PEAP with Windows supplicant, Automatically use my windows credentials
splintered thoughts
splinteredthoughts at yahoo.com
Wed Dec 17 17:10:45 CET 2008
Hello,
I've configured a PEAP with the Windows SP3 supplicant with freeradius 2.1.3, and the authentication succeeds when "Automatically use my windows logon name and password (and domain if any)" is unselected, which forces a manual logon. However, when "Automatically use my ..." is selected with the same user name/domain, the authentication fails. May I have some insight into any issue(s) on how to resolve this? Here is the debug log for the failed request:
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 0 length 23
Wed Dec 17 09:07:24 2008 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns updated
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP Identity
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type md5
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=120, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x01010016041090013f5c9305706c9dc6340df1142df1
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d0ce03f56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 0.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 1 length 6
Wed Dec 17 09:07:24 2008 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns updated
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP NAK
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP-NAK asked for EAP-Type/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type tls
Wed Dec 17 09:07:24 2008 : Debug: [tls] Initiate
Wed Dec 17 09:07:24 2008 : Debug: [tls] Start returned 1
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=121, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x010200061920
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d1cd1ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 1.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 2 length 80
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] Length Included
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 11
Wed Dec 17 09:07:24 2008 : Debug: [peap] (other): before/accept initialization
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: before/accept initialization
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 read client hello A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 write server hello A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 write certificate A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 write server done A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 flush data
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 13
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_HANDLED
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=122, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x0103040019c00000072c160301002a020000260301494923bcedc987028a2352b84271936aea53e99fb623ca257536e883442ea95c0000040016030106ef0b0006eb0006e80002cb308202c7308202300205122935480a300d06092a864886f70d01010505003081b8310b3009060355040613025553310b300906035504081302434f311430120603550407130b576573746d696e73746572312b3029060355040a132254697070696e67506f696e7420496e632c204469766973696f6e206f662033436f6d31173015060355040b130e53656c66205369676e6564204341311730150603550403130e546f70206c6576656c20436572743127302506
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x092a864886f70d01090116187461636d61696c4074697070696e67706f696e742e636f6d301e170d3038313231353135323635305a170d3333313230393135323635305a30819a310b3009060355040613025553310b300906035504081302434f311430120603550407130b576573746d696e73746572310d300b060355040a130433436f6d31153013060355040b130c54697070696e67506f696e7431193017060355040313106a6967356e70732e747077352e636f6d3127302506092a864886f70d01090116187461636d61696c4074697070696e67706f696e742e636f6d30819f300d06092a864886f70d010101050003818d00308189028181
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x00dd03f09559ddc6ea8bc0a9206d40657f7d12b2f29f283bd0d84eb2904e2720592bb18ec971bfc20f93916df7dcfd35848be2946eb2683ae6fd3ff715e95f33594ec1888038961f2561389160afa4c1ef47e3f88e935340b19ec897d4b599f927b9d878e386267b573dba0ed413a1431d63ee4e7fe9dd70f055b8d2521a9e3ad90203010001300d06092a864886f70d010105050003818100509c6044c7e7d3b2d9a7fb62c035a65361dcb0ba148aaadfd1272a65f267f913b210faf39afa24658788cb651bce6f704a528e4e63d2613de5c967dc2d904f70852412e2371a556fa69194d4f16bddf641c1397c0947ebd36b851b8d57add0f78335d369
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x67c9080e362b607959f63dcd7f5fd80b46f31faa05b59853d8541166000417308204133082037ca003020102020900f90e79cfb7d27aab300d06092a864886f70d01010505003081b8310b3009060355040613025553310b300906035504081302434f311430120603550407130b576573746d696e73746572312b3029060355040a132254697070696e67506f696e7420496e632c204469766973696f6e206f662033436f6d31173015060355040b130e53656c66205369676e6564204341311730150603550403130e546f70206c6576656c20436572743127302506092a864886f70d01090116187461636d61696c4074697070696e67706f696e74
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x2e636f6d301e170d30383132
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d2cc1ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 2.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 3 length 6
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] Received TLS ACK
Wed Dec 17 09:07:24 2008 : Debug: [peap] ACK handshake fragment handler
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 1
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 13
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_HANDLED
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=123, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x0104033c190031353135323634395a170d3333313230393135323634395a3081b8310b3009060355040613025553310b300906035504081302434f311430120603550407130b576573746d696e73746572312b3029060355040a132254697070696e67506f696e7420496e632c204469766973696f6e206f662033436f6d31173015060355040b130e53656c66205369676e6564204341311730150603550403130e546f70206c6576656c20436572743127302506092a864886f70d01090116187461636d61696c4074697070696e67706f696e742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100f2d90d0838cf63
