Hi, I have configurated a freeradius server using MySql authentication. When i run "radtest" i get a succefull response:
rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209, length=59 User-Name = "sqltest" User-Password = "testpwd" NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "testpwd" [pap] Using clear text password "testpwd" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 209 to 127.0.0.1 port 45562 Finished request 20. Going to the next request Now i have configurated a windows supplicant, when i enter the credentials for login from the suplicant pc, the radius server always sends a rejected response in the servers terminal(i have freeradius over debug mode to se all the messages), this is what i get: Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0, length=139 Cleaning up request 18 ID 0 with timestamp +502 User-Name = "sqltest" NAS-IP-Address = 192.168.1.4 Called-Station-Id = "00226b81bae1" Calling-Station-Id = "002369764cef" NAS-Identifier = "00226b81bae1" NAS-Port = 21 Framed-MTU = 1400 State = 0x5589d8c55588dc92d29bccd07151cb7c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "sqltest", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> sqltest [sql] sql_set_user escaped user --> 'sqltest' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'sqltest' ORDER BY id [sql] User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'sqltest' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'sqltest' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} expand: %{User-Name} -> sqltest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 0 to 192.168.1.4 port 3666 EAP-Message = 0x04010004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. Cleaning up request 19 ID 0 with timestamp +502 Ready to process requests. As i can see the error is located here: Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] NAK asked for unsupported type 25 [eap] No common EAP types found. [eap] Failed in EAP select when the windows suppllicant tryes to access the server found an EAP authentication..that from some reason fails, when i do a "radtest" the the server tells: Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "testpwd" [pap] Using clear text password "testpwd" [pap] User authenticated successfully I have configurated the windows client as recomended over in wiki. freeradius.org site Any idea? Cheers
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html