eap/peap-mschap-v2 users file and check items

Sascha Lucas slu at dmc.de
Mon Jul 3 10:12:33 CEST 2006


Hi,

I use successfully WinXP with peap-mschap-v2. But I'm unable to enter
aditional items in the check list.

The users file for working peap-mschap-v2 looks this way:

test Auth-Type := EAP, User-Password == "abc123"

And I want it also to check for NAS-IP and NAS-Port. Doing local tests (non
eap with radiusclient) this line works:

test Auth-Type := Local, User-Password == "abc123", NAS-IP-Address ==
10.41.10.252, NAS-Port == 20

With EAP:

test Auth-Type := EAP, User-Password == "abc123", NAS-IP-Address ==
10.41.10.252, NAS-Port == 20

it dosn't work. The output of radiusd -X is at the end of this mail.

I would be very pleased if someone could help.

Thanks,

Sascha.

# debug output eap/peap-mschap-v2 + users file + check items NAS-IP-Address
== 10.41.10.252, NAS-Port == 20
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=101,
length=198
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        EAP-Message = 0x020100090174657374
        Message-Authenticator = 0xb9b550b43e6e65d1babc24d76d27d2d1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 101 to 10.41.10.252 port 3040
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x3f9c073b23e622ceeb3a2886221f9ea5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=102,
length=287
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x3f9c073b23e622ceeb3a2886221f9ea5
        EAP-Message =
0x0202005019800000004616030100410100003d030144a8d111da4d413b10bb2411c172ee75
8d06ca151d978c0f541b2348004478cf00001600040005000a00090064006200030006001300
1200630100
        Message-Authenticator = 0x2fde818824e742555ed7b02d2d733927
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 102 to 10.41.10.252 port 3040
        EAP-Message =
0x0103040a19c0000006f1160301004a02000046030144a8d0d24aee3e74a3550f10e6ada640
f87b148ff808970232709f9a8dd7650120bc88d3ebf81d424ab881a051ee756c679534cac2e9
a80f35ecb05a6f8a37f1b900040016030106940b00069000068d0002cd308202c930820232a0
03020102020102300d06092a864886f70d010104050030819f310b3009060355040613024341
3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974
7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63
616c686f7374311b301906035504031312436c69656e74206365
        EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d
706c652e636f6d301e170d3034303132353133323631305a170d303530313234313332363130
5a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112
301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174
696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74
206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d
706c652e636f6d30819f300d06092a864886f70d010101050003
        EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a78
2098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014
a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f8
1ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603
551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d
921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd70845370834
96fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
        EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f
295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003
020102020100300d06092a864886f70d010104050030819f310b300906035504061302434131
11300f0603550408130850726f76696e63653112301006035504071309536f6d652043697479
31153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f6361
6c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f
06092a864886f70d0109011612636c69656e74406578616d706c
        EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5558eafcc0c9270f0a601ce7ebf1b725
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=103,
length=213
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x5558eafcc0c9270f0a601ce7ebf1b725
        EAP-Message = 0x020300061900
        Message-Authenticator = 0x9a0049ea0d3c63a3f373ec1b17be7f1e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  modcall[authorize]: module "preprocess" returns ok for request 2
  modcall[authorize]: module "chap" returns noop for request 2
  modcall[authorize]: module "mschap" returns noop for request 2
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 2
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 103 to 10.41.10.252 port 3040
        EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b3009060355040613024341
3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974
7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63
616c686f7374311b301906035504031312436c69656e74206365727469666963617465312130
1f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06
092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8f
bff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249e
dd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229
963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e
1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7
bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111
300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931
153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572
74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d010104050003
81810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc27
43fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00
163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d437
3354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xb2f0902c5695d24029c1eae67f8dc832
Finished request 2
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=104,
length=399
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0xb2f0902c5695d24029c1eae67f8dc832
