I do not have "raduser" configured in my proxy users file. If it is configuration problem on the Home-Server why does it work if I use radeapclient/radclient.
I see following on my host on running eapol_test. Whay is NAS-IP-Address set as 127.0.0.1 in this case? Reading configuration file '/tmp/eapol.conf' Line: 1 - start of a new network block key_mgmt: 0x4 eap methods - hexdump(len=16): 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 radu...@mytes 74 2e 63 6f 6d t.com password - hexdump_ascii(len=7): 70 61 73 73 31 32 33 pass123 Priority group 0 id=0 ssid='' Authentication server 192.168.6.134:1812 RADIUS local address: 192.168.6.181:32771 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 radu...@mytes 74 2e 63 6f 6d t.com EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=26) TX EAP -> RADIUS - hexdump(len=26): 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=21): 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=150 Attribute 1 (User-Name) length=23 Value: '[email protected]' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=28 Value: 02 00 00 1a 01 72 61 64 75 73 65 72 40 6e 65 76 69 73 74 65 73 74 2e 63 6f 6d Attribute 80 (Message-Authenticator) length=18 Value: cb 60 23 ea b3 e1 3d 7d 11 81 f1 02 53 39 5d e1 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 129 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=129 Attribute 27 (Session-Timeout) length=6 Value: 6 Attribute 79 (EAP-Message) length=37 Value: 01 01 00 23 04 10 b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 52 4f 4f 54 54 45 53 54 4c 41 42 41 44 Attribute 24 (State) length=25 Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00 Attribute 80 (Message-Authenticator) length=18 Value: d8 fb 71 20 d9 1c ca 4d 61 a5 7d 7a e6 34 0c 4b Attribute 1 (User-Name) length=23 Value: '[email protected]' STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.00 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=35) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: Initialize selected EAP method: vendor 0 method 4 (MD5) CTRL-EVENT-EAP-METHOD EAP vendor 0 method 4 (MD5) selected EAP: EAP entering state METHOD EAP-MD5: Challenge - hexdump(len=16): b3 70 ee 1c 3c 59 73 f5 a2 4e 77 b7 a2 4d cb 01 EAP-MD5: Generating Challenge Response EAP-MD5: Response - hexdump(len=16): 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=22) TX EAP -> RADIUS - hexdump(len=22): 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=171 Attribute 1 (User-Name) length=23 Value: '[email protected]' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=24 Value: 02 01 00 16 04 10 26 f7 be 54 fc 4a 29 80 58 5c a6 65 69 02 2d 21 Attribute 24 (State) length=25 Value: 1a 35 02 b4 00 00 01 37 00 01 c0 a8 07 28 00 00 00 03 23 5c 23 3e 00 Attribute 80 (Message-Authenticator) length=18 Value: 74 44 82 76 ad 4a 69 3f 63 5d 39 6e 92 19 c1 53 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 44 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=1 length=44 Attribute 79 (EAP-Message) length=6 Value: 04 01 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 8f 2f ea 83 e9 df 05 6e 4b 01 be ee 65 a9 fc 6f STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 1.00 sec RADIUS packet matching with station decapsulated EAP packet (code=4 id=1 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state DISCARD EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RECEIVE EAPOL: EAP key not available EAP: deinitialize previously used EAP method (4, MD5) at EAP deinit MPPE keys OK: 0 mismatch: 1 FAILURE Thanks, Chidanand On Mon, Sep 6, 2010 at 1:45 PM, Alan Buxey <[email protected]> wrote: > Hi, > > <snip> > > > Sending Access-Request of id 177 to 192.168.7.40 port 1812 > > <cut> > > > rad_recv: Access-Reject packet from host 192.168.7.40 port 1812, id=177, > length=47 > > > seems quite simple. the home server that you proxied the request to has > rejected > it. check the logs on that server to see why - i suspect its because you > are > stripping the username and thus the EAP stuff wont be right.... > > > you seem to also have that user in your local users file...and you also > seem to be setting > auth-type to accept - that wont work for EAP > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Chidanand Gangur Pune.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
