Hi,<br>I know it's plain English but I still can't figure out where the warning is comming from and what I have to change. It finds the password, but still gives the auth(failure):<br><br> auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>
auth: Failed to validate the user.<br><br>I'm using the default config-files with PEAP auth. Can somebody give me a hint in the right direction? Where/what config file should I look in and what to edit? THANKS!<br><br>
Here are my logs...<br><br>Listening on authentication address <a href="http://172.16.27.103">172.16.27.103</a> port 1812<br>Ready to process requests.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=141<br>
User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br>
NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x02000013016a656c6c656c616e6762726f656b<br> Message-Authenticator = 0x933439cddca44559a4ee3c2b327aaac5<br>
+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 0 length 19<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>
expand: %{User-Name} -> userX<br>rlm_sql (sql): sql_set_user escaped user --> 'userX'<br>rlm_sql (sql): Reserving sql socket id: 4<br> expand: SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = 'userX' ORDER BY id<br>
rlm_sql (sql): User found in radcheck table<br> expand: SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = 'userX' ORDER BY id<br>
expand: SELECT 'dynamic' as groupname FROM customers WHERE name = '%{SQL-User-Name}' ORDER BY id -> SELECT 'dynamic' as groupname FROM customers WHERE name = 'userX' ORDER BY id<br>
rlm_sql (sql): Released sql socket id: 4<br>++[sql] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_pap: Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x010100061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d299bab34161e655ea3ece36f0c<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=233<br>Cleaning up request 0 ID 0 with timestamp +41<br> User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br>
Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br> NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d299bab34161e655ea3ece36f0c<br>
NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0201005d190016030100520100004e0301485baf3e8e15e57593e3e1819134ab3ad55c2a65dbdd6278dadce70ffee5409a00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100<br>
Message-Authenticator = 0xda28b5bb86c975ef4fd3c5bf45e4bba5<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 1 length 93<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> (other): before/accept initialization<br> TLS_accept: before/accept initialization<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello<br>
TLS_accept: SSLv3 read client hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello<br> TLS_accept: SSLv3 write server hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate<br>
TLS_accept: SSLv3 write certificate A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange<br> TLS_accept: SSLv3 write key exchange A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>
TLS_accept: SSLv3 write server done A<br> TLS_accept: SSLv3 flush data<br> TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase<br>In SSL Accept mode<br> eaptls_process returned 13<br>
rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br> EAP-Message = 0x0102040019c000000acd160301004a020000460301485bafe7c5b0d88a48309c43edcd95ad1a7074078f255e9ae50b996f1652ccb920a16607e93eaa7110ee032225ce8e42a2f268a83d10b15c608aaa906a0983b761003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504<br>
EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133315a170d3039303631383134323133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e51de7b82469cbac2af9f14199eb4c8ebc3f2c3102c669d669d474b3c8a9<br>
