Authentication failed

Carlos Jimenez Barranco cjimenez at impala-net.com
Thu Jul 12 12:52:43 CEST 2007


***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********


Yes, it is PEAP.

Here is the debug:

rad_recv: Access-Request packet from host 172.24.230.15:1274, id=118, length=156
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0xa4cad15c8a6ff988359776097d2a2648
        EAP-Message = 0x020300061900
        Message-Authenticator = 0xa0283d9445bd1fa36df5a7db7f704288
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  modcall[authorize]: module "preprocess" returns ok for request 4
  modcall[authorize]: module "chap" returns noop for request 4
  modcall[authorize]: module "mschap" returns noop for request 4
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 4
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 118 to 172.24.230.15:1274
        EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
        EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
        EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1275, id=119, length=342
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
        EAP-Message = 0x020400c01980000000b61603010086100000820080a0a1d79a3221244464cdb897cba12e9da17d5f26c74ae6b70c264ce4c2ac4355a89bbac6ee9793b052693711d886e1311034beba4a23c797b613a8fcb968f3afd7ca11fb373739b0662074329aa35ad3683a4ef77f7e9cd96fe78bfd22cf6ea07ce28843c3e8173ded0a2f70ac6dc51d05e005fdc3ac1c743027fd37b5f91a4d1403010001011603010020efa33aa831080bbfb9545494e02f849d0e496c2cb8f3fe125308b14d8e401b2a
        Message-Authenticator = 0xe35ea6d9060bf395da7a6fee6be9c1d6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "chap" returns noop for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 4 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 119 to 172.24.230.15:1275
        EAP-Message = 0x01050031190014030100010116030100206fafa47a1c95be075428fe823b87526554684724ce47683c27a62f8a0614e943
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x884de7e54567f992c4295f91e9232494
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1276, id=120, length=156
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0x884de7e54567f992c4295f91e9232494
        EAP-Message = 0x020500061900
        Message-Authenticator = 0x41823b1c88e1cdc292ffa3caf2d66b6e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "chap" returns noop for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 120 to 172.24.230.15:1276
        EAP-Message = 0x0106002019001703010015697889c7a3599228e4a5d3eec7d2068f4926c57948
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xb63de12e95ed9591476c6ed8dc8755ee
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1277, id=121, length=202
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0xb63de12e95ed9591476c6ed8dc8755ee
        EAP-Message = 0x02060034190017030100291828ef9227d584cacec539c489ae909a31b5b76d0b675483f109612f3a86cd3c82fd1cd04278507580
        Message-Authenticator = 0x5ae6eb660582fb81597d313ffe02be24
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 6 length 52
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - host/PC-BARCMM2.it.local
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
  PEAP: Got tunneled identity of host/PC-BARCMM2.it.local
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to host/PC-BARCMM2.it.local
  PEAP: Sending tunneled request
        EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "host/PC-BARCMM2.it.local"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  modcall[authorize]: module "preprocess" returns ok for request 7
  modcall[authorize]: module "chap" returns noop for request 7
  modcall[authorize]: module "mschap" returns noop for request 7
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 7
  rlm_eap: EAP packet type response id 6 length 29
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
  PEAP: Got tunneled reply RADIUS code 11
        EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xef700e94932965fd864f8ee94ca84821
  PEAP: Processing from tunneled session code 0x90fbdd8 11
        EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xef700e94932965fd864f8ee94ca84821
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 121 to 172.24.230.15:1277
        EAP-Message = 0x010700491900170301003e49c5bfa64167d421185b0b70ccaad9608da5c1866e2f4fa6ca6c39c326687062a77abb04a0454dacd4be809b90f4e724d6dc46d781e2275de386b7f1b00a
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x71800117cdd97753f7c575cc34f0010c
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1278, id=122, length=256
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0x71800117cdd97753f7c575cc34f0010c
        EAP-Message = 0x0207006a1900170301005f99131f0772aca0d9208d07a82eb0fa63e07c04a39095210d87ed1a490f0b0c555d42fbaf207a7612f2196ba78a506bcc4d6a3304f1be833b7a4b01586d277621e05ba4962f0611c9cdd9018ec57a2437bfbb6ce22afd4b153ed0e4349e7021
        Message-Authenticator = 0x0d289cd236d1717c81b54462ef49e2fe
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: EAP packet type response id 7 length 106
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
  PEAP: Setting User-Name to host/PC-BARCMM2.it.local
  PEAP: Adding old state with ef 70
  PEAP: Sending tunneled request
        EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "host/PC-BARCMM2.it.local"
        State = 0xef700e94932965fd864f8ee94ca84821
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  modcall[authorize]: module "preprocess" returns ok for request 8
  modcall[authorize]: module "chap" returns noop for request 8
  modcall[authorize]: module "mschap" returns noop for request 8
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 8
  rlm_eap: EAP packet type response id 7 length 83
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 8
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password
radius_xlat:  '/usr/bin/ntlm_auth --request-nt-key '
Exec-Program: /usr/bin/ntlm_auth --request-nt-key
username must be specified!

