Hello, I am trying to set up FreeRADIUS 1.0.2 with OpenSSL 0.9.7e to do PEAP authentication. The wireless device is a Cisco 1200 (IOS) and the client is Odyssey 3.03.0.1194
I have followed the HOWTOs to configure both sides using WPA, TKIP, PEAP, generating the test keys, etc. The authentication gets partway and then fails as seen in the log below. See the ERROR IS HERE: line. I compared this log with a successful one I downloaded. Below this log is the successful one. For some reason the SSL setup fails. I have not been able to figure out why. Any ideas? Let me know if you want to see the config files. I generally followed these instructions: http://howtos.linux.com/howtos/8021X-HOWTO/freeradius.shtml Thank you, Mike rad_recv: Access-Request packet from host 192.168.39.221:21645, id=125, length=153 User-Name = "root" Framed-MTU = 1400 Called-Station-Id = "000e.83bf.db7a" Calling-Station-Id = "000f.661a.0661" Message-Authenticator = 0x8d7d2a864e6ade14c2446c6a961ed1d8 EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "603" NAS-Port = 603 State = 0x414109163bcb0747725774a14d604009 Service-Type = Framed-User NAS-IP-Address = 192.168.39.221 NAS-Identifier = "kingston" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "root", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry root at line 81 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message --------------- ERROR IS HERE --------------------- rlm_eap_tls: No SSL info available. Waiting for more SSL data. eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 125 to 192.168.39.221:21645 EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x421a9ccbf31d5486e40f42a431a24283 Finished request 4 Going to the next request Waking up in 6 seconds... ------------------------------------ cut -------------------------- Here is the successful login downloaded from the Internet: modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message ------------- ERROR WOULD BE HERE ------------------------- rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 178 to 157.158.24.61:1206 EAP-Message = 0x01a2004819001703010018388a1c5b98169d47c8970aca3863f5b239f798f59fac883917030100208644e61d9e9ec9d36e2bb3e888a16a15eb4e61acf51c9c6ad8cb46caaaf79812 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x12a6eac1b021b2fc8b980269d1253586 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... -- then goes on to an Access-Accept. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
