EAP error

TOURE Amidou Florian amidoufloriantoure at yahoo.fr
Sat May 7 15:42:12 CEST 2016


Hi all ,Ecxuse me to disturb again but I have a problem when I want to authenticate a radius  local user on a NAC solution which is Packetfence.I have installed a windows certificate on the client and on my server.
But I got this specific error : (8) Login incorrect (eap: Failed continuing EAP PEAP (25) session.  EAP sub-module failed): [Administrateur] (from client 192.168.1.5 port 50003 cli 00:40:d0:67:d0:b1)
Is someone know how to solve this?
This my radius debug output 
Regards 
Amidou 

8) eap_peap:   This means you need to read the PREVIOUS messages in the debug output
(8) eap_peap:   to find out the reason why the user was rejected
(8) eap_peap:   Look for "reject" or "fail".  Those earlier messages will tell you
(8) eap_peap:   what went wrong, and how to fix the problem
(8) eap: ERROR: Failed continuing EAP PEAP (25) session.  EAP sub-module failed
(8) eap: Sending EAP Failure (code 4) ID 10 length 4
(8) eap: Failed in EAP select
(8)     [eap] = invalid
(8)   } # authenticate = invalid
(8) Failed to authenticate the user
(8) Login incorrect (eap: Failed continuing EAP PEAP (25) session.  EAP sub-module failed): [Administrateur] (from client 192.168.1.5 port 50003 cli 00:40:d0:67:d0:b1)
(8) Using Post-Auth-Type Reject
(8) # Executing group from file /usr/local/pf/raddb//sites-enabled/packetfence
(8)   Post-Auth-Type REJECT {
(8)     if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) ) {
(8)     if (! EAP-Type || (EAP-Type != TTLS  && EAP-Type != PEAP) )  -> FALSE
(8) attr_filter.access_reject: EXPAND %{User-Name}
(8) attr_filter.access_reject:    --> Administrateur
(8) attr_filter.access_reject: Matched entry DEFAULT at line 11
(8)     [attr_filter.access_reject] = updated
(8) attr_filter.packetfence_post_auth: EXPAND %{User-Name}
(8) attr_filter.packetfence_post_auth:    --> Administrateur
(8) attr_filter.packetfence_post_auth: Matched entry DEFAULT at line 10
(8)     [attr_filter.packetfence_post_auth] = updated
(8)     [eap] = noop
(8)     policy remove_reply_message_if_eap {
(8)       if (&reply:EAP-Message && &reply:Reply-Message) {
(8)       if (&reply:EAP-Message && &reply:Reply-Message)  -> FALSE
(8)       else {
(8)         [noop] = noop
(8)       } # else = noop
(8)     } # policy remove_reply_message_if_eap = noop
(8) linelog: EXPAND messages.%{%{reply:Packet-Type}:-default}
(8) linelog:    --> messages.Access-Reject
(8) linelog: EXPAND %t : [mac:%{Calling-Station-Id}] Rejected user: %{User-Name}
(8) linelog:    --> Sat May  7 17:23:12 2016 : [mac:00:40:d0:67:d0:b1] Rejected user: Administrateur
(8) linelog: EXPAND /usr/local/pf/logs/radius.log
(8) linelog:    --> /usr/local/pf/logs/radius.log
(8)     [linelog] = ok
(8)   } # Post-Auth-Type REJECT = updated
(8) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(8) Sending delayed response
(8) Sent Access-Reject Id 54 from 192.168.10.1:1812 to 192.168.1.5:1645 length 44
(8)   EAP-Message = 0x040a0004
(8)   Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
(0) Cleaning up request packet ID 46 with timestamp +3
(1) Cleaning up request packet ID 47 with timestamp +3
(2) Cleaning up request packet ID 48 with timestamp +3
(3) Cleaning up request packet ID 49 with timestamp +3
(4) Cleaning up request packet ID 50 with timestamp +4
(5) Cleaning up request packet ID 51 with timestamp +4
(6) Cleaning up request packet ID 52 with timestamp +4
Waking up in 0.1 seconds.
(7) Cleaning up request packet ID 53 with timestamp +4
(8) Cleaning up request packet ID 54 with timestamp +4
Ready to process requests


Envoyé depuis Yahoo Mail pour Android


More information about the Freeradius-Users mailing list