Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2007
- 163 participants
- 289 discussions
Hi
I have a set up of 802.1x authentication with free radius server .I am using EAP_TLS certificate based authentication.The certificates i generated was using OPENSSL tool.The setup is working fine.
In my log file no logs are displaying.Pls help.
pls find the server in debug mode
[root@localhost sbin]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = \"/usr/local\"
main: localstatedir = \"/usr/local/var\"
main: logdir = \"/usr/local/var/log/radius\"
main: libdir = \"/usr/local/lib\"
main: radacctdir = \"/usr/local/var/log/radius/radacct\"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = \"/usr/local/var/log/radius/radius.log\"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = \"/usr/local/var/run/radiusd/radiusd.pid\"
main: user = \"(null)\"
\\
Regards
Anoop
2
1
13 Jul '07
Hi all,
The script which is invoked by Exec-Program-Wait attribute produces
the output similar to the following:
Reply-Message=c5|c3|c14|, Reply-Message=ci5|c14|, Reply-Message=done
So I expect to see three Replay-Message attributes in the
ACCESS-ACCEPT message. According to the FreeRadius docs multiple
Replay-Message are allowed. But for some reason the response contains
only one (the first) attribute. Here is the RADIUS output:
Login OK: [jsullivan/<no User-Password attribute>] (from client
localhost port 0)
Exec-Program-Wait: value-pairs: Reply-Message=c5|c3|c14|,
Reply-Message=ci5|c14|, Reply-Message=done
Exec-Program: returned: 0
Login OK: [jsullivan/<no User-Password attribute>] (from client
localhost port 0 cli 00-00-39-75-F8-39)
Sending Access-Accept of id 30 to 127.0.0.1 port 2396
MS-MPPE-Recv-Key =
0x516de53a5daa0328a4eef843b1b708b9fae38fd499bea816abe3c9627423031b
MS-MPPE-Send-Key =
0x8bbb3efff8abed1c71fb3e9ddd97503b8c9da2725a6e8061b8d2551a2b4ee9bf
EAP-Message = 0x03110004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "jsullivan"
Reply-Message = "c5|c3|c14|"
Any ideas what is going on?
Thanks,
Mike
2
1
This may be on the fringes of the scope of this group, but any pointers
would be appreciated.
I am attempting to setup EAP-PEAP authentication via FreeRadius and a
Windows-based LDAP backend. The users accounts are in AD. After making
it past a number of obstacles, I am communicating with the LDAP server,
but found that neither LM-Passwords nor NT-Passwords are loaded into the
LDAP. "Clear-text" is NOT an option, and is not available either,
anyway. This problem must have been encountered by others. Assuming
that it can be done, how do you get the password information out of AD
and into LDAP in an appropriate format?
Yes, I could use ntlm_auth and probably get it working, but this is
supposed to be LDAP-based, not SAMBA. The LDAP could move to a
different environment. Use of standards is important to us.
Thanks,
Robert Toense
4
3
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hi:
We have found that on PC, wireless card needs to introduce manually a username and password, it doesn't takes the domain credentials automatically.
We have tried, just for probing, with a non valid user, in this case root and the password for the freeradius server. This is why it appears "anonymous". But we have not made more changes.
After this trying, we restarted the service and we found that with domain user credentials didn't connect correctly the PC.
Could it be due a malfunctioning or an issue of the Enterasys wireless card and/or AP?
Thanks.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de A.L.M.Buxey(a)lboro.ac.uk
Enviado el: jueves, 12 de julio de 2007 14:41
Para: FreeRadius users mailing list
CC: Cristina Martin Molin
Asunto: Re: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hi,
you are CHANING more than ONE thing at a time. look at this:
> rlm_eap: Request found, released from the list
> rlm_eap: EAP NAK
> rlm_eap: EAP-NAK asked for EAP-Type/ttls
> rlm_eap: No such EAP type ttls
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: group authenticate returns invalid for request 7
> auth: Failed to validate the user.
> Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
why is it now attempting TTLS authentication? why have you taken such
auth method out of the loop? ntlm_auth isnt being called AT ALL now.
one change at a time!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
2
1
domain user credentials
read the config comments carefully and the howtos on the wiki and can fix it.
==================================================
Benjamin K. Eshun
----- Message d'origine ----
De : Carlos Jimenez Barranco <cjimenez(a)impala-net.com>
À : FreeRadius users mailing list <freeradius-users(a)lists.freeradius.org>
Cc : Cristina Martin Molin <cmartin(a)impala-net.com>
Envoyé le : Jeudi, 12 Juillet 2007, 14h53mn 59s
Objet : RE: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hi:
We have found that on PC, wireless card needs to introduce manually a username and password, it doesn't takes the domain credentials automatically.
We have tried, just for probing, with a non valid user, in this case root and the password for the freeradius server. This is why it appears "anonymous". But we have not made more changes.
After this trying, we restarted the service and we found that with domain user credentials didn't connect correctly the PC.
Could it be due a malfunctioning or an issue of the Enterasys wireless card and/or AP?
Thanks.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de A.L.M.Buxey(a)lboro.ac.uk
Enviado el: jueves, 12 de julio de 2007 14:41
Para: FreeRadius users mailing list
CC: Cristina Martin Molin
Asunto: Re: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hi,
you are CHANING more than ONE thing at a time. look at this:
> rlm_eap: Request found, released from the list
> rlm_eap: EAP NAK
> rlm_eap: EAP-NAK asked for EAP-Type/ttls
> rlm_eap: No such EAP type ttls
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid for request 7
> modcall: group authenticate returns invalid for request 7
> auth: Failed to validate the user.
> Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
why is it now attempting TTLS authentication? why have you taken such
auth method out of the loop? ntlm_auth isnt being called AT ALL now.
one change at a time!
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
1
0
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hello:
We have restarted the radius service.
This is the output of the debug:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = yes
main: max_request_time = 60
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.24.230.15:3767, id=212, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x774ab871ef80b04cb4b4ec283d9e5ee5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 212 to 172.24.230.15:3767
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc44bd649976f991f2c2efb7b1655350d
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3768, id=213, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xc44bd649976f991f2c2efb7b1655350d
EAP-Message = 0x020200060315
Message-Authenticator = 0x8ddb8adbb1b074c3b87098775f62dded
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 213 to 172.24.230.15:3768
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 212 with timestamp 4696152d
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 213 with timestamp 4696152e
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3774, id=214, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x96dcb415a297c6c4e108ab99610e6739
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 214 to 172.24.230.15:3774
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xec6353d48ed589d33aa45898c512e381
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3775, id=215, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xec6353d48ed589d33aa45898c512e381
EAP-Message = 0x020200060315
Message-Authenticator = 0xda3c8032ca0dca61339f8e043b887870
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 3
modcall: group authenticate returns invalid for request 3
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 214 with timestamp 46961575
Sending Access-Reject of id 215 to 172.24.230.15:3775
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 3 ID 215 with timestamp 46961575
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3780, id=216, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0xf5da4666816811dcfce3da265de8687f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 216 to 172.24.230.15:3780
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf06c6458fcef28d108e5f347d26142c4
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3781, id=217, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xf06c6458fcef28d108e5f347d26142c4
EAP-Message = 0x020200060315
Message-Authenticator = 0x76c211272861f451dee409520f51e26f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: group authenticate returns invalid for request 5
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 5 for 1 seconds
Finished request 5
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 216 with timestamp 4696157b
Sending Access-Reject of id 217 to 172.24.230.15:3781
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 5 ID 217 with timestamp 4696157b
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3785, id=218, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x609b48178312c3561edf0ada34eb261c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 218 to 172.24.230.15:3785
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x416cc2f75c33ed8b1d899374b43000aa
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3786, id=219, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x416cc2f75c33ed8b1d899374b43000aa
EAP-Message = 0x020200060315
Message-Authenticator = 0xc69ba722b44ae44aa393d5023c5c847f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 218 with timestamp 46961582
Sending Access-Reject of id 219 to 172.24.230.15:3786
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 7 ID 219 with timestamp 46961582
