Joh,
Thanks for the suggestion. I tried it but I'm still getting attributes
in the Access-Challenge packet. The output is shown below.
Regards,
Martin.
[EMAIL PROTECTED] rlm_eap]$ ./radeapclient -x 10.230.199.211 auth
SharedSecret < ~/EAP/req.txt
+++> About to send encoded packet:
User-Name = "DNIS:123456789"
EAP-MD5-Password = "marty"
NAS-IP-Address = 10.230.199.211
EAP-Code = Response
EAP-Id = 210
EAP-Type-Identity = "DNIS:123456789"
Message-Authenticator = 0x00
NAS-Port = 0
Sending Access-Request of id 221 to 10.230.199.211:1812
User-Name = "DNIS:123456789"
NAS-IP-Address = 10.230.199.211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Message = 0x02d2001301444e49533a313233343536373839
rad_recv: Access-Challenge packet from host 10.230.199.211:1812, id=221,
length=131
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 1.2.3.4
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d3001604105f8bfea050f51202d079cbea0ba56948
Message-Authenticator = 0xce4374fa665b014e032b6a740e4e988e
State = 0x3dc13345aff9797d735eea688067e6a1
<+++ EAP decoded packet:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 1.2.3.4
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x01d3001604105f8bfea050f51202d079cbea0ba56948
Message-Authenticator = 0xce4374fa665b014e032b6a740e4e988e
State = 0x3dc13345aff9797d735eea688067e6a1
EAP-Id = 211
EAP-Code = Request
EAP-Type-MD5 = 0x105f8bfea050f51202d079cbea0ba56948
+++> About to send encoded packet:
User-Name = "DNIS:123456789"
EAP-MD5-Password = "marty"
NAS-IP-Address = 10.230.199.211
EAP-Code = Response
EAP-Id = 211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
EAP-Type-MD5 = 0x102dec914ed174cad20a30a70561ba1fd2
State = 0x3dc13345aff9797d735eea688067e6a1
Sending Access-Request of id 222 to 10.230.199.211:1812
User-Name = "DNIS:123456789"
NAS-IP-Address = 10.230.199.211
Message-Authenticator = 0x00000000000000000000000000000000
NAS-Port = 0
State = 0x3dc13345aff9797d735eea688067e6a1
EAP-Message = 0x02d3001604102dec914ed174cad20a30a70561ba1fd2
rad_recv: Access-Accept packet from host 10.230.199.211:1812, id=222,
length=111
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 1.2.3.4
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x03d30004
Message-Authenticator = 0x4ebb25a6270290743febae71d73a75d7
User-Name = "DNIS:123456789"
<+++ EAP decoded packet:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 1.2.3.4
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x03d30004
Message-Authenticator = 0x4ebb25a6270290743febae71d73a75d7
User-Name = "DNIS:123456789"
EAP-Id = 211
EAP-Code = Success
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jon
Matias Fraile
Sent: 20 January 2005 15:42
To: [email protected]
Subject: Re: EAP-MD5 Access Challenge.
Try to put EAP instead of Local in the users file
Jon
On Thu, 20 Jan 2005 [EMAIL PROTECTED] wrote:
> Hello all,
>
> I was trying to get EAP-MD5 authentication working with freeradius.
I'm
> using radeapclient to send in the request.
>
> I have a user in my users file as shown below.
>
> DNIS:123456789 Auth-Type := Local, User-Password == "marty"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 1.2.3.4,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = Broadcast-Listen,
> Framed-Filter-Id = "std.ppp",
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
> I'm sending in the request using radeapclient with the details below.
>
> User-Name = "DNIS:123456789"
> EAP-MD5-Password = "marty"
> NAS-IP-Address = 10.230.199.211
> EAP-Code = Response
> EAP-Id = 210
> EAP-Type-Identity = "DNIS:123456789"
> Message-Authenticator = 0x00
> NAS-Port = 0
>
>
> ./radeapclient -x 10.230.199.211 auth SharedSecret < ~/EAP/req.txt
>
> It works and I get an Access Accept out with EAP Success.
>
> However the Access-Challenge that freeradius sends me back contains
all
> the connection attributes as the output from radeapclient below shows.
>
> rad_recv: Access-Challenge packet from host 10.230.199.211:1812,
id=140,
> length=131
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 1.2.3.4
> Framed-IP-Netmask = 255.255.255.0
> Framed-Routing = Broadcast-Listen
> Filter-Id = "std.ppp"
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> EAP-Message = 0x01d300160410c85c14878e1b23ee8b5703ad2d916a25
> Message-Authenticator = 0x39668b64ccf66b262e280f3d5c965e3c
> State = 0x28b0e037604ae483026cf00352a72fa4
>
>
>
> I know I have most likely mis-configured something to cause freeradius
> to send these connection details out in a Challenge packet when it
> should not.
>
> Does anyone know what I might have wrong in my configuration.
>
> Also does anyone know why I have to run the radeapclient program from
> the freeradius-1.0.1/src/modules/rlm_eap directory where I complied
the
> code.
>
>
> Thanks for any help,
> Martin
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
