- Aug 24, 2000
- 4,153
- 4
- 81
I'm using freeRadius to authenticate clients on a WiMAX network. I've successfully set up my RADIUS server and modified the eap.conf, clients.conf, users, random, and dictionary files.
The server is authenticating using MS-CHAPv2 (TTLS) just fine. I'm using the same root CA cert on the radius and the client and the appropriate entries in the users file in this format:
user@realm Cleartext-Password := "userpass"
When I try to change to use TLS I am having some problems. Still using the same CA cert on both server and client, I then install the client cert, client key, and give it a password. It's a different password than what is indicated as the cleartext password "userpass". However it does match up with the parameter in the CNF file used to generate the key...
At any rate here is the output from my radius server and I'm wondering where I went wrong...
It just repeats that loop indefinitely. I'm VERY new to freeRadius and am kind of learning it all on the fly.
If you have a clue what's going on... please, talk to me like I'm a 5 yr old.
Thanks!
-JR
The server is authenticating using MS-CHAPv2 (TTLS) just fine. I'm using the same root CA cert on the radius and the client and the appropriate entries in the users file in this format:
user@realm Cleartext-Password := "userpass"
When I try to change to use TLS I am having some problems. Still using the same CA cert on both server and client, I then install the client cert, client key, and give it a password. It's a different password than what is indicated as the cleartext password "userpass". However it does match up with the parameter in the CNF file used to generate the key...
At any rate here is the output from my radius server and I'm wondering where I went wrong...
rad_recv: Access-Request packet from host 192.168.95.123 port 49153, id=30, length=87
Message-Authenticator = 0xb3553881f431b878e21e61e37a061647
NAS-Identifier = "BS"
User-Name = "user1@dittrnet.net"
EAP-Message = 0x020a00170175736572314064697474726e65742e6e6574
Tue May 14 11:32:59 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
Tue May 14 11:32:59 2013 : Info: +- entering group authorize {...}
Tue May 14 11:32:59 2013 : Info: ++[preprocess] returns ok
Tue May 14 11:32:59 2013 : Info: ++[chap] returns noop
Tue May 14 11:32:59 2013 : Info: ++[mschap] returns noop
Tue May 14 11:32:59 2013 : Info: ++[digest] returns noop
Tue May 14 11:32:59 2013 : Info: [suffix] Looking up realm "dittrnet.net" for User-Name = "user1@dittrnet.net"
Tue May 14 11:32:59 2013 : Info: [suffix] No such realm "dittrnet.net"
Tue May 14 11:32:59 2013 : Info: ++[suffix] returns noop
Tue May 14 11:32:59 2013 : Info: [eap] EAP packet type response id 10 length 23
Tue May 14 11:32:59 2013 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Tue May 14 11:32:59 2013 : Info: ++[eap] returns updated
Tue May 14 11:32:59 2013 : Info: [files] users: Matched entry user1@dittrnet.net at line 207
Tue May 14 11:32:59 2013 : Info: ++[files] returns ok
Tue May 14 11:32:59 2013 : Info: ++[expiration] returns noop
Tue May 14 11:32:59 2013 : Info: ++[logintime] returns noop
Tue May 14 11:32:59 2013 : Info: [pap] WARNING: Auth-Type already set. Not setting to PAP
Tue May 14 11:32:59 2013 : Info: ++[pap] returns noop
Tue May 14 11:32:59 2013 : Info: Found Auth-Type = EAP
Tue May 14 11:32:59 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Tue May 14 11:32:59 2013 : Info: +- entering group authenticate {...}
Tue May 14 11:32:59 2013 : Info: [eap] EAP Identity
Tue May 14 11:32:59 2013 : Info: [eap] processing type tls
Tue May 14 11:32:59 2013 : Info: [tls] Initiate
Tue May 14 11:32:59 2013 : Info: [tls] Start returned 1
Tue May 14 11:32:59 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 30 to 192.168.95.123 port 49153
EAP-Message = 0x010b00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba2d74a5ba26614a6c45aa4bef53be6f
Tue May 14 11:32:59 2013 : Info: Finished request 33.
Tue May 14 11:32:59 2013 : Debug: Going to the next request
Tue May 14 11:32:59 2013 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.95.123 port 49153, id=31, length=88
Message-Authenticator = 0xc3b69be3318396aa6734106d7234e12a
NAS-Identifier = "BS"
User-Name = "user1@dittrnet.net"
EAP-Message = 0x020b0006030d
State = 0xba2d74a5ba26614a6c45aa4bef53be6f
Tue May 14 11:32:59 2013 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/default
Tue May 14 11:32:59 2013 : Info: +- entering group authorize {...}
Tue May 14 11:32:59 2013 : Info: ++[preprocess] returns ok
Tue May 14 11:32:59 2013 : Info: ++[chap] returns noop
Tue May 14 11:32:59 2013 : Info: ++[mschap] returns noop
Tue May 14 11:32:59 2013 : Info: ++[digest] returns noop
Tue May 14 11:32:59 2013 : Info: [suffix] Looking up realm "dittrnet.net" for User-Name = "user1@dittrnet.net"
Tue May 14 11:32:59 2013 : Info: [suffix] No such realm "dittrnet.net"
Tue May 14 11:32:59 2013 : Info: ++[suffix] returns noop
Tue May 14 11:32:59 2013 : Info: [eap] EAP packet type response id 11 length 6
Tue May 14 11:32:59 2013 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Tue May 14 11:32:59 2013 : Info: ++[eap] returns updated
Tue May 14 11:32:59 2013 : Info: [files] users: Matched entry user1@dittrnet.net at line 207
Tue May 14 11:32:59 2013 : Info: ++[files] returns ok
Tue May 14 11:32:59 2013 : Info: ++[expiration] returns noop
Tue May 14 11:32:59 2013 : Info: ++[logintime] returns noop
Tue May 14 11:32:59 2013 : Info: [pap] WARNING: Auth-Type already set. Not setting to PAP
Tue May 14 11:32:59 2013 : Info: ++[pap] returns noop
Tue May 14 11:32:59 2013 : Info: Found Auth-Type = EAP
Tue May 14 11:32:59 2013 : Info: # Executing group from file /etc/raddb/sites-enabled/default
Tue May 14 11:32:59 2013 : Info: +- entering group authenticate {...}
Tue May 14 11:32:59 2013 : Info: [eap] Request found, released from the list
Tue May 14 11:32:59 2013 : Info: [eap] EAP NAK
Tue May 14 11:32:59 2013 : Info: [eap] EAP-NAK asked for EAP-Type/tls
Tue May 14 11:32:59 2013 : Info: [eap] processing type tls
Tue May 14 11:32:59 2013 : Info: [tls] Requiring client certificate
Tue May 14 11:32:59 2013 : Info: [tls] Initiate
Tue May 14 11:32:59 2013 : Info: [tls] Start returned 1
Tue May 14 11:32:59 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 31 to 192.168.95.123 port 49153
EAP-Message = 0x010c00060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba2d74a5bb21794a6c45aa4bef53be6f
Tue May 14 11:32:59 2013 : Info: Finished request 34.
It just repeats that loop indefinitely. I'm VERY new to freeRadius and am kind of learning it all on the fly.
If you have a clue what's going on... please, talk to me like I'm a 5 yr old.
Thanks!
-JR
Last edited:
