I'm trying to run RADIUS with leap. I've written to the list before but I haven't
solved the problem yet, so I send teh logs I see on the screen because I don't
understand the problem.
First, I apologise because the logs are a bit long but I don't distinguish between the
important and the non-important ones.
My user is configured like this:
prueba Auth-Type := eap, User-Password == "12345678"
Service-Type = Login-User
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=0, length=152
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x75dd2d370a1195892732703a963208f3
EAP-Message = 0x0202000b01707275656261
NAS-Port-Type = Virtual
NAS-Port = 2
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 0
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Challenge of id 0 to 172.26.0.3:1645
EAP-Message = 0x0103001611010008f8e33fa796fb79e9707275656261
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x28176916caa0435824c9edb6eb8ef1d51ad13940176d8c42e1933b66cca6d5e8493fb11d
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=1, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x1eab148714d1dd0f9d4ebca9112cd055
EAP-Message =
0x02030026110100180f850fea24c254b73654333fc0c894474019512576b7d569707275656261
NAS-Port-Type = Virtual
NAS-Port = 2
State =
0x28176916caa0435824c9edb6eb8ef1d51ad13940176d8c42e1933b66cca6d5e8493fb11d
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 1
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=1, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0xdd9215cbd82a0afa9249815ca5635d8f
EAP-Message =
0x02030026110100180f850fea24c254b73654333fc0c894474019512576b7d569707275656261
NAS-Port-Type = Virtual
NAS-Port = 2
State =
0x28176916caa0435824c9edb6eb8ef1d51ad13940176d8c42e1933b66cca6d5e8493fb11d
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 2
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
modcall[authenticate]: module "eap" returns invalid for request 2
modcall: group authenticate returns invalid for request 2
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 4039d11a
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 1 to 172.26.0.3:1645
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=2, length=152
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x45fdcbfee584b4a5fa587b75ce9cec2b
EAP-Message = 0x0202000b01707275656261
NAS-Port-Type = Virtual
NAS-Port = 3
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 3
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 3
modcall: group authenticate returns ok for request 3
Sending Access-Challenge of id 2 to 172.26.0.3:1645
EAP-Message = 0x0103001611010008cfa76f72e50a78d1707275656261
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x242bafc08a8484dcb0df38437db4c08725d1394062efe03c482227882eb24600e009e0bc
Finished request 3
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 1 with timestamp 4039d11f
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=3, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x8ec6072eb8329541e052b1685d80b657
EAP-Message =
0x020300261101001867d4d5196522200d286d1d151e4b34692ca8371cf3d94d0f707275656261
NAS-Port-Type = Virtual
NAS-Port = 3
State =
0x242bafc08a8484dcb0df38437db4c08725d1394062efe03c482227882eb24600e009e0bc
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 4
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
modcall[authenticate]: module "eap" returns invalid for request 4
modcall: group authenticate returns invalid for request 4
auth: Failed to validate the user.
Delaying request 4 for 1 seconds
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=4, length=152
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x441e6387517f3d590bff1f00529f00f4
EAP-Message = 0x0202000b01707275656261
NAS-Port-Type = Virtual
NAS-Port = 4
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 5
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 5
modcall: group authenticate returns ok for request 5
Sending Access-Challenge of id 4 to 172.26.0.3:1645
EAP-Message = 0x0103001611010008388f808f6cf20324707275656261
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x5fcd98de6dfe87eaea973bc2ad33d83228d139406674420ae207272bc73e8e4a4bb8b61d
Finished request 5
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 3 to 172.26.0.3:1645
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=5, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x83302d5321a591fe9b8ea16513a061b5
EAP-Message =
0x0203002611010018dd22c3e8747cf48f41970d45c052d47f2c85e3532c7437ce707275656261
NAS-Port-Type = Virtual
NAS-Port = 4
State =
0x5fcd98de6dfe87eaea973bc2ad33d83228d139406674420ae207272bc73e8e4a4bb8b61d
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 6
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
modcall[authenticate]: module "eap" returns invalid for request 6
modcall: group authenticate returns invalid for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 2 with timestamp 4039d125
