Windows Client

McCann, Brian bmccann at andmore.com
Wed Dec 22 22:20:02 CET 2010


Forgot to add the log:



rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=123
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x0200000a01627269616e
   Message-Authenticator = 0x82509800bfcd7af4872121571a69559e
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry brian at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x01010016041089ed766f4e691575ade990b9e1599b06
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2473f8e9b7c2be9cff1f046e18
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=137
Cleaning up request 22 ID 2 with timestamp +539
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2473f8e9b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020100060319
   Message-Authenticator = 0x361aec66d89fee7ccb80c53d901599cc
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry brian at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010200061920
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2472fbf4b7c2be9cff1f046e18
Finished request 23.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=218
Cleaning up request 23 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2472fbf4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2472fbf4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x0202005719800000004d16030100480100004403014d126b52be5f4e9805e5cf1c09f3085ce9ab466e4b67f48695f1ec650e867b4300001600040005000a0009006400620003000600130012006301000005ff01000100
   Message-Authenticator = 0x6d65cb3a63f0462e17072eac5c8534ae
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 086f], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x0103040019c0000008ac160301002a0200002603014d126b52392681329f3967c957148f06de6c636f5cc57a5b610c1cf12673497700000400160301086f0b00086b0008680003ae308203aa30820292a003020102020102300d06092a864886f70d0101040500308196310b3009060355040613025553311330110603550408130a4e6577204a6572736579311730150603550407130e49736c616e64204865696768747331183016060355040a130f4b31325553412057694669204465763122302006092a864886f70d0109011613626d6363616e6e40616e646d6f72652e636f6d311b3019060355040313124b3132555341205769466920446576
   EAP-Message = 0x204341301e170d3130313232323230323834375a170d3131313232323230323834375a308180310b3009060355040613025553311330110603550408130a4e6577204a657273657931183016060355040a130f4b3132555341205769466920446576311e301c060355040313154b313255534120536563757265204e6574776f726b3122302006092a864886f70d0109011613626d6363616e6e40616e646d6f72652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c480df0056754f55385fc40baecd3ee63e8697c48e960fef4bad0819728974edf0cfd3fb50601cefd348b5fcd8e6f4c5d07d9937fb91
   EAP-Message = 0xe4df955ae0e8c1bf9f5274e0dfd069d298b25e57c536d8188aba8463a9ce2ce5592b1f73ed488ff57f4544ca8fd179615e06b092e7ce795038c24c117688d0cc18d1dc3de85a912a5874ce86967f14b7b75d0c4174dc15995e9cbc1d354c656296aafdf9bb1b7a60c1f7e00bf013a9e03874521d0ada7b8ec6094f20bc220c0d6e534eb6d7334aee94aa86fd01d65714804e38360bf7802e39c2325494f40a1567c9c9118bbd61b9d4abde81c900aadf9734c53918e094e83fb6d96b5e02f9b0918f1783ea6741ba792b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100af
   EAP-Message = 0xa25fc5cd8eb1660a5f4ef56bca050331c518f31b0dfce3493cbd556a097601808f86b8621d57962c76d79158c498a44a0da0a37c5e2b79849b440b65bc4b2dbd61152e78218e95411b35643794ba38631b9fbd923ac7a698675b4546a8f4009863594c00ac4b6c29702ff95f0f0addfb279cf7751e96f068ceebe46b942be160a9eae7e188afaff584baebfd62fb8ee31493e5ae6be9e02dc5376a5a3461d0f10928da5a5872fc9a6708da7ddff55445466c5833d530e099ca401e3306b36de736decb7a88cff79c98635b730c595bdbf0bce0081c5aa4bfc39ecfad8510689775647bb8c47aa669c435de3a53455f91c6a9b70f85b423cddad6962c50
   EAP-Message = 0xc4660004b4308204b0308203
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2471faf4b7c2be9cff1f046e18
Finished request 24.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=137
Cleaning up request 24 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2471faf4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2471faf4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020300061900
   Message-Authenticator = 0xa27b16694354600b2fa19d07b34f48c7
