Dear All,<br>
<br>
I've got a problem with my freeradius. I've installed freeradius 1.1.0.
I'm gonna using EAP/PEAP and MSCHAPv2. The radius returned
Access-Reject message when I try to authenicate user.<br>
<br>
This is the debug message from freeradius:<br>
------------------- BEGIN DEBUG -----------------------<br>
rad_recv: Access-Request packet from host <a href="http://128.16.100.2:21645">128.16.100.2:21645</a>, id=112, length=219<br>
User-Name = "agus"<br>
Framed-MTU = 1400<br>
Called-Station-Id = "0012.43f9.07f0"<br>
Calling-Station-Id = "0040.96a6.0915"<br>
Service-Type = Login-User<br>
Message-Authenticator = 0x035385584153738e930ae5647bba4e77<br>
EAP-Message =
0x020900561900170301004bbeba44dea711ccc50b11d2b66d81c5ee2f2254128135c4bfbc0c8f56c11d93419377cb9061b873416e21389346112ea96d1078b7ad8db16c64b70d812a071923b02819bd681a5902ead889<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Port = 208<br>
State = 0xbe8af775ecd2998b486819e32c8c5eb3<br>
NAS-IP-Address = <a href="http://128.16.100.2">128.16.100.2</a><br>
NAS-Identifier = "iSpot"<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 7<br>
modcall[authorize]: module "preprocess" returns ok for request 7<br>
modcall[authorize]: module "chap" returns noop for request 7<br>
modcall[authorize]: module "mschap" returns noop for request 7<br>
rlm_realm: No '@' in User-Name = "agus", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 7<br>
rlm_eap: EAP packet type response id 9 length 86<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 7<br>
users: Matched entry DEFAULT at line 152<br>
modcall[authorize]: module "files" returns ok for request 7<br>
rlm_passwd: Added LM-Password: 'B736D7A84FBDE543AAD3B435B51404EE' to config_items<br>
rlm_passwd: Added NT-Password: 'AA4348E74FCFE5BB2061F2FF5C085304' to config_items<br>
rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items<br>
rlm_passwd: Adding "Auth-Type = MS-CHAP"<br>
modcall[authorize]: module "etc_smbpasswd" returns ok for request 7<br>
modcall: leaving group authorize (returns updated) for request 7<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 7<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.<br>
rlm_eap_peap: EAP type mschapv2<br>
rlm_eap_peap: Tunneled data is valid.<br>
PEAP: Setting User-Name to agus<br>
PEAP: Adding old state with e5 7c<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 7<br>
modcall[authorize]: module "preprocess" returns ok for request 7<br>
modcall[authorize]: module "chap" returns noop for request 7<br>
modcall[authorize]: module "mschap" returns noop for request 7<br>
rlm_realm: No '@' in User-Name = "agus", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 7<br>
rlm_eap: EAP packet type response id 9 length 63<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 7<br>
users: Matched entry DEFAULT at line 152<br>
modcall[authorize]: module "files" returns ok for request 7<br>
rlm_passwd: Added LM-Password: 'B736D7A84FBDE543AAD3B435B51404EE' to config_items<br>
rlm_passwd: Added NT-Password: 'AA4348E74FCFE5BB2061F2FF5C085304' to config_items<br>
rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items<br>
rlm_passwd: Adding "Auth-Type = MS-CHAP"<br>
modcall[authorize]: module "etc_smbpasswd" returns ok for request 7<br>
modcall: leaving group authorize (returns updated) for request 7<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 7<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/mschapv2<br>
rlm_eap: processing type mschapv2<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group MS-CHAP for request 7<br>
rlm_mschap: Found LM-Password<br>
rlm_mschap: Found NT-Password<br>
rlm_mschap: Told to do MS-CHAPv2 for agus with NT-Password<br>
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'<br>
mschap2: 60<br>
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'<br>
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=agus
--challenge=b7bc51d8fa48dfc5
--nt-response=09d697e7c477017b27c969c52b93deb49200295bda22bf6b'<br>