        EAP-Message =
0x020400c01980000000b61603010086100000820080cdc24c42a026646a258768cba99c8fc4
663b97faad681ab4b16c9d1d3b2d9ae81c135f675421f42912ca2200a1d4f3df872397371893
daf6cb5d1507beb7b912d97bac7076e4e3478f09e551d07325007beba10800a4b45c6c0e03e9
7c89e2a691825b6f3c3525eb6372375ac810a64f5428e1f76862a25ff6b279a244a662bd1403
010001011603010020557f15b5d607d32153c083d37d3034377433cd9be47a7ee48bb08f112c
874082
        Message-Authenticator = 0x3e3e1529d2ee38f6d8c665ae580efc89
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  modcall[authorize]: module "preprocess" returns ok for request 3
  modcall[authorize]: module "chap" returns noop for request 3
  modcall[authorize]: module "mschap" returns noop for request 3
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 3
  rlm_eap: EAP packet type response id 4 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 104 to 10.41.10.252 port 3040
        EAP-Message =
0x0105003119001403010001011603010020d0acff5a32a5a7090f28f276af642f1b085b4ce7
cec1fb78dc46b40dae44c357
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5a3f8611e2d4236ad72e3d7097e41e1f
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=105,
length=213
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x5a3f8611e2d4236ad72e3d7097e41e1f
        EAP-Message = 0x020500061900
        Message-Authenticator = 0x0d39014ab2d25712f51e1c1bc8a63100
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 105 to 10.41.10.252 port 3040
        EAP-Message =
0x0106002019001703010015a5bcc1098646b65ad2b7ceb329bb09c8fd5bfe9e6c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=106,
length=239
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8
        EAP-Message =
0x02060020190017030100154e9945083e526ec76d94fe3b0faf652e8ae95dd20d
        Message-Authenticator = 0x80e9ce6c56c810fe207d187abc8cf74b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 6 length 32
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - test
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message = 0x020600090174657374
  PEAP: Got tunneled identity of test
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to test
  PEAP: Sending tunneled request
        EAP-Message = 0x020600090174657374
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "test"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 6 length 9
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
  PEAP: Got tunneled reply RADIUS code 11
        EAP-Message =
0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xd2f3b0fbb938453b949b7575007ebd51
  PEAP: Processing from tunneled session code 0x8155688 11
        EAP-Message =
0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xd2f3b0fbb938453b949b7575007ebd51
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 106 to 10.41.10.252 port 3040
        EAP-Message =
0x010700351900170301002a86144ef69a225f4ed4aec94cff229b6e7f5e9438bd4208abd0ab
38146938c267556769c40433b3c0eb06
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9d12c4f6b1c13cc5148874296c3822ff
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=107,
length=293
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x9d12c4f6b1c13cc5148874296c3822ff
        EAP-Message =
0x020700561900170301004b0b304800bd1b9d9375cbc1e6fb87f6365c444c8792e9e9228d86
22cc6056f8d7a789ec2601020e063432f3e48f22c7ccf859ac3cb35f7c0888f405805dff811b
5d30a14fcc5f8bd671abb8
        Message-Authenticator = 0x33f83a79238b43e64c642ec3ec17c1d9
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 86
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message =
0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e
6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374
  PEAP: Setting User-Name to test
  PEAP: Adding old state with d2 f3
  PEAP: Sending tunneled request
        EAP-Message =
0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e
6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "test"
        State = 0xd2f3b0fbb938453b949b7575007ebd51
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 7 length 63
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 156
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
  PEAP: Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 0x8155850 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 107 to 10.41.10.252 port 3040
        EAP-Message =
0x010800261900170301001b118d4b906d0d0a0761d142e67ded34e61fefe0730e383181b4a1
d3
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5f8f97e0a6faf1d69c594e447416078f
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108,
length=245
        Framed-MTU = 9178
        NAS-IP-Address = 10.41.10.252
        NAS-Identifier = "HP-2848_01"
        User-Name = "test"
        Service-Type = Administrative-User
        Framed-Protocol = PPP
        NAS-Port = 20
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "20"
        Called-Station-Id = "00-11-0a-a6-18-2c"
        Calling-Station-Id = "00-20-ed-5d-d1-74"
        Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "1"
        State = 0x5f8f97e0a6faf1d69c594e447416078f
        EAP-Message =
0x020800261900170301001ba6cfdc0618a8761283bb4f17f20c5e6b5db5599af0e735cffcaa
3b
        Message-Authenticator = 0x00959c1f93d389cf96647d272fcead14
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 8 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry test at line 91
  modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in
this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108,
length=245
Sending Access-Reject of id 108 to 10.41.10.252 port 3040
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000



More information about the Freeradius-Users mailing list