Debian and 'module "eap" returns noop for request'

classic Classic list List threaded Threaded
5 messages Options
| Threaded
Open this post in threaded view
|

Debian and 'module "eap" returns noop for request'

Kris Benson

Hi all,

I'm currently in the process of trying to get a D-Link DWL-2100AP and a
DWL-7000AP to authenticate off FreeRadius, but FreeRadius doesn't seem to
be too keen on talking EAP to them.

I have self-compiled the EAP module on Debian due to the binary
distribution restrictions, and the error I'm getting is:

module "eap" returns noop for request [number]

for every time a Windows XP SP2 client tries to connect.

The Windows Hotfix is now only available by request, so I haven't been
able to try that to see if it solves the problem.  If someone has it,
please e-mail it to me! :-)

I'm not sure if this is a Windows issue or a FreeRadius issue at this
point -- the "noop" seems odd, but perhaps it's what is being sent that is
causing it.

If someone could offer some suggestions, it would be greatly appreciated.

Kindest regards,

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian and 'module "eap" returns noop for request'

Alan DeKok
"Kris Benson" <[hidden email]> wrote:
> I have self-compiled the EAP module on Debian due to the binary
> distribution restrictions, and the error I'm getting is:
>
> module "eap" returns noop for request [number]

  And what does the *rest* of the debug output say?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian and 'module "eap" returns noop for request'

Kris Benson
>"Kris Benson" <[hidden email]> wrote:
>> I have self-compiled the EAP module on Debian due to the binary
>> distribution restrictions, and the error I'm getting is:
>>
>> module "eap" returns noop for request [number]
>
>  And what does the *rest* of the debug output say?
>
Hi Alan,

I was thinking I'd save you the trouble of wading through all that... but
since you asked. :-)

here's the debug output:
#######################################################
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/freeradius/clients.conf
Config:   including file: /etc/freeradius/eap.conf
 main: prefix = "/usr"
 main: localstatedir = "/var"
 main: logdir = "/var/log/freeradius"
 main: libdir = "/usr/lib/freeradius"
 main: radacctdir = "/var/log/freeradius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/var/log/freeradius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/freeradius/freeradius.pid"
 main: user = "freerad"
 main: group = "freerad"
 main: usercollide = no
 main: lower_user = "before"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/sbin/checkrad"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded exec
 exec: wait = yes
 exec: program = "(null)"
 exec: input_pairs = "request"
 exec: output_pairs = "(null)"
 exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
 mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded eap
 eap: default_eap_type = "leap"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type leap
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
 tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
 tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/etc/freeradius/certs/dh"
 tls: random_file = "/etc/freeradius/certs/random"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = yes
 tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = yes
 peap: use_tunneled_reply = yes
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/freeradius/huntgroups"
 preprocess: hints = "/etc/freeradius/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
 files: usersfile = "/etc/freeradius/users"
 files: acctusersfile = "/etc/freeradius/acct_users"
 files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
 acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addre ss, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
 realm: ignore_default = no
 realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded detail
 detail: detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%
Y%m%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "/etc/shadow"
 unix: group = "(null)"
 unix: radwtmp = "/var/log/freeradius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
 radutmp: filename = "/var/log/freeradius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
--<snip other testing>--
rad_recv: Access-Request packet from host 192.168.0.231:1026, id=1,
length=213
        Framed-MTU = 1466
        NAS-IP-Address = 192.168.0.231
        NAS-Identifier = "D-link Corp. Access Point"
        User-Name = "shawn storey"
        Service-Type = Framed-User
        NAS-Port = 65
        NAS-Port-Type = Wireless-802.11
        NAS-Port-Id = "ether2_65"
        Called-Station-Id = "00-0d-88-e5-4c-fb"
        Calling-Station-Id = "00-12-f0-30-84-0a"
        Connect-Info = "CONNECT Ethernet 0Mbps Full duplex"
        EAP-Message = 0x0202001101736861776e2073746f726579
        Message-Authenticator = 0xe69296783899aac88c45d4e3f3924548
rad_lowerpair:  User-Name now 'shawn storey'
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "eap" returns noop for request 2
    users: Matched entry DEFAULT at line 178
  modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
auth: No authenticate method (Auth-Type) configuration found for the
request: Re jecting the user
auth: Failed to validate the user.
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
#######################################################

It appears all of my config directives are echoed in the first bit where
it is loaded, but if you would like me to post the config files, let me
know.

Thank you very much in advance for your help,

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian and 'module "eap" returns noop for request'

Kris Benson
>>"Kris Benson" <[hidden email]> wrote:
>>> I have self-compiled the EAP module on Debian due to the binary
>>> distribution restrictions, and the error I'm getting is:
>>>
>>> module "eap" returns noop for request [number]
>>
>>  And what does the *rest* of the debug output say?
>>
>Hi Alan,
>
>I was thinking I'd save you the trouble of wading through all that... but
>since you asked. :-)
>
>here's the debug output:

[deletia]

Just did some further testing.  MacOS 10.4.2 won't connect either, giving
the same debug information as the Windows client already mentioned.  So
it's not the hotfix issue!

BTW: Microsoft has e-mailed me the hotfix -- if anybody needs it, please
let me know!

-kb
--
Kris Benson, CCP, I.S.P.
Technical Analyst, District Projects
School District #57 (Prince George)

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Debian and 'module "eap" returns noop for request'

Alan DeKok
In reply to this post by Kris Benson
"Kris Benson" <[hidden email]> wrote:
> I was thinking I'd save you the trouble of wading through all that... but
> since you asked. :-)

  Ok...

> modcall: entering group authorize for request 2
>   modcall[authorize]: module "preprocess" returns ok for request 2
>   modcall[authorize]: module "eap" returns noop for request 2

  If it returns noop, then it SHOULD print out a message explaining
why.

  At least, 1.0.4 does this.  If you're running an older version of
the server, I don't know.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html