Re: eap-md5 using cisco

[Raj Jadhav]

You don't need anything to add in radiusd.conf, because it will take 
port information from /etc/services  it is clearly mentioned in 
radiusd.conf file.
It seems you are using md5 challenge form XP for authentication ; take 
care that you are using md5 as default eap. do not enable tls it is  
tedious and tricky.
test your radius configuration locally by radtest first.

sankpal_manisha wrote:

i am trying to authenticate winxp using cisco 1200 series ap and 
freeradius.

i am able to trace out that eap-request and eap-response messages are 
sent between winxp machine and cisco ap.

and radius -s -d output is as follows:

length=132
>         User-Name ="test"
>         NAS-IP-Address = 192.x.x.x
>         Called-Station-Id = "00-20-a6-48-22-f7"
>         Calling-Station-Id = "00-20-a6-4c-a9-a5"
>         NAS-Identifier = "CTI-AP-2000"
>         Framed-MTU = 1400
>         NAS-Port-Type =Wireless-802.11
>         EAP-Message = 0x0202000d0168656c706465736b
>         Message-Authenticator =3D 0x66e088c10d28c82a8f08b1b283dca42f
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "attr_filter" returns noop
>   rlm_eap: EAP packet type notification id 2 length 13
>   rlm_eap: EAP Start not found
>   modcall[authorize]: module "eap" returns updated
>     rlm_realm: No '@' <mailto:[EMAIL PROTECTED]> in User-Name =3D "helpdesk", 
looking up realm NUL=
L
>  ! ;   rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop
>     users: Matched DEFAULT at 152
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
>   rad_check_password:  Found Auth-Type Eap
> auth: type "EAP"
> modcall: entering group authenticate
>   rlm_eap: EAP packet type notification id 2 length 13
>   rlm_eap: EAP Start not found
>   rlm_eap: EAP Identity
>   rlm_eap: processing type tls
>   modcall[authenticate]: module "eap" returns ok
> modcall: group authenticate returns ok
> Sending Access-Challenge of id 110 to 192.x.x.x:1158
>         EAP-Message = 0x010300060d20
>         Message-Authenticator = 0x00000000! 000000000000000000000000
>         State = 
0x3913e3477fcb9f86ced7207700dfc54c9040313f49dfb963be36bd7adf9af0035595f=
ce8
> Finished request 0
> Going to the next request

my users file contains;

test Auth-Type:=EAP User-Password="test"

 

also in radiusd.conf i have specified bind_addr=192.x.x.x and port=1812 .

in clients.conf file i specified cisco ap's address and shared 
secret.Also i have made changes to cisco ap to support freeradius.

so,where should be problem?

i have searched mailing list but i cannot find answer.

thanks in advance

sorry for so long mail.............................

<http://203.199.93.116/IMaround/presencefr.mss?userid=sankpal_manisha>
Click onthe image to chat with me


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html