I posted a while ago about our school trying to setup essentially an
open wpa system (anyone can connect with WPA with little or no changes
to windows settings). The actual user auth is done later via a hotspot
server of some sort.
Anyhow, I currently have freeradius set to Auth-Type:=Accept so it
should accept any connection.
This works fine using radtest, but breaks when trying to do a peap
connection.
Attached is the log output from a peap attempt.
Any suggestions on how to fix the error?
Thanks.
Mark II
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded DIGEST
Module: Instantiated digest (digest)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.109.195:1061, id=0, length=252
Message-Authenticator = 0x41eb703e9f3512dd95d5baa8c95398af
Service-Type = Framed-User
User-Name = "MONTGOMERY-MARK\\markmontgomery"
Framed-MTU = 1488
Called-Station-Id = "00-11-95-BF-EF-1C:DBCWIFI"
Calling-Station-Id = "00-14-A5-7C-1A-46"
NAS-Identifier = "D-Link Access Point with POE"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02000023014d4f4e54474f4d4552592d4d41524b5c6d61726b6d6f6e74676f6d657279
NAS-IP-Address = 192.168.109.195
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
hints: Matched DEFAULT at 81
radius_xlat: ''
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
modcall[authorize]: module "digest" returns noop for request 0
rlm_realm: No '@' in User-Name = "MONTGOMERY-MARK\markmontgomery", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_realm: Looking up realm "MONTGOMERY-MARK" for User-Name =
"MONTGOMERY-MARK\markmontgomery"
rlm_realm: No such realm "MONTGOMERY-MARK"
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 35
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type ACCEPT
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [MONTGOMERY-MARK\\markmontgomery] (from client internal-network port
1 cli 00-14-A5-7C-1A-46)
Sending Access-Accept of id 0 to 192.168.109.195:1061
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 192.168.109.195:1061, id=0, length=20
Authentication reply packet code 2 sent to a non-proxy reply port from client
internal-network:1061 - ID 0 : IGNORED
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 446b74d8
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.109.195:1062, id=0, length=252
Message-Authenticator = 0xcc2effc2183aeadc6a7562d425a30878
Service-Type = Framed-User
User-Name = "MONTGOMERY-MARK\\markmontgomery"
Framed-MTU = 1488
Called-Station-Id = "00-11-95-BF-EF-1C:DBCWIFI"
Calling-Station-Id = "00-14-A5-7C-1A-46"
NAS-Identifier = "D-Link Access Point with POE"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02000023014d4f4e54474f4d4552592d4d41524b5c6d61726b6d6f6e74676f6d657279
NAS-IP-Address = 192.168.109.195
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
hints: Matched DEFAULT at 81
radius_xlat: ''
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall[authorize]: module "digest" returns noop for request 1
rlm_realm: No '@' in User-Name = "MONTGOMERY-MARK\markmontgomery", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_realm: Looking up realm "MONTGOMERY-MARK" for User-Name =
"MONTGOMERY-MARK\markmontgomery"
rlm_realm: No such realm "MONTGOMERY-MARK"
modcall[authorize]: module "ntdomain" returns noop for request 1
rlm_eap: EAP packet type response id 0 length 35
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type ACCEPT
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [MONTGOMERY-MARK\\markmontgomery] (from client internal-network port
1 cli 00-14-A5-7C-1A-46)
Sending Access-Accept of id 0 to 192.168.109.195:1062
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 192.168.109.195:1062, id=0, length=20
Authentication reply packet code 2 sent to a non-proxy reply port from client
internal-network:1062 - ID 0 : IGNORED
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 0 with timestamp 446b74e2
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.109.195:1063, id=0, length=252
Message-Authenticator = 0x7b4d94434e62a332c52855fc18400629
Service-Type = Framed-User
User-Name = "MONTGOMERY-MARK\\markmontgomery"
Framed-MTU = 1488
Called-Station-Id = "00-11-95-BF-EF-1C:DBCWIFI"
Calling-Station-Id = "00-14-A5-7C-1A-46"
NAS-Identifier = "D-Link Access Point with POE"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02000023014d4f4e54474f4d4552592d4d41524b5c6d61726b6d6f6e74676f6d657279
NAS-IP-Address = 192.168.109.195
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
hints: Matched DEFAULT at 81
radius_xlat: ''
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
modcall[authorize]: module "digest" returns noop for request 2
rlm_realm: No '@' in User-Name = "MONTGOMERY-MARK\markmontgomery", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_realm: Looking up realm "MONTGOMERY-MARK" for User-Name =
"MONTGOMERY-MARK\markmontgomery"
rlm_realm: No such realm "MONTGOMERY-MARK"
modcall[authorize]: module "ntdomain" returns noop for request 2
rlm_eap: EAP packet type response id 0 length 35
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 160
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type ACCEPT
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [MONTGOMERY-MARK\\markmontgomery] (from client internal-network port
1 cli 00-14-A5-7C-1A-46)
Sending Access-Accept of id 0 to 192.168.109.195:1063
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 192.168.109.195:1063, id=0, length=20
Authentication reply packet code 2 sent to a non-proxy reply port from client
internal-network:1063 - ID 0 : IGNORED
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 0 with timestamp 446b74eb
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
