I'm using freeRadius version 1.0 and Linksys AP. I am trying to authenticate
Wlan users using WPA authentication. The actual authentication is supposed
to be done in an external script which is launched from freeRadius. The
users are using Windows XP and they authenticate using EAP-PEAP and MSChap
v2. Here is the configuration changes I've done in radiusd.conf file:
modules {
exec login {
wait = yes
program = "/home/tester/loginauth %{User-Name} %{NAS-Identifier}"
input_pairs = request
output_pairs = config
packet_type = Access-Request
}
authorize {
#
login
authenticate {
Auth-Type LOGIN {
login
}
And I the users file I have the following:
DEFAULT Auth-Type := LOGIN
The external script return exit value 0 and prints the user password in
the following manner:
echo "User-Password == example"
exit 0
What am I doing wrong in here? It seems like freeradius is sending Access-accept
but the AP is not opening the network connection. Here is the radius log
for an unsuccesfull authentication:
rad_recv: Access-Request packet from host x.x.x.x:2048, id=0, length=111
NAS-IP-Address = x.x.x.x
Called-Station-Id = "000f6631xxxx"
Calling-Station-Id = "000f663cxxxx"
NAS-Identifier = "000f6631xxxx"
NAS-Port = 5
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000501
Message-Authenticator = 0xe2c667815b392f4da3daa33c1428c081
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
radius_xlat: '/home/radacct/x.x.x.x/auth-detail-20041020'
rlm_detail: /home/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /home/radacct/x.x.x.x/auth-detail-20041020
modcall[authorize]: module "auth_log" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 5
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 63
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: '/home/tester/loginauth 000f663130c8'
Exec-Program: /home/tester/loginauth 000f663130c8
Exec-Program output: User-Password == example
Exec-Program-Wait: value-pairs: User-Password == example
Exec-Program: returned: 0
modcall[authorize]: module "login" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type LOGIN
auth: type "LOGIN"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
radius_xlat: '/home/tester/loginauth 000f663130c8'
Exec-Program: /home/tester/loginauth 000f663130c8
Exec-Program output: User-Password == example
Exec-Program-Wait: value-pairs: User-Password == example
Exec-Program: returned: 0
modcall[authenticate]: module "login" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [<no User-Name attribute>/<no User-Password attribute>] (from
client ap port 5 cli 000f663c738a)
Sending Access-Accept of id 0 to x.x.x.x:2048
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 4176784a
_______________________________________________________________________
Etsi yst�vien ja tuttujen yhteystiedot: http://henkilot.eniro.fi/
Hakupalvelut aina mukanasi - k�nnyk�ss�: http://www.eniro.fi/mobiili/wap/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
