> Thanks for your prompt response. eapol_test has been built with all EAP > modules. See log below: > > Do you know what the problem can be? I've tried almost everything now!
It's hard to tell what's going on with only a portion of the log. Send the logs for both eapol_test and FreeRADIUS in debug mode. Send it to the list. It's better to have multiple people look at the problem. Tim > > Thanks again. > > Sergio. > > > --- o --- > > eapol_test -c md5.conf -s testing123 > > > Reading configuration file 'md5.conf' > Line: 1 - start of a new network block > ssid - hexdump_ascii(len=7): > 45 78 61 6d 70 6c 65 Example > eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 > 00 > eapol_flags=0 (0x0) > key_mgmt: 0x1 > identity - hexdump_ascii(len=8): > 74 65 73 74 75 73 65 72 testuser > password - hexdump_ascii(len=6): > 74 65 73 74 70 77 testpw > ca_cert - hexdump_ascii(len=40): > 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et > 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 52 6f c/raddb/certs/Ro > 6f 74 43 41 2e 70 65 6d otCA.pem > client_cert - hexdump_ascii(len=38): > 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et > 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 75 73 c/raddb/certs/us > 65 72 2e 64 65 72 er.der > private_key - hexdump_ascii(len=42): > 63 3a 2f 46 72 65 65 52 41 44 49 55 53 2f 65 74 c:/FreeRADIUS/et > 63 2f 72 61 64 64 62 2f 63 65 72 74 73 2f 75 73 c/raddb/certs/us > 65 72 2d 6b 65 79 2e 64 65 72 er-key.der > phase2 - hexdump_ascii(len=11): > 61 75 74 68 65 61 70 3d 4d 44 35 autheap=MD5 > anonymous_identity - hexdump_ascii(len=9): > 61 6e 6f 6e 79 6d 6f 75 73 anonymous > Priority group 0 > id=0 ssid='Example' > Authentication server 127.0.0.1:1812 > EAPOL: SUPP_PAE entering state DISCONNECTED > EAPOL: KEY_RX entering state NO_KEY_RECEIVE > EAPOL: SUPP_BE entering state INITIALIZE > EAP: EAP entering state DISABLED > EAPOL: External notification - portValid=0 > EAPOL: External notification - portEnabled=1 > EAPOL: SUPP_PAE entering state CONNECTING > EAPOL: SUPP_BE entering state IDLE > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > CTRL_IFACE - test - wait for monitor > Sending fake EAP-Request-Identity > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_PAE entering state RESTART > EAP: EAP entering state INITIALIZE > EAP: EAP entering state IDLE > EAPOL: SUPP_PAE entering state AUTHENTICATING > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 > EAP: EAP entering state IDENTITY > CTRL-EVENT-EAP-STARTED EAP authentication started > EAP: EAP-Request Identity data - hexdump_ascii(len=0): > EAP: using anonymous identity - hexdump_ascii(len=9): > 61 6e 6f 6e 79 6d 6f 75 73 anonymous > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > WPA: eapol_test_eapol_send(type=0 len=14) TX EAP -> RADIUS - > hexdump(len=14): 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 Encapsulating EAP > message into a RADIUS packet Learned identity from EAP-Response-Identity > - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73 Sending RADIUS message to > authentication server RADIUS message: code=1 (Access-Request) > identifier=0 length=126 > Attribute 1 (User-Name) length=11 > Value: 'anonymous' > Attribute 4 (NAS-IP-Address) length=6 > Value: 127.0.0.1 > Attribute 31 (Calling-Station-Id) length=19 > Value: '02-00-00-00-00-01' > Attribute 12 (Framed-MTU) length=6 > Value: 1400 > Attribute 61 (NAS-Port-Type) length=6 > Value: 19 > Attribute 77 (Connect-Info) length=24 > Value: 'CONNECT 11Mbps 802.11b' > Attribute 79 (EAP-Message) length=16 > Value: 02 00 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73 > Attribute 80 (Message-Authenticator) length=18 > Value: 29 8c 2f d2 bc e7 e4 4f 38 ff 02 28 4f 38 f5 61 Next RADIUS client > retransmit in 3 seconds > > EAPOL: SUPP_BE entering state RECEIVE > Received 64 bytes from RADIUS server > Received RADIUS message > RADIUS message: code=11 (Access-Challenge) identifier=0 length=64 > Attribute 79 (EAP-Message) length=8 > Value: 01 01 00 06 0d 20 > Attribute 80 (Message-Authenticator) length=18 > Value: ca c5 9f c8 7c a3 4f 44 0a ab b1 3b f2 7c 1f 17 > Attribute 24 (State) length=18 > Value: 6d 9b 65 d3 6d 9a 68 84 2b 53 ce 97 ac 1c e2 81 STA 02:00:00:00:00:01: > Received RADIUS packet matched with a pending request, round trip time > 0.00 sec > > RADIUS packet matching with station > decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP- > Request-TLS (13) > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=1 method=13 vendor=0 vendorMethod=0 > EAP: EAP entering state GET_METHOD > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13 > EAP: Initialize selected EAP method: vendor 0 method 13 (TLS) > TLS: using phase1 config options > TLS: Trusted root certificate(s) loaded > OpenSSL: SSL_use_certificate_file (DER) --> OK > OpenSSL: SSL_use_PrivateKey_File (DER) --> OK > SSL: Private key loaded successfully > CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS) selected > EAP: EAP entering state METHOD > SSL: Received packet(len=6) - Flags 0x20 > EAP-TLS: Start > SSL: (where=0x10 ret=0x1) > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:before/connect initialization > SSL: (where=0x1001 ret=0x1) > SSL: SSL_connect:SSLv3 write client hello A > SSL: (where=0x1002 ret=0xffffffff) > SSL: SSL_connect:error in SSLv3 read server hello A > SSL: SSL_connect - want more data > SSL: 210 bytes pending from ssl_out > SSL: 210 bytes left to be sent out (of total 210 bytes) > EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > WPA: eapol_test_eapol_send(type=0 len=216) TX EAP -> RADIUS - > hexdump(len=216): 02 01 00 d8 0d 00 16 03 01 00 cd 01 00 00 c9 03 01 4e 9b 60 > 82 ce 26 51 18 1a 0f fd 61 c0 4c 56 44 2e a2 ed da d9 cd 0b a9 3f f4 97 dd 76 0a > 58 be 00 00 5c c0 14 c0 0a 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 > 08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00 33 00 32 00 9a 00 99 00 45 00 44 c0 > 0e c0 04 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 > 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01 02 00 0a 00 > 34 00 32 00 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c > 00 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 > 23 00 00 Encapsulating EAP message into a RADIUS packet > Copied RADIUS State Attribute > Sending RADIUS message to authentication server RADIUS message: code=1 > (Access-Request) identifier=1 length=346 > Attribute 1 (User-Name) length=11 > Value: 'anonymous' > Attribute 4 (NAS-IP-Address) length=6 > Value: 127.0.0.1 > Attribute 31 (Calling-Station-Id) length=19 > Value: '02-00-00-00-00-01' > Attribute 12 (Framed-MTU) length=6 > Value: 1400 > Attribute 61 (NAS-Port-Type) length=6 > Value: 19 > Attribute 77 (Connect-Info) length=24 > Value: 