Hello,
I hate to ask this, but I'm running out of time on this project and I'm
completely new to RADIUS. I would be really happy if someone could just
point me to a detailed HOW TO for what I need.
I have freeRADIUS set up with an external MySQL user database and it's
successfully authorizing requests from NTRadPing.
Now I need to actually try it out "In the field". I need people running
XP, Vista (ugh), and Apple laptops to be able to auth using the MySQL
database that I have set up.
So far I'm not having any luck, and I don't mind saying that I'm a
little over my head at this point. Someone familiar with this will
probably see glaring problems.
I will provide all the details I can think of, but please let me know if
you need more.
Server:
FreeRADIUS 1.1.7 with MySQL module.
Database:
Remote MySQL
Access Point:
D-Link DWL-7100AP (Ciscos coming in January)
WPA-EAP
TKIP
Client Laptop:
WPA Enterprise
TKIP
PEAP (Other options: EAP-SIM, TLS, TTLS, LEAP, EAP-FAST)
MS-CHAP-V2 (Other options: GTC, TLS)
I set up an AP to use RADIUS, and the requests get through to the RADIUS
server, but they always fail. Posted below is the debug output from the
failed attempt.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=0,
length=193
Message-Authenticator = 0xf9c41895a382161a1d31b4a47bd830e0
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
Called-Station-Id = "00-11-95-DA-16-A6:SUSOM"
Calling-Station-Id = "00-1B-77-28-B3-CF"
NAS-Identifier = "D-Link Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11a"
EAP-Message = 0x0200000b01746261727468
NAS-IP-Address = 192.168.0.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
rad_lowerpair: User-Name now 'testuser'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
radius_xlat: 'testuser'
rlm_sql (sql): sql_set_user escaped user --> 'testuser'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = 'testuser' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radreply WHERE Username = 'testuser' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 0 to 192.168.0.1 port 1030
Framed-Protocol := PPP
Service-Type := Framed-User
Framed-MTU := 1500
Framed-Compression := Van-Jacobson-TCP-IP
EAP-Message = 0x0101001604104e273ea966f4fb77466b296f9c607385
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x149370a5228b3ae0acdd9dc3fb4a25a4
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1,
length=206
Message-Authenticator = 0xc9926863cf3df06ac150bbb6f77208eb
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
State = 0x149370a5228b3ae0acdd9dc3fb4a25a4
Called-Station-Id = "00-11-95-DA-16-A6:SUSOM"
Calling-Station-Id = "00-1B-77-28-B3-CF"
NAS-Identifier = "D-Link Access Point"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11a"
EAP-Message = 0x020100060319
NAS-IP-Address = 192.168.0.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
rad_lowerpair: User-Name now 'testuser'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
radius_xlat: 'testuser'
rlm_sql (sql): sql_set_user escaped user --> 'testuser'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radcheck WHERE Username = 'testuser' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op
FROM radreply WHERE Username = 'testuser' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'testuser' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module "sql" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: No such EAP type peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: leaving group authenticate (returns invalid) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.0.1:1030, id=1,
length=206
Sending Access-Reject of id 1 to 192.168.0.1 port 1030
EAP-Message = 0x04010004
Message-Authenticator = 0x00000000000000000000000000000000
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
