hello all
i have a kind of a problem with my EAP authentication.
please also read the following lines out of mailings with alan and
later...
in fact the topic should read "cisco ap340 & ...", but well, sorry...
Alan DeKok wrote:
>
> > in fact, in my authorize section EAP was the first module from the
> > beginning on and in the authenticate section it is even the only one.
>
> If you're ever going to do System authentication, you'll need the
> 'unix' module, too.
but if not, i don't need it, right?
> > the error message after the reponse to the challenge is now:
> >
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP_TYPE - md5
> > rlm_eap: processing type md5
> > rlm_eap_md5: No password configured for this user
> >
> > Do I have to configure something like EAP-Password in the user section?
>
> No. Hmm... maybe try 'User-Password :=' ???
Tried that one, but no effect, the same behaviour.
> Due to historical issues, the treatment of 'User-Password' in the
> 'users' file is a little odd.
>
> Alan DeKok.
My user definition looks like that: (etc/raddb/users)
artur Auth-Type = System, User-Password == "hello"
Reply-Message = "Hello, %u"
This is the whole log:
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1108, id=41,
length=122
User-Name = "artur"
NAS-IP-Address = xxx.xxx.xxx.xxx
Called-Station-Id = "00409xxxxxx"
Calling-Station-Id = "00409xxxxxx"
NAS-Identifier = "foo"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = "\002\001\000\n\001artur"
Message-Authenticator = 0x5b449df9561cef7bf3e9cbf51bdd3ec7
rlm_eap: processing type md5
Login OK: [artur/<no User-Password attribute>] (from nas foo port 37 cli
0
0409xxxxxxx)
Sending Access-Challenge of id 41 to xxx.xxx.xxx.xxx:1108
EAP-Message =
"\001)\000\026\004\020\277\301\034\265\377\002\353\210{pfV\2
16B\031J"
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x5146ea0a1d791d424f48ab0503adac5dee33c3bea05fa01f39bd65ae1b5fa213fc
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1109, id=42,
length=177
User-Name = "artur"
NAS-IP-Address = xxx.xxx.xxx.xxx
Called-Station-Id = "00409xxxxx"
Calling-Station-Id = "00409xxxxx"
NAS-Identifier = "foo"
NAS-Port = 37
Framed-MTU = 1400
State =
0x5146ea01d791d424f48a30503adac5dee33cabea05a0119b6d65ae1b5f213fc
NAS-Port-Type = Wireless-802.11
EAP-Message =
"\002)\000\033\004\020\310\311\005_\3429\230B%\361\363\014S\
336Q\376artur"
Message-Authenticator = 0xeec69b65a21ef350339a5e260b2c4fc8
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - md5
rlm_eap: processing type md5
rlm_eap_md5: No password configured for this user
Login incorrect: [artur/<no User-Password attribute>] (from nas foo port
3
7 cli 00409xxxxxxxx)
Sending Access-Reject of id 42 to xxx.xxx.xxx.xxx:1109
EAP-Message = "\004*\000\004"
Message-Authenticator = 0x00000000000000000000000000000000
so finally it's rejected.
i'm still using radius 0.5 and my sections look like that:
authorize {
preprocess
eap
suffix
files
}
authenticate {
eap
}
any idea where this comes from?
artur
--
Artur Hecker Groupe Acc�s et Mobilit�
[EMAIL PROTECTED] D�partement Informatique et R�seaux
+33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
