Hi,
I'm having a problem getting LEAP to work with an iPAQ 5450, a
Cisco 340 series AP and freeradius. I have PEAP working, but
I need to get LEAP working as I need to reproduce a customer's
problem.
The AP responds correctly to the first challenge sent by freeradius.
But freeradius doesn't seem to know what to do with the challenge
from the AP.
Here's the output from "radiusd -X":
rad_recv: Access-Request packet from host 209.47.155.132:1254, id=230,
length=150
User-Name = "dorpen"
Cisco-AVPair = "ssid=240z_test"
NAS-IP-Address = 209.47.155.132
Called-Station-Id = "00409635425f"
Calling-Station-Id = "00028a3a611b"
NAS-Identifier = "Eugene_AP"
NAS-Port = 37
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x0201000b01646f7270656e
Message-Authenticator = 0x67c3bfc95afe60a0e1cd86011f116a20
modcall: entering group authorize for request 21
modcall[authorize]: module "preprocess" returns ok for request 21
modcall[authorize]: module "chap" returns noop for request 21
modcall[authorize]: module "mschap" returns noop for request 21
rlm_realm: No '@' in User-Name = "dorpen", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 21
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
users: Matched dorpen at 100
modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 21
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns handled for request 21
modcall: group authenticate returns handled for request 21
Sending Access-Challenge of id 230 to 209.47.155.132:1254
EAP-Message = 0x01020016110100086c3431a5aa0aa86c646f7270656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x49014ab92ca99ecb58b5944fe49c50f9
Finished request 21
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 209.47.155.132:1255, id=231,
length=195
User-Name = "dorpen"
Cisco-AVPair = "ssid=240z_test"
NAS-IP-Address = 209.47.155.132
Called-Station-Id = "00409635425f"
Calling-Station-Id = "00028a3a611b"
NAS-Identifier = "Eugene_AP"
NAS-Port = 37
Framed-MTU = 1400
State = 0x49014ab92ca99ecb58b5944fe49c50f9
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message =
0x0202002611010018f8695ffffd1ecbcbdc0a86e91b428fde8461366192e33213646f7270656e
Message-Authenticator = 0x2a1e71601b16151e747ac5527f1d19cb
modcall: entering group authorize for request 22
modcall[authorize]: module "preprocess" returns ok for request 22
modcall[authorize]: module "chap" returns noop for request 22
modcall[authorize]: module "mschap" returns noop for request 22
rlm_realm: No '@' in User-Name = "dorpen", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 22
rlm_eap: EAP packet type response id 2 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
users: Matched dorpen at 100
modcall[authorize]: module "files" returns ok for request 22
modcall: group authorize returns updated for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/leap
rlm_eap: processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: NtChallengeResponse from AP is valid
rlm_eap: Underlying EAP-Type set EAP ID to 3
modcall[authenticate]: module "eap" returns ok for request 22
modcall: group authenticate returns ok for request 22
Sending Access-Challenge of id 231 to 209.47.155.132:1255
EAP-Message = 0x03030004
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa0c5f9550e7600ebdc8e2ea363823f9d
Finished request 22
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 209.47.155.132:1256, id=232,
length=179
User-Name = "dorpen"
Cisco-AVPair = "ssid=240z_test"
NAS-IP-Address = 209.47.155.132
Called-Station-Id = "00409635425f"
Calling-Station-Id = "00028a3a611b"
NAS-Identifier = "Eugene_AP"
NAS-Port = 37
Framed-MTU = 1400
State = 0xa0c5f9550e7600ebdc8e2ea363823f9d
NAS-Port-Type = Wireless-802.11
Service-Type = Login-User
EAP-Message = 0x010000161101000889df7f1f20328e24646f7270656e
Message-Authenticator = 0x388e8fb58353b7706e5c0f72b9a86c7e
modcall: entering group authorize for request 23
modcall[authorize]: module "preprocess" returns ok for request 23
modcall[authorize]: module "chap" returns noop for request 23
modcall[authorize]: module "mschap" returns noop for request 23
rlm_realm: No '@' in User-Name = "dorpen", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 23
rlm_eap: EAP packet type request id 0 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
users: Matched dorpen at 100
modcall[authorize]: module "files" returns ok for request 23
modcall: group authorize returns updated for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 23
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown
EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 23
modcall: group authenticate returns invalid for request 23
auth: Failed to validate the user.
Delaying request 23 for 1 seconds
Finished request 23
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 209.47.155.132:1256, id=232,
length=179
Sending Access-Reject of id 232 to 209.47.155.132:1256
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 21 ID 230 with timestamp 403670a0
Cleaning up request 22 ID 231 with timestamp 403670a0
Cleaning up request 23 ID 232 with timestamp 403670a0
Nothing to do. Sleeping until we see a request.
Thanks for any help!
- Derek
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