EAP-Message = 0x10af6d0ed5e1d33fdca7a6fd55b046f135a4d7fce70cce39f1e2378ef0e137638ba9fa1dc376347d313f64f63d5955437faad9f0898028cd6386e91cc7305583103b82f4614092c960a0a0bced39a7cbdfc2267da2ffc5e29b607d9f47169ca043d4aa054efccb590ee0f0eb0c3825d5d72595f3afc15a59b39c3eaebee214108bbfdd4a5f3787b9d434219b11a62e59fdbeb53e2d962333c53483821af4d69d282dabeb36117b5b99cedb3800652d4901f44ae12e9eedd6e5d77513831376822f2fd03ff4f0236abbc6eaf831d4838909a263a0673f7ac176673eff4506db30bf950203010001a317301530130603551d25040c300a06082b06010505<br>
EAP-Message = 0x070301300d06092a864886f70d01010405000382010100996af82a8524e81fa2070413fa3bc07ef4d1acc88e96ee8f90b412dcd1564de0280bd3bc8eb8f024c7753ee0fb3a1d9c9e7e1fc60e87aa7309ba76e44ac083788079b800f28c46bf4cdbc8423c40b6c897ec4a2ccaa95c4b59d0c035a00725cc5e943ec10dac7cf1669995ec20a26ffaedf7c0e7bdc2acc11882ecb3e9f9e06e8597dfc4c30a9d69210cdf2872ed848af5e1c89e2ed34a6db012129685b12f56d4bec3f6e13e7b43b6e00a81545a38f28090f1ff3ceca37a107ea01898d2269f7156ca7c74c8b20ead294a6a7d1d32eb70065bda7bcfe009a070c6f01a9b0b9674fa3cff08a1<br>
EAP-Message = 0xd8bf0854f4d5920b817066b8<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d299aa834161e655ea3ece36f0c<br>Finished request 1.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=146<br>Cleaning up request 1 ID 0 with timestamp +41<br> User-Name = "userX"<br>
NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br> NAS-Identifier = "001c1066a106"<br>
NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d299aa834161e655ea3ece36f0c<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020200061900<br> Message-Authenticator = 0x6ae87b9fa610cc290341c3c8721eab9c<br>
+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 2 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x010303fc19401cd7c4c2a6889ffa64eb3b48b32b0004ab308204a73082038fa003020102020900d0b321af3f5e6edb300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133305a170d3038303731383134323133305a308193310b30090603<br>
EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c61affd9b5606d309f732b738a593c3adc04fc3cd9d9b4b974c83e330b98f92eb01c54c4a73ba87e32181239a999468e387accc8edac79fe1d61b7331b3a4d5d658858ecdaa0e0119b6d2a958f7bf3<br>
EAP-Message = 0x6c05b684d836361612e031a7c863de56c0c2eecea221506078f4f991d6f7f1b40882d1981e6be282cc6ca1e5555309375397dfc7b6a379cf23f9780841d540d83ac4a89847ec588c84073f1d8e4be9c2fc955cc79d12fc8e4e51a0bc388854a5fd8d19f7bf36495cdeade9dc373fdde84b6b4e452109c95785f65e663bdce3543241b34c49b8d41b1fe44362998a782bc18398a00b8261b303f9a6b025cb8165e6a107967a5f823a135c83611b99f5c0c30203010001a381fb3081f8301d0603551d0e0416041442ba48fa03771a044de938b92a0ac80bd48b46c83081c80603551d230481c03081bd801442ba48fa03771a044de938b92a0ac80bd48b<br>
EAP-Message = 0x46c8a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d0b321af3f5e6edb300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009271c64430e33a20e02c5c3ea887afbda2e892a25f633961c5b13d6df2461f7675b2d3ef317087b1eeeef20c6855c4208c7d<br>
EAP-Message = 0x22dbf87ea84011c3<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d2999a934161e655ea3ece36f0c<br>Finished request 2.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=146<br>Cleaning up request 2 ID 0 with timestamp +41<br> User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br>
Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br> NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d2999a934161e655ea3ece36f0c<br>
NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020300061900<br> Message-Authenticator = 0x55eb06fdd249f58d4b098d211ef699db<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 3 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x010402e71900589c274af17f1a494850cb1028aea864d133e063ba83420b4e3c091030cb4a0c5e5913181a57a0ef4e965b1a1490eb20c705bfc44603e0e52aa98d2f47831b1e88e8cb4149a777c58356b40fcb237ad48b79a1e61a5a02e245b071293b2b25d6b3bbc2e1eb5e26db78735d8172015a39ae2ab6d93382ef0be94f0419a5a7101b93f3f91c7a124f75d5884e225990d032bb21374f62ebdca5a3add90be36aa926a41695835c2eb3f7e88337da950eb5394a9ffb5f63412909f5e387762b4bc9607be7d5871e1c160301020d0c0002090080d98dfb21f227dd0de0112a4e02b14ba70211061c5b376bb17b336613f8dc7867bf69d166fa9a<br>
