Hi,
does anybody have "dot1x port-based authentication" up and running for
WinXP/Cisco Catalyst/Freeradius ? (see
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/1216ea2/scg/swg8
021x.htm#10608). I have a LAN-connection in WinXP configured with 802.1x
enabled using EAP-MD5. Set up the radius-settings on a Catalyst 6009 and
enabled dot1x ("port-control auto"). The Freeradius (latest
nightly-snapshot) is running with the new EAP-MD5 module (thanks a lot for
this work). After startup WinXP prompts for Username/Password to
authenticate for the LAN-connection. The Freeradius debug-ouput is the
following:
------ snip ------
Ready to process requests.
rad_recv: Access-Request packet from host 130.75.xx.xx:2343, id=34,
length=63
User-Name = "ks"
NAS-IP-Address = 130.75.xx.xx
Framed-MTU = 1000
EAP-Message = "\002\001\000\007\001ks"
Message-Authenticator = 0x5d2caed87f294fb5bf14f316c92956e0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "eap" returns updated
modcall[authorize]: module "suffix" returns ok
modcall[authorize]: module "files" returns notfound
modcall: group authorize returns updated
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: processing type md5
modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Login OK: [ks/<no User-Password attribute>] (from nas UNKNOWN-NAS port 0)
Sending Access-Challenge of id 34 to 130.75.xx.xx:2343
EAP-Message = "\001"\000\000\004\020\250l\211\245\032\245\250k ...
EAP-Message = "back\000\004@\350inistrative\t11\n\n#\tFr\000 ...
EAP-Message = "\000\000\000\030ynch\000\004A\350us\t6\n\n#\t ...
EAP-Message = "ALUE\000\000\000\030amed\000\004B\350pression\t ...
...
Segmentation Fault - core dumped
------ snip ------
Freeradius sends about 40 EAP-Messages until it fails with a core dump.
Thanks a lot for your help.
Regards,
Hajo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