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3791, id=220, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x1c76bd9efee0cd0bfe1595f97ee099a1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 220 to 172.24.230.15:3791
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x419a9f2a279e12bbd021e5516975659d
Finished request 8
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3792, id=221, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x419a9f2a279e12bbd021e5516975659d
EAP-Message = 0x020200060315
Message-Authenticator = 0xa5461dccb7d16ee4688044267e0462d4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 220 with timestamp 46961589
Sending Access-Reject of id 221 to 172.24.230.15:3792
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 9 ID 221 with timestamp 46961589
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3797, id=222, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x3dacd730059c35f263e2a21aa2ed0298
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
modcall[authorize]: module "preprocess" returns ok for request 10
modcall[authorize]: module "chap" returns noop for request 10
modcall[authorize]: module "mschap" returns noop for request 10
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 10
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 10
modcall: group authorize returns updated for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 10
modcall: group authenticate returns handled for request 10
Sending Access-Challenge of id 222 to 172.24.230.15:3797
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3ae04e8949fb52092445bb0256267714
Finished request 10
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3798, id=223, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x3ae04e8949fb52092445bb0256267714
EAP-Message = 0x020200060315
Message-Authenticator = 0x6a7caf32424328cfc1044ad544b37a98
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
modcall[authorize]: module "preprocess" returns ok for request 11
modcall[authorize]: module "chap" returns noop for request 11
modcall[authorize]: module "mschap" returns noop for request 11
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 11
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 11
modcall: group authorize returns updated for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 11
modcall: group authenticate returns invalid for request 11
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 11 for 1 seconds
Finished request 11
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 10 ID 222 with timestamp 469615bb
Sending Access-Reject of id 223 to 172.24.230.15:3798
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 11 ID 223 with timestamp 469615bb
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3802, id=224, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x5e238bf707001a8ef70201bdeb65ac4a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
modcall[authorize]: module "preprocess" returns ok for request 12
modcall[authorize]: module "chap" returns noop for request 12
modcall[authorize]: module "mschap" returns noop for request 12
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 12
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 12
modcall: group authorize returns updated for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 12
modcall: group authenticate returns handled for request 12
Sending Access-Challenge of id 224 to 172.24.230.15:3802
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9add6ede65c372d826c93e5bbad97e59
Finished request 12
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3803, id=225, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x9add6ede65c372d826c93e5bbad97e59
EAP-Message = 0x020200060315
Message-Authenticator = 0x0da92af5b0c3f97855adfa1b8ea9d7af
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
modcall[authorize]: module "chap" returns noop for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 13
modcall: group authorize returns updated for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 13
modcall: group authenticate returns invalid for request 13
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 13 for 1 seconds
Finished request 13
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 12 ID 224 with timestamp 469615c2
Sending Access-Reject of id 225 to 172.24.230.15:3803
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 13 ID 225 with timestamp 469615c2
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3807, id=226, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x6e574e9aad097e8ff0dac2565e47e720
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
modcall[authorize]: module "preprocess" returns ok for request 14
modcall[authorize]: module "chap" returns noop for request 14
modcall[authorize]: module "mschap" returns noop for request 14
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 14
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 14
modcall: group authorize returns updated for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 14
modcall: group authenticate returns handled for request 14
Sending Access-Challenge of id 226 to 172.24.230.15:3807
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3758792308900df829f4034bbb6ea262
Finished request 14
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3808, id=227, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x3758792308900df829f4034bbb6ea262
EAP-Message = 0x020200060315
Message-Authenticator = 0xd731c63ac852f2c7de5f7267ab159fef
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
modcall[authorize]: module "chap" returns noop for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 15
modcall: group authorize returns updated for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 15
modcall: group authenticate returns invalid for request 15
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 14 ID 226 with timestamp 469615c9
Sending Access-Reject of id 227 to 172.24.230.15:3808
