Problems with 802.1x
Brekler Custodio
brekler88 at hotmail.com
Tue Nov 20 18:28:47 CET 2012
So here is a debug again. Like i said, SQL is uncommented on inner-tunnel.
[sql] sql_set_user escaped user --> '1085'rlm_sql (sql): Reserving sql socket id: 3[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1085' ORDER BY id[sql] User found in radcheck table[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1085' ORDER BY id[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1085' ORDER BY priority[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'sessaounica' ORDER BY id[sql] User found in group sessaounica[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'sessaounica' ORDER BY idrlm_sql (sql): Released sql socket id: 3++[sql] returns ok++[expiration] returns noop++[logintime] returns noopFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP NAK[eap] EAP-NAK asked for EAP-Type/peap[eap] processing type tls[tls] Initiate[tls] Start returned 1++[eap] returns handledSending Access-Challenge of id 112 to 172.23.54.2 port 32784 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12251f2f8eb3c4e11280c2e9be4Finished request 1.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=113, length=320 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0202006919800000005f160301005a01000056030150abbcee3aef4bebb6b083e4ebab3f9771fcceaa242bf28aacd0410787d9666f000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 State = 0x50f0e12251f2f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x61f1b2f6f26748268340109333843769# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 2 length 105[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS TLS Length 95[peap] Length Included[peap] eaptls_verify returned 11 [peap] (other): before/accept initialization[peap] TLS_accept: before/accept initialization[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A[peap] >>> TLS 1.0 Handshake [length 02a8], Certificate [peap] TLS_accept: SSLv3 write certificate A[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A[peap] TLS_accept: SSLv3 flush data[peap] TLS_accept: Need to read more data: SSLv3 read client certificate AIn SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED++[eap] returns handledSending Access-Challenge of id 113 to 172.23.54.2 port 32784 EAP-Message = 0x010302f2190016030100310200002d030150abbc056cfc4dc4309294b9ba9790a0730cea2809b7cd66f21c39b632becc0c00002f000005ff0100010016030102a80b0002a40002a100029e3082029a30820182020900bd56242da73748dd300d06092a864886f70d0101050500300f310d300b0603550403130464617274301e170d3132303632383139343531345a170d3232303632363139343531345a300f310d300b060355040313046461727430820122300d06092a864886f70d01010105000382010f003082010a0282010100ca6b2f404628ab86daf42a6fc6bf84841fc22515227dff73a183a6f51a2a22db61143afc8486ff59813449b110 EAP-Message = 0x463c624fe05f1a79e5f347cc1a4ae49a551195f31db873c60037978a2873ec1b990d3c3508d0a5380dd2c013755ba5771905a9e6b9e119a7d58981e7125f745ec893c416a2299c44dfac6ce81ff226ea6154b601a56285572c4658a045b8e160ff29ada8bf9fbd3aab84f6988155b52bf1e8691d7629e7d77cdf1bacf0fb062a7a826d02726fadace6d3ccdb84338d2e05a7867a6bc236f942bf2109a41b8289a9b1214571007a84a0ec2835dfac79beca7faf858ddf2b0483398effde1112e04540a8b83c6f4f3464aec1f10d66ffec7c837b0203010001300d06092a864886f70d010105050003820101000310c2505daf381e21004471bf7cf5ae8a EAP-Message = 0xe16a72c80fb15970c51859f996942e88e6a675834788ab9aa5a57af1a335b4513acd5c39cf3b63151368dac86c6ad0ba965a52636b998d220534d3c913a6f2d64baa46a14d877a6f1a1afdedd7dcc9f990b0ba6b0181cc15abbcab5de4ae2adf002de566cac739b11c770b727a104b4359905dbbf0889cad18af0f31e5be5f28b6619edefff2edc1a5ea6683805b51d1cbeb05c250d23a402de0f4443f01d4a7ddc4bf4ea950151f42aee22dc1c9a81f18aa219499adff4095f9fb6dc2e44f89fe14c0e2f30007748bd4deba341982af01ed8d09dad9bbfcc0ceaa2f4b3d3d94add25259cba48886d837b49af75a8f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12252f3f8eb3c4e11280c2e9be4Finished request 2.