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010403fc194098a00302010202090084a645f254976ef3300d06092a864886f70d0101050500308196310b3009060355040613025553311330110603550408130a4e6577204a6572736579311730150603550407130e49736c616e64204865696768747331183016060355040a130f4b31325553412057694669204465763122302006092a864886f70d0109011613626d6363616e6e40616e646d6f72652e636f6d311b3019060355040313124b3132555341205769466920446576204341301e170d3130313232323230323834375a170d3131313232323230323834375a308196310b3009060355040613025553311330110603550408130a4e6577
   EAP-Message = 0x204a6572736579311730150603550407130e49736c616e64204865696768747331183016060355040a130f4b31325553412057694669204465763122302006092a864886f70d0109011613626d6363616e6e40616e646d6f72652e636f6d311b3019060355040313124b313255534120576946692044657620434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e378bcf1ed8456e7206c82cc4d6eaf5b97d3515cbfe563126c299516531d30d05ec6373010909f7db529bc177df778a94cbef9956b142f0912b60eeb05047839346b3c2b84c48429b671abf341f2dba7592246cb067a84061bdd523eebad5f2b5a
   EAP-Message = 0xadd4d18b8d3bf7dc5199191d3a08ba22d8f2ad302325a14bbebf2e8185ef554961b81e1aab1d66cdf4fb0f952f5c755c9eab2232649bebca0104294c2d97cf1d9aa939bcc00a712e7689880b1ab24134f1381ff03b15df55cde5da04d2a451c3c5e4f2f9378cedce1c57d57a2a838c28cfddf86e3191828f5ace7cfe9599f17193d2740cf20462de9bf2ec27b898a4f3629bc2f4969e3a60b8190db87a7ae30203010001a381fe3081fb301d0603551d0e0416041478b8d9e76dd4dfa361c86e87a2691c5e3dbb78d53081cb0603551d230481c33081c0801478b8d9e76dd4dfa361c86e87a2691c5e3dbb78d5a1819ca48199308196310b3009060355
   EAP-Message = 0x040613025553311330110603550408130a4e6577204a6572736579311730150603550407130e49736c616e64204865696768747331183016060355040a130f4b31325553412057694669204465763122302006092a864886f70d0109011613626d6363616e6e40616e646d6f72652e636f6d311b3019060355040313124b313255534120576946692044657620434182090084a645f254976ef3300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100818c0bee681e432f1ba78fde93ad14545ac8dc7846780244827a30bdf3e87a78259f876ebc87cb124d010f59782aa3eecb8d68c73f6bba7a738fa2a23c98c6b20e
   EAP-Message = 0x520baa021c80b531
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2470fdf4b7c2be9cff1f046e18
Finished request 25.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=137
Cleaning up request 25 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2470fdf4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2470fdf4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020400061900
   Message-Authenticator = 0x3e196bcf1b83f07e379a570fa50813d9
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010500c61900b1136a783587e16f83dcf46f2c326adbc168d049a2f6e501a2e37a0aef489f7c3eab64b3efd0905c148a66747c5f70ca4d1d87dc490f03b59eb8ae04720e07e836cf279e6bc9c5cd0738fac2bc0a88a9ee5a874b7e51fc0100702d512077c497b216035aad340d9aa531a7224813decce0eab4495c8648596f21072ace98bd8050405d371eba86bae0b834b203149c531c511c7dd9c37837b95bf1a6ad7e8b4f9b75d7075bc4dffcfe44f00b2cd3e7c65604a0ee97d8d916030100040e000000
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2477fcf4b7c2be9cff1f046e18
Finished request 26.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=453
Cleaning up request 26 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2477fcf4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2477fcf4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x0205014019800000013616030101061000010201000fcc7daa6c00ab8b5fa678f2cfc032624ec13d0c600bfb4f12acc6741a9115490ce48505fa89b2021891d2b77d8e5d25ab4af250b5de80d19b09ab43d35287958fbc9f8943a9153eeb507318896ad4a78ce07403e13938d486192daa7e23ea4114ccf1167b290c1da028e44b41956d123d03efb67d0b8211fa567f08f384c257bc1718227a93b597fb8de3586f9051990016cca5d3e2feae395cba789251e4245cf79ec4cff96c15799658592bc4b228ad5c2b566ea7ef5422ac74f1226b9857f3090ecb750a818f534907ac9c224f4ea9be90b408bd0be957fe56bd7a07e718ca5adc6066c66799
   EAP-Message = 0xb7a945951c9629e63ee8212c7788d2ff043c67fe1599856e1403010001011603010020df6ae58d1055e58afaef85f4f651fe1bec6308eec943f59dc9205c31f986c923
   Message-Authenticator = 0xc835a2d1a886289b8a0558353cc600db
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x0106003119001403010001011603010020a6d5ead78991d28a9c05446c988d7f34f5e7912b975669d278d3d18c8e6955f4
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2476fff4b7c2be9cff1f046e18
Finished request 27.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=137
