802.1x+WLAN and radtest

Ivan Kalik tnt at kalik.net
Wed Apr 23 14:44:12 CEST 2008 

This is the debug from the proxy not home server. You need a debug from
the home server to see why is first one accepted and second one rejected.

Since first one was pap request and second mschap usual problem is that
password stored on home server is encrypted.

Ivan Kalik
Kalik Informatika ISP


Dana 23/4/2008, "Dr.Peer-Joachim Koch" <pkoch at bgc-jena.mpg.de> piše:

>Hi,
>
>enclose the output from radiusd -X
>
>first using radtest, the switching on the WLAN with the
>same useranme and password:
>
>=====================radiusd -X out================================
>
>rad_recv: Access-Request packet from host 141.5.16.151:2234, id=228, 
>length=68
>         User-Name = "pkoch at ice.mpg.de"
>         User-Password = "PASSWD"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1
>   Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 7
>   modcall[authorize]: module "preprocess" returns ok for request 7
>radius_xlat:  '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423'
>rlm_detail: 
>/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
>to /var/log/radius/radacct/141.5.16.151/auth-detail-20080423
>   modcall[authorize]: module "auth_log" returns ok for request 7
>   modcall[authorize]: module "mschap" returns noop for request 7
>     rlm_realm: Looking up realm "ice.mpg.de" for User-Name = 
>"pkoch at ice.mpg.de"
>     rlm_realm: Found realm "DEFAULT"
>     rlm_realm: Proxying request from user pkoch to realm DEFAULT
>     rlm_realm: Adding Realm = "DEFAULT"
>     rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"
>   modcall[authorize]: module "suffix" returns updated for request 7
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 7
>   modcall[authorize]: module "files" returns notfound for request 7
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for pkoch at ice.mpg.de
>radius_xlat:  'uid=_'
>radius_xlat:  'dc=bgc-jena, dc=mpg, dc=de'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in dc=bgc-jena, dc=mpg, dc=de, with filter uid=_
>rlm_ldap: object not found or got ambiguous search result
>rlm_ldap: search failed
>rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns notfound for request 7
>modcall: leaving group authorize (returns updated) for request 7
>Sending Access-Request of id 6 to 193.174.75.134 port 1812
>         User-Name = "pkoch at ice.mpg.de"
>         User-Password = "PASSWD"
>         NAS-IP-Address = 255.255.255.255
>         NAS-Port = 1
>         Proxy-State = 0x323238
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Accept packet from host 193.174.75.134:1812, id=6, 
>length=25
>         Proxy-State = 0x323238
>   Processing the post-proxy section of radiusd.conf
>modcall: entering group post-proxy for request 7
>  attr_filter: Matched entry DEFAULT at line 103
>   modcall[post-proxy]: module "attr_filter" returns updated for request 7
>   modcall[post-proxy]: module "eap" returns noop for request 7
>modcall: leaving group post-proxy (returns updated) for request 7
>   Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 7
>   modcall[authorize]: module "preprocess" returns ok for request 7
>radius_xlat:  '/var/log/radius/radacct/141.5.16.151/auth-detail-20080423'
>rlm_detail: 
>/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
>to /var/log/radius/radacct/141.5.16.151/auth-detail-20080423
>   modcall[authorize]: module "auth_log" returns ok for request 7
>   modcall[authorize]: module "mschap" returns noop for request 7
>     rlm_realm: Proxy reply, or no User-Name.  Ignoring.
>   modcall[authorize]: module "suffix" returns noop for request 7
>   modcall[authorize]: module "eap" returns noop for request 7
>   modcall[authorize]: module "files" returns notfound for request 7
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for pkoch at ice.mpg.de
>radius_xlat:  'uid=_'
>radius_xlat:  'dc=bgc-jena, dc=mpg, dc=de'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in dc=bgc-jena, dc=mpg, dc=de, with filter uid=_
>rlm_ldap: object not found or got ambiguous search result
>rlm_ldap: search failed
>rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns notfound for request 7
>modcall: leaving group authorize (returns ok) for request 7
>   rad_check_password:  Found Auth-Type
>   rad_check_password: Auth-Type = Accept, accepting the user
>   Processing the post-auth section of radiusd.conf
>modcall: entering group post-auth for request 7
>   modcall[post-auth]: module "ldap" returns noop for request 7
>modcall: leaving group post-auth (returns noop) for request 7
>Sending Access-Accept of id 228 to 141.5.16.151 port 2234
>Finished request 7
>Going to the next request
>Waking up in 6 seconds...