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=114, length=553 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x02030150198000000146160301010610000102010052fc6ab5f74faed88f732a0538d77a48fa3deb9108503ec40f8206531f39609c71e35f66c5a66a0ec49efd6945fe33735405a3887c61bee06040eba9898deceabd87deec376645dddb631d3f6e0e3dc6bedad223cc551409e2830be55372e2784f2c413ddb86f63f5d0754a951d8c0003715d9ee327de78a7bd5b06c50ea9a13da60a0e7c88a0686b4703dcfc1862fa84cb8b51c621addd342444b193d72b33615cf0cb23b0825dd07e01c815e3cf23b6b424a87d0734ea286950d1990947f3ae4e33a5809b099021e03f6a8f558b74e2dfb1428a5a0d1a27b8d30638924ce15d8ea236bdf875706 EAP-Message = 0x596949b445b93cf2827465ceb48a5e5b8a5dd9d4e73226c81403010001011603010030f08b6f3ee2cb0addcd2252806d376fd1b3cbe2e533e27c48464edb2c69265975be1e02ed758ab215437c268db670c720 State = 0x50f0e12252f3f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0xe1dd9db2033641f680b15352a87e92fb# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 3 length 253[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS TLS Length 326[peap] Length Included[peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A[peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A[peap] TLS_accept: SSLv3 flush data[peap] (other): SSL negotiation finished successfullySSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED++[eap] returns handledSending Access-Challenge of id 114 to 172.23.54.2 port 32784 EAP-Message = 0x01040041190014030100010116030100300e22d49dbb6f214669d8a30b3c78c585ec453e27cb5169517b5524e86bd8148129dd47dffa51940ac878e293a93c885e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12253f4f8eb3c4e11280c2e9be4Finished request 3.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=115, length=221 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x020400061900 State = 0x50f0e12253f4f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0xee53cacd4d77e7dcb22fca47427888b4# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 4 length 6[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS[peap] Received TLS ACK[peap] ACK handshake is finished[peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS[peap] Session established. Decoding tunneled attributes.[peap] Peap state TUNNEL ESTABLISHED++[eap] returns handledSending Access-Challenge of id 115 to 172.23.54.2 port 32784 EAP-Message = 0x0105002b1900170301002067eb8854081d00e79e60f40c710668bbe9bb1cb23ae3ddf315aba15c96664b81 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12254f5f8eb3c4e11280c2e9be4Finished request 4.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=116, length=258 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0205002b1900170301002011f25d1de4573a4d6b607382b7937ad72dcfdc8025c35ffc8262d6c575a332ef State = 0x50f0e12254f5f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x422fb2bc93adee1824c2743f0cb6ac9e# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 5 length 43[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS[peap] eaptls_verify returned 7 [peap] Done initial handshake[peap] eaptls_process returned 7 [peap] EAPTLS_OK[peap] Session established. Decoding tunneled attributes.[peap] Peap state WAITING FOR INNER IDENTITY[peap] Identity - 1085[peap] Got inner identity '1085'[peap] Setting default EAP type for tunneled EAP session.[peap] Got tunneled request EAP-Message = 0x020500090131303835server { PEAP: Setting User-Name to 1085Sending tunneled request EAP-Message = 0x020500090131303835 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "1085"server inner-tunnel {# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel+- entering group authorize {...