Cleaning up request 27 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2476fff4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2476fff4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020600061900
   Message-Authenticator = 0xaa14f8b221bcd00cd9ae692884e579ef
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010700201900170301001529f01f0f98421d03e94ad9aab050be66925b96c52e
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2475fef4b7c2be9cff1f046e18
Finished request 28.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=164
Cleaning up request 28 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2475fef4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2475fef4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x0207002119001703010016831971c0c91f73799d38655e5510508475fb44a52cdf
   Message-Authenticator = 0x66cda1b06c4f76e1c7597f2beb41091d
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 33
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - brian
[peap] Got inner identity 'brian'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
   EAP-Message = 0x0207000a01627269616e
server  {
  PEAP: Setting User-Name to brian
Sending tunneled request
   EAP-Message = 0x0207000a01627269616e
   FreeRADIUS-Proxied-To = 127.0.0.1
   User-Name = "brian"
server inner-tunnel {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry brian at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
   EAP-Message = 0x0108001f1a0108001a10436b17da9d5a9d992f2ada08be92a225627269616e
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x36d47f7836dc650e959d62628e1199da
[peap] Got tunneled reply RADIUS code 11
   EAP-Message = 0x0108001f1a0108001a10436b17da9d5a9d992f2ada08be92a225627269616e
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x36d47f7836dc650e959d62628e1199da
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010800361900170301002bd5d8a1c52e9dfcccea6d283e855751fa46afaf9f0908b7720d3f81bac9d48935e98195d6083d06e34d9a92
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed2474f1f4b7c2be9cff1f046e18
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=218
Cleaning up request 29 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed2474f1f4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed2474f1f4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020800571900170301004c33b0b0f4ab967c210855eaf55f0eb38734e3e099965fe9e5d690b94df401f0d35a206706cecd55273dc3293fb0a85665f9962d30b0834dcee6c83736677e88da28860117333e9e5d9f524b11
   Message-Authenticator = 0xd57efa09c01d8b25afdcb5f41017a5ea
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
   EAP-Message = 0x020800401a0208003b310f5e48ff04c526b3be1b0ebae4db028d00000000000000004fbbcd324f826e1889bb474cadf0344518af8a0a98be944000627269616e
server  {
  PEAP: Setting User-Name to brian
Sending tunneled request
   EAP-Message = 0x020800401a0208003b310f5e48ff04c526b3be1b0ebae4db028d00000000000000004fbbcd324f826e1889bb474cadf0344518af8a0a98be944000627269616e
   FreeRADIUS-Proxied-To = 127.0.0.1
   User-Name = "brian"
   State = 0x36d47f7836dc650e959d62628e1199da
server inner-tunnel {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry brian at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: brian
[mschap] Told to do MS-CHAPv2 for brian with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
   EAP-Message = 0x010900331a0308002e533d35424230323439364246434142363633324246313233414533434534344541353144343034413030
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x36d47f7837dd650e959d62628e1199da
[peap] Got tunneled reply RADIUS code 11
   EAP-Message = 0x010900331a0308002e533d35424230323439364246434142363633324246313233414533434534344541353144343034413030
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x36d47f7837dd650e959d62628e1199da
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x0109004a1900170301003f7d0509a6338f227609bd6516cf28976ba43c7353d36631e1781e256dfd2698257b193aec136a2a0f4d6b17ce907734cf0a602b14781418aaa1eb9a25a7c030
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed247bf0f4b7c2be9cff1f046e18
Finished request 30.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=160
Cleaning up request 30 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed247bf0f4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed247bf0f4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x0209001d190017030100129b7436ea86fc0d667258335a9278479ee71e
