Hi, I would say that you can't test direcly your EAP auth using radtest because radtest doesn't send a EAP-Message into its requests. You have two choices here, use radclient with correct params to test EAP ou take a real windows clients and configure auth to be EAP.
Regards, -- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA > -----Message d'origine----- > De : > [EMAIL PROTECTED] > us.org > [mailto:[EMAIL PROTECTED] > freeradius.org] De la part de [EMAIL PROTECTED] > Envoyé : lundi 2 janvier 2006 11:46 > À : freeradius-users@lists.freeradius.org > Objet : FreeRadius and Openldap authentication > > Hello, > > I'm pretty new to ldap and radius, I try to put and 802.x > authentication > but I have difficulties setting it up correctly. > > Here is my problem: > > When I start the radtest binary: > > radtest "test" "supersecret" localhost 2 testing123 > > Here is the result: > > Sending Access-Request of id 45 to 127.0.0.1:1812 > User-Name = "test" > User-Password = "supersecret" > NAS-IP-Address = lavoisier > NAS-Port = 2 > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=45, > length=20 > > > Here is the log on the radius server (Started with radiusd -X): > > rad_recv: Access-Request packet from host 127.0.0.1:61292, id=50, > length=56 > User-Name = "test" > User-Password = "supersecret" > NAS-IP-Address = 255.255.255.255 > NAS-Port = 2 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 3 > modcall[authorize]: module "preprocess" returns ok for request 3 > modcall[authorize]: module "chap" returns noop for request 3 > modcall[authorize]: module "mschap" returns noop for request 3 > rlm_realm: No '@' in User-Name = "test", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 3 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 3 > users: Matched entry DEFAULT at line 78 > users: Matched entry DEFAULT at line 160 > modcall[authorize]: module "files" returns ok for request 3 > rlm_ldap: - authorize > rlm_ldap: performing user authorization for test > radius_xlat: '(uid=test)' > radius_xlat: 'dc=fr' > rlm_ldap: ldap_get_conn: Checking Id: 0 > rlm_ldap: ldap_get_conn: Got Id: 0 > rlm_ldap: performing search in dc=fr, with filter (uid=test) > rlm_ldap: checking if remote access for test is allowed by > radiusFilterId > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: Adding radiusFilterId as Filter-Id, value > Enterasys:version=1:policy=Enterprise User & op=11 > rlm_ldap: user test authorized to use remote access > rlm_ldap: ldap_release_conn: Release Id: 0 > modcall[authorize]: module "ldap" returns ok for request 3 > modcall: group authorize returns ok for request 3 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 3 > rlm_eap: EAP-Message not found > rlm_eap: Malformed EAP Message > modcall[authenticate]: module "eap" returns fail for request 3 > modcall: group authenticate returns fail for request 3 > auth: Failed to validate the user. > Login incorrect: [test] (from client localhost port 2) > Delaying request 3 for 1 seconds > Finished request 3 > Going to the next request > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Waking up in 1 seconds... > --- Walking the entire request list --- > Sending Access-Reject of id 50 to 127.0.0.1:61292 > Waking up in 4 seconds... > --- Walking the entire request list --- > Cleaning up request 3 ID 50 with timestamp 43b8f992 > Nothing to do. Sleeping until we see a request. > > > For the moment I have one box running Openldap on a > debian/SPARC and one > box running Freeradius on a FreeBSD 5.3/SPARC > > The LDAP user info: > > dn: cn=test,ou=users, dc=fr > userPassword:: e1NIQX1jTWc1Y3dTazFuUEdMZW56UUw5UEdpV1pHSVU9 > ou: ou=mind-techno,dc=fr > objectClass: top > objectClass: person > objectClass: pilotPerson > objectClass: radiusProfile > janetMailbox: [EMAIL PROTECTED] > sn: test > cn: test > > > The SLDAPD conf file: > > access to dn="cn=.*,dc=fr" attr=userPassword > by dn="cn=admin,dc=fr" write > by anonymous auth > by self write > by * none > > > > The RADIUS radiusd.conf file: > > ldap { > server = "galilee.mind-techno.fr" > > identity = "cn=emanager,dc=fr" > password = "XXXXXXXXXXXXXX" > > basedn = "dc=fr" > > filter = "(uid=%u)" > # base_filter = "(objectclass=radiusprofile)" > > start_tls = no > > access_attr = "radiusFilterId" > > dictionary_mapping = ${raddbdir}/ldap.attrmap > #authtype = ldap > > ldap_connections_number = 5 > > password_attribute = "userPassword" > timeout = 4 > timelimit = 3 > net_timeout = 1 > } > > > > authenticate { > > # Uncomment it if you want to use ldap for authentication > # > # Note that this means "check plain-text password against > # the ldap database", which means that EAP won't work, > # as it does not supply a plain-text password. > Auth-Type LDAP { > ldap > } > > # > # Allow EAP authentication. > eap > } > > The RADIUS users file: > > DEFAULT Auth-Type := EAP > Fall-Through = 1 > # Reply-Message = "LDAP" > > > > I must admit I'm pretty lost in all this, And that any help will be > nice. > > > I would be grateful if you had a how-to or tutorial on how to build a > easy and working 802.x authentication with a Radius/LDAP system. > > Best regards, > > -- > M. Robert Wakim > Mind Technologies > > 24 rue Victor Hugo > 94220 Charenton-Le-Pont > FRANCE > > tel : +33 (0)1 41 79 09 40 > Fax : +33 (0)1 43 68 80 32 > > Email : [EMAIL PROTECTED] > web : http://www.mind-techno.fr > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html