<br><font size=2 face="sans-serif">Here's the full log:</font>
<br><font size=2 face="sans-serif">Waking up in 6 seconds...</font>
<br><font size=2 face="sans-serif">rad_recv: Access-Request packet from
host 10.104.254.73:1645, id=67, length=259</font>
<br><font size=2 face="sans-serif"> User-Name
= "KMT-EU.KMTG.NET\\sstruyf"</font>
<br><font size=2 face="sans-serif"> Framed-MTU
= 1400</font>
<br><font size=2 face="sans-serif"> Called-Station-Id
= "0016.469b.7cd0"</font>
<br><font size=2 face="sans-serif"> Calling-Station-Id
= "0011.851a.cc37"</font>
<br><font size=2 face="sans-serif"> Service-Type
= Login-User</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0xfeb711c4400f8f34b9fef7c2be7f77bc</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x020900691900170301005e5971fff2b46b2f81e88ed248772a59c1860abf0ebe40379c9e20c0ac6edd9cb19abe8ebfe82595c54bc12a979c51182f9b58d130708870f1b6bb17c1cd8249a64ddae5750e9411d4e337bd0876f393e83f2015b4c783ee35db02041bad3</font>
<br><font size=2 face="sans-serif"> NAS-Port-Type
= Wireless-802.11</font>
<br><font size=2 face="sans-serif"> NAS-Port
= 2936</font>
<br><font size=2 face="sans-serif"> State =
0x5d8298849858ea61aec0380c81af200d</font>
<br><font size=2 face="sans-serif"> NAS-IP-Address
= 10.104.254.73</font>
<br><font size=2 face="sans-serif"> NAS-Identifier
= "WAP07KE"</font>
<br><font size=2 face="sans-serif"> Processing the authorize section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authorize for
request 7</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "preprocess"
returns ok for request 7</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "mschap"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_realm: No '@' in User-Name
= "KMT-EU.KMTG.NET\sstruyf", looking up realm NULL</font>
<br><font size=2 face="sans-serif"> rlm_realm: No such realm
"NULL"</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "kmt-eu.kmtg.net"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_realm: Looking up
realm "KMT-EU.KMTG.NET" for User-Name = "KMT-EU.KMTG.NET\sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Found realm
"KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Stripped-User-Name
= "sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Proxying request
from user sstruyf to realm KMT-EU.KMTG.NET</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Realm
= "KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Authentication
realm is LOCAL.</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "ntdomain"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP packet type response
id 9 length 105</font>
<br><font size=2 face="sans-serif"> rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "eap"
returns updated for request 7</font>
<br><font size=2 face="sans-serif"> users: Matched sstruyf
at 98</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "files"
returns ok for request 7</font>
<br><font size=2 face="sans-serif">modcall: group authorize returns updated
for request 7</font>
<br><font size=2 face="sans-serif"> rad_check_password: Found
Auth-Type EAP</font>
<br><font size=2 face="sans-serif">auth: type "EAP"</font>
<br><font size=2 face="sans-serif"> Processing the authenticate section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authenticate
for request 7</font>
<br><font size=2 face="sans-serif"> rlm_eap: Request found, released
from the list</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP/peap</font>
<br><font size=2 face="sans-serif"> rlm_eap: processing type peap</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Authenticate</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: processing TLS</font>
<br><font size=2 face="sans-serif"> eaptls_verify returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: Done initial handshake</font>
<br><font size=2 face="sans-serif"> eaptls_process returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: EAPTLS_OK</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Session established.
