hi Antti
i think that what you receive at your radius server is nor the EAP Identity neither EAP Start, apparently it is a Notification message. The AP sends notifications to your Radius server, and the latter tries to send challenges back (to Alan, WHY?) the notifications remain exactly the same except for the increasing ID. why is your AP sending notifications? it should send EAP/Identity OR EAPOL Start. both are ok though Identity would be more convenient. To Alan : the following messages are really not very consistent. Could you improve it so that the defined EAP message type appears in the same manner and the reason is given? E.g. the third line is ambiguous and the first and the second lines are not consistent. Also the last line is not user-friendly :-) > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 I would suggest something like this if it's easy to change and you have time for this (since you are about to make changes to the EAP module): > rlm_eap: "EAP Notification" id 2 length 13 detected > rlm_eap: "EAP Start" not found > rlm_eap: "EAP Identity" WHAT? EXPECTED? FOUND? MISSED? > rlm_eap: processing type N (EAP/TLS) > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 (which means <ADD MEANING HERE>) ciao artur Antti Mattila wrote: > > Freeradius log: > > Listening on IP address *, ports 1812/udp and 1813/udp. > Ready to process requests. > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0202000d0168656c706465736b > Message-Authenticator = 0x66e088c10d28c82a8f08b1b283dca42f > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 110 to 194.142.202.102:6001 > EAP-Message = 0x010300060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0x3913e3477fcb9f86ced7207700dfc54c9040313f49dfb963be36bd7adf9af0035595fce8 > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > Sending duplicate reply to client CTI-AP2000:6001 - ID: 110 > Re-sending Access-Challenge of id 110 to 194.142.202.102:6001 > --- Walking the entire request list --- > Waking up in 3 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=111, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0203000d0168656c706465736b > Message-Authenticator = 0xf49b4959d49e9e52cc5c2be9f801e3e9 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 111 to 194.142.202.102:6001 > EAP-Message = 0x010400060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0xe3b52f49629d8782804ac0002dabdb999340313f0bfc8b16c9dcbf2d7951ee715f98297b > Finished request 2 > Going to the next request > Waking up in 3 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > Sending duplicate reply to client CTI-AP2000:6001 - ID: 110 > Re-sending Access-Challenge of id 110 to 194.142.202.102:6001 > --- Walking the entire request list --- > Cleaning up request 0 ID 110 with timestamp 3f314090 > Waking up in 3 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=111, > length=132 > Sending duplicate reply to client CTI-AP2000:6001 - ID: 111 > Re-sending Access-Challenge of id 111 to 194.142.202.102:6001 > rl_next: returning NULL > Waking up in 3 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=110, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0202000d0168656c706465736b > Message-Authenticator = 0x66e088c10d28c82a8f08b1b283dca42f > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 2 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 110 to 194.142.202.102:6001 > EAP-Message = 0x010300060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0x8371ef5a533fa7644eb30a377d2429899940313fb168b07b5cf93799400d224f89d16870 > Finished request 5 > Going to the next request > --- Walking the entire request list --- > Cleaning up request 2 ID 111 with timestamp 3f314093 > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=111, > length=132 > User-Name = "helpdesk" > NAS-IP-Address = 194.142.202.102 > Called-Station-Id = "00-20-a6-48-e0-a3" > Calling-Station-Id = "00-20-a6-4c-b0-1f" > NAS-Identifier = "CTI-AP-2000" > Framed-MTU = 1400 > NAS-Port-Type = Wireless-802.11 > EAP-Message = 0x0203000d0168656c706465736b > Message-Authenticator = 0xf49b4959d49e9e52cc5c2be9f801e3e9 > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "attr_filter" returns noop > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > modcall[authorize]: module "eap" returns updated > rlm_realm: No '@' in User-Name = "helpdesk", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 152 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns updated > rad_check_password: Found Auth-Type Eap > auth: type "EAP" > modcall: entering group authenticate > rlm_eap: EAP packet type notification id 3 length 13 > rlm_eap: EAP Start not found > rlm_eap: EAP Identity > rlm_eap: processing type tls > rlm_eap_tls: Initiate > rlm_eap_tls: Start returned 1 > modcall[authenticate]: module "eap" returns ok > modcall: group authenticate returns ok > Sending Access-Challenge of id 111 to 194.142.202.102:6001 > EAP-Message = 0x010400060d20 > Message-Authenticator = 0x00000000000000000000000000000000 > State = > 0xbd8f41c6e071299128c6ce0dc7f91f4f9940313f7634261e79895ffc8fc17910b2f9657f > Finished request 6 > Going to the next request > Waking up in 6 seconds... > rad_recv: Access-Request packet from host 194.142.202.102:6001, id=111, > length=132 > Sending duplicate reply to client CTI-AP2000:6001 - ID: 111 > Re-sending Access-Challenge of id 111 to 194.142.202.102:6001 > --- Walking the entire request list --- > Waking up in 3 seconds... > --- Walking the entire request list --- > Cleaning up request 5 ID 110 with timestamp 3f314099 > Cleaning up request 6 ID 111 with timestamp 3f314099 > Nothing to do. Sleeping until we see a request. > > Sorry but e-mail client didn't allow mails that long... > > Thanks for replys in advance: > > Antti Mattila > -- > [EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _____________________________________________________________________ Artur Hecker Groupe Acc�s et Mobilit� hecker[at]enst[dot]fr D�partement Informatique et R�seaux +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
