FW: xsupplicant authentication issue with HostAp + FreeRadius

Atif Ikram Atif.Ikram at jdsu.com
Fri Aug 25 15:30:44 EDT 2006


 

 

________________________________

From: Atif Ikram 
Sent: Friday, August 25, 2006 3:26 PM
To: 'hostap at shmoo.com'
Subject: xsupplicant authentication issue with HostAp + FreeRadius

 

 

Greetings,

 

I am new to HostAp and I will deeply appreciate if someone can point me
to right direction:  

 

Currently I have HostAP and FreeRadius running on same Linux box and
xsupplicant running on an embedded machine but on the same network.  It
is all wired network and no wifi involved.  I have configured FreeRadius
to accept any user for testing purposes as follows:

 

DEFAULT Auth-Type := Accept

 

The HostAp and FreeRadius seem to communicate fine when they get started
as the secret key is setup the same on both side's config files.

 

When xsupplicant attempts to authenticate via HostAp, the FreeRadius
gets the request and it accepts it but HostAp doesn't seem to be getting
the "Message-Authenticator" attribute correctly from FreeRadius.  As a
result it rejects the Radius message.  I know I am doing something wrong
and will like to get help. Again thanks in advance !

 

Here is the config for xsupplicant:

 

network_list = all

default_netname = default

logfile = /home/ikr46256/xsupplicant.log

 

default_interface = eth0

 

default

{ 

  type = wired

  allow_types = all

 

  identity = myid at mynet.net

 

  eap-md5 {

      username = "tester"

      password = "hello"   # Since the password has spaces, quote it.

  }

 

}

 

Here is the log from HostAP:

 

IEEE 802.1X: 46 bytes from 00:40:4d:d0:9f:71

   IEEE 802.1X: version=2 type=0 length=19

   ignoring 23 extra octets after IEEE 802.1X packet

   EAP: code=2 identifier=10 length=19 (response)

eth0: STA 00:40:4d:d0:9f:71 IEEE 802.1X: received EAP packet (code=2
id=10 len=19) from STA: EAP Response-Identity (1)

eth0: STA 00:40:4d:d0:9f:71 IEEE 802.1X: STA identity 'myid at mynet.net'

IEEE 802.1X: 00:40:4d:d0:9f:71 BE_AUTH entering state RESPONSE

Encapsulating EAP message into a RADIUS packet

eth0: RADIUS Sending RADIUS message to authentication server

eth0: RADIUS Received RADIUS message

RADIUS message: code=2 (Access-Accept) identifier=7 length=38

   Attribute 18 (?Unknown?) length=18

No Message-Authenticator attribute found

Incoming RADIUS packet did not have correct Message-Authenticator -
dropped

eth0: STA 00:40:4d:d0:9f:71 RADIUS: No RADIUS RX handler found (type=0
code=2 id=7) [INVALID AUTHENTICATOR] - dropping packet

IEEE 802.1X: 00:d0:b7:2c:38:79 REAUTH_TIMER entering state INITIALIZE

 

 

 

 

The log for FreeRadius is as follows:

Starting - reading configuration files ...

reread_config:  reading radiusd.conf

Thread 1 handling request 0, (1 handled so far)

        Acct-Status-Type = Accounting-On

        Acct-Authentic = RADIUS

        NAS-IP-Address = 127.0.0.1

        NAS-Identifier = "ap.example.com"

        Called-Station-Id = "00-14-22-43-42-2F:"

        Acct-Terminate-Cause = NAS-Reboot

  Processing the preacct section of radiusd.conf

modcall: entering group preacct for request 0

Finished request 0

Going to the next request

Thread 1 waiting to be assigned a request

--- Walking the entire request list ---

Cleaning up request 0 ID 0 with timestamp 44ef389d

Nothing to do.  Sleeping until we see a request.

rad_recv: Access-Request packet from host 127.0.0.1:33250, id=79,
length=60

Thread 2 handling request 1, (1 handled so far)

        User-Name = "testuser"

        User-Password = "hello"

        NAS-IP-Address = 255.255.255.255

        NAS-Port = 0

  

  rad_check_password: Auth-Type = Accept, accepting the user

radius_xlat:  'You are accepted'

Sending Access-Accept of id 79 to 127.0.0.1 port 33250

        Reply-Message = "You are accepted"

Finished request 1

Going to the next request

 

..........

......

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20060825/2ab5911d/attachment.htm 


More information about the HostAP mailing list