IP-Address = 10.155.20.84 NAS-Identifier = AH-30 NAS-Port = 0 Called-Station-Id = 00-19-77-00-00-31:hhe Calling-Station-Id = 00-19-E0-80-A5-5A Framed-MTU = 1500 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x0211002b190017030100200dae6db09d400aff4db8b832bdc308e58f32d44878802cb305b8245cbafe2b56 State = 0x917adbb2a47421f8a387e5b7dfa5d3e7 Message-Authenticator = 0x9c0d713729c522b7cce89c4b6af3ba26 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 28
Re: Peap(inner eap-GTC)//: Re: Peap ( inner eap-popt) issue
Hangjun He wrote: Hi , Use eap-GTC as Peap inner eap-type. Got error message too. See below.Thanks. ... rlm_eap: processing type gtc ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. You edited the default configuration file and broke it. Don't do that. Honestly, this is documented in the comments for the gtc portion of eap.conf. If you edit the configuration files, READ THE COMMENTS. If you don't read the comments, then don't be surprised when you broke something. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Peap (inner eap-popt) issue
hi,
I am using Odyssey Client Manager and freeRADIUS 1.1.6.
When I set peap with inner eap-mschap-v2, It works well.When I change inner
eap type to eap-popt, seems can not work.
eap.conf:
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/server_keycert.pem
certificate_file = ${raddbdir}/certs/server_keycert.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
cipher_list = DEFAULT
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
}
debug message:
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=97, length=310
User-Name = hhe123
NAS-IP-Address = 10.155.20.84
NAS-Identifier = AH-30
NAS-Port = 0
Called-Station-Id = 00-19-77-00-00-31:hhe
Calling-Station-Id = 00-19-E0-80-A5-5A
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message =
0x0204008f1980008516030100451041003f90e19f0e9099ace6ec05fb17123a18280ef2aaabf14d2a6c632e502133afefc99bf3c3e8216dd91489e6c3e58622bacd148a5c4cd3dfecff8fe172ac0d0a19140301000101160301003095d558aeea1c6a30113c21922745a4584a82f81ed2aec13d206481d23805d67e8760d4b1cdca811a54e5ed9819fefc52
State = 0xe364c386672736607a0f8f7ce0f2896a
Message-Authenticator = 0x0743c8bc02356a840f048e55b5b87143
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module mschap returns noop for request 4
rlm_eap: EAP packet type response id 4 length 143
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 4
users: Matched entry hhe123 at line 95
modcall[authorize]: module files returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: TLS 1.0 Handshake [length 0045], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module eap returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 97 to 10.155.20.84 port 1028
Reply-Message = Hello
EAP-Message =
0x0105004119001403010001011603010030972d13c7c42d04d1e4749ae66d2232830dd90327e820cab5cd8d2733712e71315b05c41c9c6b934cae84a1b7f75804e1
Message-Authenticator = 0x
State = 0x218ad259b8a94329f3d37b7ee6d7afad
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=98, length=173
User-Name = hhe123
NAS-IP-Address = 10.155.20.84
NAS-Identifier = AH-30
NAS-Port = 0
Called-Station-Id = 00-19-77-00-00-31:hhe
Calling-Station-Id = 00-19-E0-80-A5-5A
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x020500061900
State = 0x218ad259b8a94329f3d37b7ee6d7afad
Message-Authenticator = 0x95efe7dde77c253e487f9cfd6065f838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module mschap returns noop for request 5
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 5
users: Matched entry hhe123 at line 95
modcall[authorize]: module files returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found
Re: Peap (inner eap-popt) issue
Hangjun He wrote: hi, I am using Odyssey Client Manager and freeRADIUS 1.1.6. When I set peap with inner eap-mschap-v2, It works well.When I change inner eap type to eap-popt, seems can not work. Why do you think FreeRADIUS supports EAP-POPT? ... rlm_eap: NAK asked for bad type 32 rlm_eap: Failed in EAP select FreeRADIUS doesn't support that EAP type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
