Problems with 802.1x
Brekler Custodio
brekler88 at hotmail.com
Tue Nov 20 16:22:05 CET 2012
I did this question yesterday, but since im new i did a lot of wrong things, like no subject, etc etc.So here is the deal, we use freeradius on a hotspot service with wireless and it works all fine, but we are trying to put 802.1x (its better)So the thing is, it always say "login/pass incorrect"
So i did the debug thing, and i couldnt find the error (im new on linux)
I did the radtest and the results are the following:
radtest -t mschap <user> <pass> 127.0.0.1:1812 0 t3st3 (our pass)and i got this
Sending Access-Request of id 193 to 127.0.0.1 port 1812 User-Name = "1085" NAS-IP-Address = 192.168.80.2 NAS-Port = 0 MS-CHAP-Challenge = 0x826bf8043e1d4ecf MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000cb7fdf6848ca0b2df86e5060da2c2b8e80329c405855233a rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=193, length=20 "
so i did another test like this:
radtest -t eap-md5 <user> <pass> 127.0.0.1:1812 0 t3st3
and i got this
Sending Access-Request packet to host 127.0.0.1 port 1812, id=54, length=0 User-Name = "1085" User-Password = "XXXXXXX" NAS-IP-Address = 192.168.80.2 NAS-Port = 0 EAP-Code = Response EAP-Type-Identity = "1085" Message-Authenticator = 0x00 EAP-Message = 0x023500090131303835Received Access-Challenge packet from host 127.0.0.1 port 1812, id=54, length=64 EAP-Message = 0x013600061520 Message-Authenticator = 0x56eff2711d27219b78bc42ad7db31808 State = 0x028cb41e02baa1b18a40110649d7000f EAP-Id = 54 EAP-Code = Request EAP-Type-LEAP = 0x20
I dont know what is wrong, i THINK its our SQL BD that is not accepting mschap.I would appreciate that people dont answer like "read this, read that, its all explained", like i said, im new on linux, i read everything i found, but didnt got the problemAppreciate any help.
Below is my debug trying to access by the wireless.
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending
Access-Challenge of id 179 to 172.23.54.2 port 32784
EAP-Message =
0x010200061920
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea42de2a3ddda2e08b2ef9a8e
Finished request 17.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=180,
length=320
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x0202006919800000005f160301005a010000560301509d3fc22ba4ec181253508b1a9031d084a6ab63dfc0f57196d85dccbddd6bb0000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
State =
0xa52ffbdea42de2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0xb15471a260ff863b5df11a42d1b7ffaf
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 2 length 105
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify
returned 11
[peap] (other):
before/accept initialization
[peap] TLS_accept:
before/accept initialization
[peap] <<< TLS
1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept:
SSLv3 read client hello A
[peap] >>> TLS
1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept:
SSLv3 write server hello A
[peap] >>> TLS
1.0 Handshake [length 02a8], Certificate
[peap] TLS_accept:
SSLv3 write certificate A
[peap] >>> TLS
1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept:
SSLv3 write server done A
[peap] TLS_accept:
SSLv3 flush data
[peap] TLS_accept:
Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process
returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending
Access-Challenge of id 180 to 172.23.54.2 port 32784
EAP-Message =
0x010302f2190016030100310200002d0301509d3ef1415eda32ffcebd3266fe173cbfff89917ae81eda6972831a026a39a700002f000005ff0100010016030102a80b0002a40002a100029e3082029a30820182020900bd56242da73748dd300d06092a864886f70d0101050500300f310d300b0603550403130464617274301e170d3132303632383139343531345a170d3232303632363139343531345a300f310d300b060355040313046461727430820122300d06092a864886f70d01010105000382010f003082010a0282010100ca6b2f404628ab86daf42a6fc6bf84841fc22515227dff73a183a6f51a2a22db61143afc8486ff59813449b110
EAP-Message =
0x463c624fe05f1a79e5f347cc1a4ae49a551195f31db873c60037978a2873ec1b990d3c3508d0a5380dd2c013755ba5771905a9e6b9e119a7d58981e7125f745ec893c416a2299c44dfac6ce81ff226ea6154b601a56285572c4658a045b8e160ff29ada8bf9fbd3aab84f6988155b52bf1e8691d7629e7d77cdf1bacf0fb062a7a826d02726fadace6d3ccdb84338d2e05a7867a6bc236f942bf2109a41b8289a9b1214571007a84a0ec2835dfac79beca7faf858ddf2b0483398effde1112e04540a8b83c6f4f3464aec1f10d66ffec7c837b0203010001300d06092a864886f70d010105050003820101000310c2505daf381e21004471bf7cf5ae8a
