hi.....
I am Netflash. i develop dot1x_radius clients
I have some trouble during setup Winxp <-------->my AP <-------> RADIUS Server , ask
for your help...
AP is dot1x+radiusclient. client use FreeRadius Server code.
using EAP-MD5, and set to winxp to md5-challenge mode.
My environment setup as follows
(1) supplicant : winxp
(2) authenticator:AP(i develop for dot1x radius client)
(3) authentication server: Linux Redhat 7.2+ FreeRADIUS (lastest version)
(4) users file.
wilee Auth-Type := EAP, User-Password == "wilee123"
DEFAULT Auth-Type := System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
(5) clients.conf file
client 172.27.4.2 { <= AP IP Address
secret = test123
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
(6) radiusd.conf file else same to original file..
modules {
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
eap {
default_eap_type = md5
timer_expire = 60
md5 {
}
}
}
authorize {
eap
preprocess
suffix
files
}
authenticate {
eap
unix
}
(Question)
1.first, xp send EAP request, but it doesn't has user name,only has User-Name
header.why?
2.My Ap relay Message to Radius server,and radius -x print is below. dump EAP packet,
result is
4f 07 01 54 00 05 01 , it means EAP-identify. i expect md5-challenag(type is 4,not 5)
and State attribute.
but server returns only EAP-identify.i suspect eap_start() function. if EAP msg
exist(eap-requst has eap,so it
exist!),eap_start returns EAP_FOUND and EAP-identify msg, then eap_authorize() returns
RLM_MODULE_HANDLED and program returns EAP-Identify....i trace radiusd code.but i
can't not understand code why it works that way..
A.radiusd -x
Starting - reading configuration files ...
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
rlm_eap: eap_instantiate start <=my debug
rlm_eap: eap_instantiate :auth_type md5 <=my debug
rlm_eap: type_name md5 node->typeid 4 <=my debug
rlm_eap: Loaded and initialized the type md5
rlm_eap: eap_instantiate end <=my debug
Module: Instantiated eap (eap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 172.27.4.2:32769, id=157, length=176
Athentication-Request
User-Name = "wilee" <==insert by my AP for test,in case null, result is same..
Called-Station-Id = "00-d0-b7-b8-9f-99" <==AP MAC
Calling-Station-Id = "00-80-ad-7f-17-80" <=XP MAC
NAS-Identifier = "172.27.4.2" <=AP IP
NAS-IP-Address = 172.27.4.2 <=AP_IP
NAS-Port = 1
NAS-Port-Type = Ethernet
Connect-Info = "100000000" <=speed
Service-Type = Authenticate-Only(8)
Framed-MTU = 1500
State = 0x536174657320636f706965642069662065786973742e69742069732074657374
EAP-Message = "\002O"
Message-Authenticator = 0xc474dd2b9a5000a0b7ec8b71e044a8fb
rlm_eap: Got EAP_START message <==it is very important!. eap_start() func call..
Sending Access-Challenge of id 157 to 172.27.4.2:32769
EAP-Message = "\001P\000\005\001"
Message-Authenticator = 0x00000000000000000000000000000000
(3)i trace rlm_eap(printf work well) and rlm_eap_md5(insert printf at init it doesn't
work).
help me..��ا~�칻��&���칻��&�I硶���0~����b��+��b�����٥
