Sorry, didn't see the atach. Have you restarted the server since changing user config? That DEFAULT entry for Framed-User should also match.
Ivan Kalik Kalik Informatika ISP Dana 31/5/2007, "shantanu choudhary" <[EMAIL PROTECTED]> piše: >this is server side output!!!! > >rad_recv: Access-Request packet from host 192.168.2.182:1027, id=4, length=177 > Message-Authenticator = 0x758e436fc2b17672ad389e0ffeca2982 > Service-Type = Framed-User > User-Name = "testuser" > Framed-MTU = 1488 > Called-Station-Id = "00-03-7F-09-60-A0:ATH182" > Calling-Station-Id = "00-03-7F-05-C0-9C" > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 54Mbps 802.11g" > EAP-Message = 0x0204000d017465737475736572 > NAS-IP-Address = 192.168.2.182 > NAS-Port = 1 > NAS-Port-Id = "STA port # 1" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 20 > modcall[authorize]: module "preprocess" returns ok for request 20 > modcall[authorize]: module "chap" returns noop for request 20 > modcall[authorize]: module "mschap" returns noop for request 20 > rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 20 > rlm_eap: EAP packet type response id 4 length 13 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 20 > users: Matched entry testuser at line 155 > modcall[authorize]: module "files" returns ok for request 20 >rlm_pap: Found existing Auth-Type, not changing it. > modcall[authorize]: module "pap" returns noop for request 20 >modcall: leaving group authorize (returns updated) for request 20 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 20 > rlm_eap: EAP Identity > rlm_eap: processing type md5 >rlm_eap_md5: Issuing Challenge > modcall[authenticate]: module "eap" returns handled for request 20 >modcall: leaving group authenticate (returns handled) for request 20 >Sending Access-Challenge of id 4 to 192.168.2.182 port 1027 > EAP-Message = 0x010500160410ef33bbaf01824abdd6b6989b2cc698ec > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4f68ec51f7791041fc61be6441d9ea92 >Finished request 20 >Going to the next request >--- Walking the entire request list --- >Waking up in 6 seconds... >rad_recv: Access-Request packet from host 192.168.2.182:1027, id=5, length=204 > Message-Authenticator = 0xb98d04dcd12bbaa2dc7f6314231061bc > Service-Type = Framed-User > User-Name = "testuser" > Framed-MTU = 1488 > State = 0x4f68ec51f7791041fc61be6441d9ea92 > Called-Station-Id = "00-03-7F-09-60-A0:ATH182" > Calling-Station-Id = "00-03-7F-05-C0-9C" > NAS-Port-Type = Wireless-802.11 > Connect-Info = "CONNECT 54Mbps 802.11g" > EAP-Message = 0x020500160410a221ad85e41c1260d31c5d14036dfce1 > NAS-IP-Address = 192.168.2.182 > NAS-Port = 1 > NAS-Port-Id = "STA port # 1" > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 21 > modcall[authorize]: module "preprocess" returns ok for request 21 > modcall[authorize]: module "chap" returns noop for request 21 > modcall[authorize]: module "mschap" returns noop for request 21 > rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 21 > rlm_eap: EAP packet type response id 5 length 22 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 21 > users: Matched entry testuser at line 155 > modcall[authorize]: module "files" returns ok for request 21 >rlm_pap: Found existing Auth-Type, not changing it. > modcall[authorize]: module "pap" returns noop for request 21 >modcall: leaving group authorize (returns updated) for request 21 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 21 > rlm_eap: Request found, released from the list > rlm_eap: EAP/md5 > rlm_eap: processing type md5 > rlm_eap: Freeing handler > modcall[authenticate]: module "eap" returns ok for request 21 >modcall: leaving group authenticate (returns ok) for request 21 >Sending Access-Accept of id 5 to 192.168.2.182 port 1027 > EAP-Message = 0x03050004 > Message-Authenticator = 0x00000000000000000000000000000000 > User-Name = "testuser" >Finished request 21 >Going to the next request >Waking up in 6 seconds... >--- Walking the entire request list --- > >it is sending an access accept packet!!! >my user file is like this:- >its an attachment(users) >thanks for ur help, > >regards >shantanu > >[EMAIL PROTECTED] wrote: Client output isn't showing Access-Accept packet >content. Post