   Message-Authenticator = 0xb3aff80044d1fab201c229ef26a62eeb
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
   EAP-Message = 0x020900061a03
server  {
  PEAP: Setting User-Name to brian
Sending tunneled request
   EAP-Message = 0x020900061a03
   FreeRADIUS-Proxied-To = 127.0.0.1
   User-Name = "brian"
   State = 0x36d47f7837dd650e959d62628e1199da
server inner-tunnel {
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry brian at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
  WARNING: Empty post-auth section.  Using default return values.
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
[peap] Got tunneled reply code 2
   MS-MPPE-Encryption-Policy = 0x00000001
   MS-MPPE-Encryption-Types = 0x00000006
   MS-MPPE-Send-Key = 0x39f106ca036530b8023fad5a94a2fcdd
   MS-MPPE-Recv-Key = 0x8dab006b54c91dffce48dd52eb1baf63
   EAP-Message = 0x03090004
   Message-Authenticator = 0x00000000000000000000000000000000
   User-Name = "brian"
[peap] Got tunneled reply RADIUS code 2
   MS-MPPE-Encryption-Policy = 0x00000001
   MS-MPPE-Encryption-Types = 0x00000006
   MS-MPPE-Send-Key = 0x39f106ca036530b8023fad5a94a2fcdd
   MS-MPPE-Recv-Key = 0x8dab006b54c91dffce48dd52eb1baf63
   EAP-Message = 0x03090004
   Message-Authenticator = 0x00000000000000000000000000000000
   User-Name = "brian"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.31 port 2052
   EAP-Message = 0x010a00261900170301001b577408bb89d085a90c64f051ddf981a97be4d3459ae0217b7e6201
   Message-Authenticator = 0x00000000000000000000000000000000
   State = 0x73f9ed247af3f4b7c2be9cff1f046e18
Finished request 31.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.31 port 2052, id=2, length=169
Cleaning up request 31 ID 2 with timestamp +539
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x73f9ed247af3f4b7 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
   User-Name = "brian"
   NAS-IP-Address = 192.168.100.31
   Called-Station-Id = "00259c5266d8"
   Calling-Station-Id = "00225f72869d"
   NAS-Identifier = "00259c5266d8"
   NAS-Port = 41
   Framed-MTU = 1400
   State = 0x73f9ed247af3f4b7c2be9cff1f046e18
   NAS-Port-Type = Wireless-802.11
   EAP-Message = 0x020a00261900170301001b2720b3df93cd3b541cf48870356131d4128e9ab1e9c68cad02b201
   Message-Authenticator = 0x3a7d762165f7afafbfe34d11868897a4
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "brian", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 2 to 192.168.100.31 port 2052
   MS-MPPE-Recv-Key = 0xcc08e36dfbdf32282d1af7c61ed07b98a4405e1ff068e3247f360af5819fe977
   MS-MPPE-Send-Key = 0x1f35fe2715d026f1268b668bd6ca1786db2c87b8192186accebcdb3a9f240306
   EAP-Message = 0x030a0004
   Message-Authenticator = 0x00000000000000000000000000000000
   User-Name = "brian"
Finished request 32.
Going to the next request
Waking up in 4.9 seconds.


-----Original Message-----
From: freeradius-users-bounces+bmccann=andmore.com at lists.freeradius.org [mailto:freeradius-users-bounces+bmccann=andmore.com at lists.freeradius.org] On Behalf Of McCann, Brian
Sent: Wednesday, December 22, 2010 3:54 PM
To: freeradius-users at lists.freeradius.org
Subject: Windows Client

Hi all.  I'm sure some of you are right away thinking "not this again", since this is probably something very simple, but I cannot figure this out.  I've got an XP SP3 client, a Windows 7 SP1 client, and an iPad all trying to sign in to a WPA2 wireless network, that I have setup to auth with FreeRadius.  The iPad works 100% of the time.  The Windows XP client & Windows 7 do not.  The most obvious thing in the debug log (whole snippit below) is the "EAP session for the state 0x.... did not finish!".

I've followed the directions to disable certificate checking on Windows, and this continues to happen.  I've re-ran "make" in the certs directory, and checked that the openssl lines do infact include the "xpextensions" file.

Is there something else I should be doing here?  I've been following the directions @ http://deployingradius.com/documents/configuration/pap.html , along with the FAQs at http://wiki.freeradius.org/Certificate_Compatibility .

Thanks,
--Brian

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html








More information about the Freeradius-Users mailing list