'CONNECT 11Mbps 802.11b' > Attribute 79 (EAP-Message) length=218 > Value: 02 01 00 d8 0d 00 16 03 01 00 cd 01 00 00 c9 03 01 4e 9b 60 82 ce 26 51 > 18 1a 0f fd 61 c0 4c 56 44 2e a2 ed da d9 cd 0b a9 3f f4 97 dd 76 0a 58 be 00 00 > 5c c0 14 c0 0a 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 00 16 00 > 13 c0 0d c0 03 00 0a c0 13 c0 09 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 > 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 > 11 00 08 00 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 > 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00 0d 00 0e > 00 0f 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 23 00 00 > Attribute 24 (State) length=18 > Value: 6d 9b 65 d3 6d 9a 68 84 2b 53 ce 97 ac 1c e2 81 > Attribute 80 (Message-Authenticator) length=18 > Value: 9e c4 a4 f0 55 8c 2a 18 4e 44 ee 10 2d 97 5d 0d Next RADIUS client > retransmit in 3 seconds > > EAPOL: SUPP_BE entering state RECEIVE > Received 1090 bytes from RADIUS server > Received RADIUS message > RADIUS message: code=11 (Access-Challenge) identifier=1 length=1090 > Attribute 79 (EAP-Message) length=255 > Value: 01 02 04 00 0d c0 00 00 0e af 16 03 01 00 31 02 00 00 2d 03 01 4e 9b 60 > 82 70 e6 76 5a ef e2 e5 37 6c d6 08 dd ee 9f b6 70 66 d2 df a8 0e 1f 2c e8 33 f3 > 07 f5 00 00 39 00 00 05 ff 01 00 01 00 16 03 01 0b eb 0b 00 0b e7 00 0b e4 00 06 > 5f 30 82 06 5b 30 82 05 43 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d > 01 01 05 05 00 30 81 dd 31 0b 30 09 06 03 55 04 06 13 02 47 42 31 0f 30 0d 06 03 > 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 14 30 12 06 03 55 04 07 13 0b 57 65 73 74 6d > 69 6e 73 74 65 72 31 1c 30 1a 06 03 55 04 0a 13 13 4d 61 74 65 41 52 20 49 54 20 > 53 6f 6c 75 74 69 6f 6e 73 31 17 30 15 06 03 55 04 0b 13 0e 50 4b 49 20 44 65 70 > 61 72 74 6d 65 6e 74 31 22 30 20 06 03 55 04 03 13 19 54 65 73 74 20 52 6f 6f 74 > 20 43 41 20 28 46 72 65 65 52 41 44 49 > Attribute 79 (EAP-Message) length=255 > Value: 55 53 29 31 20 30 1e 06 03 55 04 0d 13 17 54 65 73 74 20 52 6f 6f 74 43 > 41 20 43 65 72 74 69 66 69 63 61 74 65 31 1d 30 1b 06 09 2a 86 48 86 f7 0d 01 09 > 01 16 0e 69 6e 66 6f 40 6d 61 74 65 61 72 2e 65 75 31 0b 30 09 06 03 55 04 05 13 > 02 30 31 30 1e 17 0d 31 31 31 30 31 36 31 34 32 37 35 32 5a 17 0d 31 32 31 30 31 > 35 31 34 32 37 35 32 5a 30 81 f2 31 23 30 21 06 03 55 04 03 13 1a 55 4b 57 49 4e > 32 30 30 38 52 32 2e 63 6f 72 70 2e 6d 61 74 65 61 72 2e 65 75 31 12 30 10 06 0a > 09 92 26 89 93 f2 2c 64 01 19 16 02 45 55 31 1d 30 1b 06 09 2a 86 48 86 f7 0d 01 > 09 01 16 0e 69 6e 66 6f 40 6d 61 74 65 61 72 2e 65 75 31 0b 30 09 06 03 55 04 06 > 13 02 47 42 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 14 30 12 06 03 55 > 04 07 13 0b 57 65 73 74 6d 69 6e 73 > Attribute 79 (EAP-Message) length=255 > Value: 74 65 72 31 16 30 14 06 03 55 04 0b 13 0d 49 54 20 44 65 70 61 72 74 6d > 65 6e 74 31 16 30 14 06 03 55 04 05 13 0d 55 4b 4c 4f 4e 44 4f 4e 53 52 56 30 31 > 31 34 30 32 06 03 55 04 0d 13 2b 54 65 73 74 20 53 65 72 76 65 72 20 43 65 72 74 > 69 66 69 63 61 74 65 20 28 50 45 41 50 20 2d 20 46 72 65 65 52 41 44 49 55 53 29 > 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 > 81 00 d0 91 2b e9 29 81 af 2f 9e e8 e1 c8 27 c3 0b 70 a9 71 04 63 fb e0 52 bd e4 > 1c 7a 96 af 52 bc 77 0a 83 da a7 bb c2 86 da 3b ef f1 f7 f7 13 94 c8 06 f0 21 4b 2b > 1f ae 41 aa fb 04 5e fc 1e 49 