EAP-Message =
0xe16a72c80fb15970c51859f996942e88e6a675834788ab9aa5a57af1a335b4513acd5c39cf3b63151368dac86c6ad0ba965a52636b998d220534d3c913a6f2d64baa46a14d877a6f1a1afdedd7dcc9f990b0ba6b0181cc15abbcab5de4ae2adf002de566cac739b11c770b727a104b4359905dbbf0889cad18af0f31e5be5f28b6619edefff2edc1a5ea6683805b51d1cbeb05c250d23a402de0f4443f01d4a7ddc4bf4ea950151f42aee22dc1c9a81f18aa219499adff4095f9fb6dc2e44f89fe14c0e2f30007748bd4deba341982af01ed8d09dad9bbfcc0ceaa2f4b3d3d94add25259cba48886d837b49af75a8f16030100040e000000
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea72ce2a3ddda2e08b2ef9a8e
Finished request 18.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=181,
length=553
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x020301501980000001461603010106100001020100406f5aabae4fb470053ee7cb8a80f8c8dc8f30040d4466009eca6d20f732623e0b4e1e9f8e9a675b81a68adbbdc8a9f05e460f841eea9234efbc9ae86e1c2d5f7de46b73718103e4d495253e86b9d945d1a97fc5ca13b14ca421b5b4f032f65567a027b202a18591d2bf3d5f05bc08dd2c7314c5d3291b55d255135cd1e08bdfb81e37e23bed31b6ef9bbc20face7f65b9679030f889cf3b7fcc3c5b442372b46b50744c8ae4d28bf1417b45900aed22e1f76d0f679bc83186008c10902140b38de9e40ac8b9074c4438479cfba8ecc58fb1c0eca7581fdfb2fc2221ca3cccfd3c379bd0415f0523
EAP-Message =
0x469ea987e74a634ffd9f974fd85c4cf550cfc184882b10d31403010001011603010030c7823f5df8656cb4ecee2830f2dd532e33febb88329d8078398bcf9fc3729371e6acabeeee9022d11176d95facb50e26
State =
0xa52ffbdea72ce2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0x6b79b9cd6b15dfedbf49ba57b7edcc45
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 3 length 253
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify
returned 11
[peap] <<< TLS
1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept:
SSLv3 read client key exchange A
[peap] <<< TLS
1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS
1.0 Handshake [length 0010], Finished
[peap] TLS_accept:
SSLv3 read finished A
[peap] >>> TLS
1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept:
SSLv3 write change cipher spec A
[peap] >>> TLS
1.0 Handshake [length 0010], Finished
[peap] TLS_accept:
SSLv3 write finished A
[peap] TLS_accept:
SSLv3 flush data
[peap] (other): SSL
negotiation finished successfully
SSL Connection
Established
[peap] eaptls_process
returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending
Access-Challenge of id 181 to 172.23.54.2 port 32784
EAP-Message =
0x01040041190014030100010116030100305da09efb263d6a8e920ffd363a784a928bc392a6b80309b6f3f3d78becca6e3f7f2f20b3fb0b62520e46decd844eafec
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea62be2a3ddda2e08b2ef9a8e
Finished request 19.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=182,
length=221
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x020400061900
State =
0xa52ffbdea62be2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0x21e270d06fa3b618166b474599d92c03
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 4 length 6
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is
finished
[peap] eaptls_verify
returned 3
[peap] eaptls_process
returned 3
[peap] EAPTLS_SUCCESS
[peap] Session
established. Decoding tunneled attributes.
[peap] Peap state
TUNNEL ESTABLISHED
++[eap] returns handled
Sending
Access-Challenge of id 182 to 172.23.54.2 port 32784
EAP-Message =
0x0105002b190017030100209c58a55d01f6f8ea2ebd4dcf6b707ac1854afc0ae1184210876df755426cdebb
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea12ae2a3ddda2e08b2ef9a8e
Finished request 20.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=183,
length=258
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x0205002b1900170301002045585f4e63ddae7a1c000e31e0a2eeece7eaa624f2806a9e70e2d046f1391fc7
State =
0xa52ffbdea12ae2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0x69f09f61ebca4c76283b5dca004e7ef0
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 5 length 43
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
[peap] eaptls_verify
returned 7
[peap] Done initial
handshake
[peap] eaptls_process
returned 7
[peap] EAPTLS_OK
[peap] Session
established. Decoding tunneled attributes.