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 15 ID 227 with timestamp 469615c9
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3812, id=228, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x968cad4112d1190da57714592da8281b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
modcall[authorize]: module "preprocess" returns ok for request 16
modcall[authorize]: module "chap" returns noop for request 16
modcall[authorize]: module "mschap" returns noop for request 16
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 16
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 16
modcall: group authenticate returns handled for request 16
Sending Access-Challenge of id 228 to 172.24.230.15:3812
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfc83e70cd2029474b6fdaffef5f4a227
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3813, id=229, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xfc83e70cd2029474b6fdaffef5f4a227
EAP-Message = 0x020200060315
Message-Authenticator = 0xca860eaf93ade1c19938139e5b64c4f3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
modcall[authorize]: module "preprocess" returns ok for request 17
modcall[authorize]: module "chap" returns noop for request 17
modcall[authorize]: module "mschap" returns noop for request 17
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 17
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 17
modcall: group authorize returns updated for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 17
modcall: group authenticate returns invalid for request 17
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 17 for 1 seconds
Finished request 17
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 228 with timestamp 469615cf
Sending Access-Reject of id 229 to 172.24.230.15:3813
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 17 ID 229 with timestamp 469615cf
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3819, id=230, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0x11e295b9157c28bc532e5b8f8de2945d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
modcall[authorize]: module "preprocess" returns ok for request 18
modcall[authorize]: module "chap" returns noop for request 18
modcall[authorize]: module "mschap" returns noop for request 18
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 18
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 18
modcall: group authorize returns updated for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 18
modcall: group authenticate returns handled for request 18
Sending Access-Challenge of id 230 to 172.24.230.15:3819
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9f177293497612450282af049d0aeb14
Finished request 18
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3820, id=231, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x9f177293497612450282af049d0aeb14
EAP-Message = 0x020200060315
Message-Authenticator = 0x6086d9def93b3eb2ed79b3026e81d934
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
modcall[authorize]: module "preprocess" returns ok for request 19
modcall[authorize]: module "chap" returns noop for request 19
modcall[authorize]: module "mschap" returns noop for request 19
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 19
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 19
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 19
modcall: group authorize returns updated for request 19
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 19
modcall: group authenticate returns invalid for request 19
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 19 for 1 seconds
Finished request 19
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 18 ID 230 with timestamp 46961601
Sending Access-Reject of id 231 to 172.24.230.15:3820
EAP-Message = 0x04020004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 19 ID 231 with timestamp 46961601
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 172.24.230.15:3824, id=232, length=131
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
EAP-Message = 0x0201000e01616e6f6e796d6f7573
Message-Authenticator = 0xcb37da0e8bc4bae315791c3896a55664
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
modcall[authorize]: module "preprocess" returns ok for request 20
modcall[authorize]: module "chap" returns noop for request 20
modcall[authorize]: module "mschap" returns noop for request 20
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 20
rlm_eap: EAP packet type response id 1 length 14
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 20
modcall: group authorize returns updated for request 20
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 20
modcall: group authenticate returns handled for request 20
Sending Access-Challenge of id 232 to 172.24.230.15:3824
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfb52bbdf69bb553dd637fd3dd6039c7c
Finished request 20
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:3825, id=233, length=141
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "anonymous"
Calling-Station-Id = "00118865b6e5"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xfb52bbdf69bb553dd637fd3dd6039c7c
EAP-Message = 0x020200060315
Message-Authenticator = 0xeb6f6f0e096c7be18d706615e07c74e5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
modcall[authorize]: module "preprocess" returns ok for request 21
modcall[authorize]: module "chap" returns noop for request 21
modcall[authorize]: module "mschap" returns noop for request 21
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 21
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/ttls
rlm_eap: No such EAP type ttls
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 21
modcall: group authenticate returns invalid for request 21
auth: Failed to validate the user.
Login incorrect: [anonymous/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 00118865b6e5)
Delaying request 21 for 1 seconds
Finished request 21
Going to the next request
Waking up in 6 seconds...
