<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div><span style="font-style: italic;">Hello,</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">trying to authenticate wireless users against Active Directory using freeradius 2.0.2-3.</span><br style="font-style: italic;"><span style="font-style: italic;">I can authenticate users using EAP-PEAP or EAP-TLS.</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">First question: is EAP system mandatory to authenticate against Active Directory?</span><br style="font-style: italic;"><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">- i follow the this HOWTO (http://wiki.freeradius.org/Syslog_HOWTO), so "wbinfo" and "Ntlm_Auth" function properly like
the HOWTO says</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">- user "glouglou" with password "glouglou" exists in AD.</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">On authentication attempt against AD, i have thoses messages that i don't undertand so well:</span><br><br>1. Part of Log of Radiusd -X<br>////////////////////////////////////////////////////////////////////////////////////////////////////<br>+- entering group MS-CHAP<br> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.<br> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.<br> rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details<br> expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=PLUTON\glouglou<br> mschap2: ca<br> expand: --challenge=%{mschap:Challenge:-00} -> --challenge=b7b4f66d1ed49fa6<br> expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=1f96c63c6a98e87af339d1226e5feef41e327666f3ccd175<br>Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)<br>Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)<br>Exec-Program: returned: 1<br> rlm_mschap: External script failed.<br> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<br>++[mschap]
returns reject<br> rlm_eap: Freeing handler<br>++[eap] returns reject<br>auth: Failed to validate the user.<br>Login incorrect: [PLUTON\\glouglou/<via Auth-Type = EAP>] (from client Access_Point_DWL-8500AP+_A1_L1 port 1 cli 00-12-F0-0C-97-61)<br>} # server (null)<br>////////////////////////////////////////////////////////////////////////////////////////////////////<br><br><br>2. "Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)<br>Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)"<br>////////////////////////////////////////////////////////////////////////////////////////////////////<br><span style="font-style: italic;">Part of /var/lib/samba
files:</span><br>------------------------------------<br># aaa:/var/lib/samba # ls win*<br># winbindd_cache.tdb winbindd_cache.tdb.bak.old<br># winbindd_cache.tdb.bak winbindd_idmap.tdb<br><br># winbindd_privileged:<br># pipe<br># aaa:/var/lib/samba # <br>------------------------<br># aaa:/var/lib/samba # ll winbindd_privileged/<br># total 0<br># srwxrwxrwx 1 root root 0 Jun 25 16:17 pipe<br>aaa:/var/lib/samba # <br><br><span style="font-style: italic;">I am not so expert at Linux stuff. but i think it could just be an authorization problem. and i really don't know if some other stuffs are needed to authenticate against AD. may i have some advices?</span><br style="font-style: italic;"><br style="font-style: italic;"><span style="font-style: italic;">thank you all for your responses<br>**************************************************************************<br></span><br>ENTIRE
LOG BELOW:<br>----------------------------------------<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=49, length=168<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x020a001401504c55544f4e5c676c6f75676c6f75<br> Message-Authenticator =
0xf46afa6cebe1a6532bda4720c452b684<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 10 length 20<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type tls<br> rlm_eap_tls: Initiate<br> rlm_eap_tls: Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 49 to 10.10.44.246 port 1027<br> EAP-Message = 0x010b00061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State =
0x56748010567f99f247f2f989f1c443b2<br>Finished request 50.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=50, length=246<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message =
0x020b005019800000004616030100410100003d03014864e9ca6f5373caeef782f84ee725f6fd57b421fde7913f318d1f6ff0aac6c800001600040005000a000900640062000300060013001200630100<br> State = 0x56748010567f99f247f2f989f1c443b2<br> Message-Authenticator = 0x71516277d5597dd13b90fa56bfc8a9e0<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 11 length 80<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> TLS Length 70<br>rlm_eap_tls: Length Included<br> eaptls_verify