[peap] Peap state
WAITING FOR INNER IDENTITY
[peap] Identity - 1085
[peap] Got inner
identity '1085'
[peap] Setting default
EAP type for tunneled EAP session.
[peap] Got tunneled
request
EAP-Message =
0x020500090131303835
server {
PEAP: Setting
User-Name to 1085
Sending tunneled
request
EAP-Message =
0x020500090131303835
FreeRADIUS-Proxied-To
= 127.0.0.1
User-Name = "1085"
server inner-tunnel {
# Executing section
authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group
authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
++[control] returns
noop
[eap] EAP packet type
response id 5 length 9
[eap] No EAP Start,
assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns
noop
++[logintime] returns
noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group
authenticate {...}
[eap] EAP Identity
[eap] processing type
mschapv2
rlm_eap_mschapv2:
Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled
reply code 11
EAP-Message =
0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0x0ae4ec900ae2f69ac6f652def380e816
[peap] Got tunneled
reply RADIUS code 11
EAP-Message =
0x0106001e1a0106001910fe55d9294cefdac440362e653915a34d31303835
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0x0ae4ec900ae2f69ac6f652def380e816
[peap] Got tunneled
Access-Challenge
++[eap] returns handled
Sending
Access-Challenge of id 183 to 172.23.54.2 port 32784
EAP-Message =
0x0106003b190017030100301000c355cc2c2884bf2f175908e52361b9e5f41b4a0e9a0435c322c46fe8a3c1bc2ddc42ac866a83ae30421b91059630
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea029e2a3ddda2e08b2ef9a8e
Finished request 21.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=184,
length=306
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x0206005b19001703010050ae4fea85f3a5973a84f9b5e1abc47fb5a19be28af5e27780d39c7c29b91526c26e3972a03bee2657e96c715084bd5a5cf5da7d84cda132385eaa3a0d1733b5618ee6286e6e3670119927319542bcb7d2
State =
0xa52ffbdea029e2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0x687b1f3b1c9e04fc75d21d0f741b661f
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 6 length 91
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
[peap] eaptls_verify
returned 7
[peap] Done initial
handshake
[peap] eaptls_process
returned 7
[peap] EAPTLS_OK
[peap] Session
established. Decoding tunneled attributes.
[peap] Peap state
phase2
[peap] EAP type
mschapv2
[peap] Got tunneled
request
EAP-Message =
0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835
server {
PEAP: Setting
User-Name to 1085
Sending tunneled
request
EAP-Message =
0x0206003f1a0206003a312198129fe508198faceab807ca41f5580000000000000000bb3261067e2d36651cf535d4d562658d61830fcce9f2a88f0031303835
FreeRADIUS-Proxied-To
= 127.0.0.1
User-Name = "1085"
State =
0x0ae4ec900ae2f69ac6f652def380e816
server inner-tunnel {
# Executing section
authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group
authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
++[control] returns
noop
[eap] EAP packet type
response id 6 length 63
[eap] No EAP Start,
assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns
noop
++[logintime] returns
noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/mschapv2
[eap] processing type
mschapv2
[mschapv2] # Executing
group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering
group MS-CHAP {...}
[mschap] No
Cleartext-Password configured. Cannot create LM-Password.
[mschap] No
Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating
challenge hash with username: 1085
[mschap] Told to do
MS-CHAPv2 for 1085 with NT-Password
[mschap] FAILED: No
NT/LM-Password. Cannot perform authentication.
[mschap] FAILED:
MS-CHAP2-Response is incorrect
++[mschap] returns
reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate
the user.