Thank you for your help.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de A.L.M.Buxey(a)lboro.ac.uk
Enviado el: jueves, 12 de julio de 2007 13:56
Para: FreeRadius users mailing list
CC: Cristina Martin Molin
Asunto: Re: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hi,
> Maybe, the "intro" after every line is not correct, so we have changed it for:
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
did you restart the freeradius server? what does the output now say?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
2
1
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hello, Stefan:
Thank you for your help.
You are in reason: I need a good book of Unix command-line tools. :)
For the moment, I left all in just one line.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org] En nombre de Stefan Winter
Enviado el: jueves, 12 de julio de 2007 14:00
Para: FreeRadius users mailing list
Asunto: Re: Authentication failed
> We have entered this data in radiusd.conf:
>
> # Be VERY careful when editing the following line!
> #
> #ntlm_auth = "/path/to/ntlm_auth --request-nt-key
> --username=%{Stripped-User-Name:-%{User-Name:-None}}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=%{mschap:NT-Domain}
> --username=%{mschap:User-Name}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
>
> Maybe, the "intro" after every line is not correct, so we have changed it
> for:
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
>
> And the problem continues.
Well, this is "UNIX 101": if you want a command to continue over multiple
lines, you have to put a \ (Backslash) at the end of the lines. The spaces
themselves are perfectly fine. Something like
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key \
--domain=%{mschap:NT-Domain} \
--username=%{mschap:User-Name} \
--challenge=%{mschap:Challenge:-00} \
--nt-response=%{mschap:NT-Response:-00}"
should work a lot better. Go buy a book about UNIX command-line tools ;-)
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter(a)restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
1
0
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hello, Stefan:
We have entered this data in radiusd.conf:
# Be VERY careful when editing the following line!
#
#ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain}
--username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Maybe, the "intro" after every line is not correct, so we have changed it for:
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
And the problem continues.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org] En nombre de Stefan Winter
Enviado el: jueves, 12 de julio de 2007 13:17
Para: FreeRadius users mailing list
Asunto: Re: Authentication failed
Hi,
okay, now that the User-Name thing is fixed, another problem with your config
shows up. The ntlm_auth line is way too short! Therefore, the key can't be
retrieved.
Is there maybe a line wrap in radiusd.conf, line "ntlm_auth = ..." or
something? The shipped ntlm_auth line works by default! Yours is only
'/usr/bin/ntlm_auth --request-nt-key '
i.e. it's missing all the important parts!
Stefan
> modcall: entering group Auth-Type for request 8
> rlm_mschap: No User-Password configured. Cannot create LM-Password.
> rlm_mschap: No User-Password configured. Cannot create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with
> NT-Password radius_xlat: '/usr/bin/ntlm_auth --request-nt-key '
> Exec-Program: /usr/bin/ntlm_auth --request-nt-key
> username must be specified!
>
> Usage: [OPTION...]
> --helper-protocol=helper protocol to use operate as a stdio-based
> helper --username=STRING username
> --domain=STRING domain name
> --workstation=STRING workstation
> --challenge=STRING challenge (HEX encoded)
> --lm-response=STRING LM Response to the challenge
> (HEX encoded)
> --nt-response=STRING NT or NTLMv2 Response to the
> challenge (HEX encoded)
> --password=STRING User's plaintext password
> --request-lm-key Retreive LM session key
> --request-nt-key Retreive User (NT) session
> key --diagnostics Perform diagnostics on the
> authentictaion chain --require-membership-of=STRING Require
> that a user be a member of this group (either name or SID) for
> authentication to succeed
>
> Help options
> -?, --help Show this help message
> --usage Display brief usage message
>
> Common samba options:
> -d, --debuglevel=DEBUGLEVEL Set debug level
> -s, --configfile=CONFIGFILE Use alternative
> configuration file
> -l, --log-basename=LOGFILEBASE Basename for log/debug files
> -V, --version Print version
> Exec-Program output:
> Exec-Program: returned: 1
> rlm_mschap: External script failed.