EAP-Message = 0x06947948dc5a2a0bb67aece8a2eb6ec595b94459607661010ebd873c133571818cf379124cde39be0e869e24c60c3ecaf1faaf1d96b46cb542c1a8207a4a2c8114788241b433bbe70a1c9ba7e56a3e27932254db2290c295e28300010200801e2c86c4785eeb02a0bb6dd6aa890202b7e118a106a5c230c576d7030939045bb009c2ac440005c74fe3659e3fd5b15f4554226f7dcd0131dc636b3d8b2152b63efc1cb23b6e8b0b3bd2960488c73b9bf499434d44629b813ff423fcf0580858aa6473354cce503e27925a2b5493fad07897a8f9ee105c4b949d6277b0ffa75d010034c14143a28ad289e2d0a39f498063167f73fcbf4000caa9c70a3905<br>
EAP-Message = 0x71a008d47f3651cca5a115167ccf4c3990bbaf3507e2b958546eb5e323c7fe857e8394a68251ad5404da26810c662052e242961cb37eafcab475f322a740a0abd48178f31bed95df9004fb37f667282bdbaa9db8402640ffad48ecb15a49ea5db0ace40026026cd5ab50949ade5c903144779999672f88dd7885fcf946ed5c01779571173271d8503a0c3e43791e06a2c4400ff0553c76e15bf7624cf432dd2d44643827b4d29a8763738b073e09b1bbb3c6f2d411391976badabf00cd6ccbb57627e315142009a49e948f5911cf3873557dc60adfebd10a8892d1ac71109fb9cf9a3e6416030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d2998ae34161e655ea3ece36f0c<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=344<br>
Cleaning up request 3 ID 0 with timestamp +41<br> User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br>
Calling-Station-Id = "001cdf77bb4d"<br> NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d2998ae34161e655ea3ece36f0c<br> NAS-Port-Type = Wireless-802.11<br>
EAP-Message = 0x020400cc190016030100861000008200804316d20c6a7c178058561a988cd4c857a1818bca9d6381d259ad888eb8590fb37aa41737e0465ed1c8645c4b84abd506a7d30c4bb7a7a10f909b9feb1f8a51b8430d748d87f03c7df6a01a3bb99c178da207b3a19c540469709f2845ba90768f8ec804175b2e9afaa80dccc2107919f7580b1953431922cdeda4f877c91e174f14030100010116030100300f7ef3899514ebb34daa12ac552eb8f9eb8841016f046ea3a63e53aadfb3e3397a93e73456cc41e1135861707733b220<br>
Message-Authenticator = 0xdea135864ef03eb8674379a35331fd5f<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 4 length 204<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange<br> TLS_accept: SSLv3 read client key exchange A<br> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]<br>
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished<br> TLS_accept: SSLv3 read finished A<br> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]<br> TLS_accept: SSLv3 write change cipher spec A<br>
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished<br> TLS_accept: SSLv3 write finished A<br> TLS_accept: SSLv3 flush data<br> (other): SSL negotiation finished successfully<br>SSL Connection Established<br>
eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br> EAP-Message = 0x0105004119001403010001011603010030e6a2e4f9f396f695728dfc74be50459b34dea2ec026e3b041e64ad32a19bfc01ce00a4f39422c30e86d83059c040853f<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d299faf34161e655ea3ece36f0c<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=146<br>
Cleaning up request 4 ID 0 with timestamp +41<br> User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br>
Calling-Station-Id = "001cdf77bb4d"<br> NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d299faf34161e655ea3ece36f0c<br> NAS-Port-Type = Wireless-802.11<br>
EAP-Message = 0x020500061900<br> Message-Authenticator = 0xaa2e2ed89ffe2379528536376d6b3678<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 5 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake is finished<br> eaptls_verify returned 3<br> eaptls_process returned 3<br> rlm_eap_peap: EAPTLS_SUCCESS<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x0106002b190017030100203d19543fef6a354b15802fa24ac6be930472a2bb2963b2cd40acb8569178208b<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d299eac34161e655ea3ece36f0c<br>
Finished request 5.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=236<br>Cleaning up request 5 ID 0 with timestamp +41<br>
User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br>
NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d299eac34161e655ea3ece36f0c<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x020600601900170301002006f9c4c30ed6970d17049ecab64a52b6bd0147e5e8aa1632efba5d9bc17ad65517030100307342716fd8fa732607a62a93a4ea9d0be8cd1c9717af27bb67b840bc0a308060563c313805c8b9810e19ba7a0485738a<br>
Message-Authenticator = 0x8aa405f4d2a413e1dfdf4f6019925a83<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 6 length 96<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Identity - userX<br>
PEAP: Got tunneled identity of userX<br> PEAP: Setting default EAP type for tunneled EAP session.<br> PEAP: Setting User-Name to userX<br>auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>
auth: Failed to validate the user.<br> PEAP: Tunneled authentication was rejected.<br> rlm_eap_peap: FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x0107003b1900170301003083a87eb6970e9d00f7463517385ede5e1301a3788b857b995947b8b8ab618a56ac5422ade8ea7d08e6be181deb19075e<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x9baa2d299dad34161e655ea3ece36f0c<br>
Finished request 6.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host <a href="http://172.16.27.37">172.16.27.37</a> port 3072, id=0, length=236<br>Cleaning up request 6 ID 0 with timestamp +41<br>
User-Name = "userX"<br> NAS-IP-Address = <a href="http://172.16.27.37">172.16.27.37</a><br> Called-Station-Id = "001c1066a106"<br> Calling-Station-Id = "001cdf77bb4d"<br>
NAS-Identifier = "001c1066a106"<br> NAS-Port = 1<br> Framed-MTU = 1400<br> State = 0x9baa2d299dad34161e655ea3ece36f0c<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0207006019001703010020e1e6a5669a6e1f2fad8b18557490b2a36580caac37130035ec533f519aa058651703010030ea09edd1a98107005cbbefece6de1029da93fab2b2f14456b2a2728ff91532a35d075fb23197f925da6206a6e1ee5db1<br>
Message-Authenticator = 0xd2a2e7d67cd0ea7f1d069d4ebf3731cc<br>+- entering group authorize<br>++[preprocess] returns ok<br> expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/<a href="http://172.16.27.37/auth-detail-20080620">172.16.27.37/auth-detail-20080620</a><br>
expand: %t -> Fri Jun 20 15:25:59 2008<br>++[auth_log] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br> rlm_realm: No '@' in User-Name = "userX", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>++[suffix] returns noop<br> rlm_eap: EAP packet type response id 7 length 96<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.<br>
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.<br> rlm_eap: Handler failed in EAP/peap<br> rlm_eap: Failed in EAP select<br>++[eap] returns invalid<br>auth: Failed to validate the user.<br>
Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> userX<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Sending Access-Reject of id 0 to <a href="http://172.16.27.37">172.16.27.37</a> port 3072<br>
EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Finished request 7.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>Cleaning up request 7 ID 0 with timestamp +41<br>
Ready to process requests.<br><br><br><br><br><br><div class="gmail_quote">2008/6/20 Alan DeKok <<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>>:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Andy An wrote:<br>
> Hi Ivan:<br>
> The password is in the ldap server as one of attributes binded to the<br>
> user (userPassword: {CRYPT}something).<br>
</div>...<br>
<div>> rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter<br>
> (uid=andyan)<br>
</div><div>...<br>
> WARNING: No "known good" password was found in LDAP. Are you sure that<br>
> the user is configured correctly?<br>
<br>
</div> The debug output disagrees with you.<br>
<br>
There is no known good password available.<br>
<br>
Again, it helps to READ the debug output yourself. The warning<br>
messages are clear, and are written in simple English.<br>
<font color="#888888"><br>
Alan DeKok.<br>
</font><div><div></div><div>-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>