Linksys SLM248G

David Blackman Tue, 07 Oct 2008 06:19:43 -0700

I have a lab that has wired ports that connect to a Linksys SLM248Gswitch that supports 802.1x. What I want to do do is to set this switchup to make the users authenticate to gain access to the network. Theusers will have an accounts on the radius server which is a FreeBSD 7.0system running FreeRadius 2.06. I would like them to be able to entertheir username and password to access the network. Should this be possible?

I get nothing from the radiusd -X if I have the windows xp EAP type: setto MD5-Challenge or Smart card or other Certificates.

I get the following if I have the windows xp supplicant EAP type: set toProtected EAP (PEAP) and Select Authentication Method: set to Securedpassword (EAP-MSCHAP v2) configured to automatically use my windowslogon name...

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=83

        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        EAP-Message = 0x0201000e014442335c64626c6163
        Message-Authenticator = 0x829bab10f0c399313b4946fc47f6aa9c
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 14
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DB3\dblac at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
        EAP-Message = 0x01020016041081b9c6b3f031cce93aac863f3383a0c1
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255ecec605113c816ac1ff80419e2
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=93

Cleaning up request 12 ID 0 with timestamp +190
        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        State = 0xec6255ecec605113c816ac1ff80419e2
        EAP-Message = 0x020200060319
        Message-Authenticator = 0x3156b6e297a2d81c38042450074ffa81
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DB3\dblac at line 206
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP NAK
 rlm_eap: EAP-NAK asked for EAP-Type/peap
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
        EAP-Message = 0x010300061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255eced614c13c816ac1ff80419e2
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=167

Cleaning up request 13 ID 0 with timestamp +190
        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        State = 0xec6255eced614c13c816ac1ff80419e2

EAP-Message =0x0203005019800000004616030100410100003d030148eb44b1c52d912b11d4d2bbd04b61fd302b03d22ba373beb33f2aa37b24248200001600040005000a000900640062000300060013001200630100

        Message-Authenticator = 0xd3f4489233cacc67f8a062f7e24b05f7
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 3 length 80
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  TLS Length 70
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154

EAP-Message =0x0104040019c0000008bb160301004a02000046030148eb4379e9bfdee521dcb3928d8ca625b7d1f2cdfd1561c5deafbe6ce7ed6a52203eb5a90289c645a44ae02464f658a92024e0030a6fa06680d2536fc60819f4cf000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504EAP-Message =0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335315a170d3039303931393135303335315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bf1135e7403c91fce2e032ecca3a6a145563d12900aee0f492557dcd151fEAP-Message =0xa5ae2d8204eed48117170b963f923ff0fffd0912fe9e8e16684e410daf483f046ca000e41b7610d935f03d3a108b7ecd148dbd0aa410f35e72e1372195bbe307fa3d90482745b2bf0eb8bc8e6328c6c9947bb4f4ce24dde218475416ca55361c2e88a3647214ad165f70da12b0f40d754dc357ca812ab8f94bd8a58acf78a2280c478e0b9b403fe7d1ab55296b22869c581feb0c07a4ba0106e66e82025d210c9d6363a02e740f627e85446b7aeb29eed663768ba9c5e3463d97fe7f4790c562b9e3d28032bc09a448b0e9d65c08f0ef85c4e1d3710e9aa36e8d5f19b41bdd05a9750203010001a317301530130603551d25040c300a06082b06010505EAP-Message =0x070301300d06092a864886f70d010104050003820101006b001b9f369b704d4eb7b8720d3db79dae602ca5eaa73ce38b8e8167e4da5a54762304a9a622f9381a8c2af8fe4ea5a0104e4a593a4ee607dc108d898d2c93122290c3c9948f20a19a3b8cbfb251d37e0b8cc0171270427639644546c71ccbfe8b1e64025ce560c70e030625349089138e8e08dc1a2b7d0d92c032b80fe1626a948789619ed1de6fc5a26dba9e978a12395b905b5d2f1e12428a58c75bbc3e0149bb3b724a3d866e2581656e6c939e6571570c67207ed46bfbbe7d37ac5b468ad6bb72d9b9aae7fd587679a814d47fdd15f5aecb6e3d20dc66effa359bf7ceb24db46b5f65bd

