Simultaneous-Use and PEAP doesn't work correctly.

Marcotte, Tyler tmarcott at enterasys.com
Wed Oct 10 17:58:16 CEST 2007 

> Marcotte, Tyler wrote:
> > Hi, You said it's a bug in 1.x. I just tried the latest code in the
> cvs
> > repository (2.0 I believe) and I still get the same problem. After
> the
> > PEAP failure, it sends an Access-Challenge rather than an Access-
> Reject.
> 
>   That's completely different from what you said before.
> 
> > Am I missing anything else here?
> 
> $ radiusd -X
> 
>   Alan DeKok.

I had it attached to my first email. Here it is again inline though.

Thanks,

-Tyler


Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.3.88:1812, id=223,
length=185
	NAS-IP-Address = 192.168.3.88
	NAS-Port = 192
	Cisco-NAS-Port = "FastEthernet0/6"
	NAS-Port-Type = Ethernet
	User-Name = "user1"
	Called-Station-Id = "00-0D-29-53-6D-46"
	Calling-Station-Id = "00-09-6B-7C-1F-78"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x45d6de6646898817fedcc83eb8325436
	EAP-Message =
0x0207001d1900170301001255c450b5120aec60b77bb555c8b9e89b6026
	Message-Authenticator = 0x48d3b363a7a39d3120d016ea8ee0ef55
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  modcall[authorize]: module "preprocess" returns ok for request 17
  modcall[authorize]: module "chap" returns noop for request 17
  modcall[authorize]: module "mschap" returns noop for request 17
    rlm_realm: No '\' in User-Name = "user1", skipping NULL due to
config.
  modcall[authorize]: module "ntdomain" returns noop for request 17
    users: Matched entry DEFAULT at line 158
    users: Matched entry DEFAULT at line 177
    users: Matched entry user1 at line 223
  modcall[authorize]: module "files" returns ok for request 17
  rlm_eap: EAP packet type response id 7 length 29
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 17
modcall: leaving group authorize (returns updated) for request 17
  rad_check_password:  Found Auth-Type System
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'user1'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
	EAP-Message = 0x020700061a03
  PEAP: Setting User-Name to user1
  PEAP: Adding old state with 21 a6
  PEAP: Sending tunneled request
	EAP-Message = 0x020700061a03
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "user1"
	State = 0x21a6b01dca8c206387e07f1b6ed3d5e2
	NAS-IP-Address = 192.168.3.88
	NAS-Port = 192
	Cisco-NAS-Port = "FastEthernet0/6"
	NAS-Port-Type = Ethernet
	Called-Station-Id = "00-0D-29-53-6D-46"
	Calling-Station-Id = "00-09-6B-7C-1F-78"
	Service-Type = Framed-User
	Framed-MTU = 1500
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  modcall[authorize]: module "preprocess" returns ok for request 17
  modcall[authorize]: module "chap" returns noop for request 17
  modcall[authorize]: module "mschap" returns noop for request 17
    rlm_realm: No '\' in User-Name = "user1", skipping NULL due to
config.
  modcall[authorize]: module "ntdomain" returns noop for request 17
    users: Matched entry DEFAULT at line 158
    users: Matched entry DEFAULT at line 177
    users: Matched entry user1 at line 223
  modcall[authorize]: module "files" returns ok for request 17
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 17
modcall: leaving group authorize (returns updated) for request 17
  rad_check_password:  Found Auth-Type System
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'user1'
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 17
modcall: leaving group authenticate (returns ok) for request 17
  Processing the session section of radiusd.conf
modcall: entering group session for request 17
radius_xlat:  '/var/log/radius/radutmp'
radius_xlat:  'user1'
  modcall[session]: module "radutmp" returns ok for request 17
modcall: leaving group session (returns ok) for request 17
  PEAP: Got tunneled reply RADIUS code 3
	Reply-Message := "\r\nYou are already logged in - access
denied\r\n\n"
  PEAP: Processing from tunneled session code 0x81667248 3
	Reply-Message := "\r\nYou are already logged in - access
denied\r\n\n"
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 17
modcall: leaving group authenticate (returns handled) for request 17
Sending Access-Challenge of id 223 to 192.168.3.88 port 1812
	Framed-IP-Address = 255.255.255.254
	Framed-MTU = 576
	Service-Type = Framed-User
	EAP-Message =
0x010800261900170301001b1450162d7978bb0a346febf7acf7b4182469bacd418814fa
e7c575
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x5e309299e4e51fb5676d6d6b3e369b85
Finished request 17
Going to the next request
Waking up in 6 seconds...

More information about the Freeradius-Users mailing list