Has anyone out there been able to get freeradius to use EAP
authentication? I am using a Cisco BR350 and a Win2k client and have
not been able to get freeradius to successfully authenticate. I have
used both rev. 8 and 10 of 802.1x with the same results.
Here's my freeradius log (MAC addresses removed):
rad_recv: Access-Request packet from host 192.168.6.221:1067, id=41,
length=125
User-Name = "chris"
NAS-IP-Address = 192.168.6.221
Called-Station-Id = "xxxxxxxxxxxx"
Calling-Station-Id = "xxxxxxxxxxxx"
NAS-Identifier = "BR350-Lab-Test"
NAS-Port = 29
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\027\000\n\001chris"
Message-Authenticator = "*\377\205
\354\034\360\350\333,\362\216|\274\204i"
-*snip*-
rlm_sql: Released sql socket id: 0
modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 207
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
auth: No Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Login incorrect: [chris/<no Password attribute>] (from nas BR350-test
port 29 cli 004096498c28)
Sending Access-Reject of id 41 to 192.168.6.221:1067
Finished request 4
My /etc/raddb/users:
DEFAULT
Auth-Type = EAP
radius.conf is set to authenticate using sql, then files, as shown in
the log.
I can successfully authenticate using radtest remotely and from
localhost and I believe the rest of freeradius is configured properly,
save for EAP-specific items in the users file or my mysql tables.
I have tried setting Auth-Type = Accept and also EAP, SQL, etc. with
identical results. From the limited docs I can find on EAP, it should
work if I hack src/main/auth.c rad_check_password() to always return 0
(as it should if Auth-Type = Accept) but this just caused the BR350 to
repeat its radius requests in an endless loop. Any information from
anyone that has tried or succeeded at EAP would be helpful to me at this
point.
Scott Wood
Director, Development
BroadLink Communications
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
