<HTML>
<HEAD>
<TITLE>Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)</TITLE>
</HEAD>
<BODY>
<BLOCKQUOTE><FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>[snip]<BR>
<BR>
</SPAN></FONT><FONT FACE="Times New Roman"><SPAN STYLE='font-size:12pt'>rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. //Normal, i am not willing to do PAP but mschapv2<BR>
<BR>
<me> If you’re not using a module, disable it. All it’ll do is add latency, delays and unnecessary log messages. Comment it out ...<BR>
<BR>
++[pap] returns noop<BR>
rad_check_password: Found Auth-Type EAP<BR>
auth: type "EAP"<BR>
+- entering group authenticate<BR>
rlm_eap: Request found, released from the list<BR>
rlm_eap: EAP/mschapv2<BR>
rlm_eap: processing type mschapv2<BR>
+- entering group MS-CHAP<BR>
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. <BR>
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.<BR>
rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password<BR>
//does the 3 previous lines means there is an error? what does "No Cleartext-Password configured means?<BR>
<BR>
<me> it means, it cannot find a clear text password in the backend data store, which it expects to do ..<BR>
<BR>
// what does LM-Password means? and if it's error, how could i correct it?<BR>
<BR>
<me> Check your configuration. All depends on so many things ..<BR>
<BR>
// ithought it was normal, as I am surewindows never sends "cleartext-Password"<BR>
<BR>
Oh, Windows sure has been using clear text passwords, so it then also has a need to be backwards compatible with itself, right?<BR>
<BR>
<BR>
expand: --username=%{mschap:User-Name}-> --username=glouglou //...???...<BR>
<BR>
mschap2: d1<BR>
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=4a2a69e7929b2c03 //...???...<BR>
expand: --nt-response=%{mschap:NT-Response:-00}} -> --nt-response=e9ea7e1669ef48501476149962484763f8f98b93fca2ced6} //...???...<BR>
Exec-Program output: NT_KEY: 067F1C60B6DDB9D2802A458C4EFE22C1 //...???...<BR>
Exec-Program-Wait: plaintext: NT_KEY: 067F1C60B6DDB9D2802A458C4EFE22C1 //...???...<BR>
//negociation that is out of the range of my brain till now, but i think ity's normal security negociation in windows system, and there is no error here.<BR>
<BR>
Exec-Program: returned: 0 //...???...<BR>
rlm_mschap: adding MS-CHAPv2 MPPE keys<BR>
++[mschap] returns ok<BR>
MSCHAP Success //...???... if MSCHAP Success, where is the matter with this module???<BR>
<BR>
<me> what makes you believe there is a problem at this stage?<BR>
<BR>
++[eap] returns handled<BR>
} # server (null) //...???...<BR>
PEAP: Got tunneled reply RADIUS code 11<BR>
EAP-Message = 0x011200331a0311002e533d31303435323031393932463633443944424132303644424643343341413242354132313236344636<BR>
Message-Authenticator = 0x00000000000000000000000000000000<BR>
State = 0x95b92b9094ab31501a0a30daea5106ca<BR>
PEAP: Processing from tunneled session code 0x81b78d8 11<BR>
EAP-Message = 0x011200331a0311002e533d31303435323031393932463633443944424132303644424643343341413242354132313236344636<BR>
Message-Authenticator = 0x00000000000000000000000000000000<BR>
State = 0x95b92b9094ab31501a0a30daea5106ca<BR>
PEAP: Got tunneled Access-Challenge<BR>
++[eap] returns handled<BR>
Sending Access-Challenge of id 164 to 10.10.44.246 port 1042<BR>
EAP-Message = 0x0112004a1900170301003f9d2524cd5e275d581a614935870e9c19c11e3a4e05332e915ef1f0a46bed9a751bbc330d98db1e52e04119a926415da6ee52cb7e6cc6693a8f1bb8847a7af3<BR>
Message-Authenticator = 0x00000000000000000000000000000000<BR>
State = 0xe8ed0301efff1a196c3b0024d8e45892 //...???... and then What? and why its stops..???...<BR>
<BR>
<me> why do I get the feeling that if Message-Authenticator is all zeros, it is a “nope, not going to happen mate” type return, effectively stopping any further processing. Why I have no idea .. Alan??<BR>
<BR>
</SPAN></FONT><FONT SIZE="2"><FONT FACE="Arial"><SPAN STYLE='font-size:10pt'>[cut out bits that are not relevant, nor commented, nor anything. Let’s trim messages folks. If it’s not used or relevant, get rid of it.. It only takes space]</SPAN></FONT></FONT></BLOCKQUOTE>
</BODY>
</HTML>