EAP Problem

amin ahoora aminahoora at gmail.com
Fri Dec 24 19:43:56 CET 2010 

Hi
I have problem with EAP
CAN YOU help me

WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x90d4d2dd94c2cb92 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=97,
length=144
        User-Name = "12"
        NAS-IP-Address = 172.16.15.1
        NAS-Identifier = "aminahoora.home.ir"
        Framed-MTU = 1496
        Called-Station-Id = "40-4a-03-ad-0b-b0"
        Calling-Station-Id = "00-22-41-7d-9f-91"
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x021600061900
        State = 0x90d4d2dd94c2cb924b3cdc7780b3dc35
        Message-Authenticator = 0xfa9a966f33ce0c76a0d15f303480f4ea
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[sql]   expand: %{User-Name} -> 12
[sql] sql_set_user escaped user --> '12'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '12'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '12'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'12'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
[eap] EAP packet type response id 22 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 97 to 172.16.15.1 port 1027
        EAP-Message =
0x0117002b19001703010020674bd0fe9ec9f56973ac49079d2029c578bad4ad1dac11d67968154832aa91fb
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35
Finished request 21.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=98,
length=181
        User-Name = "12"
        NAS-IP-Address = 172.16.15.1
        NAS-Identifier = "aminahoora.home.ir"
        Framed-MTU = 1496
        Called-Station-Id = "40-4a-03-ad-0b-b0"
        Calling-Station-Id = "00-22-41-7d-9f-91"
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0217002b19001703010020f8c94f58aabcbdadb5aa695270bfa559530931a394827ef3894bfc31d1f7f4a5
        State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35
        Message-Authenticator = 0x54cf580c0926a0e3575707db7ec6e193
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[sql]   expand: %{User-Name} -> 12
[sql] sql_set_user escaped user --> '12'
rlm_sql (sql): Reserving sql socket id: 2
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '12'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '12'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'12'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[eap] EAP packet type response id 23 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - 12
[peap] Got inner identity '12'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
        EAP-Message = 0x02170007013132
server  {
  PEAP: Setting User-Name to 12
Sending tunneled request
        EAP-Message = 0x02170007013132
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "12"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 98 to 172.16.15.1 port 1027
        EAP-Message =
0x0118002b190017030100201edf1da3f3138e40f27c63d735a7bff7351f5abfac971a15b3d4c2369596858c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x90d4d2dd96cccb924b3cdc7780b3dc35
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=99,
length=181
        User-Name = "12"
        NAS-IP-Address = 172.16.15.1
        NAS-Identifier = "aminahoora.home.ir"
        Framed-MTU = 1496
        Called-Station-Id = "40-4a-03-ad-0b-b0"
        Calling-Station-Id = "00-22-41-7d-9f-91"
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0218002b190017030100203bfebde9a8e41dc51e361c135f24a7d001553e501d1989e8273c42570d62bff4
        State = 0x90d4d2dd96cccb924b3cdc7780b3dc35
        Message-Authenticator = 0xcad2dc0f9ca9a3aab35ea19c0b9b6356
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[sql]   expand: %{User-Name} -> 12
[sql] sql_set_user escaped user --> '12'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '12'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id
-> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '12'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'12'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
[eap] EAP packet type response id 24 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug
output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell
you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Sending Access-Reject of id 99 to 172.16.15.1 port 1027
        EAP-Message = 0x04180004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 23.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 21 ID 97 with timestamp +108
Cleaning up request 22 ID 98 with timestamp +108
Cleaning up request 23 ID 99 with timestamp +108
Ready to process requests.






THANK YOU WITH BEST REGARDS
AMIN AHOORA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101224/9e5765ca/attachment.html>

More information about the Freeradius-Users mailing list