PH ProCurve 2524, 802.1X

[Andrew Bogorodsky]

Can't configure 802.1X AAA JUST on this model.
There no problems with 5300, 2600 series, but can bot configure 2524
Some DUMPs:
rad_recv: Access-Request packet from host 10.108.3.13:1026, id=41, 
length=207
Waking up in 5 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
      Framed-MTU = 1480
      NAS-IP-Address = 10.108.3.13
      NAS-Identifier = "2524"
      User-Name = "rab"
      Service-Type = Framed-User
      Framed-Protocol = PPP
      NAS-Port = 15
      NAS-Port-Type = Ethernet
      NAS-Port-Id = "15"
      Called-Station-Id = "00-11-0a-05-fc-ef"
      Calling-Station-Id = "00-00-21-f0-6b-9b"
      Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
      Tunnel-Type:0 = VLAN
      Tunnel-Medium-Type:0 = IEEE-802
      Tunnel-Private-Group-Id:0 = "13"
      State = 0x09b0d678085b0012575040481beae6c7
      EAP-Message = 0x020500061900
      Message-Authenticator = 0xe39bf41a414d7be8de952780a08b7948
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
  rlm_realm: No '@' in User-Name = "rab", looking up realm NULL
  rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
  users: Matched rab at 91
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 41 to 10.108.3.13:1026
      Tunnel-Medium-Type:0 = IEEE-802
      Tunnel-Private-Group-Id:0 = "0"
      Tunnel-Type:0 = VLAN
      EAP-Message = 0x010600061900
      Message-Authenticator = 0x00000000000000000000000000000000
      State = 0x342fc911b358c7a06c75d060fbc777c0
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request

on switch:
2524(config)# show radius host 10.108.3.120
Status and Counters - RADIUS Server Information
Server IP Addr : 10.108.3.120
Authentication UDP Port : 1812         Accounting UDP Port  : 1813
Round Trip Time         : 1            Round Trip Time      : 0
Pending Requests        : 0            Pending Requests     : 0
Retransmissions         : 10           Retransmissions      : 0
Timeouts                : 10           Timeouts             : 0
Malformed Responses     : 0            Malformed Responses  : 0
Bad Authenticators      : 0            Bad Authenticators   : 0
Unknown Types           : 0            Unknown Types        : 0
Packets Dropped         : 1            Packets Dropped      : 0
Access Requests         : 41           Accounting Requests  : 0
Access Challenges       : 30           Accounting Responses : 0
Access Accepts          : 0
Access Rejects          : 10
in users.conf:
---
rab     Auth-Type := EAP, User-Password == "123"
      Tunnel-Medium-Type = IEEE-802,
      Tunnel-Private-Group-Id = 0,
      Tunnel-Type = VLAN
---
in eap.conf:
---
      eap {
              default_eap_type = md5
              timer_expire     = 60
              ignore_unknown_eap_types = no
              cisco_accounting_username_bug = no
              md5 {
              }
              leap {
              }
              gtc {
                      auth_type = PAP
              }
              tls {
                      private_key_password = whatever
                      private_key_file = ${raddbdir}/certs/cert-srv.pem
                      certificate_file = ${raddbdir}/certs/cert-srv.pem
                      CA_file = ${raddbdir}/certs/demoCA/cacert.pem
                      dh_file = ${raddbdir}/certs/dh
                      random_file = ${raddbdir}/certs/random
                    check_cert_cn = %{User-Name}
              }
               peap {
                      default_eap_type = mschapv2
              }
              mschapv2 {
              }
      }
---
Another session:
---
rad_recv: Access-Request packet from host 10.108.3.13:1026, id=51, 
length=207
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 4, (1 handled so far)
       Framed-MTU = 1480
       NAS-IP-Address = 10.108.3.13
       NAS-Identifier = "2524"
       User-Name = "rab"
       Service-Type = Framed-User
       Framed-Protocol = PPP
       NAS-Port = 15
       NAS-Port-Type = Ethernet
       NAS-Port-Id = "15"
       Called-Station-Id = "00-11-0a-05-fc-ef"
       Calling-Station-Id = "00-00-21-f0-6b-9b"
       Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
       Tunnel-Type:0 = VLAN
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Private-Group-Id:0 = "13"
       State = 0x6dbaa9f76144d783d075d00d6dcebd02
       EAP-Message = 0x020600061900
       Message-Authenticator = 0x2740f904a30a06cd07245331f51f1501
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
 modcall[authorize]: module "preprocess" returns ok for request 4
 modcall[authorize]: module "chap" returns noop for request 4
 modcall[authorize]: module "mschap" returns noop for request 4
   rlm_realm: No '@' in User-Name = "rab", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 4
 rlm_eap: EAP packet type response id 6 length 6
 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
 modcall[authorize]: module "eap" returns updated for request 4
   users: Matched rab at 91
 modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
 rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
 rlm_eap: Request found, released from the list
 rlm_eap: EAP/peap
 rlm_eap: processing type peap
 rlm_eap_peap: Authenticate
 rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
 rlm_eap_tls: ack handshake fragment handler
 eaptls_verify returned 1
 eaptls_process returned 13
 rlm_eap_peap: EAPTLS_HANDLED
 modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 51 to 10.108.3.13:1026
       Tunnel-Medium-Type:0 = IEEE-802
       Tunnel-Private-Group-Id:0 = "13"
       Tunnel-Type:0 = VLAN
       EAP-Message = 0x010700061900
       Message-Authenticator = 0x00000000000000000000000000000000
       State = 0x03ba567c36ffad5d0213388b4a507b20
Finished request 4

---
What another configs i must recheck? Who did this with PC 2524 ?
--
=============================
    Andrew Bogorodsky
=============================

--
=================================
       Andrew Bogorodsky
phone:  (095) 737-37-57 ext. 4441
Vimcom Optic TS, Moscow city, RUS
http://www.vimcom.ru/undes/si.htm
=================================
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html