Hi, I want to configure freeradius (Linux) in order to authenticate and authorize MS Windows XP clients (people connect to Access Point Linksys). I am using EAP-PEAP and MSCHAP fron Windows. If I perform radtest from linux clients (using wired network) I have no problem to access, but I cannot from Windows XP, this is the messages when I run usinf radiusd -X:
rad_recv: Access-Request packet from host 10.30.1.151:1032, id=66, length=115 User-Name = "sbelki" Calling-Station-Id = "00-0e-35-bf-51-18" EAP-Message = 0x020400061900 Framed-MTU = 1287 NAS-IP-Address = 192.168.1.1 NAS-Port = 0 NAS-Port-Type = Wireless-802.11 State = 0xbee0745e6005b8a43128657ff16d08ea Message-Authenticator = 0xc6044fc3eb7975f75f9afd9edfcca489 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 55 modcall[authorize]: module "preprocess" returns ok for request 55 modcall[authorize]: module "chap" returns noop for request 55 modcall[authorize]: module "mschap" returns noop for request 55 rlm_realm: No '@' in User-Name = "sbelki", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 55 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 55 users: Matched entry DEFAULT at line 159 modcall[authorize]: module "files" returns ok for request 55 rlm_ldap: - authorize rlm_ldap: performing user authorization for sbelki radius_xlat: '(uid=sbelki)' radius_xlat: 'ou=people,dc=palermo,dc=edu' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=people,dc=palermo,dc=edu, with filter (uid=sbelki) request 57 done rlm_ldap: checking if remote access for sbelki is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: Adding userPassword as User-Password, value sample & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user sbelki authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 55 modcall: group authorize returns updated for request 55 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 55 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 55 modcall: group authenticate returns handled for request 55 Sending Access-Challenge of id 66 to 10.30.1.151:1032 EAP-Message = 0x010500061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x06bc31779a10f85cd934953e650bc051 Finished request 55 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 52 ID 63 with timestamp 46f01fd7 Cleaning up request 53 ID 64 with timestamp 46f01fd7 Cleaning up request 54 ID 65 with timestamp 46f01fd7 Cleaning up request 55 ID 66 with timestamp 46f01fd7 ***And This is the eap.conf: ********* eap { default_eap_type = mschapv2 timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } tls { private_key_password = "" private_key_file = /etc/pki/tls/certs/radius.key certificate_file = /etc/pki/tls/certs/radius.crt CA_file = /etc/pki/CA/cacert.pem dh_file = /etc/raddb/certs/dh random_file = /dev/urandom include_length = yes } ttls { default_eap_type = md5 } peap { default_eap_type = mschapv2 } mschapv2 { } } Please tell me if something of this file is wrong. Thanks in advance!! -- -- Sergio Belkin -
eap.conf
Description: Binary data
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html