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter(a)restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
3
2
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Yes, it is PEAP.
Here is the debug:
rad_recv: Access-Request packet from host 172.24.230.15:1274, id=118, length=156
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xa4cad15c8a6ff988359776097d2a2648
EAP-Message = 0x020300061900
Message-Authenticator = 0xa0283d9445bd1fa36df5a7db7f704288
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 118 to 172.24.230.15:1274
EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1275, id=119, length=342
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
EAP-Message = 0x020400c01980000000b61603010086100000820080a0a1d79a3221244464cdb897cba12e9da17d5f26c74ae6b70c264ce4c2ac4355a89bbac6ee9793b052693711d886e1311034beba4a23c797b613a8fcb968f3afd7ca11fb373739b0662074329aa35ad3683a4ef77f7e9cd96fe78bfd22cf6ea07ce28843c3e8173ded0a2f70ac6dc51d05e005fdc3ac1c743027fd37b5f91a4d1403010001011603010020efa33aa831080bbfb9545494e02f849d0e496c2cb8f3fe125308b14d8e401b2a
Message-Authenticator = 0xe35ea6d9060bf395da7a6fee6be9c1d6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 119 to 172.24.230.15:1275
EAP-Message = 0x01050031190014030100010116030100206fafa47a1c95be075428fe823b87526554684724ce47683c27a62f8a0614e943
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x884de7e54567f992c4295f91e9232494
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1276, id=120, length=156
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x884de7e54567f992c4295f91e9232494
EAP-Message = 0x020500061900
Message-Authenticator = 0x41823b1c88e1cdc292ffa3caf2d66b6e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 120 to 172.24.230.15:1276
EAP-Message = 0x0106002019001703010015697889c7a3599228e4a5d3eec7d2068f4926c57948
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb63de12e95ed9591476c6ed8dc8755ee
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1277, id=121, length=202
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xb63de12e95ed9591476c6ed8dc8755ee
EAP-Message = 0x02060034190017030100291828ef9227d584cacec539c489ae909a31b5b76d0b675483f109612f3a86cd3c82fd1cd04278507580
Message-Authenticator = 0x5ae6eb660582fb81597d313ffe02be24
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 6 length 52
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - host/PC-BARCMM2.it.local
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
PEAP: Got tunneled identity of host/PC-BARCMM2.it.local
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/PC-BARCMM2.it.local
PEAP: Sending tunneled request
EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/PC-BARCMM2.it.local"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 6 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xef700e94932965fd864f8ee94ca84821
PEAP: Processing from tunneled session code 0x90fbdd8 11
EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xef700e94932965fd864f8ee94ca84821
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 121 to 172.24.230.15:1277
EAP-Message = 0x010700491900170301003e49c5bfa64167d421185b0b70ccaad9608da5c1866e2f4fa6ca6c39c326687062a77abb04a0454dacd4be809b90f4e724d6dc46d781e2275de386b7f1b00a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x71800117cdd97753f7c575cc34f0010c
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1278, id=122, length=256
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x71800117cdd97753f7c575cc34f0010c
EAP-Message = 0x0207006a1900170301005f99131f0772aca0d9208d07a82eb0fa63e07c04a39095210d87ed1a490f0b0c555d42fbaf207a7612f2196ba78a506bcc4d6a3304f1be833b7a4b01586d277621e05ba4962f0611c9cdd9018ec57a2437bfbb6ce22afd4b153ed0e4349e7021
Message-Authenticator = 0x0d289cd236d1717c81b54462ef49e2fe
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 7 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
PEAP: Setting User-Name to host/PC-BARCMM2.it.local
PEAP: Adding old state with ef 70
PEAP: Sending tunneled request
EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/PC-BARCMM2.it.local"
State = 0xef700e94932965fd864f8ee94ca84821
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 7 length 83
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 8
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key '
Exec-Program: /usr/bin/ntlm_auth --request-nt-key
username must be specified!
