Win XP with 802.1x PEAP (EAP-MSCHAP V2)

Gentlemen, I could use your help.
 
I have a number of wireless devices that use FreeRADIUS to authenticate back to eDirectory with success while using Cisco's supplicant.  The Cisco ADU (Aironet Desktop Utility) is configured with 802.1x PEAP (EAP-MSCHAP V2).  For various reasons, I really need to make it work with the Microsoft supplicant. The Cisco docs indicate that it is possible to disable the use of their ADU to configure the WLAN card and use the Microsoft Wireless Configuration Manager in Windows XP.  I would like to keep the same 802.1x authentication type, PEAP (EAP-MSCHAP V2).
 
I have followed Cisco's detailed docs on this change of configuration and I am not getting any success.  RADIUSD log is below.
 
I have spent too much time on this issue, can someone please point me in the right direction.
Thanks much,
Marc
 
 
?-----------------------------------------------------RADIUSD LOG?-----------------------------------------------------
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=222, length=184
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x0209000f01554f48492d3430363238
        Message-Authenticator = 0x8881c69556fbec1f966ab6b8081d75ec
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
  modcall[authorize]: module "preprocess" returns ok for request 38
  modcall[authorize]: module "chap" returns noop for request 38
  modcall[authorize]: module "mschap" returns noop for request 38
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 38
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 38
  rlm_eap: EAP packet type response id 9 length 15
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 38
modcall: group authorize returns updated for request 38
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 38
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 38
modcall: group authenticate returns handled for request 38
Sending Access-Challenge of id 222 to 192.168.242.4:32768
        EAP-Message = 0x010a00061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4dda1f635e420966fc8dbbcc69dda607
Finished request 38
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=223, length=267
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x020a005019800000004616030100410100003d0301462f5a5fd08496fa6f73faf534b5d9dfc37bd2c6669a9574fa88e6335c8ad88a00001600040005000a000900640062000300060013001200630100
        State = 0x4dda1f635e420966fc8dbbcc69dda607
        Message-Authenticator = 0x9018d1e50a6f18bc6b57d69c25671a00
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 39
  modcall[authorize]: module "preprocess" returns ok for request 39
  modcall[authorize]: module "chap" returns noop for request 39
  modcall[authorize]: module "mschap" returns noop for request 39
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 39
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 39
  rlm_eap: EAP packet type response id 10 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 39
modcall: group authorize returns updated for request 39
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 39
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 098e], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 39
modcall: group authenticate returns handled for request 39
Sending Access-Challenge of id 223 to 192.168.242.4:32768
        EAP-Message = 0x010b040a19c0000009eb160301004a020000460301462eb1d736542a8a4df2f4f3a5844ef939143c291aee6778ea4f87a6236ebf88207d4d3e0a6f3cce6751337b109c3c125ed04ea100b962d594018546de179773b4000400160301098e0b00098a0009870004e5308204e1308203c9a003020102020102300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e
        EAP-Message = 0x170d3036313031303137343732365a170d3037313031303137343732365a3081a6310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653120301e060355040313176f6869736c6573312e6f747461776168656172742e63613123302106092a864886f70d010901161461646d696e406f747461776168656172742e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100bd9e19cc9f7510ee7a3170729413a3724cdf9b4355
        EAP-Message = 0x500a711649144df5caee883e099d4229e52a023ee71fbad5fa7c91cd8374529160801c6323e357e3a313610c4ed3266e7d305015f0686e4cab8e2839099d7a36f5412774232e115fdbbace6238601a88ec0eb12134da278895a504f479bfeee87aa2ac9c50a9e387ae89fdfb6b6b0dc01abe0ea4f77b2a3e606b60c9c6be6d8b688ab34989c93f27240c43ba7b4e0ae8f42ad6b179411de526fcafe7fc75f257fdb551ec16d23876010e4cb5c0ea83c37be6ddaca2c455ab7b89ded92786d7cd1cb4bcf851f78845a4bd923293b50c86d8ac54f316ac3cd9917aadc265881e2b5ae30a1220d0798d2944930203010001a382014b308201473009060355
        EAP-Message = 0x1d1304023000303006096086480186f842010d04231621596153542047656e65726174656420536572766572204365727469666963617465301106096086480186f8420101040403020640300b0603551d0f040403020520301d0603551d0e0416041470bf34961e35fdf4aaf4dcaee9a7e137e2652ec030819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e73746974