b5 a7 00 82 fd 2e ac e9 f7 c0 98 db ea 77 7b 6b d8 > d6 d8 0c 99 d4 2a 2a 61 84 f7 63 75 68 38 fa ff 97 04 87 37 f9 2b db c4 1c d8 03 e1 > 2e d1 7c c4 cf ed 29 57 97 d6 f6 > Attribute 79 (EAP-Message) length=255 > Value: db 79 9f 5b bc 4b 53 ce 81 02 03 01 00 01 a3 82 02 91 30 82 02 8d 30 0f > 06 03 55 1d 13 01 01 ff 04 05 30 03 02 01 00 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 > 02 03 f8 30 1d 06 03 55 1d 0e 04 16 04 14 c7 c5 14 ad 16 23 77 01 f6 29 bf 2c 1d 18 > c2 4c 81 86 18 8f 30 82 01 0b 06 03 55 1d 23 04 82 01 02 30 81 ff 80 14 8c 04 28 72 > c8 60 3f 29 a5 8a c1 4f db 9a 62 ff 9a ad c3 fa a1 81 e3 a4 81 e0 30 81 dd 31 0b 30 > 09 06 03 55 04 06 13 02 47 42 31 0f 30 0d 06 03 55 04 08 13 06 4c 6f 6e 64 6f 6e 31 > 14 30 12 06 03 55 04 07 13 0b 57 65 73 74 6d 69 6e 73 74 65 72 31 1c 30 1a 06 03 > 55 04 0a 13 13 4d 61 74 65 41 52 20 49 54 20 53 6f 6c 75 74 69 6f 6e 73 31 17 30 15 > 06 03 55 04 0b 13 0e 50 4b 49 20 44 65 70 61 72 74 6d 65 6e 74 31 22 30 20 06 03 > 55 04 03 13 19 54 65 > Attribute 79 (EAP-Message) length=14 > Value: 73 74 20 52 6f 6f 74 20 43 41 20 28 > Attribute 80 (Message-Authenticator) length=18 > Value: eb 77 c8 8e ab 89 28 65 cf 6b ea d1 ce 32 b6 2e > Attribute 24 (State) length=18 > Value: 6d 9b 65 d3 6c 99 68 84 2b 53 ce 97 ac 1c e2 81 STA 02:00:00:00:00:01: > Received RADIUS packet matched with a pending request, round trip time > 0.00 sec > > RADIUS packet matching with station > decapsulated EAP packet (code=1 id=2 len=1024) from RADIUS server: EAP- > Request-TLS (13) > EAPOL: Received EAP-Packet frame > EAPOL: SUPP_BE entering state REQUEST > EAPOL: getSuppRsp > EAP: EAP entering state RECEIVED > EAP: Received EAP-Request id=2 method=13 vendor=0 vendorMethod=0 > EAP: EAP entering state METHOD > SSL: Received packet(len=1024) - Flags 0xc0 > SSL: TLS Message Length: 3759 > SSL: Need 2745 bytes more input data > SSL: Building ACK (type=13 id=2 ver=0) > EAP: method process -> ignore=FALSE methodState=MAY_CONT > decision=FAIL > EAP: EAP entering state SEND_RESPONSE > EAP: EAP entering state IDLE > EAPOL: SUPP_BE entering state RESPONSE > EAPOL: txSuppRsp > WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - > hexdump(len=6): 02 02 00 06 0d 00 Encapsulating EAP message into a RADIUS > packet > Copied RADIUS State Attribute > Sending RADIUS message to authentication server RADIUS message: code=1 > (Access-Request) identifier=2 length=136 > Attribute 1 (User-Name) length=11 > Value: 'anonymous' > Attribute 4 (NAS-IP-Address) length=6 > Value: 127.0.0.1 > Attribute 31 (Calling-Station-Id) length=19 > Value: '02-00-00-00-00-01' > Attribute 12 (Framed-MTU) length=6 > Value: 1400 > Attribute 61 (NAS-Port-Type) length=6 > Value: 19 > Attribute 77 (Connect-Info) length=24 > Value: 'CONNECT 11Mbps 802.11b' > Attribute 79 (EAP-Message) length=8 > Value: 02 02 00 06 0d 00 > Attribute 24 (State) length=18 > Value: 6d 9b 65 d3 6c 99 68 84 2b 53 ce 97 ac 1c e2 81 > Attribute 80 (Message-Authenticator) length=18 > Value: a9 7e 43 1c 85 51 4b 08 e5 45 69 b9 85 a6 a6 16 Next RADIUS client > retransmit in 3 seconds > > EAPOL: SUPP_BE entering state RECEIVE > EAPOL: startWhen --> 0 > STA 02:00:00:00:00:01: Resending RADIUS message (id=2) > > Next RADIUS client retransmit in 6 seconds STA 02:00:00:00:00:01: Resending > RADIUS message (id=2) > > Next RADIUS client retransmit in 12 seconds STA 