mschapv2 and peap not working, please help
syharash
syharash at yahoo.com
Thu Apr 7 16:35:58 CEST 2011
Hi Alan,
Thanks, everything is set. works fine just that my client pc is not getting
an IP address leased from that particular vlan's dhcp scope. It just worked
once but after that its baffling that the client's are not getting an IP
address leased from the dhcp scope. my routing is fine, on the wired i get
IP addresses from all the respective vlan scopes. I have pasted the debug
output
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ufomoviez", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 68
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 219
[files] users: Matched entry ufomoviez at line 229
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/default
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: ufomoviez
[mschap] Told to do MS-CHAPv2 for ufomoviez with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "14"
EAP-Message =
0x010900331a0308002e533d34313037344535313739393032323230383532353333343343333634413033453935423736413131
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf8774653f97e5cc97113aabe8c277640
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "14"
EAP-Message =
0x010900331a0308002e533d34313037344535313739393032323230383532353333343343333634413033453935423736413131
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf8774653f97e5cc97113aabe8c277640
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 67 to 10.73.93.151 port 1027
EAP-Message =
0x0109004a1900170301003f666073d1310682a7a10b8428e26dd7635ca8d935dd7fddec1cd136768ca41bfdfc62b2d099c4f981e4d80d6d36eadf76aeb394d608351f6f58a4a2aed304bd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc25314c9ca5a0d8b20dd096be7aef9e4
Finished request 35.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.73.93.151 port 1027, id=68,
length=226
User-Name = "ufomoviez"
Calling-Station-Id = "00-1F-3C-E1-17-A9"
NAS-IP-Address = 10.73.93.151
NAS-Port = 1
Called-Station-Id = "AC-67-06-39-C7-A9"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "AC-67-06-39-C7-A9"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0209001d19001703010012fb14fcf6b8188d4bec31a53ccd4a02d3fe40
State = 0xc25314c9ca5a0d8b20dd096be7aef9e4
Vendor-25053-Attr-3 = 0x55464f4d6f7669657a
Message-Authenticator = 0xf765d281ccdde6faa88707b082869895
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ufomoviez", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
PEAP: Setting User-Name to ufomoviez
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "ufomoviez"
State = 0xf8774653f97e5cc97113aabe8c277640
server {
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ufomoviez", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 219
[files] users: Matched entry ufomoviez at line 229
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [ufomoviez] (from client UFO-Network port 0 via TLS tunnel)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
} # server
[peap] Got tunneled reply code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "14"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x583bbf3ecc34ab92bc1824d5c0249269
MS-MPPE-Recv-Key = 0x61a7c64013fb5d61b9adb74485a8acf1
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ufomoviez"
[peap] Got tunneled reply RADIUS code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "14"
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
MS-MPPE-Send-Key = 0x583bbf3ecc34ab92bc1824d5c0249269
MS-MPPE-Recv-Key = 0x61a7c64013fb5d61b9adb74485a8acf1
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ufomoviez"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 68 to 10.73.93.151 port 1027
EAP-Message =
0x010a00261900170301001b99404e8ab4de5b56a43db0956aa82ebfb29618713b9de45db0e54e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc25314c9cb590d8b20dd096be7aef9e4
Finished request 36.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.73.93.151 port 1027, id=69,
length=235
User-Name = "ufomoviez"
Calling-Station-Id = "00-1F-3C-E1-17-A9"
NAS-IP-Address = 10.73.93.151
NAS-Port = 1
Called-Station-Id = "AC-67-06-39-C7-A9"
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "AC-67-06-39-C7-A9"
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x020a00261900170301001bb4f7f0e5778dfe42c680e547967d6d7958220b935d455b7a6f6960
State = 0xc25314c9cb590d8b20dd096be7aef9e4
Vendor-25053-Attr-3 = 0x55464f4d6f7669657a
Message-Authenticator = 0xbfe2fcfb9ad0cda62daa05fb90f44522
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ufomoviez", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [ufomoviez] (from client UFO-Network port 1 cli 00-1F-3C-E1-17-A9)
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 69 to 10.73.93.151 port 1027
MS-MPPE-Recv-Key =
0xd44aa3f35fffa8182e9ef33a3128ac1788fca22db1b321d463f5bfe5e702be85
MS-MPPE-Send-Key =
0x543ffe1228cdbaab4b7b2a266becbd26f31181794f3a531d1707aee149821182
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "ufomoviez"
Finished request 37.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 27 ID 59 with timestamp +402
Cleaning up request 28 ID 60 with timestamp +402
Cleaning up request 29 ID 61 with timestamp +402
Cleaning up request 30 ID 62 with timestamp +402
Cleaning up request 31 ID 63 with timestamp +402
Cleaning up request 32 ID 64 with timestamp +402
Cleaning up request 33 ID 65 with timestamp +402
Cleaning up request 34 ID 66 with timestamp +402
Cleaning up request 35 ID 67 with timestamp +402
Cleaning up request 36 ID 68 with timestamp +402
Cleaning up request 37 ID 69 with timestamp +402
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/mschapv2-and-peap-not-working-please-help-tp4287893p4288707.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list