Decoding tunneled attributes.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: EAP type mschapv2</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Tunneled data is
valid.</font>
<br><font size=2 face="sans-serif"> PEAP: Got tunneled EAP-Message</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x020900521a0209004d3160a685c531c746f19621bbdd8d3f136800000000000000001af36673f68f9f26b4cc76bf8cd9f440dc36396981ad345004b4d542d45552e4b4d54472e4e45545c73737472757966</font>
<br><font size=2 face="sans-serif"> PEAP: Setting User-Name to KMT-EU.KMTG.NET\sstruyf</font>
<br><font size=2 face="sans-serif"> PEAP: Adding old state with 46
61</font>
<br><font size=2 face="sans-serif"> PEAP: Sending tunneled request</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x020900521a0209004d3160a685c531c746f19621bbdd8d3f136800000000000000001af36673f68f9f26b4cc76bf8cd9f440dc36396981ad345004b4d542d45552e4b4d54472e4e45545c73737472757966</font>
<br><font size=2 face="sans-serif"> FreeRADIUS-Proxied-To
= 127.0.0.1</font>
<br><font size=2 face="sans-serif"> User-Name
= "KMT-EU.KMTG.NET\\sstruyf"</font>
<br><font size=2 face="sans-serif"> State =
0x4661e4398678b434bf08ae113a631207</font>
<br><font size=2 face="sans-serif"> Processing the authorize section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authorize for
request 7</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "preprocess"
returns ok for request 7</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "mschap"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_realm: No '@' in User-Name
= "KMT-EU.KMTG.NET\sstruyf", looking up realm NULL</font>
<br><font size=2 face="sans-serif"> rlm_realm: No such realm
"NULL"</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "kmt-eu.kmtg.net"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_realm: Looking up
realm "KMT-EU.KMTG.NET" for User-Name = "KMT-EU.KMTG.NET\sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Found realm
"KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Stripped-User-Name
= "sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Proxying request
from user sstruyf to realm KMT-EU.KMTG.NET</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Realm
= "KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Authentication
realm is LOCAL.</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "ntdomain"
returns noop for request 7</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP packet type response
id 9 length 82</font>
<br><font size=2 face="sans-serif"> rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "eap"
returns updated for request 7</font>
<br><font size=2 face="sans-serif"> users: Matched sstruyf
at 98</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "files"
returns ok for request 7</font>
<br><font size=2 face="sans-serif">modcall: group authorize returns updated
for request 7</font>
<br><font size=2 face="sans-serif"> rad_check_password: Found
Auth-Type EAP</font>
<br><font size=2 face="sans-serif">auth: type "EAP"</font>
<br><font size=2 face="sans-serif"> Processing the authenticate section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authenticate
for request 7</font>
<br><font size=2 face="sans-serif"> rlm_eap: Request found, released
from the list</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP/mschapv2</font>
<br><font size=2 face="sans-serif"> rlm_eap: processing type mschapv2</font>
<br><font size=2 face="sans-serif"> Processing the authenticate section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group Auth-Type for
request 7</font>
<br><font size=2 face="sans-serif"> rlm_mschap: No User-Password
configured. Cannot create LM-Password.</font>
<br><font size=2 face="sans-serif"> rlm_mschap: No User-Password
configured. Cannot create NT-Password.</font>
<br><font size=2 face="sans-serif"> rlm_mschap: NT Domain delimeter
found, should we have enabled with_ntdomain_hack?</font>
<br><font size=2 face="sans-serif"> rlm_mschap: Told to do MS-CHAPv2
for KMT-EU.KMTG.NET\sstruyf with NT-Password</font>
<br><font size=2 face="sans-serif">radius_xlat: Running registered xlat
function of module mschap for string 'User-Name'</font>
<br><font size=2 face="sans-serif">radius_xlat: Running registered xlat
function of module mschap for string 'Challenge'</font>
<br><font size=2 face="sans-serif"> mschap2: 27</font>
<br><font size=2 face="sans-serif"> rlm_mschap: NT Domain delimeter
found, should we have enabled with_ntdomain_hack?</font>
<br><font size=2 face="sans-serif">radius_xlat: Running registered xlat
function of module mschap for string 'NT-Response'</font>
<br><font size=2 face="sans-serif">radius_xlat: '/usr/bin/ntlm_auth
--request-nt-key --username=sstruyf --challenge=decc4450c3b83d2c --nt-response=1af36673f68ff26b4cc76bf8cd9f440d0c36396981ad345'</font>
<br><font size=2 face="sans-serif">Exec-Program: /usr/bin/ntlm_auth --request-nt-key
--username=sstruyf --challenge=decc4450c3b83d2c --nt-response=1af36673f68f926b4cc76bf8cd9f440d0c36396981ad345</font>
