<html><head><style type="text/css"><!-- DIV {margin:0px;} --></style></head><body><div style="font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><div style="font-family: times new roman,new york,times,serif; font-size: 12pt;"><title>e: Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)</title> <blockquote><font face="Times New Roman"><span style="font-size: 12pt;"><span style="color: rgb(0, 0, 255);">> http://tinypaste.com/5b99b = Radiusd -X output.</span></span></font><br><font face="Calibri, Verdana, Helvetica, Arial"><span style="font-size: 11pt;"><br>[snip]<br><br></span></font><font face="Times New Roman"><span style="font-size: 12pt;">rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
//Normal, i am not willing to do PAP but mschapv2<br><br>
<me> If you’re not using a module, disable it. All it’ll do is add latency, delays and unnecessary log messages. Comment it out ...<br><br></span></font><span style="color: rgb(0, 0, 191);">lol,</span><br style="color: rgb(0, 0, 191);"><br style="color: rgb(0, 0, 191);"><span style="color: rgb(0, 0, 191);">i deactivated chap module yet, i
let pap cause sometimes i use "radtest" for test! but PAP, SQL module
will be deactivated soon and we shall see. maybe monday or tuesday, you
will have a clean log! please, stay connected to the post </span><img style="color: rgb(0, 0, 191);" src="http://mail.yimg.com/us.yimg.com/i/mesg/tsmileys2/03.gif"><br><font face="Times New Roman"><span style="font-size: 12pt;"><br>
++[pap] returns noop<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
+- entering group authenticate<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/mschapv2<br>
rlm_eap: processing type mschapv2<br>
+- entering group MS-CHAP<br>
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. <br>
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.<br>
rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password<br>
//does the 3 previous lines means there is an error? what does "No Cleartext-Password configured means?<br><br></span></font><span style="color: rgb(0, 0, 255);"></span><br><font face="Times New Roman"><span style="font-size: 12pt;"><me> it means, it cannot find a clear text password in the backend data store, which it expects to do ..<br><br></span></font><span style="color: rgb(0, 0, 255);"><Revealmap></span><br style="color: rgb(0, 0, 255);"><font face="Times New Roman"><span style="font-size: 12pt;"><span style="color: rgb(0, 0, 255);">pfiouh, previously with another version of freeradius and the same devices and the same config, doing thesame astype of authentication, iwas sure i had these two lines and encounterd no error! but i am not sure.!</span><br style="color: rgb(0, 0, 255);"></span></font><span style="color: rgb(0, 0, 255);"></span><br><font face="Times New Roman"><span style="font-size: 12pt;">
// what does LM-Password means? and if it's error, how could i correct it?<br><br>
<me> Check your configuration. All depends on so many things ..<br><br>
// ithought it was normal, as I am surewindows never sends "cleartext-Password"<br><br>
Oh, Windows sure has been using clear text passwords, so it then also has a need to be backwards compatible with itself, right?<br><br><br>
expand: --username=%{mschap:User-Name}-> --username=glouglou //...???...<br><br>
mschap2: d1<br>
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=4a2a69e7929b2c03 //...???...<br>
expand: --nt-response=%{mschap:NT-Response:-00}} -> --nt-response=e9ea7e1669ef48501476149962484763f8f98b93fca2ced6} //...???...<br>
Exec-Program output: NT_KEY: 067F1C60B6DDB9D2802A458C4EFE22C1 //...???...<br>
Exec-Program-Wait: plaintext: NT_KEY: 067F1C60B6DDB9D2802A458C4EFE22C1 //...???...<br>
//negociation that is out of the range of my brain till now, but i think ity's normal security negociation in windows system, and there is no error here.<br><br>
Exec-Program: returned: 0 //...???...<br>
rlm_mschap: adding MS-CHAPv2 MPPE keys<br>
++[mschap] returns ok<br>
MSCHAP Success //...???... if MSCHAP Success, where is the matter with this module???<br><br>
<me> what makes you believe there is a problem at this stage?<br></span></font><span style="color: rgb(0, 0, 255);"><Revealmap</span><br><font face="Times New Roman"><span style="font-size: 12pt;"><span style="color: rgb(0, 0, 255);">I was just showing to sergionthat i think mschapv2 module is correct</span><br><br>
++[eap] returns handled<br>
} # server (null) //...???...<br>
PEAP: Got tunneled reply RADIUS code 11<br>
EAP-Message = 0x011200331a0311002e533d31303435323031393932463633443944424132303644424643343341413242354132313236344636<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x95b92b9094ab31501a0a30daea5106ca<br>
PEAP: Processing from tunneled session code 0x81b78d8 11<br>
EAP-Message = 0x011200331a0311002e533d31303435323031393932463633443944424132303644424643343341413242354132313236344636<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x95b92b9094ab31501a0a30daea5106ca<br>
PEAP: Got tunneled Access-Challenge<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 164 to 10.10.44.246 port 1042<br>
EAP-Message = 0x0112004a1900170301003f9d2524cd5e275d581a614935870e9c19c11e3a4e05332e915ef1f0a46bed9a751bbc330d98db1e52e04119a926415da6ee52cb7e6cc6693a8f1bb8847a7af3<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xe8ed0301efff1a196c3b0024d8e45892 //...???... and then What? and why its stops..???...<br><br>
<me> why do I get the feeling that if Message-Authenticator is all zeros, it is a “nope, not going to happen mate” type return, effectively stopping any further processing. Why I have no idea .. Alan??<br><br></span></font><span style="color: rgb(0, 0, 255);"><Revealmap<br>the NAS sends message authenticator, but what happens here? (see below)<br>and um... isn't it cleartext-password received here??<img src="http://mail.yimg.com/us.yimg.com/i/mesg/tsmileys2/06.gif"><br><br></span><span style="font-style: italic; color: rgb(255, 0, 0);">
rad_recv: Access-Request packet from host 10.10.44.246 port 1042, id=157, length=168</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
User-Name = "PLUTON\\glouglou"</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
NAS-IP-Address = 10.10.44.246</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
NAS-Port = 2</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
Called-Station-Id = "00-1C-F0-08-FB-FA:PEAP"</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
Calling-Station-Id = "00-12-F0-0C-97-61"</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
Framed-MTU = 1400</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
NAS-Port-Type = Wireless-802.11</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
Connect-Info = "CONNECT 54Mbps 802.11g"</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
EAP-Message = 0x020a001401504c55544f4e5c676c6f75676c6f75</span><br style="font-style: italic; color: rgb(255, 0, 0);"><span style="font-style: italic; color: rgb(255, 0, 0);">
Message-Authenticator = 0x89dbb5baabca7b646ff74e7a0372d4d2</span><br><font face="Times New Roman"><span style="font-size: 12pt;"><br><br></span></font><font size="2"><font face="Arial"><span style="font-size: 10pt;">[cut out bits that are not relevant, nor commented, nor anything. Let’s trim messages folks. If it’s not used or relevant, get rid of it.. It only takes space]</span></font></font></blockquote></div></div></div><br>
<hr size="1">
Envoyé avec <a href="http://us.rd.yahoo.com/mailuk/taglines/isp/control/*http://us.rd.yahoo.com/evt=52423/*http://fr.docs.yahoo.com/mail/overview/index.html">Yahoo! Mail</a>.<br>Une boite mail plus intelligente. </a></body></html>