returned 11<br> (other): before/accept initialization<br> TLS_accept: before/accept initialization<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello<br> TLS_accept: SSLv3 read client hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello<br> TLS_accept: SSLv3 write server hello A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0641], Certificate<br> TLS_accept: SSLv3 write certificate A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br> TLS_accept: SSLv3 write server done A<br> TLS_accept: SSLv3 flush data<br> TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase<br>In SSL Accept mode<br> eaptls_process returned 13<br> rlm_eap_peap:
EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 50 to 10.10.44.246 port 1027<br> EAP-Message = 0x010c040019c00000069e160301004a0200004603014864e8a53e27f6d97c706cd17f4501780c540984d8cc3a25921b0547b9042c75203997dfd8b795b86fac5393d5a7e5e95536f63ac703698b68336f4b1239ad13b300040016030106410b00063d00063a0002a6308202a23082020ba003020102020101300d06092a864886f70d010105050030818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f7<br> EAP-Message =
0x0d01090116126d62615f6f796f6e65407961686f6f2e6672301e170d3038303530363134323832385a170d3039303530363134323832385a308188310b3009060355040613024d41310e300c060355040813055261626174310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f311c301a06035504031413454e534941535f5365727665725261646975733124302206092a864886f70d01090116156d62616f796f6e6540636172616d61696c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bb95115e0a9b09647fcc2cc822240624842ae80bd3b8d5fd51bb9b9d0e<br> EAP-Message =
0xfc65f768a58d0fd976268b8cb576905b2ae47089e70356e3b6a539f8debc381b98ae9b242ca42e3d7d85b08a66dcc5b7268c10911676e6a4517dc3e2130ce9eaee01388f6fe3696ea193320635c4c677009c17e4f0c40e00c8fc2f969e8e20a53112b90203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181005b553acadf73c7b78ba5f4a1700cb2326eb6e26c93b948d763705b44812933f1df17131e87744577c1c01a6d4ade88fe6ce1133fac1dedcf14f2490070301fa3e9ddd96ff4fa143f0aa853e5e15a055c45f34c7e18b8c3fc135e3e7f22e49d6007287911a4806494e4<br> EAP-Message =
0xf548d12f4a8fcfbc11d49ec1a035f4013de94243c014b600038e3082038a308202f3a003020102020900bed8f7f713ad2741300d06092a864886f70d010105050030818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e6672301e170d3038303530363134313134375a170d3138303530343134313134375a30818b310b300906035504061302<br> EAP-Message = 0x4d41310e300c060355040813<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010577899f247f2f989f1c443b2<br>Finished request 51.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=51,
length=172<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x020c00061900<br> State = 0x56748010577899f247f2f989f1c443b2<br> Message-Authenticator = 0x66d1a8307eaffc06f9a08c946ceaec4e<br>+- entering group authorize<br>++[preprocess] returns
ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 12 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake fragment handler<br> eaptls_verify returned 1<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 51 to 10.10.44.246 port 1027<br> EAP-Message =
0x010d02ae1900055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e667230819f300d06092a864886f70d010101050003818d0030818902818100bf61b0669592b605195963d5382583d0e5115ccbdfe0f1c4ff9fcad9171f017d41eb27cf1d1a7a52db1c88665ce519c4f4bbb4ead5426825149fef16c52418fbdb933af73a051ebdd28373fa4879977d441d473f3dfd3ccd17874a1572cc1d4287290161798b<br> EAP-Message =
0xc364ee28de1c671daa5f172ccdabb34b3d03f5da76857ff454950203010001a381f33081f0301d0603551d0e041604147526799856863b751619010ffc74602c7ab7565d3081c00603551d230481b83081b580147526799856863b751619010ffc74602c7ab7565da18191a4818e30818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e667282<br> EAP-Message =
0x0900bed8f7f713ad2741300c0603551d13040530030101ff300d06092a864886f70d010105050003818100ab43dca4037042bca22b306a18b60eb9c28743208bc80727147bc80283ebe81cf182aaab8a9ffe8def8d30713c87d1135689ad72660efb61b0fcb8971dc37c36eb18ed6d32544026fe57b34bcbe819193341e0cebaa9b9c6d58d99a5af37557d1e9cb093a27658e7430cdc39fb2a3f331404807e4969fdc4f30a9963a997af1616030100040e000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010547999f247f2f989f1c443b2<br>Finished request 52.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=52, length=358<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port =
1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x020d00c01980000000b61603010086100000820080a09d13c7c124673a58b5dde71c8223571f9cd3414359c7818a4d8f95d7fdc04a4aeb3841ceaf9b6d39bab24619660043acc7277cc744ff6b020c4040f7f1ca7a50179053ee27dd5b5fbd8f8b373012f6bf0ee90b4fc1964de222bd63263efe014c0b6941347e5bc538d79ae23c8c99bc3440e6cf723969ab37c671db6715c0c614030100010116030100207ba294a9552ee15c39fb55bf3e8656293c7dab2a757dcf5b22f9c695fb33ab05<br> State =
0x56748010547999f247f2f989f1c443b2<br> Message-Authenticator = 0xea20985ef156f3ca1d289460bd9d2be1<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 13 length 192<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> TLS Length 182<br>rlm_eap_tls: Length Included<br> eaptls_verify returned 11<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange<br> TLS_accept: SSLv3 read client key exchange A<br> rlm_eap_tls: <<< TLS 1.0