<br><font size=2 face="sans-serif">Exec-Program output: Logon failure (0xc000006d)</font>
<br><font size=2 face="sans-serif">Exec-Program-Wait: plaintext: Logon
failure (0xc000006d)</font>
<br><font size=2 face="sans-serif">Exec-Program: returned: 1</font>
<br><font size=2 face="sans-serif"> rlm_mschap: External script failed.</font>
<br><font size=2 face="sans-serif"> rlm_mschap: FAILED: MS-CHAP2-Response
is incorrect</font>
<br><font size=2 face="sans-serif"> modcall[authenticate]: module
"mschap" returns reject for request 7</font>
<br><font size=2 face="sans-serif">modcall: group Auth-Type returns reject
for request 7</font>
<br><font size=2 face="sans-serif"> rlm_eap: Freeing handler</font>
<br><font size=2 face="sans-serif"> modcall[authenticate]: module
"eap" returns reject for request 7</font>
<br><font size=2 face="sans-serif">modcall: group authenticate returns
reject for request 7</font>
<br><font size=2 face="sans-serif">auth: Failed to validate the user.</font>
<br><font size=2 face="sans-serif">Login incorrect: [KMT-EU.KMTG.NET\\sstruyf/<no
User-Password attribute>] (from client localhost port 0)</font>
<br><font size=2 face="sans-serif"> Processing the post-auth section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group Post-Auth-Type
for request 7</font>
<br><font size=2 face="sans-serif">hpidm: entered hpidm_post_auth</font>
<br><font size=2 face="sans-serif">rlm_hpidm: request does not contain
NAS-Port, cannot process this reply</font>
<br><font size=2 face="sans-serif"> modcall[post-auth]: module "hpidm"
returns ok for request 7</font>
<br><font size=2 face="sans-serif">modcall: group Post-Auth-Type returns
ok for request 7</font>
<br><font size=2 face="sans-serif"> PEAP: Got tunneled reply RADIUS
code 3</font>
<br><font size=2 face="sans-serif"> Service-Type
= Login-User</font>
<br><font size=2 face="sans-serif"> Tunnel-Type:0
= VLAN</font>
<br><font size=2 face="sans-serif"> Tunnel-Medium-Type:0
= 802</font>
<br><font size=2 face="sans-serif"> Tunnel-Private-Group-Id:0
= "3"</font>
<br><font size=2 face="sans-serif"> MS-CHAP-Error
= "\tE=691 R=1"</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x04090004</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0x00000000000000000000000000000000</font>
<br><font size=2 face="sans-serif"> PEAP: Processing from tunneled
session code 0x81c8538 3</font>
<br><font size=2 face="sans-serif"> Service-Type
= Login-User</font>
<br><font size=2 face="sans-serif"> Tunnel-Type:0
= VLAN</font>
<br><font size=2 face="sans-serif"> Tunnel-Medium-Type:0
= 802</font>
<br><font size=2 face="sans-serif"> Tunnel-Private-Group-Id:0
= "3"</font>
<br><font size=2 face="sans-serif"> MS-CHAP-Error
= "\tE=691 R=1"</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x04090004</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0x00000000000000000000000000000000</font>
<br><font size=2 face="sans-serif"> PEAP: Tunneled authentication
was rejected.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: FAILURE</font>
<br><font size=2 face="sans-serif"> modcall[authenticate]: module
"eap" returns handled for request 7</font>
<br><font size=2 face="sans-serif">modcall: group authenticate returns
handled for request 7</font>
<br><font size=2 face="sans-serif">Sending Access-Challenge of id 67 to
10.104.254.73:1645</font>
<br><font size=2 face="sans-serif"> Service-Type
= Login-User</font>
<br><font size=2 face="sans-serif"> Tunnel-Type:0
= VLAN</font>
<br><font size=2 face="sans-serif"> Tunnel-Medium-Type:0
= 802</font>
<br><font size=2 face="sans-serif"> Tunnel-Private-Group-Id:0
= "3"</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x010a00261900170301001bbea51b60bcb4566d7ef538deab44475ff7bea343dbeb8600663c15</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0x00000000000000000000000000000000</font>
<br><font size=2 face="sans-serif"> State =
0x53366a955095f03c779d1b7ef5a01e38</font>
<br><font size=2 face="sans-serif">Finished request 7</font>
<br><font size=2 face="sans-serif">Going to the next request</font>
<br><font size=2 face="sans-serif">Waking up in 6 seconds...</font>
<br><font size=2 face="sans-serif">rad_recv: Access-Request packet from
host 10.104.254.73:1645, id=68, length=192</font>
<br><font size=2 face="sans-serif"> User-Name
= "KMT-EU.KMTG.NET\\sstruyf"</font>
<br><font size=2 face="sans-serif"> Framed-MTU
= 1400</font>
<br><font size=2 face="sans-serif"> Called-Station-Id
= "0016.469b.7cd0"</font>
<br><font size=2 face="sans-serif"> Calling-Station-Id
= "0011.851a.cc37"</font>
<br><font size=2 face="sans-serif"> Service-Type
= Login-User</font>
<br><font size=2 face="sans-serif"> Message-Authenticator
= 0x19198f9e13690ff3237353e66c498924</font>
<br><font size=2 face="sans-serif"> EAP-Message
= 0x020a00261900170301001b723ec3fbfe48e768422325cbd73602c757a16c7c650e39a86cfcf5</font>
<br><font size=2 face="sans-serif"> NAS-Port-Type
= Wireless-802.11</font>
<br><font size=2 face="sans-serif"> NAS-Port
= 2936</font>
<br><font size=2 face="sans-serif"> State =
0x53366a955095f03c779d1b7ef5a01e38</font>