02:00:00:00:00:01: > Resending RADIUS message (id=2) > > Next RADIUS client retransmit in 24 seconds EAPOL test timed out > EAPOL: EAP key not available > EAP: deinitialize previously used EAP method (13, TLS) at EAP deinit > ENGINE: engine deinit > MPPE keys OK: 0 mismatch: 0 > FAILURE > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: [email protected] > > To: [email protected] > > Subject: RE: EAP Testing - Newbie > > Date: Sun, 16 Oct 2011 12:37:20 -0700 > > > > > I'm in the process of testing FreeRADIUS 2.1.11, just basic/standard > > setup. > > > I've been following the following user guide: > > > http://deployingradius.com/documents/configuration/pap.html. Very > > > useful, by the way. > > > > > > PAP, MSCHAP and MSCHAPv2 work ok, but I'm unable to get any EAP > > > tests to pass. I've tries almost everything, including: > > > http://deployingradius.com/documents/configuration/eap- > problems.html > > > > > > radtest -t eap-md5 ....... (it works ok) > > > > > > > OK. The means the eap-md5 worked for radtest and FreeRADIUS. > > > > > --------- EAP-MD5 test --------- > > > > > > http://deployingradius.com/scripts/eapol_test/ > > > > > > > > > eapol_test.exe -c md5.conf -s testing123 ( it doesn't > > work!) > > > > OK. Since eap-md5 worked for FreeRADIUS and radeaptest above, but not > > for eapol_test and FreeRADIUS, this is most likely a problem with > > eapol_test not supporting eap-md5. > > > > > EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS > > > server Received RADIUS message RADIUS message: code=11 > > > (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) > > > length=24 > > > Value: 01 01 00 16 04 10 2d 5a 5e ca fd 46 31 37 33 67 ef 5f ec 14 > > 64 c3 > > > Attribute 80 (Message-Authenticator) length=18 > > > Value: 37 83 06 12 9c 7b 2d 98 9a e8 6b 81 79 03 ce 63 Attribute 24 > > > (State) length=18 > > > Value: cb 7a ce 96 cb 7b ca 0b 07 a3 2c 75 4a 0c c4 c6 STA > > 02:00:00:00:00:01: > > > Received RADIUS packet matched with a pending request, round trip > > > time > > > 0.00 sec > > > > > > RADIUS packet matching with station > > > decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: > > > EAP- > > > Request-MD5 (4) > > > > RADIUS Server proposed using eap-md5. > > > > > > > EAPOL: Received EAP-Packet frame > > > EAPOL: SUPP_BE entering state REQUEST > > > EAPOL: getSuppRsp > > > EAP: EAP entering state RECEIVED > > > EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 > > > EAP: EAP entering state GET_METHOD > > > EAP: configuration does not allow: vendor 0 method 4 > > > EAP: vendor 0 method 4 not allowed > > > > eapol_test said it's configuration does not support "method 4" (aka > > eap-md5). > > > > > > > CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK > > > EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not > > > allowed) > > > EAP: allowed methods - hexdump(len=1): 15 > > > EAP: EAP entering state SEND_RESPONSE > > > > eapol_test sends a NAK back to the FreeRADIUS because it does not > > support > > eap-md5 (or any other eap method sent back by FR). > > > > Verify that eapol_test was successfully built with support for > > eap-md5. Look for error messages during the build process. You will > > probably see error messages saying that it could not find the OpenSSL > libraries and/or headers. > > > > Tim > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