>
>
>
>
>===========Now the same over WLAN===========================
>
>--- Walking the entire request list ---
>Cleaning up request 7 ID 228 with timestamp 480f2719
>Nothing to do.  Sleeping until we see a request.
>
>
>
>rad_recv: Access-Request packet from host 141.5.16.23:20008, id=173, 
>length=201
>         User-Name = "pkoch at ice.mpg.de"
>         MS-CHAP-Challenge = 0x04138c9db743bfbb843010bf7f8389aa
>         MS-CHAP2-Response = 
>0x00004a15d8a0523caab6ba7b2197599aa36f0000000000000000ee86063cd18395098328358032bf767fbc1bcb2c6ce3a658
>         NAS-Port-Id = "2084/1"
>         Calling-Station-Id = "00-13-CE-95-17-E8"
>         Called-Station-Id = "00-0B-0E-33-71-80:eduroam"
>         NAS-Port = 15439
>         NAS-Port-Type = Wireless-802.11
>         NAS-Identifier = "Trapeze"
>         NAS-IP-Address = 141.5.16.23
>   Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 8
>   modcall[authorize]: module "preprocess" returns ok for request 8
>radius_xlat:  '/var/log/radius/radacct/141.5.16.23/auth-detail-20080423'
>rlm_detail: 
>/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands 
>to /var/log/radius/radacct/141.5.16.23/auth-detail-20080423
>   modcall[authorize]: module "auth_log" returns ok for request 8
>   rlm_mschap: Found MS-CHAP attributes.  Setting 'Auth-Type  = MS-CHAP'
>   modcall[authorize]: module "mschap" returns ok for request 8
>     rlm_realm: Looking up realm "ice.mpg.de" for User-Name = 
>"pkoch at ice.mpg.de"
>     rlm_realm: Found realm "DEFAULT"
>     rlm_realm: Proxying request from user pkoch to realm DEFAULT
>     rlm_realm: Adding Realm = "DEFAULT"
>     rlm_realm: Preparing to proxy authentication request to realm "DEFAULT"
>   modcall[authorize]: module "suffix" returns updated for request 8
>   rlm_eap: No EAP-Message, not doing EAP
>   modcall[authorize]: module "eap" returns noop for request 8
>   modcall[authorize]: module "files" returns notfound for request 8
>rlm_ldap: - authorize
>rlm_ldap: performing user authorization for pkoch at ice.mpg.de
>radius_xlat:  'uid=_'
>radius_xlat:  'dc=bgc-jena, dc=mpg, dc=de'
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in dc=bgc-jena, dc=mpg, dc=de, with filter uid=_
>rlm_ldap: object not found or got ambiguous search result
>rlm_ldap: search failed
>rlm_ldap: ldap_release_conn: Release Id: 0
>   modcall[authorize]: module "ldap" returns notfound for request 8
>modcall: leaving group authorize (returns updated) for request 8
>Sending Access-Request of id 7 to 193.174.75.134 port 1812
>         User-Name = "pkoch at ice.mpg.de"
>         MS-CHAP-Challenge = 0x04138c9db743bfbb843010bf7f8389aa
>         MS-CHAP2-Response = 
>0x00004a15d8a0523caab6ba7b2197599aa36f0000000000000000ee86063cd18395098328358032bf767fbc1bcb2c6ce3a658
>         NAS-Port-Id = "2084/1"
>         Calling-Station-Id = "00-13-CE-95-17-E8"
>         Called-Station-Id = "00-0B-0E-33-71-80:eduroam"
>         NAS-Port = 15439
>         NAS-Port-Type = Wireless-802.11
>         NAS-Identifier = "Trapeze"
>         NAS-IP-Address = 141.5.16.23
>         Proxy-State = 0x313733
>--- Walking the entire request list ---
>Waking up in 6 seconds...
>rad_recv: Access-Request packet from host 141.5.16.23:20008, id=173, 
>length=201
>Ignoring duplicate packet from client gaia:20008 - ID: 173, due to 
>outstanding proxied request 8.
>--- Walking the entire request list ---
>Waking up in 1 seconds...
>rad_recv: Access-Reject packet from host 193.174.75.134:1812, id=7, 
>length=41
>         Reply-Message = "Request Denied"
>         Proxy-State = 0x313733
>   Processing the post-proxy section of radiusd.conf
>modcall: entering group post-proxy for request 8
>  attr_filter: Matched entry DEFAULT at line 103
>   modcall[post-proxy]: module "attr_filter" returns updated for request 8
>   modcall[post-proxy]: module "eap" returns noop for request 8
>modcall: leaving group post-proxy (returns updated) for request 8
>   Found Post-Auth-Type
>   Processing the post-auth section of radiusd.conf
>modcall: entering group REJECT for request 8
>   modcall[post-auth]: module "ldap" returns noop for request 8
>modcall: leaving group REJECT (returns noop) for request 8
>Delaying request 8 for 1 seconds
>Finished request 8
>Going to the next request
>Waking up in 1 seconds...
>
>
>Ivan Kalik schrieb:
>> radiusd -X
>> 
>> Ivan Kalik
>> Kalik Informatika ISP
>> 
>> 
>
>
>-- 
>Mit freundlichem Gruss
>     Peer-Joachim Koch
>_________________________________________________________
>Max-Planck-Institut fuer Biogeochemie
>Dr. Peer-Joachim Koch
>Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
>D-07745 Jena                 Telefax: ++49 3641 57-7705
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list