EAP-MD5 fails to authenticate users

[Fernandez, Jorge]

Hi,   I�m trying to perform 802.1X authentication using freeradius and the EAP-MD5 authentication method, but I am experimenting some problems.   First, the supplicant I�m using is XP native supplicant. The Authenticator is a Enterasys Matrix E1   I have read hundreds of mails looking for a similar problem and I haven�t found any one. Also I have read the /doc/EAP-MD5 document form freeradius page. Also I have to say that I have test the solution using other Radius Servers (SteelBelted and MS-IAS) and all tests have worked OK with them.   So, I think I am configuring something wrong in freeradius. So, can anybody help me, please?   Regards.   Jorge.   The configuration is the following one   �*** User file *** I have tried with 3 different users with 3 different Auth-Types. (Local, System and EAP) The single one that has worked (Has recognize EAP and radius has issued a Chellege-String) has been EAP   �luis����������� Auth-Type :=eap, User-Password =="hello"     ** radiusd.conf ***   �� eap { default_eap_type = md5 md5 { ����������� ������� } }     authorize { preprocess files eap }   authenticate { ������� eap }   ***** radiusd -X ********* LOG   [root@satanas sbin]# ./radiusd -X Starting - reading configuration files ... reread_config:� reading radiusd.conf Config:�� including file: /usr/local/radius/etc/raddb/proxy.conf Config:�� including file: /usr/local/radius/etc/raddb/clients.conf Config:� �including file: /usr/local/radius/etc/raddb/snmp.conf Config:�� including file: /usr/local/radius/etc/raddb/sql.conf �main: prefix = "/usr/local/radius" �main: localstatedir = "/usr/local/radius/var" �main: logdir = "/usr/local/radius/var/log/radius" �main: libdir = "/usr/local/radius/lib" �main: radacctdir = "/usr/local/radius/var/log/radius/radacct" �main: hostname_lookups = no read_config_files:� reading dictionary read_config_files:� reading clients read_config_files:� reading realms read_config_files:� reading naslist �main: max_request_time = 30 �main: cleanup_delay = 5 �main: max_requests = 1024 �main: delete_blocked_requests = 0 �main: port = 0 �main: allow_core_dumps = no �main: log_stripped_names = no �main: log_auth = no �main: log_auth_badpass = no �main: log_auth_goodpass = no �main: pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid" �main: user = "(null)" �main: group = "(null)" �main: usercollide = no �main: lower_user = "no" �main: lower_pass = "no" �main: nospace_user = "no" �main: nospace_pass = "no" �main: proxy_requests = yes �proxy: retry_delay = 5 �proxy: retry_count = 3 �proxy: synchronous = no �proxy: default_fallback = yes �proxy: dead_time = 120 �security: max_attributes = 200 �security: reject_delay = 1 �main: debug_level = 0 read_config_files:� entering modules setup Module: Library search path is /usr/local/radius/lib Module: Loaded eap �eap: default_eap_type = "md5" �eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess �preprocess: huntgroups = "/usr/local/radius/etc/raddb/huntgroups" �preprocess: hints = "/usr/local/radius/etc/raddb/hints" �preprocess: with_ascend_hack = no �preprocess: ascend_channels_per_line = 23 �preprocess: with_ntdomain_hack = no �preprocess: with_specialix_jetstream_hack = no �preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files �files: usersfile = "/usr/local/radius/etc/raddb/users" �files: acctusersfile = "/usr/local/radius/etc/raddb/acct_users" �files: compat = "no" Module: Instantiated files (files) Module: Loaded realm �realm: format = "suffix" �realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded detail �detail: detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail" �detail: detailperm = 384 �detail: dirperm = 493 �detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp �radutmp: filename = "/usr/local/radius/var/log/radius/radutmp" �radutmp: username = "%{User-Name}" �radutmp: perm = 384 �radutmp: callerid = yes Module: Instantiated radutmp (radutmp) �main: smux_password = "" �main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 134.141.221.252:1062, id=52, length=73 ���� ���Message-Authenticator = 0x48951dd61c5d4eb2e2af4b60c866f07f ������� User-Name = "luis" ������� NAS-IP-Address = 134.141.221.252 ������� NAS-Port = 2 ������� EAP-Message = "\002\001\000\t\001luis" ������� Framed-MTU = 1000 modcall: entering group authorize � modcall[authorize]: module "preprocess" returns ok ��� users: Matched luis at 108 � modcall[authorize]: module "files" returns ok � modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated � rad_check_password:� Found Auth-Type eap auth: type "EAP" modcall: entering group authenticate rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge � modcall[authenticate]: module "eap" returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 52 to 134.141.221.252:1062 ������� EAP-Message = "\0014\000\026\004\020\250(r\267bE*Y\017\025v\253\305LUD" ������� Message-Authenticator = 0x00000000000000000000000000000000 ������� State = 0x6d2728c26e0a5e55a7067440895cbafc619d893d72e45a66b2612d2defb73fafc8b0590f Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 134.141.221.252:1062, id=53, length=124 ������� Message-Authenticator = 0x9974460f859b7d8026ccb1c5c02165b2 ������� User-Name = "luis" ������� State = 0x6d2728c26e0a5e55a7067440895cbafc619d893d72e45a66b2612d2defb73faf ������� NAS-IP-Address = 134.141.221.252 ������� NAS-Port = 2 ������� Framed-MTU = 1000 ������� EAP-Message = "\0024\000\032\004\020\316K\334\306\246O\367E\257\253\t \230b\261\220luis" modcall: entering group authorize � modcall[authorize]: module "preprocess" returns ok ��� users: Matched luis at 108 � modcall[authorize]: module "files" returns ok � modcall[authorize]: module "eap" returns updated modcall: group authorize returns updated � rad_check_password:� Found Auth-Type eap auth: type "EAP" modcall: entering group authenticate rlm_eap: State verification failed. � modcall[authenticate]: module "eap" returns invalid modcall: group authenticate returns invalid auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 52 with timestamp 3d899d61 Sending Access-Reject of id 53 to 134.141.221.252:1062 Cleaning up request 1 ID 53 with timestamp 3d899d61 Nothing to do.� Sleeping until we see a request.