Problems with the PEAP configuration
Mario Alberto Cruz Gartner
mario.cruz at gmail.com
Fri Jul 8 23:39:14 CEST 2005
Yeah yeah!
I forgot the debug log:
rad_recv: Access-Request packet from host 192.168.20.7:55049, id=131, length=136
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x024f000a016a6169726f
Message-Authenticator = 0x2d2f9ce59d72aedecb32c31db5cbf1ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 131 to 192.168.20.7:55049
EAP-Message = 0x015000061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73087f91b1e8f8d908364c1aeea4fc1f
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.20.7:55048, id=132, length=224
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
State = 0x73087f91b1e8f8d908364c1aeea4fc1f
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0250005019800000004616030100410100003d030142ceeedbb9bd19eb466e47c1cf1b58144e405ca28fb495535ea26f31c0d0762200001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xca8acd898fe7920feb3e4ef9dc5f726f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 1
modcall: group authorize returns ok for request 1
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0662], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 132 to 192.168.20.7:55048
EAP-Message =
0x0151040a19c0000006bf160301004a02000046030142ceeeaaf4b602690da1f35abd58e43c3dd7c20e50a16c129c51c0fe8eb4a3d2207cde606f9c16fb1ce7356f8d93f1d4ad8bd9a128233f42261549bff71d5cab9100040016030106620b00065e00065b0002c4308202c030820229a003020102020900f12ab1347a5cd9e1300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e61206465
EAP-Message =
0x20496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333932335a170d3036303632323138333932335a30819d310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573310f300d060355040313066f6e65626f7830819f300d06092a864886f70d010101050003818d00308189028181
EAP-Message =
0x00d30db19c37a7284f5f673101f2773ac3924fc774d15b7f55bc563b955b73aff9ac4f61d88aadaab244f47e944cdba13890f54008bd9ef1c553229e671ac5f4ffe6bb9bea797ac67188e37b9db3fb60006b68a8b3d01f73e9600612ae2d6bd4f0ce313e761bbdd177d9344579bd17565cc7b12a944820f52ab29365d22e4a24d30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000795bf4630d57fde5f57eb8b0d4f0ceab17fd13b31437e09d666c1a5f7e3c6bc095b29442d889460764b7108194e06cc690a8b4e5ce1bc45744d57ffff07a9326ff1ac7e0d066e2cc86f83
EAP-Message =
0x8db90cbfa1ecd56e767573304003569d1693f6cf224e9a651d9d2e78a208ce2aed4ac4f0da6187ca561c946c98d24aa0161d9bf2080003913082038d308202f6a003020102020900f12ab1347a5cd9df300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333631
EAP-Message = 0x395a170d3037303632323138333631395a30818c310b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x14001116f181b54c942b09fd80aef71c
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 131 with timestamp 42ceeeaa
Cleaning up request 1 ID 132 with timestamp 42ceeeaa
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.20.7:55048, id=134, length=136
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0250000a016a6169726f
Message-Authenticator = 0xb431301d9011c62b576d14f5efb3a5b9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 134 to 192.168.20.7:55048
EAP-Message = 0x015100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xddedfde893839de06b51e844b09e3ebb
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.20.7:55050, id=135, length=224
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
State = 0xddedfde893839de06b51e844b09e3ebb
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0251005019800000004616030100410100003d030142ceeee64365b8c3abb6f2dae11480f9273de1acf18d4e59f721f3b2a3431db700001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xb346132bc4dfc481619c8cf2299e9d12
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 3
modcall: group authorize returns ok for request 3
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0662], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 135 to 192.168.20.7:55050
EAP-Message =
0x0152040a19c0000006bf160301004a02000046030142ceeeb544f3df0b475a13bd05a5b7709a67e441654df4421b3624382dc0fac420c88321324cce1b8d5bf956a124e91c951fa1b526438b6876005211d8de6aa2e300040016030106620b00065e00065b0002c4308202c030820229a003020102020900f12ab1347a5cd9e1300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e61206465
EAP-Message =
0x20496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333932335a170d3036303632323138333932335a30819d310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573310f300d060355040313066f6e65626f7830819f300d06092a864886f70d010101050003818d00308189028181
EAP-Message =
0x00d30db19c37a7284f5f673101f2773ac3924fc774d15b7f55bc563b955b73aff9ac4f61d88aadaab244f47e944cdba13890f54008bd9ef1c553229e671ac5f4ffe6bb9bea797ac67188e37b9db3fb60006b68a8b3d01f73e9600612ae2d6bd4f0ce313e761bbdd177d9344579bd17565cc7b12a944820f52ab29365d22e4a24d30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000795bf4630d57fde5f57eb8b0d4f0ceab17fd13b31437e09d666c1a5f7e3c6bc095b29442d889460764b7108194e06cc690a8b4e5ce1bc45744d57ffff07a9326ff1ac7e0d066e2cc86f83
EAP-Message =
0x8db90cbfa1ecd56e767573304003569d1693f6cf224e9a651d9d2e78a208ce2aed4ac4f0da6187ca561c946c98d24aa0161d9bf2080003913082038d308202f6a003020102020900f12ab1347a5cd9df300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333631
EAP-Message = 0x395a170d3037303632323138333631395a30818c310b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec0b973431f71a502800565992b6383f
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.20.7:55049, id=136, length=150
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
State = 0xec0b973431f71a502800565992b6383f
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x025200061900
Message-Authenticator = 0xc73e6ff689061aefca58101db936ceec
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 4
modcall: group authorize returns ok for request 4
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 136 to 192.168.20.7:55049
EAP-Message =
0x015302c51900300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e657330819f300d06092a864886f70d010101050003818d0030818902818100a4d3a6bb7f0b08a448a8b84fe5236a0ef724951374d6320389f264f2c5007aee8cfc1cfd319e16e1cb910c5cfd07821ac809e1ac9baade2e618b7addf29844732d923ca1103395642bd3f9c230d4aace
EAP-Message =
0xb77b9b2e3f96436860556ece59ee48b29a57b7824847e851a6829cc9dbefe96b24e9fb66d03e368cdcd4e40c7a7b66230203010001a381f43081f1301d0603551d0e0416041433bfd1100827d8643dcde9ca1ce76b25f46446913081c10603551d230481b93081b6801433bfd1100827d8643dcde9ca1ce76b25f4644691a18192a4818f30818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d61746963
EAP-Message =
0x6120792054656c65636f6d756e69636163696f6e6573820900f12ab1347a5cd9df300c0603551d13040530030101ff300d06092a864886f70d0101040500038181003e06154dfd6945605d183a420498b80e43472ddc37ba210af99451122c28c0f9c0fe3a8c35e5fbf834e8c9359cab9c8a5178c6e93656d1aa4a90a40114d600bdc2698199b4adb031c83633ac990f05f42244a771769d888393d4c183f71cfdbaad74a467189ae89427f68d1e55ac68320bc63370dac576cfeaa005fc9855ef5e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x452ba4fa3fffa459e48b222a2fb297af
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.20.7:55048, id=137, length=336
User-Name = "jairo"
NAS-IP-Address = 192.168.20.7
Called-Station-Id = "00-0c-41-b1-37-07"
Calling-Station-Id = "00-0b-7d-0f-f7-35"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
State = 0x452ba4fa3fffa459e48b222a2fb297af
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x025300c01980000000b61603010086100000820080c0337c715dc7bb20f9f3ae1c93ce91eeda23be9896f04a24a1a7eaa6c51d638f8fc423ff24639244ed837813aa94a1a1a4c8a25cbcb2a90d23ef570c7f4a4b77dbeda413aec277fd687a5e2798f6ce785ee93f517ed0ecab1f0f8ec59e208bebfc34c424df943b2996d3beba71dfe26d2434a3204ad3254ff966a329baa096c514030100010116030100209700c2ca07ba2fdfc3915277a9605110f596184a58fd99d554c3a8d15db4155d
Message-Authenticator = 0x83310e6f7130347158203374e0a4ddaf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
radius_xlat: 'jairo'
rlm_sql (sql): sql_set_user escaped user --> 'jairo'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'jairo' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = 'jairo' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type Eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 137 to 192.168.20.7:55048
EAP-Message =
0x0154003119001403010001011603010020533c1f673a3aee80f1deaaed2ff144a756db39c16558b0aceda3820f62eaa87c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1aa36da01070891e38754bc1d457eb2b
Finished request 5
Going to the next request
Waking up in 6 seconds...
On 7/8/05, Mario Alberto Cruz Gartner <mario.cruz at gmail.com> wrote:
> Hi!
> I'd finally knew why the client (Xp-SP2) was sending the username
> "PEAP-MacAddress" to the radius.
> I have installed the "Cisco Aironet Client Utility" (and the aironet
> drivers), and this software changed the EAP methods on XP and sends
> the mentioned user instead of the real one when tries PEAP auth.
>
> Now, the real username comes to the radius, the authorize comes ok,
> but the authenticate returns "handled" and the client doesn't
> authenticates well.
>
> I was looking the debug output and now i don't see where i can dig for details.
> EAP/TLS works fine already.
>
> Maybe i'm misleading something?
> What i'm doing wrong?
>
> Again, thks a lot for your help, it's annoying answer to too many
> similar questions, i know, but i didn't find something to do now of
> this. AND, i was thinking on make an updated version of the guides so
> ppl with less exp (like me!) can read and don't disturb you. =)
>
More information about the Freeradius-Users
mailing list