        EAP-Message = 0x7574653111300f060355040313086f6869736c657331
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0d45f794c16d885a70ce95b2f9482a78
Finished request 39
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=224, length=193
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x020b00061900
        State = 0x0d45f794c16d885a70ce95b2f9482a78
        Message-Authenticator = 0x52561bab2e8c9afa9b6d07292146a53b
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
  modcall[authorize]: module "preprocess" returns ok for request 40
  modcall[authorize]: module "chap" returns noop for request 40
  modcall[authorize]: module "mschap" returns noop for request 40
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 40
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 40
  rlm_eap: EAP packet type response id 11 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 40
modcall: group authorize returns updated for request 40
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 40
modcall: group authenticate returns handled for request 40
Sending Access-Challenge of id 224 to 192.168.242.4:32768
        EAP-Message = 0x010c04061940820100301f0603551d1104183016811461646d696e406f747461776168656172742e636130090603551d1204023000300d06092a864886f70d01010505000382010100b2eb4b296d4d38a8f0eca582b092107e24976a83c5b6068922d3348769521e0a4b57f3e843d50c851db4ad541f6342beea24a6467e73a53fae3be20573bf824b87ce49a1dc946dfc2ecb2579136eff8464c5d5f4266cc9dbde9ad6766007960ed23c7a47cd05ddea1bbfcf494af0af491e273729a6f52aa172d7e7ba09741280098d4ce25d2c951733bf9a56647a247040d11781025175e1da1cc5b546e8deb8c71bbc52e521e0b38006447eee72c4d6c31192b2
        EAP-Message = 0x47b9ef622eb5c5162e8f13fb856bf31e447f2a3ca9f32b77eb99ab60fad53474c452a8749d06fcce810f7855c5340edeb4b5f77ce880e780565c0b60fd3d2f60ca91b2ba676191090fc7e5f400049c3082049830820380a003020102020100300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e170d3036313030323139313331335a170d3136303932393139
        EAP-Message = 0x313331335a3072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733130820122300d06092a864886f70d01010105000382010f003082010a0282010100e050a5f7f6204276dce3df6c20ddc3cf195f382301b3c374408ce528cd5ef3d4931ccaa304b9105b09377d3cf3b3489665496581c1c2b4b95ae785fe925f203eb266ac65e1d9a463cde7f7befe5f843d5cff41b4cea891cf8918cfd0634d2806e31a4f
        EAP-Message = 0x7b2d4e8dd26cae6b4ba5418df21a65073208af5afe60ff565d0616a37493a1cfc94899ccd85fed161653736d0addd1a4e267112f08f81506243ab63f9700a5529e22967dac11a2b8ffa1f3239f784ecc5299d8c31d6d159386aceb39b32f29d6cb784249f234baab3b1845e418bd2df18b71f801d80787f17fddfed27494885eda51d2c05e29a5ad33330920cdd040d13e2c54c432d29667a3ef2f9c4d0203010001a382013730820133300f0603551d130101ff040530030101ff302c06096086480186f842010d041f161d596153542047656e657261746564204341204365727469666963617465301106096086480186f842010104040302010630
        EAP-Message = 0x0b0603551d0f040403020106301d0603551d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xa69c23be214cea213ab71772ec162e3e
Finished request 40
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=225, length=193
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x020c00061900
        State = 0xa69c23be214cea213ab71772ec162e3e
        Message-Authenticator = 0xaa8de108a0eecfcde92e4c62ed858be4
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
  modcall[authorize]: module "preprocess" returns ok for request 41
  modcall[authorize]: module "chap" returns noop for request 41
  modcall[authorize]: module "mschap" returns noop for request 41
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 41
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 41
  rlm_eap: EAP packet type response id 12 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 41
modcall: group authorize returns updated for request 41
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 41
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 41
modcall: group authenticate returns handled for request 41
Sending Access-Challenge of id 225 to 192.168.242.4:32768
        EAP-Message = 0x010d01f119000e041604144998ca048e04b60db2fb700a2b3716b300fcb77930819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733182010030090603551d110402300030090603551d1204023000300d06092a864886f70d010105050003820101009a6086c121e9b175d4b9c5e9406243685a58250199
        EAP-Message = 0x513347d581ba358ed6c64ac14e2782da6d6e9b40df6221c2d25e1eb785004c49bb4bb8c8889c417db67e00082324108726a295dd3121c67ddd83d7453726ce22abd2887e7ab93f829566a259347004b581a21e96db42ee57c3f29ede27882370daf38a45c331dd3c7f37a3d8c3740dd5e3ff107bd9b50dd2a9c3f18b550962f9ce5d4dda747c13b135a888f7db26648c436102b4393b7ec907d1cfaa04fac70f244c677442ea413bddd490cf144e38604f9bacbe91b9b7eb23ecf768048d71d23976d9899db5267d4f6f0ea00897c1642c3a4f70d8e21f2f04285554faa174ce6971cc6986e7c87f56ce2016030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x66033bb93efe19bc2d9927ae35020a1c