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x4d183710d46cfc788f079ffc59ce0a3009acca61148dcc9051e40bd73a175cfcb9f8de7eabe56d45aa18e32a7d37d7659d98362853f2c210fb4c440f0275d2ce8aac8ca7b0ab55079af4b0ac72a32bc2e12a15624417ac8b9aa7a8cfbd50c501d039eb85e9f34eae97a89da8bebbcaccabaeb4b82c175ba58b0203010001a38201213082011d301d0603551d0e041604143e3c0f897946ed4d56f53c5eafa4c3313648c8de3081ed0603551d230481e53081e280143e3c0f897946ed4d56f53c5eafa4c3313648c8dea181bea481bb3081b8310b3009060355040613025553310b300906035504081302434f311430120603550407130b576573746d69
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x6e73746572312b3029060355040a132254697070696e67506f696e7420496e632c204469766973696f6e206f662033436f6d31173015060355040b130e53656c66205369676e6564204341311730150603550403130e546f70206c6576656c20436572743127302506092a864886f70d01090116187461636d61696c4074697070696e67706f696e742e636f6d820900f90e79cfb7d27aab300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002b6008a9eb5028afb1f6aff39e7488b9dcb5200691065670c2d984d3f8a1111603dc17fabd80051fc81837d4617951d9a684c4f5b5e6d065c89b58348c144582c5166e1b
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x4488dbe4da43d384404835ce3e3b7d985c02c1a476ac1f65fc0874553af77c4f62ad840a40ccc26bb55fc2859a0347241a56ed096ebc6c081de2d60216030100040e000000
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d3cb1ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 3.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 4 length 192
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] Length Included
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 11
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 read client key exchange A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 read finished A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 write change cipher spec A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 write finished A
Wed Dec 17 09:07:24 2008 : Debug: [peap] TLS_accept: SSLv3 flush data
Wed Dec 17 09:07:24 2008 : Debug: [peap] (other): SSL negotiation finished successfully
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 13
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_HANDLED
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Hello,
I've configured a PEAP with the Windows SP3 supplicant with freeradius 2.1.3, and the authentication succeeds when "Automatically use my windows logon name and password (and domain if any)" is unselected, which forces a manual logon. However, when "Automatically use my ..." is selected with the same user name/domain, the authentication fails. May I have some insight into any issue(s) on how to resolve this? Here is the debug log for the failed request:
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=124, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x0105003119001403010001011603010020b483b6c6e83bf8a59f0ee6e6ad24591bc46e1e77319dacdc1a29479e8c664888
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d4ca1ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 4.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 5 length 6
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] Received TLS ACK
Wed Dec 17 09:07:24 2008 : Debug: [peap] ACK handshake is finished
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 3
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 3
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_SUCCESS
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=125, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x01060020190017030100159a18b32d1ce86335fa6dae97724c1bd44689df8454
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d5c91ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 5.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 6 length 46
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] Done initial handshake
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_OK
Wed Dec 17 09:07:24 2008 : Debug: [peap] Session established. Decoding tunneled attributes.
Wed Dec 17 09:07:24 2008 : Debug: [peap] Identity - TPW5\administrator
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authorize {...}
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 6 length 23
Wed Dec 17 09:07:24 2008 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns updated
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP Identity
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type mschapv2
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: [peap] Got tunneled Access-Challenge
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=126, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x010700431900170301003811ae41236e0a12fe5eeebc960c1f43fa29230d104856932a1007ce0b69a15a2a6ab8c8ffc8cc7f299de595c6450ce1c411633de75c334f1a
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d6c81ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 6.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 7 length 100
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] Done initial handshake
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_OK
Wed Dec 17 09:07:24 2008 : Debug: [peap] Session established. Decoding tunneled attributes.
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAP type mschapv2
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authorize {...}
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 7 length 77
Wed Dec 17 09:07:24 2008 : Debug: [eap] No EAP Start, assuming it's an on-going EAP conversation
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns updated
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/mschapv2
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type mschapv2
Wed Dec 17 09:07:24 2008 : Debug: [mschapv2] +- entering group MS-CHAP {...}
Wed Dec 17 09:07:24 2008 : Debug: [mschap] No Cleartext-Password configured. Cannot create LM-Password.
Wed Dec 17 09:07:24 2008 : Debug: [mschap] No Cleartext-Password configured. Cannot create NT-Password.
Wed Dec 17 09:07:24 2008 : Debug: [mschap] Told to do MS-CHAPv2 for administrator with NT-Password
Wed Dec 17 09:07:24 2008 : Debug: [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
Wed Dec 17 09:07:24 2008 : Debug: [mschap] expand: --username=%{Stripped-User-Name:-%{User-Name:-%{mschap:User-Name}}} -> --username=administrator
Wed Dec 17 09:07:24 2008 : Debug: [mschap] mschap2: e0
Wed Dec 17 09:07:24 2008 : Debug: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=469478f224b67ca3
Wed Dec 17 09:07:24 2008 : Debug: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c2abbe21274fad45cdcbf7db8de7de2a5be037e56415b6bc
Wed Dec 17 09:07:24 2008 : Debug: [mschap] External script failed.
