|
Hi Group,
Im having authentication problems using FreeRadius
with my wireless access point.
Using radiusd -X I can see that the radius server
is starting error free.
I have it setup to use peap and all the
configurations seem correct.
I have the shared secret set in the clients.conf
for the AP and the same key set on the Radius section along with the IP of the
server on the AP.
In the users file i have set:-
"test" User-Password ==
"test"
Below is the output of the failed login attempt
(one attempt only) from the laptop with wireless card, could anyone point out
what the problem is at all please. I am relatively new to setting up FreeRadius
so apologies if any information is missing. Notice that for some reason the
password is not there ?
rad_recv: Access-Request packet from host
192.168.0.253:1072, id=131,
length=98
Message-Authenticator = 0xa049c4976fb7bd609e4479105e0f3dab User-Name = "test" NAS-IP-Address = 192.168.0.253 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-01-f4-ec-10-7d" EAP-Message = 0x020100090174657374 Framed-MTU = 1000 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched test at 59 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 131 to 192.168.0.253:1072 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2797381507b59d35e80f2dc39810f48d Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.253:1072, id=132, length=187 Message-Authenticator = 0xbf2346b03b6892ec32bc4fd188ba98b3 User-Name = "test" State = 0x2797381507b59d35e80f2dc39810f48d NAS-IP-Address = 192.168.0.253 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-01-f4-ec-10-7d" Framed-MTU = 1000 EAP-Message = 0x0202005019800000004616030100410100003d03014174d98b15c5428cf569fc958b7f0823fe9318d8403a8a78a2a0d648abf230c500001600040005000a000900640062000300060013001200630100 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched test at 59 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 132 to 192.168.0.253:1072 EAP-Message = 0x010303ee19c0000006f1160301004a0200004603014174da165fb4f1600958bc228c5fa41e9d2e035e6d6f8c78fded0a19d4a5220f201006836173244e18a18f1c0b5b3f5cda6ffe4d749f2de608fc14ffea4b82f49b00040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e7440 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713a0a66319739c247efad64c22ee511 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.253:1072, id=133, length=113 Message-Authenticator = 0xbebe6661378f5c24f9d444a75bb5f67b User-Name = "test" State = 0x713a0a66319739c247efad64c22ee511 NAS-IP-Address = 192.168.0.253 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-01-f4-ec-10-7d" Framed-MTU = 1000 EAP-Message = 0x020300061900 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched test at 59 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 133 to 192.168.0.253:1072 EAP-Message = 0x0104031319006578616d706c652e636f6d301e170d3034303132353133323630375a170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db EAP-Message = 0x1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e80ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974 EAP-Message = 0x7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8 EAP-Message = 0xd4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x72ded68399bfe0d3e5433ff482b86ef8 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.0.253:1072, id=134, length=113 Message-Authenticator = 0x13cfe23e4703d7587ce4bcbea91b5962 User-Name = "test" State = 0x72ded68399bfe0d3e5433ff482b86ef8 NAS-IP-Address = 192.168.0.253 NAS-Port = 2 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-01-f4-ec-10-7d" Framed-MTU = 1000 EAP-Message = 0x020400061900 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched test at 59 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 134 to 192.168.0.253:1072 EAP-Message = 0x010500061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x46461b67c480a9b420b42b8c51808d64 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 131 with timestamp 4174da16 Cleaning up request 1 ID 132 with timestamp 4174da16 Cleaning up request 2 ID 133 with timestamp 4174da16 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 134 with timestamp 4174da17 Nothing to do. Sleeping until we see a request. I will post configs if needed but need to keep size
of post within limit.
Any Help muchly appreciated.
Regards
Dave |
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user Alan DeKok
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user Alan DeKok
- Re: error authenticating wireless user Christoph Litauer
- RE: error authenticating wireless user Peter Hicks
- Re: error authenticating wireless user [EMAIL PROTECTED]
- Re: error authenticating wireless user [EMAIL PROTECTED]
