Found the problem. I drilled down and looked at the rlm_eap_md5.c code and realized my client was building the challenge response improperly. Thanks for your help. Rick Norman [EMAIL PROTECTED]
Thanks for your help. > ----- Original Message ----- > From: [EMAIL PROTECTED] > To: "FreeRadius users mailing list" <[email protected]> > Subject: Re: EAP-MD5client"rlm_eap_md5 : Password is required for > EAP-MD5Authentication... > Date: Mon, 06 Aug 2007 21:20:53 +0100 > > > Send a (PAP) request with radtest. Does that work? > > Ivan Kalik > Kalik Informatika ISP > > > Dana 6/8/2007, "rick norman" <[EMAIL PROTECTED]> piše: > > > I'm using freeradius version1.1.0_2 on freebsd 6.1. > > The radius client is running locally and talks to radiusd through > > loopback. > > The users file in raddb contains the line > > > > con_d User-Password == con_d Following is radiusd -X output. I > > don't understand the failure. > > > > rad_recv: Access-Request packet from host 127.0.0.1:56788, id=190, length=63 > > User-Name = "con_d" > > NAS-Identifier = "rick" > > Message-Authenticator = 0x8427e9ce00df09446ca9130a3ade1de8 > > EAP-Message = 0x0200000a01636f6e5f64 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "con_d", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > rlm_eap: EAP packet type response id 0 length 10 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 0 > > users: Matched entry con_d at line 138 > > modcall[authorize]: module "files" returns ok for request 0 > > modcall: leaving group authorize (returns updated) for request 0 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 0 > > rlm_eap: EAP Identity > > rlm_eap: processing type md5 > > rlm_eap_md5: Issuing Challenge > > modcall[authenticate]: module "eap" returns handled for request 0 > > modcall: leaving group authenticate (returns handled) for request 0 > > Sending Access-Challenge of id 190 to 127.0.0.1 port 56788 > > EAP-Message = 0x010100160410223177b20b1d22da8c79e2c0a8562196 > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x93fe786c1b3d77b98c0e87dc406bbd88 > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 6 seconds... > > rad_recv: Access-Request packet from host 127.0.0.1:56788, id=191, length=93 > > User-Name = "con_d" > > NAS-Identifier = "rick" > > State = 0x93fe786c1b3d77b98c0e87dc406bbd88 > > Message-Authenticator = 0xf3b427506614646b12ec161a2be00033 > > EAP-Message = 0x02010016041037ab0f881c1fa98e477b0a5ad546b160 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 1 > > modcall[authorize]: module "preprocess" returns ok for request 1 > > modcall[authorize]: module "chap" returns noop for request 1 > > modcall[authorize]: module "mschap" returns noop for request 1 > > rlm_realm: No '@' in User-Name = "con_d", looking up realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 1 > > rlm_eap: EAP packet type response id 1 length 22 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 1 > > users: Matched entry con_d at line 138 > > modcall[authorize]: module "files" returns ok for request 1 > > modcall: leaving group authorize (returns updated) for request 1 > > rad_check_password: Found Auth-Type EAP > > auth: type "EAP" > > Processing the authenticate section of radiusd.conf > > modcall: entering group authenticate for request 1 > > rlm_eap: Request found, released from the list > > rlm_eap: EAP/md5 > > rlm_eap: processing type md5 > > rlm_eap: Freeing handler > > modcall[authenticate]: module "eap" returns reject for request 1 > > modcall: leaving group authenticate (returns reject) for request 1 > > auth: Failed to validate the user. > > Delaying request 1 for 1 seconds > > Finished request 1 > > Going to the next request > > Waking up in 6 seconds... > > --- Walking the entire request list --- > > Cleaning up request 0 ID 190 with timestamp 46b76f06 > > Sending Access-Reject of id 191 to 127.0.0.1 port 56788 > > EAP-Message = 0x04010004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > Cleaning up request 1 ID 191 with timestamp 46b76f06 > > Nothing to do. Sleeping until we see a request. > > > > > > -- _______________________________________________ > > Get your free email from http://bsdmail.com > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- _______________________________________________ Get your free email from http://bsdmail.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