        EAP-Message = 0xdd8b0d1ffbd9cfc10c334d0c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255ecee664c13c816ac1ff80419e2
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=93

Cleaning up request 14 ID 0 with timestamp +190
        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        State = 0xec6255ecee664c13c816ac1ff80419e2
        EAP-Message = 0x020400061900
        Message-Authenticator = 0x886a8775435f25263f2aca201609785c
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154

EAP-Message =0x010503fc19407595a82abeae63e145f572782b550004ab308204a73082038fa003020102020900d9e21f5ee6835c3a300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303931393135303335305a170d3038313031393135303335305a308193310b30090603EAP-Message =0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c1f6ababdbb11157e01222cd06effd53fe6bbe93ccef710728fa7dbd748861ec895fafaed33ce581aa8d1988705e6360c00d238ed22cf23e36983af70411268f912abb3591519c8665e808d69c6774EAP-Message =0x13a97fa387a88c4ba3af3b53dee51a15e58864b9f5d1abc8522b091963193e3bf9d303e0860e906a3f0662c75696658f9fd91e6c0943c5cbeadd38a4646b121fa301031dcb90e1b03d6a01be8b525909dcd2225cb29b42a48c191403788b1e27a69e1af0dc87a25de82f549956980b3aba56984fde3a6f5cb88d4319de879f42595fd3e2836e4b8e0024ee3939197c5f2151c9399ba835599f1dbd01b8577bb8d1369c1498e80a47b784f6536e8f718c1d0203010001a381fb3081f8301d0603551d0e04160414dc814088224053f83c7a5b13a01af9512eb5deb93081c80603551d230481c03081bd8014dc814088224053f83c7a5b13a01af9512eb5EAP-Message =0xdeb9a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d9e21f5ee6835c3a300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010046ad1161afb688a9d15f6d856da942a6be08e914cb3e9ddcaf9170ef68be87b02567b291878202d4c903dbacdfbe311c6d3b

        EAP-Message = 0x0be93902225236ba
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255ecef674c13c816ac1ff80419e2
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=93

Cleaning up request 15 ID 0 with timestamp +190
        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        State = 0xec6255ecef674c13c816ac1ff80419e2
        EAP-Message = 0x020500061900
        Message-Authenticator = 0x676ce9988ddab71abb71ddbca2554610
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154

EAP-Message =0x010600d51900e0f91c11fb297731a6efe3a48a6be62f005b0571eab2bef69625fcc1ebc94d4d3b7ceeecc5977de9b83a4eb22ce44bf4388f8cc6f0ece7443e2f0ecd971251bebd2d70b3eef75100b2d2af7d217c3a674b984010ded7f1095ffc4d1aeff0efe8b7e948df9e3ada1ee3f8fcbeb7023a143772a3cfb077de90f7a7a7cf2d6e06f933be6b917795777e74e9e6691d5a95100b1a610e16cda1c2f8e3661c231aa6d2cb1ce8ed5096b5789a61ea5aef84d10e9dded9b338a826e950075ee8797f4099e6c1748e1d8716030100040e000000

        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255ece8644c13c816ac1ff80419e2
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 128.227.232.133 port 49154,id=0, length=93

Cleaning up request 16 ID 0 with timestamp +190
        NAS-IP-Address = 128.227.232.133
        NAS-Port-Type = Ethernet
        NAS-Port = 2
        User-Name = "DB3\\dblac"
        State = 0xec6255ece8644c13c816ac1ff80419e2
        EAP-Message = 0x020600061900
        Message-Authenticator = 0xd07720185412598787e85c2a753d4855
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "DB3\dblac", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 6 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 128.227.232.133 port 49154
        EAP-Message = 0x010700061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xec6255ece9654c13c816ac1ff80419e2
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 17 ID 0 with timestamp +190
Ready to process requests.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Linksys SLM248G

Reply via email to