hi tamer
read the EAP/MD5 FAQ.
the solution: get rid of the Reply-Message incuded by xlat in the
Challenge.
and by the way what's all this mess with the Framed-MTU?
greetings
artur
Tamer Demir wrote:
>
> After the radius server send the challenge, XP does not send respond and
> stays in the authentication state. Do you know any solution?
>
> I am doing both MAC address and user authantication, The Windows XP asks a
> user name and password when I wrote this, XP is stucks at authenticating
> state!!!!! (In the XP ptions I chosed MD5 challenge...)
>
> Config files:
>
> users:
> ******************************
> #my user
> tamer Auth-Type := EAP, User-Password = "demir"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1750,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
> #Orinoco Card Cisca
> 00022d-034186 Auth-Type := Local, User-Password == "secret"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP
> ******************************
>
> radius.conf:
> ******************************
> user = root
> group = root
> modules {
> unix {
> cache = yes
> cache_reload = 600
> passwd = /etc/passwd
> shadow = /etc/shadow
> group = /etc/group
> radwtmp = ${logdir}/radwtmp
> }
> eap {
> #default_eap_type = md5
> # Supported EAP-types
> md5 {
> }
> ......
> }
> authorize {
> eap
> preprocess
> files
> suffix
> }
> authenticate {
> eap
> unix
> }
> accounting {
> detail
> unix
> radutmp
>
> }
> session {
> radutmp
> }
> ******************************
>
> Output:
>
> *****************************
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/proxy.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = yes
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = yes
> main: log_auth_badpass = yes
> main: log_auth_goodpass = yes
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "root"
> main: group = "root"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: servers_per_realm = 15
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> rlm_eap: Loaded and initialized the type md5
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded files
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> files: compat = "no"
> [/usr/local/etc/raddb/users]:90 WARNING! Changing 'User-Password =' to
> 'User-Password ==' ?for comparing RADIUS attribute in check item list for
> user tamer
> Module: Instantiated files (files)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded detail
> detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded System
> unix: cache = yes
> unix: passwd = "/etc/passwd"
> unix: shadow = "/etc/shadow"
> unix: group = "/etc/group"
> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> HASH: Reinitializing hash structures and lists for caching...
> HASH: user root found in hashtable bucket 11726
> HASH: user bin found in hashtable bucket 86651
> HASH: user daemon found in hashtable bucket 11668
> HASH: user adm found in hashtable bucket 26466
> HASH: user lp found in hashtable bucket 54068
> HASH: user sync found in hashtable bucket 42895
> HASH: user shutdown found in hashtable bucket 71746
> HASH: user halt found in hashtable bucket 7481
> HASH: user mail found in hashtable bucket 79471
> HASH: user news found in hashtable bucket 5375
> HASH: user uucp found in hashtable bucket 38541
> HASH: user operator found in hashtable bucket 21748
> HASH: user games found in hashtable bucket 47657
> HASH: user gopher found in hashtable bucket 47357
> HASH: user ftp found in hashtable bucket 56226
> HASH: user nobody found in hashtable bucket 99723
> HASH: user ntp found in hashtable bucket 21418
> HASH: user rpc found in hashtable bucket 72373
> HASH: user vcsa found in hashtable bucket 25959
> HASH: user nscd found in hashtable bucket 36306
> HASH: user sshd found in hashtable bucket 71560
> HASH: user rpm found in hashtable bucket 72383
> HASH: user mailnull found in hashtable bucket 78086
> HASH: user smmsp found in hashtable bucket 13600
> HASH: user rpcuser found in hashtable bucket 552
> HASH: user nfsnobody found in hashtable bucket 51830
> HASH: user pcap found in hashtable bucket 55326
> HASH: user xfs found in hashtable bucket 17213
> HASH: user named found in hashtable bucket 7729
> HASH: user gdm found in hashtable bucket 50360
> HASH: user mysql found in hashtable bucket 46314
> HASH: user avillani found in hashtable bucket 10152
> HASH: user apache found in hashtable bucket 26582
> HASH: user demir found in hashtable bucket 60045
> HASH: user kkcsaba found in hashtable bucket 96040
> HASH: Stored 35 entries from /etc/passwd
> HASH: Stored 41 entries from /etc/group
> Module: Instantiated unix (unix)
> Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.91.102:192, id=7, length=114
> User-Name = "tamer"
> NAS-IP-Address = 192.168.91.102
> Called-Station-Id = "00022d034186"
> Calling-Station-Id = "00022d176e31"
> NAS-Identifier = "Orinoco 2"
> NAS-Port-Type = Wireless-802.11
> Framed-MTU = 1400
> EAP-Message = "\002\001\000\n\001tamer"
> Message-Authenticator = 0x41dd101823facf80842de926f5001ac2
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> users: Matched tamer at 90
> modcall[authorize]: module "files" returns ok
> modcall[authorize]: module "eap" returns updated
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> radius_xlat: 'Naber Lan Got'
> Login OK: [tamer/<no User-Password attribute>] (from client AP102 port 0
> cli 00022d176e31)
> Sending Access-Challenge of id 7 to 192.168.91.102:192
> Reply-Message = "Naber Lan Got"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Routing = Broadcast-Listen
> Framed-MTU = 1400
> Framed-Compression = Van-Jacobson-TCP-IP
> EAP-Message =
> "\001\002\000\026\004\020\352\214\347=\276$Cu\372O9\324\232R\341\267"
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0xd99291b333d1b83fe72366d105d9f6effb60eb3d070cd086387a9f6d9308c8c9a1d7794d
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 7 with timestamp 3deb60fb
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host 192.168.91.102:192, id=8, length=114
> User-Name = "tamer"
> NAS-IP-Address = 192.168.91.102
> Called-Station-Id = "00022d034186"
> Calling-Station-Id = "00022d176e31"
> NAS-Identifier = "Orinoco 2"
> NAS-Port-Type = Wireless-802.11
> Framed-MTU = 1400
> EAP-Message = "\002\t\000\n\001tamer"
> Message-Authenticator = 0x8b1e46a77567cb5cae9d9cf8ef9237b4
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> users: Matched tamer at 90
> modcall[authorize]: module "files" returns ok
> modcall[authorize]: module "eap" returns updated
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: list_clean deleted one item
> rlm_eap: processing type md5
> rlm_eap_md5: Issuing Challenge
> modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> radius_xlat: 'Naber Lan'
> Login OK: [tamer/<no User-Password attribute>] (from client AP102 port 0
> cli 00022d176e31)
> Sending Access-Challenge of id 8 to 192.168.91.102:192
> Reply-Message = "Naber Lan Got"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Routing = Broadcast-Listen
> Framed-MTU = 1400
> Framed-Compression = Van-Jacobson-TCP-IP
> EAP-Message =
> "\001\n\000\026\004\020\225\346~>\021\270\341\312\306\260\004\022\321\223g\231"
> Message-Authenticator = 0x00000000000000000000000000000000
> State =
> 0x2f8845208ee71a767d564d2961a99f7de462eb3d17bb2c911c4ff713bf8834398e7550e8
> Finished request 1
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> ******************************
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Artur Hecker
artur[at]hecker.info
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
