WAP +Radius
Hi all,
Has anyone tried to setup a WAP using Radius to authenticate users? I'm
using FreeRadius and a Belkin F5D7130, my test machine is a Apple
powerbook with airport extreme card. When i try to connect to my WAP
I'm telling that I'm using WEP-Enterprise and supplying the username /
password and the WAP name
I'm running a DHCP server on my debian server, all I'm wanting todo is
get the users authenticated from radius and then my linux box to assign
the IP addresses. I had this working with the standard WEP, as soon as
I changed my belkin router to use Radius I get errors.
I really dont know enough about how all this works, but I've added a
user into the "users" file
steve Auth-Type := EAP, User-Password == "testing"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = xxx.xxx.xxx.xxx,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = "std.ppp",
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
Is there some special config needed in radiusd.conf that needs to be
added to EAP section? do I need to use EAP? I want to avoid
certificates on server and client, I would ideally want to use simple
user / password authentication if possible. I thing the line where is
getting caught out is. I could be complete wrong (which is suspect)
any advise would be great
"rlm_eap: EAP Start not found"
/usr/sbin/freeradius -xx (output)
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:2048, id=0,
length=123
Thread 2 assigned request 6
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Waking up in 5 seconds...
Thread 2 handling request 6, (2 handled so far)
User-Name = "steve"
NAS-IP-Address = xxx.xxx.xxx.xxx
Called-Station-Id = "0030bd9bbf25"
Calling-Station-Id = "000393ec89e0"
NAS-Identifier = "0030bd9bbf25"
NAS-Port = 133
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000a017374657665
Message-Authenticator = 0x6a134e8dcac69a6d3ec2293af940a0af
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
rlm_eap: EAP packet type notification id 0 length 10
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 6
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "steve"
rlm_realm: Proxying request from user steve to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched DEFAULT at 152
users: Matched steve at 216
modcall[authorize]: module "files" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: list_clean deleted one item
rlm_eap: EAP packet type notification id 0 length 10
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok for request 6
modcall: group authenticate returns ok for request 6
Sending Access-Challenge of id 0 to xxx.xxx.xxx.xxx:2048
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010100160410f8e2f77cbb0a59ee9c94469c5c1f6ebb
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x8c84d25021d7fa8dcfa42552d4ad1b47bd8d3441a05c5caa73c81b505062e1c7f44191
f8
Finished request 6
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:2048, id=0,
length=157
Thread 3 assigned request 7
rl_next: returning NULL
Waking up in 5 seconds...
Thread 3 handling request 7, (2 handled so far)
User-Name = "steve"
NAS-IP-Address = xxx.xxx.xxx.xxx
Called-Station-Id = "0030bd9bbf25"
Calling-Station-Id = "000393ec89e0"
NAS-Identifier = "0030bd9bbf25"
NAS-Port = 133
Framed-MTU = 1400
State =
0x8c84d25021d7fa8dcfa42552d4ad1b47bd8d3441a05c5caa73c81b505062e1c7f44191
f8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0x211a6ccf3d330095a28ffadf23df4e26
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
rlm_eap: EAP packet type notification id 1 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 7
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "steve"
rlm_realm: Proxying request from user steve to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
users: Matched DEFAULT at 152
users: Matched steve at 216
modcall[authorize]: module "files" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 7
rlm_eap: EAP packet type notification id 1 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: Unknown EAP type 25, reverting to default_eap_type
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok for request 7
modcall: group authenticate returns ok for request 7
Sending Access-Challenge of id 0 to xxx.xxx.xxx.xxx:2048
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x0102001604106885b52fab8da68533d93886d2ae8f73
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x8561952572245a678247cdb45e41182abd8d3441abb8a4fd064d50c41d09263c5551f5
3a
Finished request 7
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:2048, id=0,
length=157
Thread 4 assigned request 8
rl_next: returning NULL
Waking up in 5 seconds...
Thread 4 handling request 8, (2 handled so far)
User-Name = "steve"
NAS-IP-Address = xxx.xxx.xxx.xxx
Called-Station-Id = "0030bd9bbf25"
Calling-Station-Id = "000393ec89e0"
NAS-Identifier = "0030bd9bbf25"
NAS-Port = 133
Framed-MTU = 1400
State =
0x8561952572245a678247cdb45e41182abd8d3441abb8a4fd064d50c41d09263c5551f5
3a
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200060315
Message-Authenticator = 0x5820389ad25938e3b8f864f7d015a337
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
rlm_eap: EAP packet type notification id 2 length 6
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 8
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "steve"
rlm_realm: Proxying request from user steve to realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 8
users: Matched DEFAULT at 152
users: Matched steve at 216
modcall[authorize]: module "files" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 8
rlm_eap: EAP packet type notification id 2 length 6
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: Unknown EAP type 21, reverting to default_eap_type
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns ok for request 8
modcall: group authenticate returns ok for request 8
Sending Access-Challenge of id 0 to xxx.xxx.xxx.xxx:2048
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x0103001604106112f44f269377ed00e2f9b522d32d00
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x9e2f1529e86688ee9d8e11537bcf9fddbd8d344173f695259edb069e60a308298786ef
cb
Finished request 8
Going to the next request
Thread 4 waiting to be assigned a request
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/0/5
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 0 with timestamp 41348dbd
Nothing to do. Sleeping until we see a request.
Reply to: