Test Radius Client supporting PEAP-EAP MD5
Hi, Can anyone suggest a test radius client supporting PEAP with EAP MD5 ? I have tried JRadius Simuator , RadiusTest n others but could not get the option of PEAP with EAP MD5. Incase anyone has come across, please let me know. Warm regards Queenie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and server certificate
Thanks! I too was thinking on the same lines. Does EAP-GTC work only with Username n Password? Is there anything additional needed? What abt EAP-TTLS with EAP-GTC? Would certificates or anything additional to username and passowrd be required at the client/server side? Any good info on Token card handshake is welcome :) On Fri, Nov 14, 2008 at 9:27 PM, Arran Cudbard-Bell [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Damjan wrote: Just to be sure, all EAP types require the radius server to have a certificate right? and this certificate, i.e. it's parent needs to be installed in the supplicants, right? No, EAP-MD5, EAP-GTC, EAP-SecurID and a few others don't need certificates. - -- Arran Cudbard-Bell ([EMAIL PROTECTED]), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkdn+gACgkQcaklux5oVKJ0JACfWkEl1yUFiEjn7Kv8FoxA3sih 3e0AoIJK+K45JP28OhrjE+dBYyc1wjFL =5jnV -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.1 with PEAP- EAP-MD5
Appreciate all your help Ivan.
Could you get a clue as to what could be causing the Reject?
Do you need any more logs?
On Thu, Nov 6, 2008 at 7:57 PM, [EMAIL PROTECTED] wrote:
server (null) {
PEAP: Setting User-Name to queenie
Sending tunneled request
EAP-Message = 0x020900160410ef6cb6c0397ac7d4c05bf94e3f25b91f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = queenie
State = 0xcec54cd4cfcc481d16e979e447d690e2
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = queenie, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 22
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry queenie at line 91
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
That is when things go wrong. It goes to process md5 and returns reject.
There is no moaning about wrong password or anything else.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Server support for PEAP- EAP-MD5 EAP-TTLS- Token Card
Thanks Ivan. I went through the link. Any idea if freeradius 2.1.1 has PEAPv0 or PEAPv1? The eap.conf file specifies only PEAP 9 no version is mentioned. Regarding LEAP and hostapd. Wil try at the hostapd site as well. Was hoping if someone out here had tried it out :) Regards, Queenie On Wed, Nov 5, 2008 at 4:12 PM, [EMAIL PROTECTED] wrote: I read about Radius Server http://deployingradius.com/documents/configuration/eap.html 1. I saw that in PEAP- EAP-MD5 is not mentioned. Is EAP-MD5 supported in PEAP? 2. Also saw in EAP-TTLS- Token Card is not mentioned? is it supported? http://freeradius.org/features/eap.html 3. Another query i had was, does LEAP Work with hostapd ? I have version Hostapd 0.5.9 but read someplace on the net that LEAP doesnt work with hostapd. Can you confirm? Shouldn't you be asking this on hostapd list? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Server support for PEAP- EAP-MD5 EAP-TTLS- Token Card
oops... its not PEAP 9 it was a bracket error :) corrected it On Thu, Nov 6, 2008 at 9:55 AM, Queenie de Melo [EMAIL PROTECTED]wrote: Thanks Ivan. I went through the link. Any idea if freeradius 2.1.1 has PEAPv0 or PEAPv1? The eap.conf file specifies only PEAP (no version is mentioned). Regarding LEAP and hostapd. Wil try at the hostapd site as well. Was hoping if someone out here had tried it out :) Regards, Queenie On Wed, Nov 5, 2008 at 4:12 PM, [EMAIL PROTECTED] wrote: I read about Radius Server http://deployingradius.com/documents/configuration/eap.html 1. I saw that in PEAP- EAP-MD5 is not mentioned. Is EAP-MD5 supported in PEAP? 2. Also saw in EAP-TTLS- Token Card is not mentioned? is it supported? http://freeradius.org/features/eap.html 3. Another query i had was, does LEAP Work with hostapd ? I have version Hostapd 0.5.9 but read someplace on the net that LEAP doesnt work with hostapd. Can you confirm? Shouldn't you be asking this on hostapd list? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius 2.1.1 with PEAP- EAP-MD5
Hi All,
I have been trying to configure PEAP with EAP -MD5 but i juat cannot get it
to work.
TTLS with EAP -MD5 workes fine.
Also PEAP with Token card(gtc) and MSCHAPv2 works fine.
What I tried is...
1. When I *comment out MSCHAPv2* in the eap.conf file and I try with the
client being in PEAP EAP-MSCHAPv2, then I get a REJECT as below.
2.When I *comment out MD5* in the eap.conf file and try with the client
being in PEAP EAP MD5, then I get the same REJECT message as below
3. When *I dont comment out MD5(MD5 is enabled)* in the eap.conf file and
try with the client being in PEAP EAP MD5, then I get the same REJECT
message as below
In all the above three cases, I seem to be getting the same Reject message
as below:
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = queenie, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 9 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - queenie
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 9 to 192.168.5.200 port 1024
EAP-Message = 0x04090004
Message-Authenticator = 0x
Waking up in 3.5 seconds.
Cleaning up request 0 ID 1 with timestamp +79
Cleaning up request 1 ID 2 with timestamp +79
Cleaning up request 2 ID 3 with timestamp +79
Cleaning up request 3 ID 4 with timestamp +79
Waking up in 0.2 seconds.
Cleaning up request 4 ID 5 with timestamp +79
Cleaning up request 5 ID 6 with timestamp +79
Cleaning up request 6 ID 7 with timestamp +79
Cleaning up request 7 ID 8 with timestamp +79
Waking up in 1.0 seconds.
Cleaning up request 8 ID 9 with timestamp +79
Ready to process requests.
*Is it possible that in the eap.conf file, the MD5 does not get enabled
under PEAP? Cause MD5 does work fine with TTLS for me. *
Pl help!
Regards,
Queenie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Server support for PEAP- EAP-MD5 EAP-TTLS- Token Card
Hi All, had a few queries: I read about Radius Server http://deployingradius.com/documents/configuration/eap.html 1. I saw that in PEAP- EAP-MD5 is not mentioned. Is EAP-MD5 supported in PEAP? 2. Also saw in EAP-TTLS- Token Card is not mentioned? is it supported? 3. Another query i had was, does LEAP Work with hostapd ? I have version Hostapd 0.5.9 but read someplace on the net that LEAP doesnt work with hostapd. Can you confirm? Warm Regards Queenie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
