Hi Alan
Thank you,it can reply correct attribute.
some more question pls.
1.sometimes it can login while sometimes failure, it is random. I am using
the same user/password for PEAP authentication and totally the same
configuration both server and client PC/user.
2.after user success login, sometimes it will re-authentication
automatically. It seems client issue the authentication itself but I wonder.
3.looking for the log below,it seems finish authentication by FR but the
result is failure. why sending Access-Challenge to NAS(192.168.21.223) after
success?
*****************************************************************
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
} # server inner-tunnel
[peap] Got tunneled reply code 2
Auth-Type := Local
Service-Type := Framed-User
Framed-IP-Address := 255.255.255.254
Framed-IP-Netmask := 255.255.255.0
Bandwidth-Max-Up := 2097152
Bandwidth-Max-Down := 2097152
Redirection-URL := "http://speedtest.net";
Idle-Timeout := 60
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0xe8e6189faa5581198681e65eab0a0270
MS-MPPE-Recv-Key = 0x0ea859d9cf1789a14e71ea9f41cfa8e0
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "gary"
[peap] Got tunneled reply RADIUS code 2
Auth-Type := Local
Service-Type := Framed-User
Framed-IP-Address := 255.255.255.254
Framed-IP-Netmask := 255.255.255.0
Bandwidth-Max-Up := 2097152
Bandwidth-Max-Down := 2097152
Redirection-URL := "http://speedtest.net";
Idle-Timeout := 60
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0xe8e6189faa5581198681e65eab0a0270
MS-MPPE-Recv-Key = 0x0ea859d9cf1789a14e71ea9f41cfa8e0
EAP-Message = 0x030c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "gary"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 117 to 192.168.21.223 port 1812
EAP-Message =
0x010d00261900170301001bb702fe1896d6726825ec785647a34e3d8126e49337f16e73596446
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2f1a077a27171e8af826d2444a0b0c36
Finished request 79.
Going to the next request
Waking up in 2.8 seconds.
Cleaning up request 71 ID 109 with timestamp +1967
Cleaning up request 72 ID 110 with timestamp +1967
Cleaning up request 73 ID 111 with timestamp +1967
Cleaning up request 74 ID 112 with timestamp +1967
Cleaning up request 75 ID 113 with timestamp +1967
Cleaning up request 76 ID 114 with timestamp +1967
Waking up in 0.8 seconds.
Cleaning up request 77 ID 115 with timestamp +1968
Cleaning up request 78 ID 116 with timestamp +1968
Waking up in 1.0 seconds.
Cleaning up request 79 ID 117 with timestamp +1969
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x2f1a077a27171e8a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
***********************************************************************
Best Regards
Gary
----- Original Message -----
From: "Alan DeKok" <[email protected]>
To: "FreeRadius users mailing list" <[email protected]>
Sent: Thursday, September 01, 2011 8:48 PM
Subject: Re: EAP-TLS/PEAP authentication problem(can notreply
correctattribute)
gary wrote:
I do not define my private attribute while I follow the WISPr such as
"Bandwidth-Max-Up" and "Bandwidth-Max-Down".
It is no problem that I use UAM method(user login with login page by
user name/password) and freeradius can reply correct attribute.
But when I use PEAP authentication,after user login it can not reply
correct attribute that I configure in the radgroupreply table.
Can anyone give some idea?
See "use_tunneled_reply" in raddb/eap.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
