i query question below that named "[help]i can't work with EAP-MD5" but nobody
answer..
My environment setup as follows
(1) supplicant : winxp
(2) authenticator:AP(i develop for dot1x radius client)
(3) authentication server: Linux Redhat 7.2+ FreeRADIUS (lastest version)
(4) users file.
wilee Auth-Type := EAP, User-Password == "wilee123"
DEFAULT Auth-Type := System
Fall-Through = 1
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
(5) clients.conf file
client 172.27.4.2 { <= AP IP Address
secret = test123
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
(6) radiusd.conf file else same to original file..
modules {
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
eap {
default_eap_type = md5
timer_expire = 60
md5 {
}
}
}
authorize {
eap
preprocess
suffix
files
}
authenticate {
eap
unix
}
(Question)
1.first, in src/main/rlm_eap/rlm_eap.c : eap_authorize() comment says
/*
* For EAP_START, send Access-Challenge with EAP Identity request.
* even when we have to proxy this request
*/
i think eap identify used by AP not radius server.but free radius server recvs
eap_response then send eap identify..
why user eap_start?..it cause all problem...
A.radiusd -x
Starting - reading configuration files ...
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
rlm_eap: eap_instantiate start <=my debug
rlm_eap: eap_instantiate :auth_type md5 <=my debug
rlm_eap: type_name md5 node->typeid 4 <=my debug
rlm_eap: Loaded and initialized the type md5
rlm_eap: eap_instantiate end <=my debug
Module: Instantiated eap (eap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 172.27.4.2:32769, id=157, length=176
Athentication-Request
User-Name = "wilee" <==insert by my AP for test,in case null, result is same..
Called-Station-Id = "00-d0-b7-b8-9f-99" <==AP MAC
Calling-Station-Id = "00-80-ad-7f-17-80" <=XP MAC
NAS-Identifier = "172.27.4.2" <=AP IP
NAS-IP-Address = 172.27.4.2 <=AP_IP
NAS-Port = 1
NAS-Port-Type = Ethernet
Connect-Info = "100000000" <=speed
Service-Type = Authenticate-Only(8)
Framed-MTU = 1500
State = 0x536174657320636f706965642069662065786973742e69742069732074657374
EAP-Message = "\002O"
Message-Authenticator = 0xc474dd2b9a5000a0b7ec8b71e044a8fb
rlm_eap: Got EAP_START message <==it is very important!. eap_start() func call..
Sending Access-Challenge of id 157 to 172.27.4.2:32769
EAP-Message = "\001P\000\005\001"
Message-Authenticator = 0x00000000000000000000000000000000
���b��?���r��{�����r��y'���i��0���z����(�����ǫ��f�������������������������������������
