📄 eap-md5 howto.htm
字号:
<p><i>Please note:</i> you can perfectly use EAP-authentication without usingWEP or providing whichever keys in the AP. Do it so for the test purposes.Once youve got it running, you can setup your WEP keys, whatever. Thatwill allow you to analyze traffic if something goes wrong.For Cisco AP350 it would look like following:<a href="http://www.cisco.com/univercd/illus/6/55/65555.gif" class="external free" title="http://www.cisco.com/univercd/illus/6/55/65555.gif" rel="nofollow">http://www.cisco.com/univercd/illus/6/55/65555.gif</a>Deactivate older authentication types (Open, Shared, CHAP, PAP, whatever)to prevent misunderstanding during the test.<div class="editsection" style="float:right;margin-left:5px;">[<a href="/index.php?title=EAP/MD5_HOWTO&action=edit&section=7" title="Edit section: User configuration">edit</a>]</div><a name="User_configuration"></a><h2>User configuration</h2><div class="editsection" style="float:right;margin-left:5px;">[<a href="/index.php?title=EAP/MD5_HOWTO&action=edit&section=8" title="Edit section: Windows XP (before SP1)">edit</a>]</div><a name="Windows_XP_.28before_SP1.29"></a><h3>Windows XP (before SP1)</h3><p><b>Note:</b> since WindowsXP SP1 you can't use EAP-MD5 for wireless devices!!! EAP-MD5 is only available for wired devices.</p><p>Go to the Network Connections window. Right-click the connection corresponding to the adapter which is going to use EAP authentication. Go to the "Authentication" tab. If it doesnt appear (yes, its weird sometimes) try to unplug and plug your adapter till it does (if PCMCIA...) Otherwise, download the software for the adapter configuration like e.g. ACU for the Cisco adapters and try to de- and reactivate the card.</p><p>In the Authentication dialog, assure the box "Use IEEE802.1X networkauthentication" is checked. Set your EAP type there (EAP/MD5 Challenge).</p><p>Thats all. Now deactivate and reactivate your LAN-connection on thisadapter and it should work.</p><div class="editsection" style="float:right;margin-left:5px;">[<a href="/index.php?title=EAP/MD5_HOWTO&action=edit&section=9" title="Edit section: Troubleshooting">edit</a>]</div><a name="Troubleshooting"></a><h2>Troubleshooting</h2><p><b>Problem 1:</b></p><p>Your AP keeps on saying "Unknown EAP authentication procedure request" or similiar all the time.</p><p><b>Workaround:</b></p><p>Try to assure that all the parameters described above (at client and user sides) have really been set. Then, try to check the following points:</p><ul><li> The firmware of the network adapter and the access point are new enough to support the latest IEEE802.1X version (momentary Draft 10 or Draft 11 should work). Update your firmware with its radio part in the other case.</li></ul><ul><li> Use the adapter software to see which versions are active, verify the links, permutate all settings, do something! Try to use the adapter software to set the authentication type. In my case it was the first solution I had to set an ACU profile dictating the EAP authentication to the card instead of Allow Windows to set these parameters. This now works with Windows profiling, too, though.</li></ul><p><br /><b>Problem 2:</b></p><p>You get an Access Reject even if the identification information is correct.In the server log you can see a weird Notification message.</p><p><b>Workaround:</b></p><p>In your user config (<code>users</code> file of the server configuration) remove the "Reply-Message" attribute for the concerned user. This is currently a bug.Some APs (e.g. Cisco) send out a Notification downstream to the user on receiving a "Reply-Message" attribute in the "Radius Response". The Windows XP supplicant answerswith an "EAP Notification" type message instead of "EAP MD5 Challenge" message which shouldbe issued. <i><b>FreeRadius</b></i> server currently rejects every incoming EAP notification.</p><div class="editsection" style="float:right;margin-left:5px;">[<a href="/index.php?title=EAP/MD5_HOWTO&action=edit&section=10" title="Edit section: Exchange and log examples">edit</a>]</div><a name="Exchange_and_log_examples"></a><h2>Exchange and log examples</h2><p>Here is an example log of a successful user login</p><p>The basic exchange would be like following:</p><pre>NAS Server Access Request (1) EAP Response (2) Identity (1) ----------------> Access Challenge (11) EAP Request (1) MD5-Challenge (4 <---------------- Access Request (1) EAP Response (2) MD-Challenge (4) ----------------> Access Accept (2) EAP Success (3) <----------------</pre><p>And the corresponding <tt>radiusd</tt> output:</p><pre>rad_recv: Access-Request packet from host 10.10.10.1:1150, id=42, length=121 User-Name = "artur" NAS-IP-Address = 10.10.10.1 Called-Station-Id = "00409635bed6" Calling-Station-Id = "004096426f05" NAS-Identifier = "ap1" NAS-Port = 38 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002\000\000\n\001artur" Message-Authenticator = 0xe16c8f1a3d9326a9025fb043c7f2ececrlm_eap: processing type md5rlm_eap_md5: Issuing ChallengeLogin OK: [artur/<no User-Password attribute>] (from client ap-1 port 38 cli 004096426f05)Sending Access-Challenge of id 42 to 10.10.10.1:1150 EAP-Message = "\001*\000\026\004\020\277\301\034\265\377\002\353\210{pfV\216B\031J" Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0bb432f976422930f905808b087e88ba9610fe3ccb283c169291fb00b15a87fa66c5a418rad_recv: Access-Request packet from host 10.10.10.1:1151, id=43, length=176 User-Name = "artur" NAS-IP-Address = 10.10.10.1 Called-Station-Id = "00409635bed6" Calling-Station-Id = "004096426f05" NAS-Identifier = "ap1" NAS-Port = 38 Framed-MTU = 1400 State = 0x0bb432f976422930f905808b087e88ba9610fe3ccb283c169291fb00b15a87fa66c5a418 NAS-Port-Type = Wireless-802.11 EAP-Message = "\002*\000\033\004\020]\242\222\220kzZ\006\213\376!w\363M\255\311artur" Message-Authenticator = 0xa8d07be03fa8f7e6a15f593753094db4rlm_eap: Request found, released from the listrlm_eap: EAP_TYPE - md5rlm_eap: processing type md5Login OK: [artur/<no User-Password attribute>] (from client ap-1 port 38 cli 004096426f05)Sending Access-Accept of id 43 to 10.10.10.1:1151 EAP-Message = "\003+\000\004" Message-Authenticator = 0x00000000000000000000000000000000</pre></p><!-- Saved in parser cache with key wikiradius-fr_:pcache:idhash:1564-0!1!0!!en!2 and timestamp 20081118132531 --><div class="printfooter"><p>Retrieved from "<a href="http://wiki.freeradius.org/EAP/MD5_HOWTO">http://wiki.freeradius.org/EAP/MD5_HOWTO</a>"</p><p>This page has been accessed 16,292 times. This page was last modified 22:30, 16 October 2007. </p></div></div><br clear='all' /><div id='footer'><br /><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script><script type="text/javascript">_uacct = "UA-1186926-2";urchinTracker();</script><table width='98%' border='0' cellspacing='0'><tr><td width='152' rowspan='1'> </td><td class='bottom' align='center' valign='top'><strong><a href="/index.php?title=EAP/MD5_HOWTO&action=edit" title="EAP/MD5 HOWTO">Edit this page</a></strong> |<a href="/index.php?title=Talk:EAP/MD5_HOWTO&action=edit" class="new" title="Talk:EAP/MD5 HOWTO">Discuss this page</a> |<a href="/index.php?title=EAP/MD5_HOWTO&action=history" title="EAP/MD5 HOWTO">Page history</a> |<a href="/index.php?title=Special:Whatlinkshere&target=EAP/MD5_HOWTO" title="Special:Whatlinkshere">What links here</a> |<a href="/index.php?title=Special:Recentchangeslinked&target=EAP/MD5_HOWTO" title="Special:Recentchangeslinked">Related changes</a><br /><br /><br /><a href="/Main_Page" title="Main Page">Main Page</a> | <a href="/FreeRADIUS_Wiki:About" title="FreeRADIUS Wiki:About">About FreeRADIUS Wiki</a> | <form id="search" method="get" class="inline" action="/Special:Search">Find: <input type='text' name="search" size='14' value="" /><br /><input type='submit' name="go" value="Go" /> <input type='submit' name="fulltext" value="Search" /></form><br />This page has been accessed 16,292 times. This page was last modified 22:30, 16 October 2007. </td></tr></table></div></div><div id='quickbar'><h6>Find</h6><form id="search" method="get" class="inline" action="/Special:Search"><input type='text' name="search" size='14' value="" /><br /><input type='submit' name="go" value="Go" /> <input type='submit' name="fulltext" value="Search" /></form><h6>Browse</h6><a href="/Main_Page">Main Page</a><br /><a href="/FreeRADIUS_Wiki:Community_Portal">Community portal</a><br /><a href="/Current_events">Current events</a><br /><a href="/Special:Recentchanges">Recent changes</a><br /><a href="/Special:Random">Random page</a><br /><a href="/Help:Contents">Help</a><br /><a href="/FreeRADIUS_Wiki:Site_support">Donations</a><br /><h6>Edit</h6><strong><a href="/index.php?title=EAP/MD5_HOWTO&action=edit" title="EAP/MD5 HOWTO">Edit this page</a></strong><br /><a href="/Help:Editing" title="Help:Editing">Editing help</a><br /><h6>This page</h6><a href="/index.php?title=Talk:EAP/MD5_HOWTO&action=edit" class="new" title="Talk:EAP/MD5 HOWTO">Discuss this page</a><br /><a href="/index.php?title=Talk:EAP/MD5_HOWTO&action=edit&section=new" title="Talk:EAP/MD5 HOWTO">Post a comment</a><br /><a href="/index.php?title=EAP/MD5_HOWTO&printable=yes">Printable version</a><br /><h6>Context</h6><a href="/index.php?title=EAP/MD5_HOWTO&action=history" title="EAP/MD5 HOWTO">Page history</a><br /><a href="/index.php?title=Special:Whatlinkshere&target=EAP/MD5_HOWTO" title="Special:Whatlinkshere">What links here</a><br /><a href="/index.php?title=Special:Recentchangeslinked&target=EAP/MD5_HOWTO" title="Special:Recentchangeslinked">Related changes</a><br /><h6>My pages</h6><a href="/Special:Userlogin" title="Special:Userlogin">Log in / create account</a><h6>Special pages</h6><a href="/Special:Newpages" title="Special:Newpages">New pages</a><br /><a href="/Special:Imagelist" title="Special:Imagelist">File list</a><br /><a href="/Special:Statistics" title="Special:Statistics">Statistics</a><br /><a href="/FreeRADIUS_Wiki:Bug_reports" title="FreeRADIUS Wiki:Bug reports">Bug reports</a><br /><a href="/Special:Specialpages" title="Special:Specialpages">More...</a><br /></div> <script type="text/javascript">if (window.runOnloadHook) runOnloadHook();</script><!-- Served by wiki.freeradius.org in 0.245 secs. --></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -