freeradius 2.x EAP-MSCHAPv2 + MySQL

Maciej Drobniuch maciej at drobniuch.pl
Wed May 19 15:04:08 CEST 2010 

[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message = 0x0108001f1a0108001a10c7d6fbe958d146ab792405e57d614d2c6d6172696f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b
[peap] Got tunneled reply RADIUS code 11
	EAP-Message = 0x0108001f1a0108001a10c7d6fbe958d146ab792405e57d614d2c6d6172696f
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 46 to 93.175.129.30 port 52446
	EAP-Message = 0x0108003b19001703010030c644c5069947da1d0b65e9345c9f5d97f1c9d8425826085a5ea328def3834835f94fd58cc38cc96c8b32ad0c6af0bb17
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbd4bf931bb43e07726e24ebbe3a70713
Finished request 24.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 93.175.129.30 port 40335,
id=47, length=250
	Service-Type = Framed-User
	Framed-MTU = 1400
	User-Name = "mario"
	State = 0xbd4bf931bb43e07726e24ebbe3a70713
	NAS-Port-Id = "wlan1"
	Calling-Station-Id = "00-24-23-05-18-62"
	Called-Station-Id = "00-0E-8E-12-5C-0B:PROV"
	EAP-Message = 0x0208006b190017030100601f901df53ab606b4241dc93bd9c8dc78503563b070c59551752ed754f1d3f1e2f5d75c23ee36ef74c37450136af9f17f917297da69b3dfe5e75b84c02141b409ed3c3a67f0ced9ae217318648a2e836a5aa47e05f226671f142ac33c9cd268fa
	Message-Authenticator = 0x2218a71be94f92ad7aac8a5477c3778c
	NAS-Identifier = "MikroTik"
	NAS-IP-Address = 192.168.1.141
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "mario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message = 0x020800401a0208003b31bffa8955e6709ec4fdf6d46331c8fa1d0000000000000000ed7a280e908424483bbc9c2c2454630d88756c09abc4c7bf006d6172696f
server  {
  PEAP: Setting User-Name to mario
Sending tunneled request
	EAP-Message = 0x020800401a0208003b31bffa8955e6709ec4fdf6d46331c8fa1d0000000000000000ed7a280e908424483bbc9c2c2454630d88756c09abc4c7bf006d6172696f
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "mario"
	State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns updated
[suffix] No '@' in User-Name = "mario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for mario with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
	MS-CHAP-Error = "\010E=691 R=1"
	EAP-Message = 0x04080004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
	MS-CHAP-Error = "\010E=691 R=1"
	EAP-Message = 0x04080004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 47 to 93.175.129.30 port 40335
	EAP-Message = 0x0109002b19001703010020c31f20717df3dcaca42b6dc386f094200e0847944b4f87f37901e4ecc76b45e5
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xbd4bf931ba42e07726e24ebbe3a70713
Finished request 25.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 93.175.129.30 port 34473,
id=48, length=186
	Service-Type = Framed-User
	Framed-MTU = 1400
	User-Name = "mario"
	State = 0xbd4bf931ba42e07726e24ebbe3a70713
	NAS-Port-Id = "wlan1"
	Calling-Station-Id = "00-24-23-05-18-62"
	Called-Station-Id = "00-0E-8E-12-5C-0B:PROV"
	EAP-Message = 0x0209002b190017030100206a58c78b2bc64359b7abccfc8811c5f762ad6a538bdc50e41414c76c5e1253be
	Message-Authenticator = 0x7a4f0112fc90130c87304c87def0ef94
	NAS-Identifier = "MikroTik"
	NAS-IP-Address = 192.168.1.141
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "mario", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap]  Had sent TLV failure.  User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> mario
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 26 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 93.175.129.30 port 34473,
id=48, length=186
Waiting to send Access-Reject to client PROV -EST port 34473 - ID: 48
Waking up in 0.6 seconds.


2010/5/19 Maciej Drobniuch <maciej at drobniuch.pl>:
> My NAS-es are located in the clients file and they are working fine
> with pppoe auth.
>
> 2010/5/19 dorra aa <dj_dido2003 at hotmail.com>:
>> hi,
>> in sql.conf did you modify that line :readclients = no to
>>
>> readclients = yes ?
>>
>>> Date: Wed, 19 ! May 2010 13:52:59 +0200
>>> Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL
>>> From: maciej at drobniuch.pl
>>> To: freeradius-users at lists.freeradius.org
>>>
>>> Hi ALL!!
>>> I'm trying to get authenticated with mikrotik wireless AP. All works
>>> but only when I add the user into the users file.
>>> The thing is that i want to get the users from mysql.
>>> In this moment the authentication requests are coming from PPPoE
>>> concentrator, and the users are in MySQL database - it works fine.
>>> The freeradius server while authenticating is not searching in the sql
>>> database. Why that?
>>> Please help and sorry for my lame eng.
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>
>> ________________________________
>> Hotmail: Trusted email with powerful SPAM protection. Sign up now.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Pozdrawiam!
> Maciej Drobniuch
>



-- 
Pozdrawiam!
Maciej Drobniuch

More information about the Freeradius-Users mailing list