i have problem with EAP authorization in file or sql mode
amin ahoora
aminahoora at gmail.com
Fri Dec 24 22:14:36 CET 2010
Help me
i read full documentation of this server but problem remain
i send you with last email in sql module log
and i this maybe occurs with my sql configuration but in file mode module i
have same problem
FreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Nov
14 2010 at 03:05:12
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/modules/files
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
log_stripped_names = no
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client 127.0.0.1 {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "aminahooradkpw"
nastype = "other"
}
client 10.10.10.2 {
require_message_authenticator = no
secret = "aminahooradkpw"
shortname = "SingleRouter"
nastype = "mikrotik"
}
client 192.168.137.2 {
require_message_authenticator = no
secret = "aminahooradkpw"
shortname = "SingleRouter"
nastype = "mikrotik"
}
client 172.16.15.1 {
require_message_authenticator = no
secret = "dkpw"
shortname = "wireless"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
}
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/radiusd.conf
pap {
encryption_scheme = "crypt"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/radiusd.conf
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/radiusd.conf
mschap {
use_mppe = no
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
check_cert_cn = "%{User-Name}"
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/radiusd.conf
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
bind_address = *
WARNING: The directive 'bind_address' is deprecated, and will be removed in
future versions of FreeRADIUS. Please edit the configuration files to use
the directive 'listen'.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=176,
length=127
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02110007013130
Message-Authenticator = 0x04fff75e7f186f6ea10588cb2241d5d2
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 17 length 7
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 176 to 172.16.15.1 port 1027
EAP-Message = 0x011200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e9cb3b165fbd692931fddb1e7
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=177,
length=222
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0212005419800000004a16030100450100004103014d150aea2b4d30a28baa51de77dde94e3089e861c19507aeb18d51fae369150b00001a002f000500040035000a000900030008003300390016001500140100
State = 0x9ca1a80e9cb3b165fbd692931fddb1e7
Message-Authenticator = 0x03f021f9c6cb610f8043acacd690bb14
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 18 length 84
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 74
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0045], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 177 to 172.16.15.1 port 1027
EAP-Message =
0x0113040019c00000089b160301002a0200002603014d0d79121f619ae704fedcbf9402c4aed6108b549489614209008236d368e5b700002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3039313131323130323732355a170d3130313131323130323732355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ed4b1ec73b577eb4dd302dc0192331e6e40993f78258093329b68770e5e928e1461a574ce4132402dd833efec617ff947bc6da7606f3ea98e628113ad6cc
EAP-Message =
0xabe291939f4b51566ff040429e307a26bea0beaea5ba59ddafe252c9eaee68ec220f0bf86d147dd1d20ba2257c168b0b9b1a4ca74417142b6a9c860552aa014cfd2ac15ec28ad1803eda7fe54e31bcf5fe774c9445337d94fa53a3638936a1edba4cedc9d7715919fade13eba12d84de71550a214ce20f985919cd4e4a3fc555f0117a0137eb93edeb98ff973367e1535737d76a62692870da46bbacd24c1f47a6f95594688a6c76a660e371d0ee68a6714389ee571e02283028d71161aad17aadef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101007348a9f7eb447a0a18
EAP-Message =
0x1a35b4290a56356ef5bdd344c898ae5782513d75d21362e94f76c6adc2c9f119f49e142c786edcc26ffb9e1b9f67013c32f5b289c6963372be252bf780766be2861ec76e3b5afdbe6ff3486bf7ad65079b41c000c72d105b8c95d0bdf2c24553f9578d71beb518892510fc3205ef923fb02ed4ac3d282d8cfa9d173ba5cc3e47949ed06ef6fbc8328a86ff45c50061f0d0d5e41d7712a92a927497e5c9f7c6f5d07ead4e9ffe1a866ffa134d5f5aeae24fb6c9b350a025a0db619e6a2edabac6ef7e80b72ac02c87feea8f951c4ddd3292e087a52a8265e99dcd4cde088847424f21879c6d20f04e412363885aaec4973e7815fcfc53230004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e9db2b165fbd692931fddb1e7
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=178,
length=144
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021300061900
State = 0x9ca1a80e9db2b165fbd692931fddb1e7
Message-Authenticator = 0x1137081fd9ba42765a28a148ee37c3da
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 19 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 178 to 172.16.15.1 port 1027
EAP-Message =
0x011403fc194000dcdbb13f82d4ce56300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131323130323732355a170d3130313131323130323732355a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b4a62d9a3d9c2555520f25042b2a8b08ba1e61f07eee939363de3239d5d522b79938a269dae2eb5881c9e60fba117d1dcdbc83407a13bdde6a5d1ffd630e9613c34fad618dee5733d6ebc5df0ed3a641705baaa7250ce6a558ccef6f7def5f18f99bcc908f5a0e708f158ee77ecddc
EAP-Message =
0x8969bdf71edf554961b83f8c719cb533f47a592d81e16e77b201ed464f09be9125da469bbb0e43bc76e23bc01f2eb78c7cca22e50382a384908b7fb1f416503d37b1c955303a144ca270259872f80c44ce20cf11a44e297ca763ac058de9cb83656ec62943d728f2c5499524542f3dbb61051d7e0a9a92d7fe883670624e751d7ec9fedc674cf73f4822361b8f263d2a650203010001a381fb3081f8301d0603551d0e041604146f2687e7262e22aecd2188eb6efb02eba39839fd3081c80603551d230481c03081bd80146f2687e7262e22aecd2188eb6efb02eba39839fda18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900dcdbb13f82d4ce56300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100647c9fcfe32740d5d6df5d621dd28948d3b5ba585446ce00a3f175f3fb60177f372d72b57463fd28220023dcc8873bd56b4bc89c39acdb8e334aaf6ac6009a784d7c780bd79366113bfbdb7d3af852bd2b9d
EAP-Message = 0x5759f29e94ec8aef
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e9eb5b165fbd692931fddb1e7
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=179,
length=144
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021400061900
State = 0x9ca1a80e9eb5b165fbd692931fddb1e7
Message-Authenticator = 0x312e182ce06032e4516f6d50a6c4c129
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 20 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 179 to 172.16.15.1 port 1027
EAP-Message =
0x011500b51900bf21a0b69a3e67caac09ed7c1cfbe98ac4b9e2d992a78310ee9b777b568fc84698be69b725c44305c38668cbfdf2fc4d2bd20a0a2ccca4a713772ac2d5867ce172062d8dba01d5fae9b313874d1eb94c2489edd82862b33ef58e0e0558093917fed55cb1a9b0f8fe70811709ca05d6ed1549e6377527c4a2c68c3ff021ae6f52fa1ba9e4832dad7a71d1f6775fdecb48936a9fff5e5e0910dc5645e144ad54538828a11e269616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e9fb4b165fbd692931fddb1e7
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=180,
length=476
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x021501501980000001461603010106100001020100498a4854d4465ef574b4954c3c8ee6b9ae2d8ee5cf9aa79e64d7bc3cf81f0be4ad0a50782e0af7e23c14ba838680fbaf95cd58afe9d8d95d8f0a17cc7278f9841fa2334fab620dee7d4f97675b0d3f729104e25cd46051d0731ead475a45a4d22b9e60f5db2026ffe3a73facda7e5f45715de1560ca853fcf80c89dbf0b8608c5743d86ee6d02605dce1061a91b92be6c1602070ae49b93d48dbef5f41cdd81bf1a0dcbc647f2a3c5658035530d44e222a7659ad7d6a5492d5c39ab5bc75b7cc2b689af8cf9092b92833509df984b19f32d98d5345ad77717505760bdd5ed9295a3ce1da0aff0012
EAP-Message =
0xc119bae4349284a4ad2e9fb29ba4effba1c5e1697194040f1403010001011603010030333c379e1cebfa25f09bdd6df6ea7960b7cfbe9e378b62b682c6d05f0afc08e1b6ae003652ebe60bac4709d46ad0e4ae
State = 0x9ca1a80e9fb4b165fbd692931fddb1e7
Message-Authenticator = 0xf40facdf859bf71c40af155b112cbf50
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 21 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 180 to 172.16.15.1 port 1027
EAP-Message =
0x0116004119001403010001011603010030fb7d3c24d1c65b12dfa94d1ecdc6ddcc9d646faa4ecd36827418b2332203481407386ca214b13d7ab1b8cf9662552c07
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e98b7b165fbd692931fddb1e7
