|
FreeRADIUS Version 1.1.3-r0.1.2 I have been using FreeRADIUS for some time now to do simple MAC authentication for the original implementation of our wireless network. This of course was a temporary solution and I am trying to move all of the users over to PEAP Authentication. I Have been unable to get the PEAP Authentication to work with MSChap-v2. All of my Access points are Cisco AP1231G Models. I am fairly new to FreeRADIUS, so I expect what I am doing wrong is going to be obvious to most but any advice would be welcomed. From what I can see it appears that the User-Password attribute may not be getting processed correctly as indicated by the following lines. auth: Failed to validate the user. Login incorrect: [C12660/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE I have included my debug output below. Terry Pelley Network Analyst Business and Learning Technologies Ottawa-Carleton District School Board Debug Output.########### Ready to process requests. rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=1, length=125 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x85aa28b563b14c66500cdbee3613d047 EAP-Message = 0x0202000b01433132363630 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type leap rlm_eap_leap: Stage 2 rlm_eap_leap: Issuing AP Challenge rlm_eap_leap: Successfully initiated modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 1 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x01030016110100082abab9994950d11b433132363630 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x734179eb51b60c489589265407691b5c Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=2, length=138 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x6c47bb7bdfb40f5047245b3ff39ad738 EAP-Message = 0x020300060319 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x734179eb51b60c489589265407691b5c NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 2 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x13c573d53e826031d83b6b1edc7b48a8 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=3, length=212 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x2a5655347310a8601241f7abe218f989 EAP-Message = 0x0204005019800000004616030100410100003d030146ea79da12620feb62ae90bcb89ee2fffe650b3c45bc 8ed6d684bc598d417eed00001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x13c573d53e826031d83b6b1edc7b48a8 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 09cd], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 3 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x0105040a19c000000a2a160301004a02000046030146ea79dbc0b72f7f465487ff478709f071de1d3b8b1e 9d6438ecd574a1f1f8922016808fabeeb491a841f8d0c02de86ed4e88a3b2234d8bb1991055ad1b2446c4a00040016030109cd0b0009c9 0009c60004f4308204f030820459a003020102020102300d06092a864886f70d01010405003081ad311a30180603550403131146726565 5241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65 772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b EAP-Message = 0x130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c79 40467265655241444955532e6e6574301e170d3036303431333031303830345a170d3136303431303031303030305a3081b1311e301c06 035504031315467265655241444955532e6e65742d536572766572310b3009060355040613025553310e300c06035504071305446f7665 72311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e65743116301406 0355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c EAP-Message = 0x6c7940467265655241444955532e6e657430819f300d06092a864886f70d010101050003818d0030818902 818100c52fed9c525523e090e52f74c1aa17e728f81326d6dc25fec0026a3b38d521f2c1534da84a50a71bfa98a73e41f1478ae2009823 4719694067607438c1b7729d1f83ba66d2f74def53d7b651446b1ca59be01e1d734e31ad3ab1baf2fac4bd42b3870fcb8de045f8c22c40 e549ce34d13facabff6dda49f3993d71b33951b3330203010001a382021830820214300c0603551d130101ff04023000301d0603551d0e 04160414deb8cba35c689399984553c2bb09245ffd24102f3081da0603551d230481d23081cf801468e090479d EAP-Message = 0x6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad311a3018060355040313114672656552414449 55532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e6577204861 6d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572 733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f04 04030202e4306f0603551d250468306606082b0601050507030106082b0601050507030206082b060105050703 EAP-Message = 0x0306082b0601050507030406082b0601050507030806 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5ff0a13a76110935f4f62436568f7102 Finished request 2 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=4, length=138 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x9387267e436cd878e0b77dfa7e6a482e EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x5ff0a13a76110935f4f62436568f7102 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 4 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x010604061940082b0601050507030506082b0601050507030606082b0601050507030706082b0601050508 0202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e65743025 0603551d12041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030202 c4302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d01 01040500038181007662b3b6b60fc4dd059c85c504e04f19d060660b72b0b2b0a70f99324f3f7499a81d0fc9be EAP-Message = 0xbe049e43e2838532195b27deba265f2a5b62da9d95a87c9e50ec264bd467e8db60f54ebeb9972228c05359 53e51baeb35ce908fa9e335e68d77a440074263ef771dd949c5312f4d985f6bcc9d3e0b8e32d7f1f83ddcb70e1929afc0004cc308204c8 30820431a003020102020101300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e6574 2d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d7073686972 6531173015060355040a130e467265655241444955532e6e657431163014060355040b130d4672656520546869 EAP-Message = 0x6e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955 532e6e6574301e170d3036303431333031303531325a170d3136303431303031303531325a3081ad311a30180603550403131146726565 5241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65 772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d4672656520546869 6e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e EAP-Message = 0x6e657430819f300d06092a864886f70d010101050003818d0030818902818100d9a1e9eb8dfc66796b854d 0dde4ce84379bc84f46fa7e2a8165d571d417f42bb482867554d44cccd69f9c0e463b97651d84d0470e58ffae406d9182f4b071e9ba481 75ea28f5b09ccef89ed7d05875ef188b05276682a2ff93f2b036af66394802207c829c43b388e24f71f315ef158061ccba5b27e4327b46 14e56f451ee2ad0203010001a38201f4308201f0300f0603551d130101ff040530030101ff301d0603551d0e0416041468e090479d6ed8 1e03d598e1d67ce31a0f96ad363081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a EAP-Message = 0x0f96ad36a181b3a481b03081ad311a301806 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05a71bebf0e68eb436ba851a1069c1e9 Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=5, length=138 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x53b6ff3e904ba17f428901174910de9f EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x05a71bebf0e68eb436ba851a1069c1e9 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 5 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x010702301900035504031311467265655241444955532e6e65742d4341310b300906035504061302555331 0e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e4672656552 41444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e 5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f040403020106306f0603551d250468306606082b06010505 07030106082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703080608 EAP-Message = 0x2b0601050507030506082b0601050507030606082b0601050507030706082b06010505080202060a2b0601 0401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186 f84201010404030200c7302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d 06092a864886f70d01010405000381810000674d1b82e8db81e5a6fdb44ba24f89738dc5954c777fa794282102a5a8b3376a39e2aadc4b e4d3833545cd0ea6fda3208a2a9ed4619f3dd71302f1327d4d65035933c1fc05b542ff65d9f971306a4b97932f EAP-Message = 0x283257f64f66c8947edd4f93ee7ccf279d826338e05dee101e2524fdbe3000a60605c1070d081b97da24da dbf316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x402ad25b6167d63f4d49a90417269d2a Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=6, length=324 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x90d4c8b0f49ded28f4259944626a11db EAP-Message = 0x020700c01980000000b61603010086100000820080a7578fd88aebb8530564dff4e840e9e373d47725cbb2 ea170409b8a5eceab4bfb3968fbebee32ed953c9e38be3aca01f10735d3d2540445022e36dd47e7dc5b7a5c0b1c270ee716fc75fbf7996 1a0120149faa656cf951961bfc94d1e92ae420c36cb14d2f0a14c3e538fdf37cf96f2553b370c205954251f4345795918cdfea14030100 01011603010020d8080d7bd1bd611040eb207b7ba5926cfb794b8967ea0302fe0ce8fdfda57483 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x402ad25b6167d63f4d49a90417269d2a NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 6 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x0108003119001403010001011603010020f1071c8236e6cdec340e80c204de51d422d9a394f3bb47548ebc 25dd26951588 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05f8c978699fcafe9a8b8257d497b7fe Finished request 5 Going to the next request Waking up in 4 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=7, length=138 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0xd6dd6119858638da70df2a9147c7a486 EAP-Message = 0x020800061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x05f8c978699fcafe9a8b8257d497b7fe NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 7 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x0109002019001703010015482065584b7c70bc8c6870baae24014341d756b1f9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe78002ce41f0ccf2a79c28dc1d491876 Finished request 6 Going to the next request Waking up in 4 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=8, length=166 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x60a26279e0c87ed6ee707db18a9228c5 EAP-Message = 0x0209002219001703010017f07f268d447d7cd34ec25dcd533f63e527d6ddd4c6910a NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0xe78002ce41f0ccf2a79c28dc1d491876 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - C12660 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of C12660 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to C12660 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 8 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x010a00371900170301002cadd82261d07f090bdbebeda865056e11d059384fa1df810906df9559bd8005e3 77f38f07917424a3a61c80ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb97c77fadc7f0fe144db4c94230c406 Finished request 7 Going to the next request --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=9, length=220 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0xb9cdb400a3aa33c86b387410714aa409 EAP-Message = 0x020a00581900170301004de1a29bdfb877e82649f8555a6271b0629e2e42f305702e520510148e1e7559a8 4b01030e9cdc6fd6bfc99edd4a99a625298df3077046688852a37e8de0f0450d92b423836558a5da2ef4d1e1d4 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0xbb97c77fadc7f0fe144db4c94230c406 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 10 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to C12660 PEAP: Adding old state with 89 38 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 10 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 8 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for C12660 with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 8 modcall: leaving group MS-CHAP (returns reject) for request 8 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 8 modcall: leaving group authenticate (returns reject) for request 8 auth: Failed to validate the user. Login incorrect: [C12660/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 9 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x010b00261900170301001bffa738fbcf207d384d16215ca7b8b84af1e9931abfca58062618f4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x09dc8afc60ab61b4a60d20c8118a9879 Finished request 8 Going to the next request Waking up in 3 seconds... rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=10, length=170 User-Name = "C12660" Framed-MTU = 1400 Called-Station-Id = "0011.aaaa.17b0" Calling-Station-Id = "0004.1e45.382e" Service-Type = Login-User Message-Authenticator = 0x69506c8cf1653acc63c6025c65831643 EAP-Message = 0x020b00261900170301001beecc46bc9861adaac15f64eaa0510883ad1a144c17c697388f38b5 NAS-Port-Type = Wireless-802.11 NAS-Port = 257 State = 0x09dc8afc60ab61b4a60d20c8118a9879 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Identifier = "AP1231G" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 11 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 875 modcall[authorize]: module "files" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 9 modcall: leaving group authenticate (returns invalid) for request 9 auth: Failed to validate the user. Login incorrect: [C12660/<no User-Password attribute>] (from client OCDSB_HQ port 257 cli 0004.2350.382e) Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 46ea79da Sending Access-Reject of id 10 to xxx.xxx.xxx.xxx port 1645 EAP-Message = 0x040b0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 2 with timestamp 46ea79db Cleaning up request 2 ID 3 with timestamp 46ea79db Cleaning up request 3 ID 4 with timestamp 46ea79db Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 5 with timestamp 46ea79dc Cleaning up request 5 ID 6 with timestamp 46ea79dc Cleaning up request 6 ID 7 with timestamp 46ea79dc Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 8 with timestamp 46ea79dd Cleaning up request 8 ID 9 with timestamp 46ea79dd Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 10 with timestamp 46ea79de Nothing to do. Sleeping until we see a request. |