help in setting up PEAP in freeRADIUS with winXp supplicant

Apangshu Saha apangshu at gmail.com
Mon Jun 11 14:25:18 CEST 2007


Dear All,
I am a newbee in freeRADIUS and unable to setting up PEAP in freeRADIUS with
winXp supplicant.On the client side it always show attempting to
authenticate.I am getting the following lines at the last of the log file of
freeRADIUS.Help me to sort out
the problem please.

**************************log file*************************
  modcall[authorize]: module "files" returns ok for request 4
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
        EAP-Message =
0x0105002019001703010015c37ca76db66f6a97fcfcf85e65a7e03d3e70fcf43d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x5142c99b4f3e278d5f71af41f06e1e96
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=180
        User-Name = "administrator"
        NAS-IP-Address = 192.168.6.14
        Called-Station-Id = "0012172a3da3"
        Calling-Station-Id = "00131008616c"
        NAS-Identifier = "0012172a3da3"
        NAS-Port = 5
        Framed-MTU = 1400
        State = 0x5142c99b4f3e278d5f71af41f06e1e96
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020500291900170301001e103d6d5ce7a04c446824e451f6b169ff53a8f48d18f614092295e6e1cdb6
        Message-Authenticator = 0x45a325b094cfed83fdb2aad638a9fb12
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 5 length 41
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 152
    users: Matched entry administrator at line 215
  modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - administrator
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of administrator
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to administrator
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  modcall[authorize]: module "preprocess" returns ok for request 5
  modcall[authorize]: module "mschap" returns noop for request 5
    rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 5
  rlm_eap: EAP packet type response id 5 length 18
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 152
    users: Matched entry administrator at line 215
  modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: EAP Identity
 rlm_eap: No such EAP type mschapv2
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
        EAP-Message =
0x010600261900170301001b91727baee5568c72883984a71242056b8f336171f797c3646a85de
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1654be07c4122f438449a5f35981dd27
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=177
        User-Name = "administrator"
        NAS-IP-Address = 192.168.6.14
        Called-Station-Id = "0012172a3da3"
        Calling-Station-Id = "00131008616c"
        NAS-Identifier = "0012172a3da3"
        NAS-Port = 5
        Framed-MTU = 1400
        State = 0x1654be07c4122f438449a5f35981dd27
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020600261900170301001bdbac43bc04a3b2686dc05fc44cdb0a3922e36e0156ea45c11c188e
        Message-Authenticator = 0x0150585836af2d8127b88cf51a3efbfd
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
    rlm_realm: No '@' in User-Name = "administrator", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 6
  rlm_eap: EAP packet type response id 6 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 152
    users: Matched entry administrator at line 215
  modcall[authorize]: module "files" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in
this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 6
modcall: leaving group authenticate (returns invalid) for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.6.14 port 2049
        EAP-Message = 0x04060004
        Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 6 ID 0 with timestamp 466d3f35
Nothing to do.  Sleeping until we see a request.
***********************log file*************************************

please help.

with regards...
apangshu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070611/20abea88/attachment.html>


More information about the Freeradius-Users mailing list