<br><font size=2 face="sans-serif"> NAS-IP-Address
= 10.104.254.73</font>
<br><font size=2 face="sans-serif"> NAS-Identifier
= "WAP07KE"</font>
<br><font size=2 face="sans-serif"> Processing the authorize section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authorize for
request 8</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "preprocess"
returns ok for request 8</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "mschap"
returns noop for request 8</font>
<br><font size=2 face="sans-serif"> rlm_realm: No '@' in User-Name
= "KMT-EU.KMTG.NET\sstruyf", looking up realm NULL</font>
<br><font size=2 face="sans-serif"> rlm_realm: No such realm
"NULL"</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "kmt-eu.kmtg.net"
returns noop for request 8</font>
<br><font size=2 face="sans-serif"> rlm_realm: Looking up
realm "KMT-EU.KMTG.NET" for User-Name = "KMT-EU.KMTG.NET\sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Found realm
"KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Stripped-User-Name
= "sstruyf"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Proxying request
from user sstruyf to realm KMT-EU.KMTG.NET</font>
<br><font size=2 face="sans-serif"> rlm_realm: Adding Realm
= "KMT-EU.KMTG.NET"</font>
<br><font size=2 face="sans-serif"> rlm_realm: Authentication
realm is LOCAL.</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "ntdomain"
returns noop for request 8</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP packet type response
id 10 length 38</font>
<br><font size=2 face="sans-serif"> rlm_eap: No EAP Start, assuming
it's an on-going EAP conversation</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "eap"
returns updated for request 8</font>
<br><font size=2 face="sans-serif"> users: Matched sstruyf
at 98</font>
<br><font size=2 face="sans-serif"> modcall[authorize]: module "files"
returns ok for request 8</font>
<br><font size=2 face="sans-serif">modcall: group authorize returns updated
for request 8</font>
<br><font size=2 face="sans-serif"> rad_check_password: Found
Auth-Type EAP</font>
<br><font size=2 face="sans-serif">auth: type "EAP"</font>
<br><font size=2 face="sans-serif"> Processing the authenticate section
of radiusd.conf</font>
<br><font size=2 face="sans-serif">modcall: entering group authenticate
for request 8</font>
<br><font size=2 face="sans-serif"> rlm_eap: Request found, released
from the list</font>
<br><font size=2 face="sans-serif"> rlm_eap: EAP/peap</font>
<br><font size=2 face="sans-serif"> rlm_eap: processing type peap</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Authenticate</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: processing TLS</font>
<br><font size=2 face="sans-serif"> eaptls_verify returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_tls: Done initial handshake</font>
<br><font size=2 face="sans-serif"> eaptls_process returned 7</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: EAPTLS_OK</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Session established.
Decoding tunneled attributes.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Received EAP-TLV
response.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Tunneled data is
valid.</font>
<br><font size=2 face="sans-serif"> rlm_eap_peap: Had sent
TLV failure, rejecting.</font>
<br><font size=2 face="sans-serif"> rlm_eap: Handler failed in EAP/peap</font>
<br><font size=2 face="sans-serif"> rlm_eap: Failed in EAP select</font>
<br><font size=2 face="sans-serif"> modcall[authenticate]: module
"eap" returns invalid for request 8</font>
<br><font size=2 face="sans-serif">modcall: group authenticate returns
invalid for request 8</font>
<br><font size=2 face="sans-serif">auth: Failed to validate the user.</font>
<br><font size=2 face="sans-serif">Login incorrect: [KMT-EU.KMTG.NET\\sstruyf/<no
User-Password attribute>] (from client WAP07KE port 2936 cli 0011.851a.cc37)</font>
<br><font size=2 face="sans-serif"> Processing the post-auth section
of radiusd.conf</font>
<br>
<br><font size=2 face="sans-serif">Stieven Struyf<br>
M.I.S. Division - System Operations <br>
Komatsu Europe International NV<br>
Mechelsesteenweg 586<br>
B-1800 Vilvoorde<br>
Stieven.Struyf@komatsu.eu<br>
Tel. +32 (0)2 2552551</font>
<br>
<br><tt><font size=2>freeradius-users-bounces+stieven.struyf=komatsu.eu@lists.freeradius.org
wrote on 10/27/2006 12:26:09 PM:<br>
<br>
> <br>
> HOWEVER, first you may want to check your mschap module definition:<br>
> <br>
> modules {<br>
> mschap {<br>
> ntlm_auth = "/usr/bin/ntlm_auth \<br>
> --request-nt-key \<br>
> --username=%{mschap:User-Name:-None} \<br>
> --domain=%{mschap:NT-Domain:-None} \<br>
> --challenge=%{mschap:Challenge:-00} \<br>
> --nt-response=%{mschap:NT-Response:-00}"<br>
> <br>
> ...all on one line of course. Note the use of the "mschap:User-Name"
and <br>
> "mschap:NT-Domain" values.<br>
> - <br>
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>
I checked it and changed the userline value(it was stripped-username something,
but without success.)</font></tt>