Login incorrect:
[1085/<via Auth-Type = EAP>] (from client ruckus-controller
port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled
reply code 3
MS-CHAP-Error =
"\006E=691 R=1"
EAP-Message =
0x04060004
Message-Authenticator
= 0x00000000000000000000000000000000
[peap] Got tunneled
reply RADIUS code 3
MS-CHAP-Error =
"\006E=691 R=1"
EAP-Message =
0x04060004
Message-Authenticator
= 0x00000000000000000000000000000000
[peap] Tunneled
authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending
Access-Challenge of id 184 to 172.23.54.2 port 32784
EAP-Message =
0x0107002b19001703010020712d9a3c89066e09d12514449c4e4e166e62bd3626ba278d1cb473bacd1b31aa
Message-Authenticator
= 0x00000000000000000000000000000000
State =
0xa52ffbdea328e2a3ddda2e08b2ef9a8e
Finished request 22.
Going to the next
request
Waking up in 4.9
seconds.
rad_recv:
Access-Request packet from host 172.23.54.2 port 32784, id=185,
length=258
User-Name = "1085"
Calling-Station-Id =
"00-1E-64-27-2F-52"
NAS-IP-Address =
172.23.54.2
NAS-Port = 1
Called-Station-Id =
"68-92-34-91-91-48:UNIFEBE-1X"
Service-Type =
Framed-User
Framed-MTU = 1400
NAS-Port-Type =
Wireless-802.11
NAS-Identifier =
"68-92-34-91-91-48"
Connect-Info =
"CONNECT 802.11b/g"
WISPr-Location-Name =
"2o-Andar"
EAP-Message =
0x0207002b190017030100205bce9ac93410e019700dbd986065e5a9a84301906e4611ad246471a284fc7e81
State =
0xa52ffbdea328e2a3ddda2e08b2ef9a8e
Vendor-25053-Attr-3 =
0x554e49464542452d3158
Message-Authenticator
= 0x71c3a73b038b1f0a51e530baba2afc96
# Executing section
authorize from file /etc/freeradius/sites-enabled/default
+- entering group
authorize {...}
++[preprocess] returns
ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in
User-Name = "1085", looking up realm NULL
[suffix] No such realm
"NULL"
++[suffix] returns noop
[eap] EAP packet type
response id 7 length 43
[eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
authenticate {...}
[eap] Request found,
released from the list
[eap] EAP/peap
[eap] processing type
peap
[peap] processing
EAP-TLS
[peap] eaptls_verify
returned 7
[peap] Done initial
handshake
[peap] eaptls_process
returned 7
[peap] EAPTLS_OK
[peap] Session
established. Decoding tunneled attributes.
[peap] Peap state send
tlv failure
[peap] Received EAP-TLV
response.
[peap] The users
session was previously rejected: returning reject (again.)
[peap] *** This means
you need to read the PREVIOUS messages in the debug output
[peap] *** to find out
the reason why the user was rejected.
[peap] *** Look for
"reject" or "fail". Those earlier messages will
tell you.
[peap] *** what went
wrong, and how to fix the problem.
[eap] Handler failed in
EAP/peap
[eap] Failed in EAP
select
++[eap] returns invalid
Failed to authenticate
the user.
Login incorrect:
[1085/<via Auth-Type = EAP>] (from client ruckus-controller
port 1 cli 00-1E-64-27-2F-52)
Using Post-Auth-Type
Reject
# Executing group from
file /etc/freeradius/sites-enabled/default
+- entering group
REJECT {...}
[attr_filter.access_reject]
expand: %{User-Name} -> 1085
attr_filter: Matched
entry DEFAULT at line 11
++[attr_filter.access_reject]
returns updated
Delaying reject of
request 23 for 1 seconds
Going to the next
request
Waking up in 0.9
seconds.
Sending delayed reject
for request 23
Sending Access-Reject
of id 185 to 172.23.54.2 port 32784
EAP-Message =
0x04070004
Message-Authenticator
= 0x00000000000000000000000000000000
Waking up in 3.9
seconds.
Cleaning up request 16
ID 178 with timestamp +2309
Cleaning up request 17
ID 179 with timestamp +2309
Cleaning up request 18
ID 180 with timestamp +2309
Cleaning up request 19
ID 181 with timestamp +2309
Cleaning up request 20
ID 182 with timestamp +2309
Cleaning up request 21
ID 183 with timestamp +2309
Cleaning up request 22
ID 184 with timestamp +2309
Waking up in 1.0
seconds.
Cleaning up request 23
ID 185 with timestamp +2309
Ready to process
requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121120/ecf74ecb/attachment-0001.html>
More information about the Freeradius-Users
mailing list