FW: xsupplicant authentication issue with HostAp + FreeRadius
Atif.Ikram at jdsu.com
Fri Aug 25 15:30:44 EDT 2006
From: Atif Ikram
Sent: Friday, August 25, 2006 3:26 PM
To: 'hostap at shmoo.com'
Subject: xsupplicant authentication issue with HostAp + FreeRadius
I am new to HostAp and I will deeply appreciate if someone can point me
to right direction:
Currently I have HostAP and FreeRadius running on same Linux box and
xsupplicant running on an embedded machine but on the same network. It
is all wired network and no wifi involved. I have configured FreeRadius
to accept any user for testing purposes as follows:
DEFAULT Auth-Type := Accept
The HostAp and FreeRadius seem to communicate fine when they get started
as the secret key is setup the same on both side's config files.
When xsupplicant attempts to authenticate via HostAp, the FreeRadius
gets the request and it accepts it but HostAp doesn't seem to be getting
the "Message-Authenticator" attribute correctly from FreeRadius. As a
result it rejects the Radius message. I know I am doing something wrong
and will like to get help. Again thanks in advance !
Here is the config for xsupplicant:
network_list = all
default_netname = default
logfile = /home/ikr46256/xsupplicant.log
default_interface = eth0
type = wired
allow_types = all
identity = myid at mynet.net
username = "tester"
password = "hello" # Since the password has spaces, quote it.
Here is the log from HostAP:
IEEE 802.1X: 46 bytes from 00:40:4d:d0:9f:71
IEEE 802.1X: version=2 type=0 length=19
ignoring 23 extra octets after IEEE 802.1X packet
EAP: code=2 identifier=10 length=19 (response)
eth0: STA 00:40:4d:d0:9f:71 IEEE 802.1X: received EAP packet (code=2
id=10 len=19) from STA: EAP Response-Identity (1)
eth0: STA 00:40:4d:d0:9f:71 IEEE 802.1X: STA identity 'myid at mynet.net'
IEEE 802.1X: 00:40:4d:d0:9f:71 BE_AUTH entering state RESPONSE
Encapsulating EAP message into a RADIUS packet
eth0: RADIUS Sending RADIUS message to authentication server
eth0: RADIUS Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=7 length=38
Attribute 18 (?Unknown?) length=18
No Message-Authenticator attribute found
Incoming RADIUS packet did not have correct Message-Authenticator -
eth0: STA 00:40:4d:d0:9f:71 RADIUS: No RADIUS RX handler found (type=0
code=2 id=7) [INVALID AUTHENTICATOR] - dropping packet
IEEE 802.1X: 00:d0:b7:2c:38:79 REAUTH_TIMER entering state INITIALIZE
The log for FreeRadius is as follows:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Thread 1 handling request 0, (1 handled so far)
Acct-Status-Type = Accounting-On
Acct-Authentic = RADIUS
NAS-IP-Address = 127.0.0.1
NAS-Identifier = "ap.example.com"
Called-Station-Id = "00-14-22-43-42-2F:"
Acct-Terminate-Cause = NAS-Reboot
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 44ef389d
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 127.0.0.1:33250, id=79,
Thread 2 handling request 1, (1 handled so far)
User-Name = "testuser"
User-Password = "hello"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_check_password: Auth-Type = Accept, accepting the user
radius_xlat: 'You are accepted'
Sending Access-Accept of id 79 to 127.0.0.1 port 33250
Reply-Message = "You are accepted"
Finished request 1
Going to the next request
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the HostAP