|
Hi, I�m trying to
perform 802.1X authentication using freeradius and
the EAP-MD5 authentication method, but I am experimenting some problems. First, the supplicant I�m using is
XP native supplicant. The Authenticator is a Enterasys
Matrix E1 I have read hundreds of mails looking for a similar problem
and I haven�t found any one. Also I have read the
/doc/EAP-MD5 document form freeradius page. Also I have to say that I have test the solution using other
Radius Servers (SteelBelted and MS-IAS) and all tests
have worked OK with them. So, I think I am configuring something wrong in freeradius. So, can anybody help me, please? Regards. Jorge. The configuration is the following one �*** User file *** I have tried with 3 different users with 3 different
Auth-Types. (Local, System and EAP) The single one that has worked (Has recognize
EAP and radius has issued a Chellege-String) has been
EAP �luis�����������
Auth-Type :=eap, User-Password =="hello" ** radiusd.conf *** �� eap { default_eap_type = md5 md5 { ����������� ������� } } authorize { preprocess files eap } authenticate { ������� eap } ***** radiusd
-X ********* LOG [root@satanas sbin]# ./radiusd -X Starting - reading configuration files ... reread_config:� reading radiusd.conf Config:�� including file: /usr/local/radius/etc/raddb/proxy.conf Config:�� including file: /usr/local/radius/etc/raddb/clients.conf Config:� �including file: /usr/local/radius/etc/raddb/snmp.conf Config:�� including file: /usr/local/radius/etc/raddb/sql.conf �main:
prefix = "/usr/local/radius" �main:
localstatedir = "/usr/local/radius/var" �main:
logdir = "/usr/local/radius/var/log/radius" �main:
libdir = "/usr/local/radius/lib" �main:
radacctdir = "/usr/local/radius/var/log/radius/radacct" �main:
hostname_lookups = no read_config_files:� reading dictionary read_config_files:� reading clients read_config_files:� reading realms read_config_files:� reading naslist �main:
max_request_time = 30 �main:
cleanup_delay = 5 �main:
max_requests = 1024 �main:
delete_blocked_requests = 0 �main:
port = 0 �main:
allow_core_dumps = no �main:
log_stripped_names = no �main:
log_auth = no �main:
log_auth_badpass = no �main:
log_auth_goodpass = no �main:
pidfile = "/usr/local/radius/var/run/radiusd/radiusd.pid" �main:
user = "(null)" �main:
group = "(null)" �main:
usercollide = no �main:
lower_user = "no" �main:
lower_pass = "no" �main:
nospace_user = "no" �main:
nospace_pass = "no" �main:
proxy_requests = yes �proxy:
retry_delay = 5 �proxy:
retry_count = 3 �proxy:
synchronous = no �proxy:
default_fallback = yes �proxy:
dead_time = 120 �security:
max_attributes = 200 �security:
reject_delay = 1 �main:
debug_level = 0 read_config_files:� entering modules setup Module: Library search path is /usr/local/radius/lib Module: Loaded eap �eap: default_eap_type =
"md5" �eap: timer_expire = 60 rlm_eap: Loaded and
initialized the type md5 Module: Instantiated eap (eap) Module: Loaded preprocess �preprocess:
huntgroups = "/usr/local/radius/etc/raddb/huntgroups" �preprocess:
hints = "/usr/local/radius/etc/raddb/hints" �preprocess:
with_ascend_hack = no �preprocess:
ascend_channels_per_line = 23 �preprocess:
with_ntdomain_hack = no �preprocess:
with_specialix_jetstream_hack = no �preprocess:
with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded files �files:
usersfile = "/usr/local/radius/etc/raddb/users" �files:
acctusersfile = "/usr/local/radius/etc/raddb/acct_users" �files:
compat = "no" Module: Instantiated files (files) Module: Loaded realm �realm:
format = "suffix" �realm:
delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded detail �detail:
detailfile = "/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail" �detail:
detailperm = 384 �detail:
dirperm = 493 �detail:
locking = no Module: Instantiated detail (detail) Module: Loaded radutmp �radutmp: filename = "/usr/local/radius/var/log/radius/radutmp" �radutmp: username = "%{User-Name}" �radutmp: perm = 384 �radutmp: callerid = yes Module: Instantiated radutmp (radutmp) �main: smux_password = "" �main:
snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on IP address *, ports 1812/udp and 1813/udp, with
proxy on 1814/udp. Ready to process requests. rad_recv:
Access-Request packet from host 134.141.221.252:1062, id=52, length=73 ���� ���Message-Authenticator =
0x48951dd61c5d4eb2e2af4b60c866f07f ������� User-Name =
"luis" ������� NAS-IP-Address
= 134.141.221.252 ������� NAS-Port = 2 �������
EAP-Message =
"\002\001\000\t\001luis" �������
Framed-MTU = 1000 modcall: entering
group authorize � modcall[authorize]: module
"preprocess" returns ok ��� users:
Matched luis at 108 � modcall[authorize]: module
"files" returns ok � modcall[authorize]: module
"eap" returns updated modcall: group
authorize returns updated � rad_check_password:� Found Auth-Type eap auth: type
"EAP" modcall: entering
group authenticate rlm_eap: processing
type md5 rlm_eap_md5: Issuing Challenge � modcall[authenticate]:
module "eap" returns ok modcall: group
authenticate returns ok Sending Access-Challenge of id 52 to 134.141.221.252:1062 ������� EAP-Message =
"\0014\000\026\004\020\250(r\267bE*Y\017\025v\253\305LUD" �������
Message-Authenticator = 0x00000000000000000000000000000000 ������� State =
0x6d2728c26e0a5e55a7067440895cbafc619d893d72e45a66b2612d2defb73fafc8b0590f Finished request 0 Going to the next request SMUX connect try 2 Can't connect to SNMP agent with SMUX: Connection refused --- Walking the entire request list --- Waking up in 6 seconds... rad_recv:
Access-Request packet from host 134.141.221.252:1062, id=53, length=124 �������
Message-Authenticator = 0x9974460f859b7d8026ccb1c5c02165b2 ������� User-Name =
"luis" ������� State =
0x6d2728c26e0a5e55a7067440895cbafc619d893d72e45a66b2612d2defb73faf ������� NAS-IP-Address
= 134.141.221.252 ������� NAS-Port = 2 ������� Framed-MTU =
1000 ������� EAP-Message =
"\0024\000\032\004\020\316K\334\306\246O\367E\257\253\t
\230b\261\220luis" modcall: entering
group authorize � modcall[authorize]: module
"preprocess" returns ok ��� users:
Matched luis at 108 � modcall[authorize]: module
"files" returns ok � modcall[authorize]: module
"eap" returns updated modcall: group
authorize returns updated � rad_check_password:� Found Auth-Type eap auth: type
"EAP" modcall: entering
group authenticate rlm_eap: State
verification failed. � modcall[authenticate]:
module "eap" returns invalid modcall: group
authenticate returns invalid auth: Failed to
validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request SMUX connect try 3 Can't connect to SNMP agent with SMUX: Connection refused Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 52 with timestamp 3d899d61 Sending Access-Reject of id 53 to 134.141.221.252:1062 Cleaning up request 1 ID 53 with timestamp 3d899d61 Nothing to do.� Sleeping until we see a
request. |
- Re: EAP-MD5 fails to authenticate users Fernandez, Jorge
- Re: EAP-MD5 fails to authenticate users Artur Hecker
- Re: EAP-MD5 fails to authenticate users Alan DeKok
- RE:EAP-MD5 fails to authenticate users Fernandez, Jorge
- Re: EAP-MD5 fails to authenticate users Artur Hecker
- Re: EAP-MD5 fails to authenticate users Alan DeKok