radiusd >-X output and your users file. > >Ivan Kalik >Kalik Informatika ISP > > >Dana 31/5/2007, "shantanu choudhary" piše: > >>hello, >>this is my client side output: >>Authentication with 00:03:7f:09:60:a0 timed out. >>Added BSSID 00:03:7f:09:60:a0 into blacklist >>State: ASSOCIATED -> DISCONNECTED >>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) >>WEXT: Operstate: linkmode=-1, operstate=5 >>wpa_driver_wext_disassociate >>No keys have been configured - skip key clearing >>EAPOL: External notification - portEnabled=0 >>EAPOL: SUPP_PAE entering state DISCONNECTED >>EAPOL: SUPP_BE entering state INITIALIZE >>EAP: EAP entering state DISABLED >>EAPOL: External notification - portValid=0 >>Setting scan request: 0 sec 0 usec >>State: DISCONNECTED -> SCANNING >>Starting AP scan (specific SSID) >>Scan SSID - hexdump_ascii(len=6): >> 41 54 48 31 38 32 ATH182 >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>Wireless event: cmd=0x8b15 len=20 >>Wireless event: new AP: 00:00:00:00:00:00 >>BSSID 00:03:7f:09:60:a0 blacklist count incremented to 2 >>CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys >>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 >>wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0 >>wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0 >>wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0 >>wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0 >>State: SCANNING -> DISCONNECTED >>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) >>WEXT: Operstate: linkmode=-1, operstate=5 >>EAPOL: External notification - portEnabled=0 >>EAPOL: External notification - portValid=0 >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>Wireless event: cmd=0x8b19 len=8 >>Received 1844 bytes of scan results (7 BSSes) >>Scan results: 7 >>Selecting BSS from priority group 0 >>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 >> skip - SSID mismatch >>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 >> skip - blacklisted >>2: 00:18:0a:01:0f:31 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 >> skip - no WPA/RSN IE >>3: 00:a0:f8:ce:7d:18 ssid='symbol3' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 >> skip - no WPA/RSN IE >>4: 00:03:7f:09:60:15 ssid='AUKBC4' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 >> skip - no WPA/RSN IE >>5: 00:18:0a:01:03:fe ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 >> skip - no WPA/RSN IE >>6: 00:18:0a:01:07:34 ssid='AUKBC_MESH' wpa_ie_len=0 rsn_ie_len=0 caps=0x1 >> skip - no WPA/RSN IE >>No APs found - clear blacklist and try again >>Removed BSSID 00:03:7f:09:60:a0 from blacklist (clear) >>Selecting BSS from priority group 0 >>0: 00:03:7f:09:60:7e ssid='ATH183' wpa_ie_len=0 rsn_ie_len=22 caps=0x11 >> skip - SSID mismatch >>1: 00:03:7f:09:60:a0 ssid='ATH182' wpa_ie_len=0 rsn_ie_len=26 caps=0x11 >> selected based on RSN IE >>Trying to associate with 00:03:7f:09:60:a0 (SSID='ATH182' freq=2437 MHz) >>Cancelling scan request >>WPA: clearing own WPA/RSN IE >>Automatic auth_alg selection: 0x1 >>RSN: using IEEE 802.11i/D9.0 >>WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 1 proto 2 >>WPA: clearing AP WPA IE >>WPA: set AP RSN IE - hexdump(len=26): 30 18 01 00 00 0f ac 02 02 00 00 0f ac >>02 00 0f ac 04 01 00 00 0f ac 01 01 00 >>WPA: using GTK TKIP >>WPA: using PTK CCMP >>WPA: using KEY_MGMT 802.1X >>WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 >>00 0f ac 04 01 00 00 0f ac 01 00 00 >>No keys have been configured - skip key clearing >>wpa_driver_wext_set_drop_unencrypted >>State: DISCONNECTED -> ASSOCIATING >>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) >>WEXT: Operstate: linkmode=-1, operstate=5 >>wpa_driver_wext_associate >>Setting authentication timeout: 10 sec 0 usec >>EAPOL: External notification - portControl=Auto >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>Wireless event: cmd=0x8b06 len=8 >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>Wireless event: cmd=0x8b04 len=12 >>RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP]) >>Wireless event: cmd=0x8b1a len=14 >>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) >>Wireless event: cmd=0x8b15 len=20 >>Wireless event: new AP: 00:03:7f:09:60:a0 >>State: ASSOCIATING -> ASSOCIATED >>wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT) >>WEXT: Operstate: linkmode=-1, operstate=5 >>Associated to a new BSS: BSSID=00:03:7f:09:60:a0 >>No keys have been configured - skip key clearing >>Associated with 00:03:7f:09:60:a0 >>WPA: Association event - clear replay counter >>EAPOL: External notification - portEnabled=0 >>EAPOL: External notification - portValid=0 >>EAPOL: External notification - portEnabled=1 >>EAPOL: SUPP_PAE entering state CONNECTING >>EAPOL: SUPP_BE entering state IDLE >>EAP: EAP entering state INITIALIZE >>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE >>EAP: EAP entering state IDLE >>Setting authentication timeout: 10 sec 0 usec >>Cancelling scan request >>RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP]) >>RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=9): 01 00 00 05 01 00 00 05 01 >>Setting authentication timeout: 70 sec 0 usec >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_PAE entering state RESTART >>EAP: EAP entering state INITIALIZE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_PAE entering state AUTHENTICATING >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 >>EAP: EAP entering state IDENTITY >>CTRL-EVENT-EAP-STARTED EAP authentication started >>EAP: EAP-Request Identity data - hexdump_ascii(len=0): >>EAP: using real identity - hexdump_ascii(len=8): >> 74 65 73 74 75 73 65 72 testuser >>EAP: EAP entering state SEND_RESPONSE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RESPONSE >>EAPOL: txSuppRsp >>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 00 00 0d 01 74 65 73 74 75 73 65 72 >>EAPOL: SUPP_BE entering state RECEIVE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=26): 01 00 00 16 01 01 00 16 04 10 6d db 12 c2 ff 1f >>c6 22 64 45 01 07 f9 73 8b 14 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 >>EAP: EAP entering state GET_METHOD >>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) >>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected >>EAP: EAP entering state METHOD >>EAP-MD5: Challenge - hexdump(len=16): 6d db 12 c2 ff 1f c6 22 64 45 01 07 f9 >>73 8b 14 >>EAP-MD5: Generating Challenge Response >>EAP-MD5: Response - hexdump(len=16): e8 5f fa a3 fe 5d 10 a6 4a 65 11 6d f0 >>25 19 35 >>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC >>EAP: EAP entering state SEND_RESPONSE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RESPONSE >>EAPOL: txSuppRsp >>TX EAPOL - hexdump(len=26): 01 00 00 16 02 01 00 16 04 10 e8 5f fa a3 fe 5d >>10 a6 4a 65 11 6d f0 25 19 35 >>EAPOL: SUPP_BE entering state RECEIVE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=8): 01 00 00 04 04 01 00 04 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Failure >>EAP: EAP entering state DISCARD >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RECEIVE >>EAPOL: startWhen --> 0 >>EAPOL: authWhile --> 0 >>EAPOL: SUPP_BE entering state TIMEOUT >>EAPOL: SUPP_PAE entering state CONNECTING >>EAPOL: SUPP_BE entering state IDLE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=9): 01 00 00 05 01 02 00 05 01 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_PAE entering state RESTART >>EAP: EAP entering state INITIALIZE >>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_PAE entering state AUTHENTICATING >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Request id=2 method=1 vendor=0 vendorMethod=0 >>EAP: EAP entering state IDENTITY >>CTRL-EVENT-EAP-STARTED EAP authentication started >>EAP: EAP-Request Identity data - hexdump_ascii(len=0): >>EAP: using real identity - hexdump_ascii(len=8): >> 74 65 73 74 75 73 65 72 testuser >>EAP: EAP entering state SEND_RESPONSE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RESPONSE >>EAPOL: txSuppRsp >>TX EAPOL - hexdump(len=17): 01 00 00 0d 02 02 00 0d 01 74 65 73 74 75 73 65 72 >>EAPOL: SUPP_BE entering state RECEIVE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=26): 01 00 00 16 01 03 00 16 04 10 68 c8 ea 0c 97 f7 >>11 d3 f3 2a cd 62 8c 37 4d 40 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Request id=3 method=4 vendor=0 vendorMethod=0 >>EAP: EAP entering state GET_METHOD >>EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) >>CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected >>EAP: EAP entering state METHOD >>EAP-MD5: Challenge - hexdump(len=16): 68 c8 ea 0c 97 f7 11 d3 f3 2a cd 62 8c >>37 4d 40 >>EAP-MD5: Generating Challenge Response >>EAP-MD5: Response - hexdump(len=16): 03 76 fc e7 ce bc 66 b6 cd 50 2a 73 b3 >>cf eb 93 >>EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC >>EAP: EAP entering state SEND_RESPONSE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RESPONSE >>EAPOL: txSuppRsp >>TX EAPOL - hexdump(len=26): 01 00 00 16 02 03 00 16 04 10 03 76 fc e7 ce bc >>66 b6 cd 50 2a 73 b3 cf eb 93 >>EAPOL: SUPP_BE entering state RECEIVE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=8): 01 00 00 04 04 03 00 04 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Failure >>EAP: EAP entering state DISCARD >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RECEIVE >>EAPOL: startWhen --> 0 >>EAPOL: authWhile --> 0 >>EAPOL: SUPP_BE entering state TIMEOUT >>EAPOL: SUPP_PAE entering state CONNECTING >>EAPOL: SUPP_BE entering state IDLE >>RX EAPOL from 00:03:7f:09:60:a0 >>RX EAPOL - hexdump(len=9): 01 00 00 05 01 04 00 05 01 >>EAPOL: Received EAP-Packet frame >>EAPOL: SUPP_PAE entering state RESTART >>EAP: EAP entering state INITIALIZE >>EAP: deinitialize previously used EAP method (4, MD5) at INITIALIZE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_PAE entering state AUTHENTICATING >>EAPOL: SUPP_BE entering state REQUEST >>EAPOL: getSuppRsp >>EAP: EAP entering state RECEIVED >>EAP: Received EAP-Request id=4 method=1 vendor=0 vendorMethod=0 >>EAP: EAP entering state IDENTITY >>CTRL-EVENT-EAP-STARTED EAP authentication started >>EAP: EAP-Request Identity data - hexdump_ascii(len=0): >>EAP: using real identity - hexdump_ascii(len=8): >> 74 65 73 74 75 73 65 72 testuser >>EAP: EAP entering state SEND_RESPONSE >>EAP: EAP entering state IDLE >>EAPOL: SUPP_BE entering state RESPONSE >> >> >>the problem is i am getting EAP-FAILURE on client side even when server is >>giving ACCESS-ACCEPT!!!! >>i am not able to figure out the problem output of server is same as that in >>earlier mail, >>one more thing what will be end message of this, will it be authentication or >>association? When i run GUI for supplicant it is showing associated not >>authenticated! is it end of connection and after it should i get an IP from >>that AP, even if i try for DHCP i am not able to get an IP!!!! >>it is all messed up, please do reply for this prob!!! >>regards >>shantanu >> >>[EMAIL PROTECTED] wrote: Well, now you dont have any IP address in your >>accept packet. Not a >>problem if you are doing DHCP. Otherwise you need to return IP address, >>netmask, MTU, Service-Type, DNS servers etc. >> >>Leave that Framed-User DEFAULT entry alone - it should be there. You need >>to add stuff to your user config: >> >>testuser Cleartext-Password:=yourpassword >> Framed-IP-Address=1.2.3.4 >> Framed-MTU=yourMTU >> Framed-IP-Netmask=255.255.255.255 >>etc. >> >>Ivan Kalik >>Kalik Informatika ISP >> >> >>Dana 30/5/2007, "shantanu choudhary" piše: >> >>--- snip --- >>>Sending Access-Accept of id 2 to 192.168.2.182 port 1028 >>> EAP-Message = 0x03020004 >>> Message-Authenticator = 0x00000000000000000000000000000000 >>> User-Name = "testuser" >>>Finished request 1 >>>Going to the next request >>>Waking up in 6 seconds... >>>--- Walking the entire request list --- >>>Cleaning up request 0 ID 1 with timestamp 465d506e >>>Cleaning up request 1 ID 2 with timestamp 465d506e >>>Nothing to do. Sleeping until we see a request. >>> >>>it is sending ACCESS ACCEPT but no access reject or failure!!!! >>>and when i try to check AP statistics from server it is showing an entry for >>>AUTHENTICATION FAILURE!!!!!!! >>> >>>sorry for disturbing u again n again but can u help me out???? >>>please!! >>>shantanu >>> >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >> >> >> >> >> >>--------------------------------- >> Did you know? You can CHAT without downloading messenger. Know how! >> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > >--------------------------------- > Download prohibited? No problem! CHAT from any browser, without download. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
