<DIV>Hi,</DIV> <DIV> I am using freeRADIUS 1.1.7. Notebook with odyssey client (peap mschap-v2) can talk to freeRADUS well. But when I use Vocera client, which can support peap + mschap-v2, It does not work. </DIV> <DIV><BR> </DIV> <DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">debug message (see more debug message in attachment):</SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">...</SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">rad_recv: Access-Request packet from host 10.50.1.38:1034, id=55, length=233<BR> User-Name = "lwang"<BR>
NAS-IP-Address = 10.50.1.38<BR> NAS-Identifier = "QA-AP1-21f0"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-21-F5:vocera_test"<BR> Calling-Station-Id = "00-16-41-F7-F7-75"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> EAP-Message = 0x020a003919800000002f14030100010116030100248393f1d6391a86ab0605df998e0336f7c651a560328bf621b1ddebbfad332d8ea8796c49<BR> State = 0xfd6f3b2761e20233acdc5d29ec63d11f<BR> Message-Authenticator = 0xc4ee170f5d47ee55bead80b4a36580cb<BR> Processing the authorize
section of radiusd.conf<BR>modcall: entering group authorize for request 40<BR> modcall[authorize]: module "preprocess" returns ok for request 40<BR>radius_xlat: '/usr/local/var/log/radius/radacct/auth-detail-20080212'<BR>rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/auth-detail-20080212<BR> modcall[authorize]: module "auth_log" returns ok for request 40<BR> modcall[authorize]: module "chap" returns noop for request 40<BR> modcall[authorize]: module "mschap" returns noop for request 40<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 40<BR> rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR>
modcall[authorize]: module "ntdomain" returns noop for request 40<BR> rlm_eap: EAP packet type response id 10 length 57<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 40<BR> users: Matched entry lwang at line 95<BR> modcall[authorize]: module "files" returns ok for request 40<BR>modcall: leaving group authorize (returns updated) for request 40<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 40<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length Included<BR> eaptls_verify returned 11 <BR> rlm_eap_tls: <<< TLS 1.0
ChangeCipherSpec [length 0001] <BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished <BR> TLS_accept: SSLv3 read finished A <BR> (other): SSL negotiation finished successfully <BR>SSL Connection Established <BR> eaptls_process returned 13 <BR> rlm_eap_peap: EAPTLS_HANDLED<BR> rlm_eap: Freeing handler<BR> modcall[authenticate]: module "eap" returns reject for request 40<BR>modcall: leaving group authenticate (returns reject) for request 40<BR>auth: Failed to validate the user.<BR>Delaying request 40 for 1 seconds<BR>Finished request 40<BR>Going to the next request<BR>Waking up in 5 seconds...<BR>rad_recv: Access-Request packet from host 10.50.1.38:1034, id=56, length=156<BR> User-Name = "lwang"<BR> NAS-IP-Address = 10.50.1.38<BR> NAS-Identifier =
"QA-AP1-21f0"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-21-F5:vocera_test"<BR> Calling-Station-Id = "00-16-41-F7-F7-75"<BR> Framed-MTU = 1500<BR> NAS-Port-Type = Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> Message-Authenticator = 0x834864649ecf9fba4cbd71673b5bb042<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 41<BR> modcall[authorize]: module "preprocess" returns ok for request 41<BR>radius_xlat: '/usr/local/var/log/radius/radacct/auth-detail-20080212'<BR>rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/auth-detail-20080212<BR> modcall[authorize]: module "auth_log" returns ok for request 41<BR> modcall[authorize]: module "chap" returns noop for request 41<BR> modcall[authorize]: module "mschap" returns noop for request 41<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 41<BR> rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "ntdomain" returns noop for request 41<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop for request 41<BR> users: Matched entry lwang at line 95<BR> modcall[authorize]: module "files" returns ok for request
41<BR>modcall: leaving group authorize (returns ok) for request 41<BR>auth: type Local<BR>auth: No User-Password or CHAP-Password attribute in the request<BR>auth: Failed to validate the user.<BR>Delaying request 41 for 1 seconds<BR>Finished request 41<BR>Going to the next request<BR>Waking up in 5 seconds...<BR>rad_recv: Access-Request packet from host 10.50.1.38:1034, id=57, length=156<BR> User-Name = "lwang"<BR> NAS-IP-Address = 10.50.1.38<BR> NAS-Identifier = "QA-AP1-21f0"<BR> NAS-Port = 0<BR> Called-Station-Id = "00-19-77-00-21-F5:vocera_test"<BR> Calling-Station-Id = "00-16-41-F7-F7-75"<BR> Framed-MTU = 1500<BR> NAS-Port-Type =
Wireless-802.11<BR> Connect-Info = "CONNECT 11Mbps 802.11b"<BR> Message-Authenticator = 0xfe7dea9b1f1eb6e620980f6f09a97012<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 42<BR> modcall[authorize]: module "preprocess" returns ok for request 42<BR>radius_xlat: '/usr/local/var/log/radius/radacct/auth-detail-20080212'<BR>rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/auth-detail-20080212<BR> modcall[authorize]: module "auth_log" returns ok for request 42<BR> modcall[authorize]: module "chap" returns noop for request 42<BR> modcall[authorize]: module "mschap" returns noop for request 42<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm
"NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 42<BR> rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "ntdomain" returns noop for request 42<BR> rlm_eap: No EAP-Message, not doing EAP<BR> modcall[authorize]: module "eap" returns noop for request 42<BR> users: Matched entry lwang at line 95<BR> modcall[authorize]: module "files" returns ok for request 42<BR>modcall: leaving group authorize (returns ok) for request 42<BR>auth: type Local<BR>auth: No User-Password or CHAP-Password attribute in the request<BR>auth: Failed to validate the user.<BR>Delaying request 42 for 1 seconds<BR>Finished request 42<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Sending Access-Reject of id 51 to 10.50.1.38 port 1034<BR>Sending Access-Reject of id 55 to 10.50.1.38 port
1034<BR> EAP-Message = 0x040a0004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR>Sending Access-Reject of id 56 to 10.50.1.38 port 1034</SPAN></DIV> <DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN> </DIV> <DIV class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN> </DIV> <DIV> </DIV><p>
<hr size=1><a href="http://cn.mail.yahoo.com/gc/index.html?entry=5&souce=mail_mailletter_tagline">ÑÅ»¢ÓÊÏä´«µÝÐÂÄê×£¸££¬¸öÐԺؿ¨ËÍÇ×Åó£¡</a>