}++[chap] returns noop++[mschap] returns noop[suffix] No '@' in User-Name = "1085", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] EAP packet type response id 5 length 9[eap] No EAP Start, assuming it's an on-going EAP conversation++[eap] returns updated++[files] returns noop[sql] expand: %{User-Name} -> 1085[sql] sql_set_user escaped user --> '1085'rlm_sql (sql): Reserving sql socket id: 2[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1085' ORDER BY id[sql] User found in radcheck table[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1085' ORDER BY id[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1085' ORDER BY priority[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'sessaounica' ORDER BY id[sql] User found in group sessaounica[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'sessaounica' ORDER BY idrlm_sql (sql): Released sql socket id: 2++[sql] returns ok[pap] Normalizing MD5-Password from hex encoding[pap] WARNING: Auth-Type already set. Not setting to PAP++[pap] returns noopFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel+- entering group authenticate {...}[eap] EAP Identity[eap] processing type mschapv2rlm_eap_mschapv2: Issuing Challenge++[eap] returns handled} # server inner-tunnel[peap] Got tunneled reply code 11 EAP-Message = 0x0106001e1a0106001910a5427c3c57af2b4b0df19dfd7c05e1fc31303835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9e6fb2559e69a859a38761d07782575e[peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106001e1a0106001910a5427c3c57af2b4b0df19dfd7c05e1fc31303835 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9e6fb2559e69a859a38761d07782575e[peap] Got tunneled Access-Challenge++[eap] returns handledSending Access-Challenge of id 116 to 172.23.54.2 port 32784 EAP-Message = 0x0106003b19001703010030d06d3dec2d35df98b7712e3479fee7d2b4a51a486939e1f64e88d3129cac05448752ee312195fc1a5dad896fa683a9f2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12255f6f8eb3c4e11280c2e9be4Finished request 5.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=117, length=306 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0206005b190017030100506d6e23eb43fc72b6e140432c2f6bd259024e97bd499fb404a85aa2cc502bf31f878bc4d161645bc508e5360bb7e3b3a3b14fa6806f59cde513d6358cf2676b5213da39441b9c6e06146c4277e264788d State = 0x50f0e12255f6f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x01c4189ede0cf29450868b76d88b4a03# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 6 length 91[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS[peap] eaptls_verify returned 7 [peap] Done initial handshake[peap] eaptls_process returned 7 [peap] EAPTLS_OK[peap] Session established. Decoding tunneled attributes.[peap] Peap state phase2[peap] EAP type mschapv2[peap] Got tunneled request EAP-Message = 0x0206003f1a0206003a31f3f264be3a0bd9e7f5ee5d29877771f100000000000000008363cf519598a6d75f816d09036f1af9c4f0743b6766ab1c0031303835server { PEAP: Setting User-Name to 1085Sending tunneled request EAP-Message = 0x0206003f1a0206003a31f3f264be3a0bd9e7f5ee5d29877771f100000000000000008363cf519598a6d75f816d09036f1af9c4f0743b6766ab1c0031303835 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "1085" State = 0x9e6fb2559e69a859a38761d07782575eserver inner-tunnel {# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel+- entering group authorize {...}++[chap] returns noop++[mschap] returns noop[suffix] No '@' in User-Name = "1085", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] EAP packet type response id 6 length 63[eap] No EAP Start, assuming it's an on-going EAP conversation++[eap] returns updated++[files] returns noop[sql] expand: %{User-Name} -> 1085[sql] sql_set_user escaped user --> '1085'rlm_sql (sql): Reserving sql socket id: 1[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '1085' ORDER BY id[sql] User found in radcheck table[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '1085' ORDER BY id[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '1085' ORDER BY priority[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'sessaounica' ORDER BY id[sql] User found in group sessaounica[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'sessaounica' ORDER BY idrlm_sql (sql): Released sql socket id: 1++[sql] returns ok[pap] Normalizing MD5-Password from hex encoding[pap] WARNING: Auth-Type already set. Not setting to PAP++[pap] returns noopFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/mschapv2[eap] processing type mschapv2[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel[mschapv2] +- entering group MS-CHAP {...