ChangeCipherSpec [length 0001]<br> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished<br> TLS_accept: SSLv3 read finished A<br> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]<br> TLS_accept: SSLv3 write change cipher spec A<br> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished<br> TLS_accept: SSLv3 write finished A<br> TLS_accept: SSLv3 flush data<br> (other): SSL negotiation finished successfully<br>SSL Connection Established<br> eaptls_process returned 13<br> rlm_eap_peap: EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 52 to 10.10.44.246 port 1027<br> EAP-Message = 0x010e003119001403010001011603010020c345278c8df213925709e6088b0f731aab25a0d8385798c0a2c4db729262c8a6<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010557a99f247f2f989f1c443b2<br>Finished request 53.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=53, length=172<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps
802.11g"<br> EAP-Message = 0x020e00061900<br> State = 0x56748010557a99f247f2f989f1c443b2<br> Message-Authenticator = 0x2b8d1b169bbee8ce550ca9e214df3c94<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 14 length 6<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br>rlm_eap_tls: Received EAP-TLS ACK message<br> rlm_eap_tls: ack handshake is finished<br> eaptls_verify returned 3<br> eaptls_process returned
3<br> rlm_eap_peap: EAPTLS_SUCCESS<br>++[eap] returns handled<br>Sending Access-Challenge of id 53 to 10.10.44.246 port 1027<br> EAP-Message = 0x010f0020190017030100151d867f83da3241029a7114e888c7cf60babf0e02d0<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010527b99f247f2f989f1c443b2<br>Finished request 54.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=54, length=209<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id =
"00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x020f002b190017030100206fe05a76b2fae56696fffa2228ce92c191ee66a85461f6090415af436ac843ca<br> State = 0x56748010527b99f247f2f989f1c443b2<br> Message-Authenticator = 0xd09d1d3774b211590555be066a70a8d5<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 15 length 43<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type
"EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Identity - PLUTON\glouglou<br> PEAP: Got tunneled EAP-Message<br> EAP-Message = 0x020f001401504c55544f4e5c676c6f75676c6f75<br> PEAP: Got tunneled identity of PLUTON\glouglou<br> PEAP: Setting default EAP type for tunneled EAP session.<br> PEAP: Setting User-Name to PLUTON\glouglou<br> PEAP: Sending tunneled request<br> EAP-Message =
0x020f001401504c55544f4e5c676c6f75676c6f75<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br>server (null) {<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 15 length 20<br> rlm_eap: No EAP Start, assuming it's an on-going
EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: EAP Identity<br> rlm_eap: processing type mschapv2<br>rlm_eap_mschapv2: Issuing Challenge<br>++[eap] returns handled<br>} # server (null)<br> PEAP: Got tunneled reply RADIUS code 11<br> EAP-Message = 0x011000291a0110002410ca599c00d22c084762ea6a53c13a5d2b504c55544f4e5c676c6f75676c6f75<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x18e71c2c18f706a7a1507180b3671108<br> PEAP: Processing from tunneled session code 0x8193750 11<br> EAP-Message =
0x011000291a0110002410ca599c00d22c084762ea6a53c13a5d2b504c55544f4e5c676c6f75676c6f75<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x18e71c2c18f706a7a1507180b3671108<br> PEAP: Got tunneled Access-Challenge<br>++[eap] returns handled<br>Sending Access-Challenge of id 54 to 10.10.44.246 port 1027<br> EAP-Message = 0x0110004019001703010035956c4cf08a6ab0bfe1df4631b8fd06250693f7860a05c35348bd0b12064b45bc7dacfeccc8db66434df13655cdb562cecc68ed1886<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010536499f247f2f989f1c443b2<br>Finished request 55.<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=55,
length=263<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x02100061190017030100566d4d35418ad77fca42e9b02823f08213269331fae81fc0fc8c7c8d32df6d8353777e01f72461069c6b8ff46b8af9ae103b3652ba4a3a8cab3024aef70b6f5178fd21d6c680ab940da848bc70986816005ecde4d32124<br> State =
0x56748010536499f247f2f989f1c443b2<br> Message-Authenticator = 0x457d4f556b9681c25a43b1cbf68fa24c<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 16 length 97<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: EAP type mschapv2<br> PEAP: Got tunneled
EAP-Message<br> EAP-Message = 0x0210004a1a0210004531574a3bb95c0c018b05e6c2ef8940230c00000000000000001f96c63c6a98e87af339d1226e5feef41e327666f3ccd17500504c55544f4e5c676c6f75676c6f75<br> PEAP: Setting User-Name to PLUTON\glouglou<br> PEAP: Sending tunneled request<br> EAP-Message = 0x0210004a1a0210004531574a3bb95c0c018b05e6c2ef8940230c00000000000000001f96c63c6a98e87af339d1226e5feef41e327666f3ccd17500504c55544f4e5c676c6f75676c6f75<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "PLUTON\\glouglou"<br> State = 0x18e71c2c18f706a7a1507180b3671108<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br>
