Hello, I'm using hostap as access point, WinXP as
client and FreeRadius as Authenticator.
* radiusd.conf:
...
authorize
{
# # The preprocess module takes care of sanitizing some bizarre # attributes in the request, and turning them into attributes # which are more standard. # # It takes care of processing the 'raddb/hints' and the # 'raddb/huntgroups' files. # # It also adds a Client-IP-Address attribute to the request. preprocess
#
# The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set chap #
If the users are logging in with an
MS-CHAP-Challenge
# attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap #
counter
# attr_filter # eap suffix files eap # etc_smbpasswd # The ldap module will set Auth-Type to LDAP if it has not already been set # ldap } ...
* users
lolo Auth-Type := EAP,
User-Password == "mellon"
Reply-Message = "Hola, lolo" ...
When I try to connect with WinXP with user = lolo
and password = mellon, FreeRadius show this:
rad_recv: Access-Request packet from host
127.0.0.1:1025, id=0, length=149
User-Name = "lolo" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = "00-40-05-AE-D7-65:lolored" Calling-Station-Id = "00-80-C8-B1-81-77" Framed-MTU = 2304 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = "\002\001\000\t\001lolo" Message-Authenticator = 0x9f35bda34ad440392dbdb8bf139eb823 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "lolo", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched lolo at 1 modcall[authorize]: module "files" returns ok modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 127.0.0.1:1025 Reply-Message = "Hola, lolo" Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 3e59e8b5 Why I can autenticate with
WinXP???
|