Supplicant seems not to send password user

tnt at kalik.co.yu tnt at kalik.co.yu
Mon Oct 1 23:19:16 CEST 2007


Yes. This is still the certificate problem. You haven't got to the
password check yet. Chack that you have imported the correct
certificates (as per previous post).

Ivan Kalik
Kalik Informatika ISP


Dana 1/10/2007, "Sergio Belkin" <sebelk at gmail.com> piše:

>2007/10/1, tnt at kalik.co.yu <tnt at kalik.co.yu>:
>> Because conversation hasn't got to password checking. Probably, since
>> this debug doesn't mean much to me.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>
>These are Debug messages (using a wrong password)
>
>rad_recv: Access-Request packet from host 10.30.1.151:1036, id=66, length=98
>        User-Name = "test"
>        Calling-Station-Id = "00-0e-35-bf-51-18"
>        EAP-Message = 0x020100090174657374
>        Framed-MTU = 1287
>        NAS-IP-Address = 192.168.1.1
>        NAS-Port = 0
>        NAS-Port-Type = Wireless-802.11
>        Message-Authenticator = 0xb8d1b41830e1a2edc1ecf677b3936c68
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 2
>  modcall[authorize]: module "preprocess" returns ok for request 2
>  modcall[authorize]: module "chap" returns noop for request 2
>  modcall[authorize]: module "mschap" returns noop for request 2
>    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 2
>  rlm_eap: EAP packet type response id 1 length 9
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 2
>    users: Matched entry test at line 79
>  modcall[authorize]: module "files" returns ok for request 2
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 2
>modcall: leaving group authorize (returns updated) for request 2
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 2
>  rlm_eap: EAP Identity
>  rlm_eap: processing type tls
>  rlm_eap_tls: Initiate
>  rlm_eap_tls: Start returned 1
>  modcall[authenticate]: module "eap" returns handled for request 2
>modcall: leaving group authenticate (returns handled) for request 2
>Sending Access-Challenge of id 66 to 10.30.1.151 port 1036
>        Reply-Message = "Hola test"
>        EAP-Message = 0x010200061920
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x0554162407c62e4d26c570bf0dc3a4aa
>Finished request 2
>Going to the next request
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.30.1.151:1036, id=67, length=187
>        User-Name = "test"
>        Calling-Station-Id = "00-0e-35-bf-51-18"
>        EAP-Message =
>0x0202005019800000004616030100410100003d030147015317f20f33b39cf4163f4dc7389a82b29787664c80850600d8173d387a8c00001600040005000a000900640062000300060013001200630100
>        Framed-MTU = 1287
>        NAS-IP-Address = 192.168.1.1
>        NAS-Port = 0
>        NAS-Port-Type = Wireless-802.11
>        State = 0x0554162407c62e4d26c570bf0dc3a4aa
>        Message-Authenticator = 0x772f0fcf0b9095b3987366da2b8b0eec
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 3
>  modcall[authorize]: module "preprocess" returns ok for request 3
>  modcall[authorize]: module "chap" returns noop for request 3
>  modcall[authorize]: module "mschap" returns noop for request 3
>    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 3
>  rlm_eap: EAP packet type response id 2 length 80
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 3
>    users: Matched entry test at line 79
>  modcall[authorize]: module "files" returns ok for request 3
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 3
>modcall: leaving group authorize (returns updated) for request 3
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 3
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/peap
>  rlm_eap: processing type peap
>  rlm_eap_peap: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0323], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>    TLS_accept: SSLv3 write server done A
>    TLS_accept: SSLv3 flush data
>    TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  rlm_eap_peap: EAPTLS_HANDLED
>  modcall[authenticate]: module "eap" returns handled for request 3
>modcall: leaving group authenticate (returns handled) for request 3
>Sending Access-Challenge of id 67 to 10.30.1.151 port 1036
>        Reply-Message = "Hola test"
>        EAP-Message =
>0x010303861900160301004a020000460301470153c12f6418b0890a37d1b2a4cfaa6cf53f2f68558a1e44b1de861ade5d0120a9a82dee78a91db7e7cb55ae09dfce0e555f7c9c3fe0a52bb80632a2f6be001a00040016030103230b00031f00031c000319308203153082027ea003020102020101300d06092a864886f70d01010405003081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f06
>        EAP-Message =
>0x0355040b1308496e7465726e657431193017060355040313106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e656475301e170d3037303932363139333435395a170d3038303932353139333435395a3081c3310b3009060355040613024152311530130603550408130c4275656e6f73204169726573312b302906035504070c2243697564616420417574c383c2b36e6f6d61206465204275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f3111300f060355040b1308496e7465726e6574311930170603550403
>        EAP-Message =
>0x13106c616c612e70616c65726d6f2e6564753121301f06092a864886f70d01090116127362656c6b694070616c65726d6f2e65647530819f300d06092a864886f70d010101050003818d0030818902818100eae88c4ee5755bcff546c3a68bab7b736e6f65d8606c1aadecf6992e59f340adddb323e7a3400a65e50cc80d7dd9ad58d86e50755c9e7e16640cd216ce68ce368aa37792817f1fc9aa30a016a3ee11ef5ab0b70d75543ec1aa8786d84caa7e6fe65bd4d9717cbf419d04f08181a24aa3591b1254bd78c4493f7424ccce2c1f150203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104
>        EAP-Message =
>0x050003818100b0496218dcda605d85723a61b574fe1254e2d9a02fcc7c635099f663609b0e5c4507497ed3ee2b15082bdc3ad578060c015ed439a6072eb1e6f418a7a0394442afbf6465258a1afd677343c6a71f9a4cf79d34f28d1c074053e2f7a9de236dbe7d7ea9a2150b26643b95e33f83172a0e36805e9ee185e5d2f8a914843a8647f516030100040e000000
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xa1e27c380c18bfa0a712fb53b701d612
>Finished request 3
>Going to the next request
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 10.30.1.151:1036, id=68, length=113
>        User-Name = "test"
>        Calling-Station-Id = "00-0e-35-bf-51-18"
>        EAP-Message = 0x020300061900
>        Framed-MTU = 1287
>        NAS-IP-Address = 192.168.1.1
>        NAS-Port = 0
>        NAS-Port-Type = Wireless-802.11
>        State = 0xa1e27c380c18bfa0a712fb53b701d612
>        Message-Authenticator = 0xad3e26570e7fb8ad2e80b1107a777ee1
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 4
>  modcall[authorize]: module "preprocess" returns ok for request 4
>  modcall[authorize]: module "chap" returns noop for request 4
>  modcall[authorize]: module "mschap" returns noop for request 4
>    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 4
>  rlm_eap: EAP packet type response id 3 length 6
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 4
>    users: Matched entry test at line 79
>  modcall[authorize]: module "files" returns ok for request 4
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 4
>modcall: leaving group authorize (returns updated) for request 4
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 4
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/peap
>  rlm_eap: processing type peap
>  rlm_eap_peap: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls: Received EAP-TLS ACK message
>  rlm_eap_tls: ack handshake fragment handler
>  eaptls_verify returned 1
>  eaptls_process returned 13
>  rlm_eap_peap: EAPTLS_HANDLED
>  modcall[authenticate]: module "eap" returns handled for request 4
>modcall: leaving group authenticate (returns handled) for request 4
>Sending Access-Challenge of id 68 to 10.30.1.151 port 1036
>        Reply-Message = "Hola test"
>        EAP-Message = 0x010400061900
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0xf791ee30348d584c274257c11d454e39
>Finished request 4
>Going to the next request
>Waking up in 6 seconds...
>
>




More information about the Freeradius-Users mailing list