I have tested the provided configuration, but something goes wrong... My Radius is starting the Challenge but not more....
I trying the two default EAP types: md5 and tls (suggested by Brian Clarkson). As additional information i provide an etherreal capture (only the informations) from the Callenge at the laptop.
########### MD5 ###################################
###### Radius ##########
rad_recv: Access-Request packet from host 141.46.10.250:1040, id=17, length=95
User-Name = "tester"
NAS-IP-Address = 141.46.10.250
NAS-Identifier = "port"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0211000b01746573746572
Message-Authenticator = 0x12306952c3c83691ce396916d063fb9b
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
radius_xlat: '/usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{NAS-IP-Address}/auth-detail expands to /usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail
modcall[authorize]: module "auth_log" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_eap: EAP packet type response id 17 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched tester at 143
users: Matched DEFAULT at 164
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 17 to 141.46.10.250:1040
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x011200160410db91f6fadf31e081b8ec1d684c4fcdbe
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6bddd609942ebf2eccdca343810b5d11
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 141.46.10.250:1041, id=18, length=108
User-Name = "tester"
NAS-IP-Address = 141.46.10.250
NAS-Identifier = "port"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x6bddd609942ebf2eccdca343810b5d11
EAP-Message = 0x021200060319
Message-Authenticator = 0xc806db8b12fe9f6be49e3bfa4dc7f88e
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
radius_xlat: '/usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{NAS-IP-Address}/auth-detail expands to /usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail
modcall[authorize]: module "auth_log" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_eap: EAP packet type response id 18 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched tester at 143
users: Matched DEFAULT at 164
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 18 to 141.46.10.250:1041
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x011300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0a9c6812cf273e9117ebc40fac669742
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 17 with timestamp 4010f6c4
Cleaning up request 3 ID 18 with timestamp 4010f6c4
Nothing to do. Sleeping until we see a request.
######################
########## Etherreal ####
[Source -> destination, proto, info]
Lap -> AP, EAPOL, "Start" AP -> Lap, EAP, "Request, Identity [RFC2284]" Lap -> AP, EAP, "Response Identity [RFC2284]" AP -> Lap, EAP, "Request MD5 Callenge [RFC2284]" Lap -> AP, EAP, "Response, Nak (Response only) [RFC2284]" AP -> Lap, EAP, "Request, PEAP [Palekar]" Lap -> AP, EAP, "Response, PEAP [Palekar]"
############################################################################
################################# TLS #######################################
################ Radius ##############
rad_recv: Access-Request packet from host 141.46.10.250:1048, id=157, length=95
User-Name = "tester"
NAS-IP-Address = 141.46.10.250
NAS-Identifier = "port"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x029d000b01746573746572
Message-Authenticator = 0xeaa474bd82103a1f982ebc01c8c1701e
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{NAS-IP-Address}/auth-detail expands to /usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: EAP packet type response id 157 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched tester at 143
users: Matched DEFAULT at 164
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 157 to 141.46.10.250:1048
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x019e00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5c103949e8ee75ac7edb2ce8c87d411
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 141.46.10.250:1049, id=158, length=108
User-Name = "tester"
NAS-IP-Address = 141.46.10.250
NAS-Identifier = "port"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0xb5c103949e8ee75ac7edb2ce8c87d411
EAP-Message = 0x029e00060319
Message-Authenticator = 0xc7c5e5e52b91ce52926f42f479ffdef7
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
radius_xlat: '/usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail'
rlm_detail: /usr/local/radius/var/log/radius/radacct/%{NAS-IP-Address}/auth-detail expands to /usr/local/radius/var/log/radius/radacct/141.46.10.250/auth-detail
modcall[authorize]: module "auth_log" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_eap: EAP packet type response id 158 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched tester at 143
users: Matched DEFAULT at 164
users: Matched DEFAULT at 183
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 158 to 141.46.10.250:1049
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x019f00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x35add875f225bab7298754c956c19410
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 157 with timestamp 4010fcfc
Cleaning up request 1 ID 158 with timestamp 4010fcfc
Nothing to do. Sleeping until we see a request.
########################
##### Etherreal ###########
[Source -> destination, proto, info]
Lap -> AP, EAPOL, "Start" AP -> Lap, EAP, "Request, Identity [RFC2284]" Lap -> AP, EAP, "Response Identity [RFC2284]" AP -> Lap, EAP, "Request EAP-TLS [RFC2716] [Aboba]" Lap -> AP, EAP, "Response, Nak (Response only) [RFC2284]" AP -> Lap, EAP, "Request, PEAP [Palekar]" Lap -> AP, EAP, "Response, PEAP [Palekar]"
########################
####################################################################
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
