Hi <br>I have problem with EAP<br>CAN YOU help me<br><br>WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>WARNING: !! EAP session for state 0x90d4d2dd94c2cb92 did not finish!<br>WARNING: !! Please read <a href="http://wiki.freeradius.org/Certificate_Compatibility">http://wiki.freeradius.org/Certificate_Compatibility</a><br>
WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=97, length=144<br> User-Name = "12"<br>
NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x021600061900<br> State = 0x90d4d2dd94c2cb924b3cdc7780b3dc35<br> Message-Authenticator = 0xfa9a966f33ce0c76a0d15f303480f4ea<br>
# Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>[sql] expand: %{User-Name} -> 12<br>[sql] sql_set_user escaped user --> '12'<br>
rlm_sql (sql): Reserving sql socket id: 3<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id<br>
[sql] User found in radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id<br>
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 3<br>++[sql] returns ok<br>[eap] EAP packet type response id 22 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake is finished<br>
[peap] eaptls_verify returned 3<br>[peap] eaptls_process returned 3<br>[peap] EAPTLS_SUCCESS<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state TUNNEL ESTABLISHED<br>++[eap] returns handled<br>
Sending Access-Challenge of id 97 to 172.16.15.1 port 1027<br> EAP-Message = 0x0117002b19001703010020674bd0fe9ec9f56973ac49079d2029c578bad4ad1dac11d67968154832aa91fb<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35<br>Finished request 21.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=98, length=181<br>
User-Name = "12"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0217002b19001703010020f8c94f58aabcbdadb5aa695270bfa559530931a394827ef3894bfc31d1f7f4a5<br> State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35<br>
Message-Authenticator = 0x54cf580c0926a0e3575707db7ec6e193<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[sql] expand: %{User-Name} -> 12<br>[sql] sql_set_user escaped user --> '12'<br>rlm_sql (sql): Reserving sql socket id: 2<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id<br>
[sql] User found in radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id<br>
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 2<br>++[sql] returns ok<br>[eap] EAP packet type response id 23 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>
[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state WAITING FOR INNER IDENTITY<br>[peap] Identity - 12<br>[peap] Got inner identity '12'<br>
[peap] Setting default EAP type for tunneled EAP session.<br>[peap] Got tunneled request<br> EAP-Message = 0x02170007013132<br>server {<br> PEAP: Setting User-Name to 12<br>Sending tunneled request<br> EAP-Message = 0x02170007013132<br>
FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "12"<br>server inner-tunnel {<br>No such virtual server "inner-tunnel"<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 3<br>
[peap] Got tunneled reply RADIUS code 3<br>[peap] Tunneled authentication was rejected.<br>[peap] FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 98 to 172.16.15.1 port 1027<br> EAP-Message = 0x0118002b190017030100201edf1da3f3138e40f27c63d735a7bff7351f5abfac971a15b3d4c2369596858c<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x90d4d2dd96cccb924b3cdc7780b3dc35<br>Finished request 22.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=99, length=181<br>
User-Name = "12"<br> NAS-IP-Address = 172.16.15.1<br> NAS-Identifier = "<a href="http://aminahoora.home.ir">aminahoora.home.ir</a>"<br> Framed-MTU = 1496<br> Called-Station-Id = "40-4a-03-ad-0b-b0"<br>
Calling-Station-Id = "00-22-41-7d-9f-91"<br> NAS-Port-Type = Wireless-802.11<br> EAP-Message = 0x0218002b190017030100203bfebde9a8e41dc51e361c135f24a7d001553e501d1989e8273c42570d62bff4<br> State = 0x90d4d2dd96cccb924b3cdc7780b3dc35<br>
Message-Authenticator = 0xcad2dc0f9ca9a3aab35ea19c0b9b6356<br># Executing section authorize from file /usr/local/etc/raddb/radiusd.conf<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[sql] expand: %{User-Name} -> 12<br>[sql] sql_set_user escaped user --> '12'<br>rlm_sql (sql): Reserving sql socket id: 1<br>[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id<br>
[sql] User found in radcheck table<br>[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id<br>
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority<br>
rlm_sql (sql): Released sql socket id: 1<br>++[sql] returns ok<br>[eap] EAP packet type response id 24 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/etc/raddb/radiusd.conf<br>
+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>
[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state send tlv failure<br>[peap] Received EAP-TLV response.<br>[peap] The users session was previously rejected: returning reject (again.)<br>
[peap] *** This means you need to read the PREVIOUS messages in the debug output<br>[peap] *** to find out the reason why the user was rejected.<br>[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.<br>
[peap] *** what went wrong, and how to fix the problem.<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Sending Access-Reject of id 99 to 172.16.15.1 port 1027<br>
EAP-Message = 0x04180004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Finished request 23.<br>Going to the next request<br>Waking up in 4.8 seconds.<br>Cleaning up request 21 ID 97 with timestamp +108<br>
Cleaning up request 22 ID 98 with timestamp +108<br>Cleaning up request 23 ID 99 with timestamp +108<br>Ready to process requests.<br><br><br><br><br><br><br>THANK YOU WITH BEST REGARDS<br>AMIN AHOORA<br>