Find the answer to your Linux question:
Results 1 to 5 of 5
Hello all, I am new to this forum but I am planning to write some manual for you about openssl and freeradius. The only problem right now is that I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2010
    Posts
    8

    Freeradius problem


    Hello all,
    I am new to this forum but I am planning to write some manual for you about openssl and freeradius. The only problem right now is that I have a problem myself with freeradius. I try to authenticate with a certificate. I created 1 in linux and i also added the keybag that is necessary for Windows. I installed it succesfully in the windows box. But when I want to authenticate the radius server gives me an error. See below. I think the problem is the unsupported eap type 13 but when I go googlse it, it doesn't give me any usefull results. So I hope one of you can help me with this... Ooo and don't worry.. those are real information but it is only a test setup. Anyway thank you very much. Further more I can't enter the atsymbol. The symbol of emailaddress>symbol<hotmail.com

    Listening on authentication address * port 1812
    Listening on accounting address * port 1813
    Listening on command file /usr/local/var/run/radiusd/radiusd.sock
    Listening on proxy address * port 1814
    Ready to process requests.
    rad_recv: Access-Request packet from host 172.20.251.26 port 1183, id=0, length=203
    Message-Authenticator = 0x4349940d46b2724ee08f727753ee818a
    Service-Type = Framed-User
    User-Name = "andre"
    Framed-MTU = 1488
    Called-Station-Id = "00-0F-3D-AF-FA-68:APDiputacion"
    Calling-Station-Id = "70-1A-04-3E-4C-68"
    NAS-Identifier = "D-link Corp. Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0200000a01616e647265
    NAS-IP-Address = 172.20.251.26
    NAS-Port = 2
    NAS-Port-Id = "STA port # 2"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '[a't]' in User-Name = "andre", looking up realm NULL <- sorry can't enter
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 0 length 10
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[unix] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] Found existing Auth-Type, not changing it.
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] EAP Identity
    [eap] processing type md5
    rlm_eap_md5: Issuing Challenge
    ++[eap] returns handled
    Sending Access-Challenge of id 0 to 172.20.251.26 port 1183
    EAP-Message = 0x0101001604102fe482ef2542a8dc2d73a381af2fa872
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0xd2cac72ed2cbc337f31d91cf37e7eb10
    Finished request 0.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 172.20.251.26 port 1183, id=1, length=217
    Message-Authenticator = 0xfa1233e8a624605552f3c888ba77190c
    Service-Type = Framed-User
    User-Name = "andre"
    Framed-MTU = 1488
    State = 0xd2cac72ed2cbc337f31d91cf37e7eb10
    Called-Station-Id = "00-0F-3D-AF-FA-68:APDiputacion"
    Calling-Station-Id = "70-1A-04-3E-4C-68"
    NAS-Identifier = "D-link Corp. Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x02010006030d
    NAS-IP-Address = 172.20.251.26
    NAS-Port = 2
    NAS-Port-Id = "STA port # 2"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '[a't]' in User-Name = "andre", looking up realm NULL <- sorry can't enter
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 1 length 6
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[unix] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] Found existing Auth-Type, not changing it.
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP NAK
    [eap] NAK asked for unsupported type 13
    [eap] No common EAP types found.
    [eap] Failed in EAP select
    ++[eap] returns invalid
    Failed to authenticate the user.
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
    [attr_filter.access_reject] expand: %{User-Name} -> andre
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 1 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 1
    Sending Access-Reject of id 1 to 172.20.251.26 port 1183
    EAP-Message = 0x04010004
    Message-Authenticator = 0x00000000000000000000000000000000
    Waking up in 3.5 seconds.
    Cleaning up request 0 ID 0 with timestamp +5
    Cleaning up request 1 ID 1 with timestamp +5
    Ready to process requests.
    rad_recv: Access-Request packet from host 172.20.251.26 port 1337, id=0, length=203
    Message-Authenticator = 0x1479571c039ef235c59bc13d004b2d72
    Service-Type = Framed-User
    User-Name = "andre"
    Framed-MTU = 1488
    Called-Station-Id = "00-0F-3D-AF-FA-68:APDiputacion"
    Calling-Station-Id = "70-1A-04-3E-4C-68"
    NAS-Identifier = "D-link Corp. Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0200000a01616e647265
    NAS-IP-Address = 172.20.251.26
    NAS-Port = 2
    NAS-Port-Id = "STA port # 2"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '[a't]' in User-Name = "andre", looking up realm NULL <- sorry can't enter
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 0 length 10
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[unix] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] Found existing Auth-Type, not changing it.
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] EAP Identity
    [eap] processing type md5
    rlm_eap_md5: Issuing Challenge
    ++[eap] returns handled
    Sending Access-Challenge of id 0 to 172.20.251.26 port 1337
    EAP-Message = 0x010100160410339da00101be189c7d5c20a3f37fc1ca
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x26d5f01526d4f478ca17c3d04d642fab
    Finished request 2.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 172.20.251.26 port 1337, id=1, length=217
    Message-Authenticator = 0xa97e0d7f4229dd9dc1dbfbffcf7004ca
    Service-Type = Framed-User
    User-Name = "andre"
    Framed-MTU = 1488
    State = 0x26d5f01526d4f478ca17c3d04d642fab
    Called-Station-Id = "00-0F-3D-AF-FA-68:APDiputacion"
    Calling-Station-Id = "70-1A-04-3E-4C-68"
    NAS-Identifier = "D-link Corp. Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x02010006030d
    NAS-IP-Address = 172.20.251.26
    NAS-Port = 2
    NAS-Port-Id = "STA port # 2"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '[a't]' in User-Name = "andre", looking up realm NULL <- sorry can't enter the a't symbol the sides blocks it
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 1 length 6
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[unix] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    [pap] Found existing Auth-Type, not changing it.
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP NAK
    [eap] NAK asked for unsupported type 13
    [eap] No common EAP types found.
    [eap] Failed in EAP select
    ++[eap] returns invalid
    Failed to authenticate the user.
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
    [attr_filter.access_reject] expand: %{User-Name} -> andre
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 3 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 3
    Sending Access-Reject of id 1 to 172.20.251.26 port 1337
    EAP-Message = 0x04010004
    Message-Authenticator = 0x00000000000000000000000000000000
    Waking up in 3.5 seconds.
    Cleaning up request 2 ID 0 with timestamp +1209
    Cleaning up request 3 ID 1 with timestamp +1209
    Ready to process requests.

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,380
    A couple of points.

    1. You can't post URL's including email addresses here until you have at least 16 postings in the forums. Unfortunately, postings to The Coffee Lounge don't count. This is to keep spammers from mucking up the forums.
    2. Post your question to one of the forums such as Wireless Internet or Linux Security. You'll get posting credits there and your question is more likely to be seen by someone who knows something about your subject.

    So, welcome to The Linux Forums. You are starting out with a good question and subject that might be of real interest here.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3
    Just Joined!
    Join Date
    Feb 2010
    Posts
    8
    that isn't an answer...

  4. #4
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    11,380
    I will answer it (if I can) when you move this to the proper forum. I'm not a radius expert, and a lot of people who might be experts or at least have a clue about this may not be looking at The Coffee Lounge postings, but would be in the other mentioned forums.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  5. #5
    Just Joined!
    Join Date
    Feb 2010
    Posts
    8
    Solved it, You need to install a stable version of freeradius and openssl for questions pm me

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •