hi tamer

read the EAP/MD5 FAQ.

the solution: get rid of the Reply-Message incuded by xlat in the
Challenge.


and by the way what's all this mess with the Framed-MTU?

greetings
artur




Tamer Demir wrote:
> 
> After the radius server send the challenge, XP does not send respond and
> stays in the authentication state. Do you know any solution?
> 
> I am doing both MAC address and user authantication, The Windows XP asks a
> user name and password when I wrote this, XP is stucks at authenticating
> state!!!!! (In the XP ptions I chosed MD5 challenge...)
> 
> Config files:
> 
> users:
> ******************************
> #my user
> tamer   Auth-Type := EAP, User-Password = "demir"
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Framed-Routing = Broadcast-Listen,
>          Framed-MTU = 1750,
>          Framed-Compression = Van-Jacobsen-TCP-IP
> 
> #Orinoco Card Cisca
> 00022d-034186   Auth-Type := Local, User-Password == "secret"
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Framed-Routing = Broadcast-Listen,
>          Framed-MTU = 1500,
>          Framed-Compression = Van-Jacobsen-TCP-IP
> ******************************
> 
> radius.conf:
> ******************************
> user = root
> group = root
> modules {
>    unix {
>                  cache = yes
>                  cache_reload = 600
>                  passwd = /etc/passwd
>                  shadow = /etc/shadow
>                  group = /etc/group
>                  radwtmp = ${logdir}/radwtmp
>          }
>   eap {
>                  #default_eap_type = md5
>                  # Supported EAP-types
>                  md5 {
>                  }
> ......
> }
> authorize {
>                 eap
>                 preprocess
>                 files
>                 suffix
> }
> authenticate {
>          eap
>          unix
> }
> accounting {
>          detail
>          unix
>          radutmp
> 
> }
> session {
>          radutmp
> }
> ******************************
> 
> Output:
> 
> *****************************
> Starting - reading configuration files ...
> reread_config:  reading radiusd.conf
> Config:   including file: /usr/local/etc/raddb/proxy.conf
> Config:   including file: /usr/local/etc/raddb/clients.conf
> Config:   including file: /usr/local/etc/raddb/snmp.conf
> Config:   including file: /usr/local/etc/raddb/sql.conf
>   main: prefix = "/usr/local"
>   main: localstatedir = "/usr/local/var"
>   main: logdir = "/usr/local/var/log/radius"
>   main: libdir = "/usr/local/lib"
>   main: radacctdir = "/usr/local/var/log/radius/radacct"
>   main: hostname_lookups = no
>   main: max_request_time = 30
>   main: cleanup_delay = 5
>   main: max_requests = 1024
>   main: delete_blocked_requests = 0
>   main: port = 0
>   main: allow_core_dumps = no
>   main: log_stripped_names = yes
>   main: log_file = "/usr/local/var/log/radius/radius.log"
>   main: log_auth = yes
>   main: log_auth_badpass = yes
>   main: log_auth_goodpass = yes
>   main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
>   main: user = "root"
>   main: group = "root"
>   main: usercollide = no
>   main: lower_user = "no"
>   main: lower_pass = "no"
>   main: nospace_user = "no"
>   main: nospace_pass = "no"
>   main: checkrad = "/usr/local/sbin/checkrad"
>   main: proxy_requests = yes
>   proxy: retry_delay = 5
>   proxy: retry_count = 3
>   proxy: synchronous = no
>   proxy: default_fallback = yes
>   proxy: dead_time = 120
>   proxy: servers_per_realm = 15
>   security: max_attributes = 200
>   security: reject_delay = 1
>   security: status_server = no
>   main: debug_level = 0
> read_config_files:  reading dictionary
> read_config_files:  reading naslist
> read_config_files:  reading clients
> read_config_files:  reading realms
> radiusd:  entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded eap
>   eap: default_eap_type = "md5"
>   eap: timer_expire = 60
> rlm_eap: Loaded and initialized the type md5
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
>   preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
>   preprocess: hints = "/usr/local/etc/raddb/hints"
>   preprocess: with_ascend_hack = no
>   preprocess: ascend_channels_per_line = 23
>   preprocess: with_ntdomain_hack = no
>   preprocess: with_specialix_jetstream_hack = no
>   preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded files
>   files: usersfile = "/usr/local/etc/raddb/users"
>   files: acctusersfile = "/usr/local/etc/raddb/acct_users"
>   files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>   files: compat = "no"
> [/usr/local/etc/raddb/users]:90 WARNING! Changing 'User-Password =' to
> 'User-Password ==' ?for comparing RADIUS attribute in check item list for
> user tamer
> Module: Instantiated files (files)
> Module: Loaded realm
>   realm: format = "suffix"
>   realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded detail
>   detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
>   detail: detailperm = 384
>   detail: dirperm = 493
>   detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded System
>   unix: cache = yes
>   unix: passwd = "/etc/passwd"
>   unix: shadow = "/etc/shadow"
>   unix: group = "/etc/group"
>   unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
>   unix: usegroup = no
>   unix: cache_reload = 600
> HASH:  Reinitializing hash structures and lists for caching...
>    HASH:  user root found in hashtable bucket 11726
>    HASH:  user bin found in hashtable bucket 86651
>    HASH:  user daemon found in hashtable bucket 11668
>    HASH:  user adm found in hashtable bucket 26466
>    HASH:  user lp found in hashtable bucket 54068
>    HASH:  user sync found in hashtable bucket 42895
>    HASH:  user shutdown found in hashtable bucket 71746
>    HASH:  user halt found in hashtable bucket 7481
>    HASH:  user mail found in hashtable bucket 79471
>    HASH:  user news found in hashtable bucket 5375
>    HASH:  user uucp found in hashtable bucket 38541
>    HASH:  user operator found in hashtable bucket 21748
>    HASH:  user games found in hashtable bucket 47657
>    HASH:  user gopher found in hashtable bucket 47357
>    HASH:  user ftp found in hashtable bucket 56226
>    HASH:  user nobody found in hashtable bucket 99723
>    HASH:  user ntp found in hashtable bucket 21418
>    HASH:  user rpc found in hashtable bucket 72373
>    HASH:  user vcsa found in hashtable bucket 25959
>    HASH:  user nscd found in hashtable bucket 36306
>    HASH:  user sshd found in hashtable bucket 71560
>    HASH:  user rpm found in hashtable bucket 72383
>    HASH:  user mailnull found in hashtable bucket 78086
>    HASH:  user smmsp found in hashtable bucket 13600
>    HASH:  user rpcuser found in hashtable bucket 552
>    HASH:  user nfsnobody found in hashtable bucket 51830
>    HASH:  user pcap found in hashtable bucket 55326
>    HASH:  user xfs found in hashtable bucket 17213
>    HASH:  user named found in hashtable bucket 7729
>    HASH:  user gdm found in hashtable bucket 50360
>    HASH:  user mysql found in hashtable bucket 46314
>    HASH:  user avillani found in hashtable bucket 10152
>    HASH:  user apache found in hashtable bucket 26582
>    HASH:  user demir found in hashtable bucket 60045
>    HASH:  user kkcsaba found in hashtable bucket 96040
> HASH:  Stored 35 entries from /etc/passwd
> HASH:  Stored 41 entries from /etc/group
> Module: Instantiated unix (unix)
> Module: Loaded radutmp
>   radutmp: filename = "/usr/local/var/log/radius/radutmp"
>   radutmp: username = "%{User-Name}"
>   radutmp: perm = 384
>   radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.91.102:192, id=7, length=114
>         User-Name = "tamer"
>         NAS-IP-Address = 192.168.91.102
>         Called-Station-Id = "00022d034186"
>         Calling-Station-Id = "00022d176e31"
>         NAS-Identifier = "Orinoco 2"
>         NAS-Port-Type = Wireless-802.11
>         Framed-MTU = 1400
>         EAP-Message = "\002\001\000\n\001tamer"
>         Message-Authenticator = 0x41dd101823facf80842de926f5001ac2
> modcall: entering group authorize
>    modcall[authorize]: module "preprocess" returns ok
>      users: Matched tamer at 90
>    modcall[authorize]: module "files" returns ok
>    modcall[authorize]: module "eap" returns updated
> modcall: group authorize returns updated
>    rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
>    modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> radius_xlat:  'Naber Lan Got'
> Login OK: [tamer/<no User-Password attribute>] (from client AP102 port 0
> cli 00022d176e31)
> Sending Access-Challenge of id 7 to 192.168.91.102:192
>         Reply-Message = "Naber Lan Got"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-Routing = Broadcast-Listen
>         Framed-MTU = 1400
>         Framed-Compression = Van-Jacobson-TCP-IP
>         EAP-Message =
> "\001\002\000\026\004\020\352\214\347=\276$Cu\372O9\324\232R\341\267"
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State =
> 0xd99291b333d1b83fe72366d105d9f6effb60eb3d070cd086387a9f6d9308c8c9a1d7794d
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 7 with timestamp 3deb60fb
> Nothing to do.  Sleeping until we see a request.
> rad_recv: Access-Request packet from host 192.168.91.102:192, id=8, length=114
>         User-Name = "tamer"
>         NAS-IP-Address = 192.168.91.102
>         Called-Station-Id = "00022d034186"
>         Calling-Station-Id = "00022d176e31"
>         NAS-Identifier = "Orinoco 2"
>         NAS-Port-Type = Wireless-802.11
>         Framed-MTU = 1400
>         EAP-Message = "\002\t\000\n\001tamer"
>         Message-Authenticator = 0x8b1e46a77567cb5cae9d9cf8ef9237b4
> modcall: entering group authorize
>    modcall[authorize]: module "preprocess" returns ok
>      users: Matched tamer at 90
>    modcall[authorize]: module "files" returns ok
>    modcall[authorize]: module "eap" returns updated
> modcall: group authorize returns updated
>    rad_check_password:  Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap:  list_clean deleted one item
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
>    modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> radius_xlat:  'Naber Lan'
> Login OK: [tamer/<no User-Password attribute>] (from client AP102 port 0
> cli 00022d176e31)
> Sending Access-Challenge of id 8 to 192.168.91.102:192
>         Reply-Message = "Naber Lan Got"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-Routing = Broadcast-Listen
>         Framed-MTU = 1400
>         Framed-Compression = Van-Jacobson-TCP-IP
>         EAP-Message =
> "\001\n\000\026\004\020\225\346~>\021\270\341\312\306\260\004\022\321\223g\231"
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State =
> 0x2f8845208ee71a767d564d2961a99f7de462eb3d17bb2c911c4ff713bf8834398e7550e8
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> ******************************
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to