Usage: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retreive LM session key
--request-nt-key Retreive User (NT) session key
--diagnostics Perform diagnostics on the
authentictaion chain
--require-membership-of=STRING Require that a user be a member
of this group (either name or
SID) for authentication to
succeed
Help options
-?, --help Show this help message
--usage Display brief usage message
Common samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
-s, --configfile=CONFIGFILE Use alternative configuration
file
-l, --log-basename=LOGFILEBASE Basename for log/debug files
-V, --version Print version
Exec-Program output:
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 8
modcall: group Auth-Type returns reject for request 8
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 8
modcall: group authenticate returns reject for request 8
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client localhost port 0)
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x90d8c60 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 122 to 172.24.230.15:1278
EAP-Message = 0x010800261900170301001bc5c79a1b5d0753da26040c3590de04ab498dd1cf2b311c0d04db48
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe8f4e90b18573d9b55ac51a21f446398
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1279, id=123, length=188
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xe8f4e90b18573d9b55ac51a21f446398
EAP-Message = 0x020800261900170301001b9a969d66050e592940d2585b980c25ffe386404b86973332efe093
Message-Authenticator = 0xfa5a126c3667224edf78d15a852fa80e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 000e359071d6)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 123 to 172.24.230.15:1279
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 116 with timestamp 4695fe85
Cleaning up request 3 ID 117 with timestamp 4695fe85
Cleaning up request 4 ID 118 with timestamp 4695fe85
Cleaning up request 5 ID 119 with timestamp 4695fe85
Cleaning up request 6 ID 120 with timestamp 4695fe85
Cleaning up request 7 ID 121 with timestamp 4695fe85
Cleaning up request 8 ID 122 with timestamp 4695fe85
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 123 with timestamp 4695fe86
Nothing to do. Sleeping until we see a request.
Thank you, Ivan
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de tnt(a)kalik.co.yu
Enviado el: jueves, 12 de julio de 2007 12:41
Para: FreeRadius users mailing list
Asunto: RE: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
What EAP method are you using? PEAP? Can you post the radiusd -X output.
Ivan Kalik
Kalik Informatika ISP
Dana 12/7/2007, "Carlos Jimenez Barranco" <cjimenez(a)impala-net.com>
piše:
>
>***********************
>Mensaje examinado por el antivirus perimetral de Impala Network Solutions
>***********-***********
>
>
>Hello, Stefan:
>
>As you told us, the supplicant was sending an empty username. We had to introduce manually the username and password because wireless card was not taking correctly domain login values and using an empty value.
>The most recent log is:
>
>Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client localhost port 0) Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client 172..24.230.15 port 1 cli 00118865b6e5)
>
>
>Thank you,
>
>Carlos Jimenez Barranco
>- Área de Postventa
> Telf. +34 933034139
>
>
>www.impala-net.com
>
>Sistemas de Comunicaciones Corporativas
>
>
>
>
>
>-----Mensaje original-----
>De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org] En nombre de Stefan Winter
>Enviado el: jueves, 12 de julio de 2007 10:51
>Para: FreeRadius users mailing list
>Asunto: Re: Authentication failed
>
>Hi,
>
>> About the supplicant, we are using just Windows XP. We have tried with
>> several wireless card (enterasys one, integrated Intel Centrino
>> 2200b/g...). I have may not understood the supplicant meaning, tell me
>> then, please. I thought it could be a problem related to the way the
>> freeradius deals credentials (i. e. MSCHAP, with_ntdomain_hack value...).
>
>FreeRADIUS can't do *anything* if it doesn't know who to authenticate. Your
>NAS is sending an *empty* username. As far as I can tell, your problem does
>not lie on the server side, but on the client side.
>
>Stefan
>
>--
>Stefan WINTER
>
>Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
>la Recherche
>Ingenieur Forschung & Entwicklung
>
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>E-Mail: stefan.winter(a)restena.lu Tel.: +352 424409-1
>http://www.restena.lu Fax: +352 422473
>
>
>___________________________________________________________________________
>
>Este mensaje se dirije exclusivamente a su destinatario y puede contener
>información privilegiada o confidencial de Impala Network Solutions S.L.