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=agus
--challenge=b7bc51d8fa48dfc5
--nt-response=09d697e7c477017b27c969c52b93deb49200295bda22bf6b<br>
[2006/02/28 05:41:41, 0] utils/ntlm_auth.c:get_winbind_domain(140)<br>
could not obtain winbind domain name!<br>
Exec-Program output: Reading winbind reply failed! (0xc0000001)<br>
Exec-Program-Wait: plaintext: Reading winbind reply failed! (0xc0000001)<br>
Exec-Program: returned: 1<br>
rlm_mschap: External script failed.<br>
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<br>
modcall[authenticate]: module "mschap" returns reject for request 7<br>
modcall: leaving group MS-CHAP (returns reject) for request 7<br>
rlm_eap: Freeing handler<br>
modcall[authenticate]: module "eap" returns reject for request 7<br>
modcall: leaving group authenticate (returns reject) for request 7<br>
auth: Failed to validate the user.<br>
PEAP: Tunneled authentication was rejected.<br>
rlm_eap_peap: FAILURE<br>
modcall[authenticate]: module "eap" returns handled for request 7<br>
modcall: leaving group authenticate (returns handled) for request 7<br>
Sending Access-Challenge of id 112 to <a href="http://128.16.100.2">128.16.100.2</a> port 21645<br>
EAP-Message =
0x010a00261900170301001bce70eaa23461d24fc4ce2a1d288dd015b9c4c3640a8a4edb8bae92<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x475bad5b4f387d108835cc1a2cf108f0<br>
Finished request 7<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 2 seconds...<br>
rad_recv: Access-Request packet from host <a href="http://128.16.100.2:21645">128.16.100.2:21645</a>, id=113, length=171<br>
User-Name = "agus"<br>
Framed-MTU = 1400<br>
Called-Station-Id = "0012.43f9.07f0"<br>
Calling-Station-Id = "0040.96a6.0915"<br>
Service-Type = Login-User<br>
Message-Authenticator = 0xc2617d78095ef05b9cac0310eb5d1793<br>
EAP-Message =
0x020a00261900170301001bd67b9a87e9d765a68d39d4c7315696e06a111f82effe74aca9e9c0<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Port = 208<br>
State = 0x475bad5b4f387d108835cc1a2cf108f0<br>
NAS-IP-Address = <a href="http://128.16.100.2">128.16.100.2</a><br>
NAS-Identifier = "iSpot"<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 8<br>
modcall[authorize]: module "preprocess" returns ok for request 8<br>
modcall[authorize]: module "chap" returns noop for request 8<br>
modcall[authorize]: module "mschap" returns noop for request 8<br>
rlm_realm: No '@' in User-Name = "agus", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 8<br>
rlm_eap: EAP packet type response id 10 length 38<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 8<br>
users: Matched entry DEFAULT at line 152<br>
modcall[authorize]: module "files" returns ok for request 8<br>
rlm_passwd: Added LM-Password: 'B736D7A84FBDE543AAD3B435B51404EE' to config_items<br>
rlm_passwd: Added NT-Password: 'AA4348E74FCFE5BB2061F2FF5C085304' to config_items<br>
rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items<br>
rlm_passwd: Adding "Auth-Type = MS-CHAP"<br>
modcall[authorize]: module "etc_smbpasswd" returns ok for request 8<br>
modcall: leaving group authorize (returns updated) for request 8<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 8<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7<br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.<br>
rlm_eap_peap: Received EAP-TLV response.<br>
rlm_eap_peap: Tunneled data is valid.<br>
rlm_eap_peap: Had sent TLV failure, rejecting.<br>
rlm_eap: Handler failed in EAP/peap<br>
rlm_eap: Failed in EAP select<br>
modcall[authenticate]: module "eap" returns invalid for request 8<br>
modcall: leaving group authenticate (returns invalid) for request 8<br>
auth: Failed to validate the user.<br>
------------------- END DEBUG -----------------------<br>
<br>
Can anybody tell me what happen with my freeradius?<br clear="all"><br>-- <br>-----BEGIN GEEK CODE BLOCK-----<br>Version: 3.1<br>GCS
d(-) s:- a--- C++(+++)$>++++$ UL$>++++$ P+? L++$>$ !E--- W++
!N !o !K-- w !O M !V PS PE !Y PGP t 5 X R tv b DI D G e h r y<br>------END GEEK CODE BLOCK------