Usage: [OPTION...]
  --helper-protocol=helper protocol to use     operate as a stdio-based helper
  --username=STRING                            username
  --domain=STRING                              domain name
  --workstation=STRING                         workstation
  --challenge=STRING                           challenge (HEX encoded)
  --lm-response=STRING                         LM Response to the challenge
                                               (HEX encoded)
  --nt-response=STRING                         NT or NTLMv2 Response to the
                                               challenge (HEX encoded)
  --password=STRING                            User's plaintext password
  --request-lm-key                             Retreive LM session key
  --request-nt-key                             Retreive User (NT) session key
  --diagnostics                                Perform diagnostics on the
                                               authentictaion chain
  --require-membership-of=STRING               Require that a user be a member
                                               of this group (either name or
                                               SID) for authentication to
                                               succeed

Help options
  -?, --help                                   Show this help message
  --usage                                      Display brief usage message

Common samba options:
  -d, --debuglevel=DEBUGLEVEL                  Set debug level
  -s, --configfile=CONFIGFILE                  Use alternative configuration
                                               file
  -l, --log-basename=LOGFILEBASE               Basename for log/debug files
  -V, --version                                Print version
Exec-Program output:
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 8
modcall: group Auth-Type returns reject for request 8
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 8
modcall: group authenticate returns reject for request 8
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client localhost port 0)
  PEAP: Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 0x90d8c60 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 122 to 172.24.230.15:1278
        EAP-Message = 0x010800261900170301001bc5c79a1b5d0753da26040c3590de04ab498dd1cf2b311c0d04db48
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe8f4e90b18573d9b55ac51a21f446398
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1279, id=123, length=188
        NAS-IP-Address = 172.24.230.15
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 1
        Framed-MTU = 1400
        User-Name = "host/PC-BARCMM2.it.local"
        Calling-Station-Id = "000e359071d6"
        Called-Station-Id = "001188a187a0"
        NAS-Identifier = "RoamAbout AP"
        State = 0xe8f4e90b18573d9b55ac51a21f446398
        EAP-Message = 0x020800261900170301001b9a969d66050e592940d2585b980c25ffe386404b86973332efe093
        Message-Authenticator = 0xfa5a126c3667224edf78d15a852fa80e
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  modcall[authorize]: module "preprocess" returns ok for request 9
  modcall[authorize]: module "chap" returns noop for request 9
  modcall[authorize]: module "mschap" returns noop for request 9
    rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 9
  rlm_eap: EAP packet type response id 8 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
    users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 000e359071d6)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 123 to 172.24.230.15:1279
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 116 with timestamp 4695fe85
Cleaning up request 3 ID 117 with timestamp 4695fe85
Cleaning up request 4 ID 118 with timestamp 4695fe85
Cleaning up request 5 ID 119 with timestamp 4695fe85
Cleaning up request 6 ID 120 with timestamp 4695fe85
Cleaning up request 7 ID 121 with timestamp 4695fe85
Cleaning up request 8 ID 122 with timestamp 4695fe85
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 123 with timestamp 4695fe86
Nothing to do.  Sleeping until we see a request.


Thank you, Ivan

Carlos Jimenez Barranco
- Área de Postventa
    Telf. +34 933034139
 

www.impala-net.com

Sistemas de Comunicaciones Corporativas

 



-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.or] En nombre de tnt at kalik.co.yu
Enviado el: jueves, 12 de julio de 2007 12:41
Para: FreeRadius users mailing list
Asunto: RE: Authentication failed

***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********


What EAP method are you using? PEAP? Can you post the radiusd -X output.

Ivan Kalik
Kalik Informatika ISP


Dana 12/7/2007, "Carlos Jimenez Barranco" <cjimenez at impala-net.com>
piše:

>
>***********************
>Mensaje examinado por el antivirus perimetral de Impala Network Solutions
>***********-***********
>
>
>Hello, Stefan:
>
>As you told us, the supplicant was sending an empty username. We had to introduce manually the username and password because wireless card was not taking correctly domain login values and using an empty value.
>The most recent log is:
>
>Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client localhost port 0) Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client 172..24.230.15 port 1 cli 00118865b6e5)
>
>
>Thank you,
>
>Carlos Jimenez Barranco
>- Área de Postventa
>    Telf. +34 933034139
> 
>
>www.impala-net.com
>
>Sistemas de Comunicaciones Corporativas
>
> 
>
>
>
>-----Mensaje original-----
>De: freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org] En nombre de Stefan Winter
>Enviado el: jueves, 12 de julio de 2007 10:51
>Para: FreeRadius users mailing list
>Asunto: Re: Authentication failed
>
>Hi,
>
>> About the supplicant, we are using just Windows XP. We have tried with
>> several wireless card (enterasys one, integrated Intel Centrino
>> 2200b/g...). I have may not understood the supplicant meaning, tell me
>> then, please. I thought it could be a problem related to the way the
>> freeradius deals credentials (i. e. MSCHAP, with_ntdomain_hack value...).
>
>FreeRADIUS can't do *anything* if it doesn't know who to authenticate. Your 
>NAS is sending an *empty* username. As far as I can tell, your problem does 
>not lie on the server side, but on the client side.
>
>Stefan
>
>-- 
>Stefan WINTER
>
>Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
>la Recherche
>Ingenieur Forschung & Entwicklung
>
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
>http://www.restena.lu                Fax:      +352 422473
>
>
>___________________________________________________________________________
>
>Este mensaje se dirije exclusivamente a su destinatario y puede contener
>información privilegiada o confidencial de Impala Network Solutions S.L.
>Si no es vd. el destinatario indicado, queda notificado de que la utilización,
>divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
>Si ha recibido este mensaje por error, le rogamos nos lo comunique
>inmediatamente por esta misma via y proceda a su destrucción.
>
>
>This message is intended exclusively for its addressee and may contain
>information that is CONFIDENTIAL and protected by professional privilege.
>If you are not the intended recipient you are hereby notified that any
>dissemination, copy or disclosure of this communication is strictly
>prohibited by law. If this message has been received in error, please
>immediately notify us via e-mail and delete it.
>___________________________________________________________________________
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



___________________________________________________________________________

Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.


This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________




More information about the Freeradius-Users mailing list