>Si no es vd. el destinatario indicado, queda notificado de que la utilización,
>divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
>Si ha recibido este mensaje por error, le rogamos nos lo comunique
>inmediatamente por esta misma via y proceda a su destrucción.
>
>
>This message is intended exclusively for its addressee and may contain
>information that is CONFIDENTIAL and protected by professional privilege.
>If you are not the intended recipient you are hereby notified that any
>dissemination, copy or disclosure of this communication is strictly
>prohibited by law. If this message has been received in error, please
>immediately notify us via e-mail and delete it.
>___________________________________________________________________________
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
3
2
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Hello again:
We have found that when we configure supplicant as OPEN authentication method, it Works right, but not when we configure it as WPA (authenticating versus Active Directory with freeradius). In this second case, it seems that connection establishes but immediately, it disconnects.
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de tnt(a)kalik.co.yu
Enviado el: jueves, 12 de julio de 2007 12:41
Para: FreeRadius users mailing list
Asunto: RE: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
What EAP method are you using? PEAP? Can you post the radiusd -X output.
Ivan Kalik
Kalik Informatika ISP
Dana 12/7/2007, "Carlos Jimenez Barranco" <cjimenez(a)impala-net.com>
piše:
>
>***********************
>Mensaje examinado por el antivirus perimetral de Impala Network Solutions
>***********-***********
>
>
>Hello, Stefan:
>
>As you told us, the supplicant was sending an empty username. We had to introduce manually the username and password because wireless card was not taking correctly domain login values and using an empty value.
>The most recent log is:
>
>Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client localhost port 0) Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client 172..24.230.15 port 1 cli 00118865b6e5)
>
>
>Thank you,
>
>Carlos Jimenez Barranco
>- Área de Postventa
> Telf. +34 933034139
>
>
>www.impala-net.com
>
>Sistemas de Comunicaciones Corporativas
>
>
>
>
>
>-----Mensaje original-----
>De: freeradius-users-bounces+cjimenez=impala-net.com(a)lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org] En nombre de Stefan Winter
>Enviado el: jueves, 12 de julio de 2007 10:51
>Para: FreeRadius users mailing list
>Asunto: Re: Authentication failed
>
>Hi,
>
>> About the supplicant, we are using just Windows XP. We have tried with
>> several wireless card (enterasys one, integrated Intel Centrino
>> 2200b/g...). I have may not understood the supplicant meaning, tell me
>> then, please. I thought it could be a problem related to the way the
>> freeradius deals credentials (i. e. MSCHAP, with_ntdomain_hack value...).
>
>FreeRADIUS can't do *anything* if it doesn't know who to authenticate. Your
>NAS is sending an *empty* username. As far as I can tell, your problem does
>not lie on the server side, but on the client side.
>
>Stefan
>
>--
>Stefan WINTER
>
>Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
>la Recherche
>Ingenieur Forschung & Entwicklung
>
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>E-Mail: stefan.winter(a)restena.lu Tel.: +352 424409-1
>http://www.restena.lu Fax: +352 422473
>
>
>___________________________________________________________________________
>
>Este mensaje se dirije exclusivamente a su destinatario y puede contener
>información privilegiada o confidencial de Impala Network Solutions S.L.
>Si no es vd. el destinatario indicado, queda notificado de que la utilización,
>divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
>Si ha recibido este mensaje por error, le rogamos nos lo comunique
>inmediatamente por esta misma via y proceda a su destrucción.
>
>
>This message is intended exclusively for its addressee and may contain
>information that is CONFIDENTIAL and protected by professional privilege.
>If you are not the intended recipient you are hereby notified that any
>dissemination, copy or disclosure of this communication is strictly
>prohibited by law. If this message has been received in error, please
>immediately notify us via e-mail and delete it.
>___________________________________________________________________________
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
1
0