}[mschap] No Cleartext-Password configured. Cannot create LM-Password.[mschap] No Cleartext-Password configured. Cannot create NT-Password.[mschap] Creating challenge hash with username: 1085[mschap] Told to do MS-CHAPv2 for 1085 with NT-Password[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.[mschap] FAILED: MS-CHAP2-Response is incorrect++[mschap] returns reject[eap] Freeing handler++[eap] returns rejectFailed to authenticate the user.Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 0 via TLS tunnel)} # server inner-tunnel[peap] Got tunneled reply code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000[peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000[peap] Tunneled authentication was rejected.[peap] FAILURE++[eap] returns handledSending Access-Challenge of id 117 to 172.23.54.2 port 32784 EAP-Message = 0x0107002b19001703010020a8870087794c4593f6772475d7a48ca632eacf969e37b8182db633804c1a121d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x50f0e12256f7f8eb3c4e11280c2e9be4Finished request 6.Going to the next requestWaking up in 4.9 seconds.rad_recv: Access-Request packet from host 172.23.54.2 port 32784, id=118, length=258 User-Name = "1085" Calling-Station-Id = "00-1E-64-27-2F-52" NAS-IP-Address = 172.23.54.2 NAS-Port = 1 Called-Station-Id = "68-92-34-91-91-48:UNIFEBE-1X" Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "68-92-34-91-91-48" Connect-Info = "CONNECT 802.11b/g" WISPr-Location-Name = "2o-Andar" EAP-Message = 0x0207002b190017030100207ecb93aa8a87194cb12dcd7b82b245a4418b0ecc8b2f058b84011aa1679ecb5d State = 0x50f0e12256f7f8eb3c4e11280c2e9be4 Vendor-25053-Attr-3 = 0x554e49464542452d3158 Message-Authenticator = 0x04f4a2945af002dc6b57443fbdc704e6# Executing section authorize from file /etc/freeradius/sites-enabled/default+- entering group authorize {...}++[mschap] returns noop[eap] EAP packet type response id 7 length 43[eap] Continuing tunnel setup.++[eap] returns okFound Auth-Type = EAP# Executing group from file /etc/freeradius/sites-enabled/default+- entering group authenticate {...}[eap] Request found, released from the list[eap] EAP/peap[eap] processing type peap[peap] processing EAP-TLS[peap] eaptls_verify returned 7 [peap] Done initial handshake[peap] eaptls_process returned 7 [peap] EAPTLS_OK[peap] Session established. Decoding tunneled attributes.[peap] Peap state send tlv failure[peap] Received EAP-TLV response.[peap] The users session was previously rejected: returning reject (again.)[peap] *** This means you need to read the PREVIOUS messages in the debug output[peap] *** to find out the reason why the user was rejected.[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.[peap] *** what went wrong, and how to fix the problem.[eap] Handler failed in EAP/peap[eap] Failed in EAP select++[eap] returns invalidFailed to authenticate the user.Login incorrect: [1085/<via Auth-Type = EAP>] (from client ruckus-controller port 1 cli 00-1E-64-27-2F-52)Using Post-Auth-Type Reject# Executing group from file /etc/freeradius/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> 1085 attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 7 for 1 secondsGoing to the next requestWaking up in 0.9 seconds.Sending delayed reject for request 7Sending Access-Reject of id 118 to 172.23.54.2 port 32784 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000Waking up in 3.9 seconds.Cleaning up request 0 ID 111 with timestamp +25Cleaning up request 1 ID 112 with timestamp +25Cleaning up request 2 ID 113 with timestamp +25Cleaning up request 3 ID 114 with timestamp +25Cleaning up request 4 ID 115 with timestamp +25Cleaning up request 5 ID 116 with timestamp +25Cleaning up request 6 ID 117 with timestamp +25Waking up in 1.0 seconds.Cleaning up request 7 ID 118 with timestamp +25Ready to process requests.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121120/cae43196/attachment-0001.html>
More information about the Freeradius-Users
mailing list