Wed Dec 17 09:07:24 2008 : Debug: [mschap] FAILED: MS-CHAP2-Response is incorrect
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns reject
Wed Dec 17 09:07:24 2008 : Debug: [eap] Freeing handler
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns reject
Wed Dec 17 09:07:24 2008 : Debug: Failed to authenticate the user.
Wed Dec 17 09:07:24 2008 : Debug: [peap] Tunneled authentication was rejected.
Wed Dec 17 09:07:24 2008 : Debug: [peap] FAILURE
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns handled
Wed Dec 17 09:07:24 2008 : Debug: Sending Access-Challenge packet to host 10.12.18.4 port 1812, id=127, length=0
Wed Dec 17 09:07:24 2008 : Debug: EAP-Message = 0x010800261900170301001b902fbf59b723a82af254f787d0adeb8f35a0e9dac511954bb0ef19
Wed Dec 17 09:07:24 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
Wed Dec 17 09:07:24 2008 : Debug: State = 0xd0cf07f0d7c71ef56f2a90dc8079ccda
Wed Dec 17 09:07:24 2008 : Debug: Finished request 7.
Wed Dec 17 09:07:24 2008 : Debug: expand: %{debug:2} -> 2
Wed Dec 17 09:07:24 2008 : Debug: ++[control] returns notfound
Wed Dec 17 09:07:24 2008 : Debug: ++[preprocess] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[chap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: ++[mschap] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [realmpercent] No '%' in User-Name = "TPW5\administrator", skipping NULL due to config.
Wed Dec 17 09:07:24 2008 : Debug: ++[realmpercent] returns noop
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Looking up realm "TPW5" for User-Name = "TPW5\administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Found realm "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Stripped-User-Name = "administrator"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Adding Realm = "tpw5"
Wed Dec 17 09:07:24 2008 : Debug: [ntdomain] Authentication realm is LOCAL.
Wed Dec 17 09:07:24 2008 : Debug: ++[ntdomain] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [suffix] Request already proxied. Ignoring.
Wed Dec 17 09:07:24 2008 : Debug: ++[suffix] returns ok
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP packet type response id 8 length 38
Wed Dec 17 09:07:24 2008 : Debug: [eap] Continuing tunnel setup.
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns ok
Wed Dec 17 09:07:24 2008 : Debug: ++[files] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Found Auth-Type = EAP
Wed Dec 17 09:07:24 2008 : Debug: +- entering group authenticate {...}
Wed Dec 17 09:07:24 2008 : Debug: [eap] Request found, released from the list
Wed Dec 17 09:07:24 2008 : Debug: [eap] EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] processing type peap
Wed Dec 17 09:07:24 2008 : Debug: [peap] processing EAP-TLS
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_verify returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] Done initial handshake
Wed Dec 17 09:07:24 2008 : Debug: [peap] eaptls_process returned 7
Wed Dec 17 09:07:24 2008 : Debug: [peap] EAPTLS_OK
Wed Dec 17 09:07:24 2008 : Debug: [peap] Session established. Decoding tunneled attributes.
Wed Dec 17 09:07:24 2008 : Debug: [peap] Received EAP-TLV response.
Wed Dec 17 09:07:24 2008 : Debug: [peap] Had sent TLV failure. User was rejected earlier in this session.
Wed Dec 17 09:07:24 2008 : Debug: [eap] Handler failed in EAP/peap
Wed Dec 17 09:07:24 2008 : Debug: [eap] Failed in EAP select
Wed Dec 17 09:07:24 2008 : Debug: ++[eap] returns invalid
Wed Dec 17 09:07:24 2008 : Debug: Failed to authenticate the user.
Wed Dec 17 09:07:24 2008 : Debug: Using Post-Auth-Type Reject
Wed Dec 17 09:07:24 2008 : Debug: +- entering group REJECT {...}
Wed Dec 17 09:07:24 2008 : Debug: ++[jradius] returns noop
Wed Dec 17 09:07:24 2008 : Debug: Delaying reject of request 8 for 1 seconds
Wed Dec 17 09:07:25 2008 : Debug: Sending delayed reject for request 8
Wed Dec 17 09:07:25 2008 : Debug: Sending Access-Reject packet to host 10.12.18.4 port 1812, id=128, length=0
Wed Dec 17 09:07:25 2008 : Debug: EAP-Message = 0x04080004
Wed Dec 17 09:07:25 2008 : Debug: Message-Authenticator = 0x00000000000000000000000000000000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20081217/d0e67d54/attachment.html>
More information about the Freeradius-Users
mailing list