Cleaning up request 4 ID 3 with timestamp 4039d125
Sending Access-Reject of id 5 to 172.26.0.3:1645
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 4 with timestamp 4039d128
Cleaning up request 6 ID 5 with timestamp 4039d128
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=6, length=152
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0xc275f436a61caf418cb550720ae1868e
EAP-Message = 0x0202000b01707275656261
NAS-Port-Type = Virtual
NAS-Port = 5
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 7
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 7
rlm_eap: EAP packet type notification id 2 length 11
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 7
modcall: group authenticate returns ok for request 7
Sending Access-Challenge of id 6 to 172.26.0.3:1645
EAP-Message = 0x0103001611010008e38709dcefb665da707275656261
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x3305b25f5f2e2f409162d511e433555533d139401db98e4eac56edc72206d843768e7c0c
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0xdf55df0e5a4e3406eeebfca746204be2
EAP-Message =
0x02030026110100181d428a77ec2efd6068db56056d5fb65edc311c4f4bac5e5d707275656261
NAS-Port-Type = Virtual
NAS-Port = 5
State =
0x3305b25f5f2e2f409162d511e433555533d139401db98e4eac56edc72206d843768e7c0c
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 8
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 8
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: No User-Password or NT-Password configured for this user
modcall[authenticate]: module "eap" returns invalid for request 8
modcall: group authenticate returns invalid for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, length=217
User-Name = "prueba"
Framed-MTU = 1400
Called-Station-Id = "0040.96a0.19dc"
Calling-Station-Id = "000c.ce21.141b"
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0xbd83a468a7a3b23fcfe15faf8b113436
EAP-Message =
0x02030026110100181d428a77ec2efd6068db56056d5fb65edc311c4f4bac5e5d707275656261
NAS-Port-Type = Virtual
NAS-Port = 5
State =
0x3305b25f5f2e2f409162d511e433555533d139401db98e4eac56edc72206d843768e7c0c
Service-Type = Login-User
NAS-IP-Address = 172.26.0.3
NAS-Identifier = "ap_cisco "
modcall: entering group authorize for request 9
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 9
rlm_eap: EAP packet type notification id 3 length 38
rlm_eap: EAP Start not found
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 6 with timestamp 4039d133
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 7 to 172.26.0.3:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 7 with timestamp 4039d138
Nothing to do. Sleeping until we see a request.
----- Mensaje original -----
De: [EMAIL PROTECTED]
Fecha: Viernes, Febrero 20, 2004 6:58 pm
Asunto: RE: user password for LEAP
> Maybe you could post the initial debug lines to see which users is
> beingmatched.
>
> One probability is that the default user is being matched, and not
> the one
> you have intended, if you are using leap for authentication, and
> assumingyou have a "right" configuration file for FreeRadius, your
> line in the users
> file should look something like:
>
> test Auth-Type := eap, User-Password == "123456"
> Service-Type = Login-User
>
> German Rodriguez.
>
> > -----Original Message-----
> > From: BLANCA FERRERO RODRIGUEZ [EMAIL PROTECTED]
> > Sent: Friday, February 20, 2004 2:23 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: user password for LEAP
> >
> > BLANCA FERRERO RODRIGUEZ <[EMAIL PROTECTED]> wrote:
> > > > The communication between my AP and the server seems
> > correct in the
> > > > first messages, but when the AP replies to the server challenge,
> > > I can
> > > > see several error messages. The first ones is this:
> > > > ' No user-password or NT-Password configured for this user'
> > > > but I have the password defined in the users file...
> > >
> > > So run the server in debugging mode, and see if that line of
> the
> > > users file is matched when the request comes in.
> > >
> > > Alan DeKok.
> > >
> >
> > I don't understand your answer very well because I already
> > run the server in debbug mode and the messages I put in my
> > mail are the ones I can see on the screen... and I guess the
> > line with the password in the users file doesn't match the
> > one in the packet as the message I get is the one above.
> >
> > BLanca
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> Advertencia:La informacion contenida en este mensaje es
> confidencial y
> restringida, por lo tanto esta destinada unicamente para el uso de la
> persona arriba indicada, se le notifica que esta prohibida la
> difusion de
> este mensaje. Si ha recibido este mensaje por error, o si hay
> problemas en
> la transmision, favor de comunicarse con el remitente. Gracias.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