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=181,
length=144
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021600061900
State = 0x9ca1a80e98b7b165fbd692931fddb1e7
Message-Authenticator = 0x2f0dd64255b0a8380e6a9b4871dfbdab
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 22 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 181 to 172.16.15.1 port 1027
EAP-Message =
0x0117002b190017030100207a938b37cd6503d215e4414cb1fd370240a2498818dfa70c7edc86e56bac80a1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e99b6b165fbd692931fddb1e7
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=182,
length=181
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0217002b19001703010020e7748073d57a68c015f4fe8d1273a2e1212cff4a26e245f4d62330ca0ddca5e2
State = 0x9ca1a80e99b6b165fbd692931fddb1e7
Message-Authenticator = 0xf80a05119c3182a4c5097b214aeb7c37
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 23 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - 10
[peap] Got inner identity '10'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x02170007013130
server {
PEAP: Setting User-Name to 10
Sending tunneled request
EAP-Message = 0x02170007013130
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "10"
server inner-tunnel {
No such virtual server "inner-tunnel"
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 182 to 172.16.15.1 port 1027
EAP-Message =
0x0118002b19001703010020e922ee925838ed77c8b562883e7b7212c98e7180a9a9876b938d9d36de040ecd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9ca1a80e9ab9b165fbd692931fddb1e7
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=183,
length=181
User-Name = "10"
NAS-IP-Address = 172.16.15.1
NAS-Identifier = "aminahoora.home.ir"
Framed-MTU = 1496
Called-Station-Id = "40-4a-03-ad-0b-b0"
Calling-Station-Id = "00-22-41-7d-9f-91"
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0218002b1900170301002023f62825916276e5903af5875752449fa84f8fbba2c38c0814de3f094d11738e
State = 0x9ca1a80e9ab9b165fbd692931fddb1e7
Message-Authenticator = 0x4271c9b17c0f2c3e8603ec2c6bbbc268
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
WARNING: Found User-Password == "...".
WARNING: Are you sure you don't mean Cleartext-Password?
WARNING: See "man rlm_pap" for more information.
[files] users: Matched entry 10 at line 204
++[files] returns ok
[eap] EAP packet type response id 24 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug
output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell
you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Sending Access-Reject of id 183 to 172.16.15.1 port 1027
EAP-Message = 0x04180004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
#################################################################################
and this is my radius configuration file
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
#user = freerad
#group = freerad
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
#listen {
# ipaddr = 172.16.15.1
# port = 1812
# type = auth
# virtual_server = one
# }
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = before
lower_pass = before
nospace_user = before
nospace_pass = before
checkrad = ${sbindir}/checkrad
#security {
# max_attributes = 200
# reject_delay = 1
# status_server = no
#}
proxy_requests = no
$INCLUDE ${confdir}/clients.conf
snmp = no
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
mschap {
authtype = MS-CHAP
use_mppe = no
#require_encryption = yes
#require_strong = yes
# authtype = MS-CHAP
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
#$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/eap.conf
$INCLUDE ${confdir}/modules/files
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
}
instantiate {
}
authorize {
#preprocess
chap
mschap
#sql
files
eap
pap
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
preacct {
acct_unique
}
accounting {
#detail
#sql
}
session {
#sql
}
post-auth {
#sql
}
THANK YOU WITH BEST REGARDS
AMIN AHOORA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101225/a295135e/attachment.html>
More information about the Freeradius-Users
mailing list