2010/4/1 Alan DeKok <al...@deployingradius.com>: > Bruno Kremel wrote: >> Sending Access-Challenge of id 0 to 192.168.3.1 port 1320 >> EAP-Message = 0x010c00061900 >> Message-Authenticator = 0x00000000000000000000000000000000 >> State = 0x53b1704557bd694fbe3359243d2a2638 >> Finished request 40. >> Going to the next request >> Waking up in 4.9 seconds. >> Cleaning up request 40 ID 0 with timestamp +589 >> Ready to process requests. > > This is documented in the FAQ, in the comments in raddb/eap.conf, and > on my web site (http://deployingradius.com/). > > Please read the existing documentation, > >> That Access-Challenge should authenticate my client if I am not wrong, > > No. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >
Thank you for that links... I have read that FAQ and so I copyed over default eap.conf and tryed it with uses file.. it is working OK i can connect to AP with username/password, but when I tryed to use SQL (I have corret format in SQL now) again it ends up this with Accept-Reject: rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [pokus2/<via Auth-Type = EAP>] (from client ciscorouter port 44 cli 001e650ece6c) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> pokus2 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 23 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 23 Sending Access-Reject of id 0 to 192.168.3.1 port 1327 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 23 ID 0 with timestamp +735 Ready to process requests. Bud radtest gives me: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 54224, id=218, length=57 User-Name = "test2" User-Password = "pokus2" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "test2", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> test2 rlm_sql (sql): sql_set_user escaped user --> 'test2' rlm_sql (sql): Reserving sql socket id: 2 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test2' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test2' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test2' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "pokus2" rlm_pap: Using clear text password "pokus2" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [test2/pokus2] (from client localhost port 1812) +- entering group post-auth ++[exec] returns noop Sending Access-Accept of id 218 to 127.0.0.1 port 54224 Finished request 10. Going to the next request Waking up in 4.9 seconds. Cleaning up request 10 ID 218 with timestamp +263 Ready to process requests. So is it sql problem or something with eap? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html