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br>server (null) {<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 16 length 74<br> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/mschapv2<br> rlm_eap: processing type mschapv2<br>+-
entering group MS-CHAP<br> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.<br> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.<br> rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details<br> expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=PLUTON\glouglou<br> mschap2: ca<br> expand: --challenge=%{mschap:Challenge:-00} -> --challenge=b7b4f66d1ed49fa6<br> expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=1f96c63c6a98e87af339d1226e5feef41e327666f3ccd175<br>Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)<br>Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/lib/samba/winbindd_privileged are set correctly. (0xc0000022)<br>Exec-Program: returned: 1<br> rlm_mschap: External script failed.<br> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<br>++[mschap] returns reject<br> rlm_eap: Freeing handler<br>++[eap] returns reject<br>auth: Failed to validate the user.<br>Login incorrect: [PLUTON\\glouglou/<via Auth-Type = EAP>] (from client Access_Point_DWL-8500AP+_A1_L1 port 1 cli 00-12-F0-0C-97-61)<br>} # server (null)<br> PEAP: Got tunneled reply RADIUS code 3<br> MS-CHAP-Error = "\020E=691 R=1"<br> EAP-Message = 0x04100004<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> PEAP: Processing from tunneled session code 0x81930e0 3<br> MS-CHAP-Error = "\020E=691 R=1"<br> EAP-Message = 0x04100004<br> Message-Authenticator = 0x00000000000000000000000000000000<br> PEAP: Tunneled authentication was rejected.<br> rlm_eap_peap: FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 55 to 10.10.44.246 port 1027<br> EAP-Message = 0x011100261900170301001b1471747ad76849d8dbd00fc980acdd80e3ecab794abb3f1be839db<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x56748010506599f247f2f989f1c443b2<br>Finished request 56.<br>Going to the next request<br>Waking up in 0.8
seconds.<br>rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=56, length=204<br> User-Name = "PLUTON\\glouglou"<br> NAS-IP-Address = 10.10.44.246<br> NAS-Port = 1<br> Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"<br> Calling-Station-Id = "00-12-F0-0C-97-61"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 54Mbps 802.11g"<br> EAP-Message = 0x021100261900170301001bfa6d913e5662305d0263ee856da52043e1b236e5ffc5423828edc4<br> State =
0x56748010506599f247f2f989f1c443b2<br> Message-Authenticator = 0x84c6191562a7454ae511824190170812<br>+- entering group authorize<br>++[preprocess] returns ok<br>++[mschap] returns noop<br> rlm_eap: EAP packet type response id 17 length 38<br> rlm_eap: Continuing tunnel setup.<br>++[eap] returns ok<br> rad_check_password: Found Auth-Type EAP<br>auth: type "EAP"<br>+- entering group authenticate<br> rlm_eap: Request found, released from the list<br> rlm_eap: EAP/peap<br> rlm_eap: processing type peap<br> rlm_eap_peap: Authenticate<br> rlm_eap_tls: processing TLS<br> eaptls_verify returned 7<br> rlm_eap_tls: Done initial handshake<br> eaptls_process returned 7<br> rlm_eap_peap: EAPTLS_OK<br> rlm_eap_peap: Session established. Decoding tunneled attributes.<br> rlm_eap_peap: Received EAP-TLV response.<br>
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.<br> rlm_eap: Handler failed in EAP/peap<br> rlm_eap: Failed in EAP select<br>++[eap] returns invalid<br>auth: Failed to validate the user.<br>Login incorrect: [PLUTON\\glouglou/<via Auth-Type = EAP>] (from client Access_Point_DWL-8500AP+_A1_L1 port 1 cli 00-12-F0-0C-97-61)<br> Found Post-Auth-Type Reject<br>+- entering group REJECT<br> expand: %{User-Name} -> PLUTON\glouglou<br>++[attr_filter.access_reject] returns noop<br>Delaying reject of request 57 for 1 seconds<br>Going to the next request<br>Waking up in 0.8 seconds.<br>Sending delayed reject for request 57<br>Sending Access-Reject of id 56 to 10.10.44.246 port 1027<br> EAP-Message = 0x04110004<br> Message-Authenticator =
0x00000000000000000000000000000000<br>Waking up in 3.8 seconds.<br>Cleaning up request 50 ID 49 with timestamp +160171<br>Cleaning up request 51 ID 50 with timestamp +160171<br>Cleaning up request 52 ID 51 with timestamp +160171<br>Cleaning up request 53 ID 52 with timestamp +160171<br>Cleaning up request 54 ID 53 with timestamp +160171<br>Cleaning up request 55 ID 54 with timestamp +160171<br>Cleaning up request 56 ID 55 with timestamp +160171<br>Waking up in 1.0 seconds.<br>Cleaning up request 57 ID 56 with timestamp +160171<br>Ready to process requests.<br> <br>----------------------------------------<br><span style="font-style: italic;"></span></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>