Finished request 41
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=226, length=509
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x020d0140198000000136160301010610000102010086e0f9ad658ba724bdd476c7d85b8546179334b45eb22fbbdd454326aa5ac1d00e73314dd9f1d1062acb9cb6a7a52017d219aed52f301eecdd6cc9ecaa430687a8506d5133313796465869536c861713fc98b50c7e4fc4e2e049bae00a01c919f33a9992fdb17c6c01efcb6ecb9fdfa076a46cc353164b53da2794ed7629cfc550488076a11513bdb0ce38361b61159bf5c62a93c6f322ff0d7f10c11b42c76be143fa2d7ce697b917df9948758e41f0fde6fefc636a5174b0f7fed1133e911cad334551be4fed1a9e8a2ea891d53f2bb5480c36ab18f17e454edb9b363dca569106885aefc2f07b
        EAP-Message = 0x54693c4cc6fc46d497033ae13a2bd4232717955983f96bab1403010001011603010020855695767ea53d5e8315327a5db64cf94eecbd1e8dc21c668149e5249ab54709
        State = 0x66033bb93efe19bc2d9927ae35020a1c
        Message-Authenticator = 0x780254fe75985fe63ca23fedb0cb7bbb
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 42
  modcall[authorize]: module "preprocess" returns ok for request 42
  modcall[authorize]: module "chap" returns noop for request 42
  modcall[authorize]: module "mschap" returns noop for request 42
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 42
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 42
  rlm_eap: EAP packet type response id 13 length 253
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 42
modcall: group authorize returns updated for request 42
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 42
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 42
modcall: group authenticate returns handled for request 42
Sending Access-Challenge of id 226 to 192.168.242.4:32768
        EAP-Message = 0x010e0031190014030100010116030100204c6f7e2f074eaf9fff787a15e29a6d0d4cca30295d1d5f9fde2ca041aa17f6b6
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x7b3a5e790f37b4700e491742dbc7cf95
Finished request 42
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220
        User-Name = "UOHI-40628"
        Calling-Station-Id = "00-40-96-B1-43-BB"
        Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
        NAS-Port = 1
        NAS-IP-Address = 192.168.242.4
        NAS-Identifier = "UOHIWLAN2"
        Vendor-14179-Attr-1 = 0x00000002
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "23"
        EAP-Message = 0x020e00211980000000171503010012aab9a07fd9c55ae9bc2a0bd0e1128b5157f7
        State = 0x7b3a5e790f37b4700e491742dbc7cf95
        Message-Authenticator = 0xa502333e39b077923bc35b03b4aaec26
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 43
  modcall[authorize]: module "preprocess" returns ok for request 43
  modcall[authorize]: module "chap" returns noop for request 43
  modcall[authorize]: module "mschap" returns noop for request 43
    rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 43
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat:  '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat:  'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 43
  rlm_eap: EAP packet type response id 14 length 33
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 43
modcall: group authorize returns updated for request 43
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 43
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 43
modcall: group authenticate returns invalid for request 43
auth: Failed to validate the user.
  Processing the post-auth section of radiusd.conf
modcall: entering group Post-Auth-Type for request 43
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: eDirectory account policy check failed.
rlm_ldap: NDS error: failed authentication (-669)
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[post-auth]: module "ldap" returns reject for request 43
modcall: group Post-Auth-Type returns reject for request 43
Delaying request 43 for 1 seconds
Finished request 43
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220
Sending Access-Reject of id 227 to 192.168.242.4:32768
        EAP-Message = 0x040e0004
        Message-Authenticator = 0x00000000000000000000000000000000
        Reply-Message = "NDS error: failed authentication (-669)"
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 38 ID 222 with timestamp 462eb1d7
Cleaning up request 39 ID 223 with timestamp 462eb1d7
Cleaning up request 40 ID 224 with timestamp 462eb1d7
Cleaning up request 41 ID 225 with timestamp 462eb1d7
Cleaning up request 42 ID 226 with timestamp 462eb1d7
Cleaning up request 43 ID 227 with timestamp 462eb1d7
Nothing to do.  Sleeping until we see a request.
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.