Hi,
I know it's plain English but I still can't figure out where the warning is comming from and what I have to change. It finds the password, but still gives the auth(failure):
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
I'm using the default config-files with PEAP auth. Can somebody give me a hint in the right direction? Where/what config file should I look in and what to edit? THANKS!
Here are my logs...
Listening on authentication address 172.16.27.103 port 1812
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=141
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02000013016a656c6c656c616e6762726f656b
Message-Authenticator = 0x933439cddca44559a4ee3c2b327aaac5
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 0 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
expand: %{User-Name} -> userX
rlm_sql (sql): sql_set_user escaped user --> 'userX'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = 'userX' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT ownerid as id, username, 'Cleartext-Password' as attribute, passwd as value, ':=' as op FROM nodes WHERE username = 'userX' ORDER BY id
expand: SELECT 'dynamic' as groupname FROM customers WHERE name = '%{SQL-User-Name}' ORDER BY id -> SELECT 'dynamic' as groupname FROM customers WHERE name = 'userX' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d299bab34161e655ea3ece36f0c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=233
Cleaning up request 0 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d299bab34161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201005d190016030100520100004e0301485baf3e8e15e57593e3e1819134ab3ad55c2a65dbdd6278dadce70ffee5409a00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
Message-Authenticator = 0xda28b5bb86c975ef4fd3c5bf45e4bba5
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 93
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x0102040019c000000acd160301004a020000460301485bafe7c5b0d88a48309c43edcd95ad1a7074078f255e9ae50b996f1652ccb920a16607e93eaa7110ee032225ce8e42a2f268a83d10b15c608aaa906a0983b761003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133315a170d3039303631383134323133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e51de7b82469cbac2af9f14199eb4c8ebc3f2c3102c669d669d474b3c8a9
EAP-Message = 0x10af6d0ed5e1d33fdca7a6fd55b046f135a4d7fce70cce39f1e2378ef0e137638ba9fa1dc376347d313f64f63d5955437faad9f0898028cd6386e91cc7305583103b82f4614092c960a0a0bced39a7cbdfc2267da2ffc5e29b607d9f47169ca043d4aa054efccb590ee0f0eb0c3825d5d72595f3afc15a59b39c3eaebee214108bbfdd4a5f3787b9d434219b11a62e59fdbeb53e2d962333c53483821af4d69d282dabeb36117b5b99cedb3800652d4901f44ae12e9eedd6e5d77513831376822f2fd03ff4f0236abbc6eaf831d4838909a263a0673f7ac176673eff4506db30bf950203010001a317301530130603551d25040c300a06082b06010505
EAP-Message = 0x070301300d06092a864886f70d01010405000382010100996af82a8524e81fa2070413fa3bc07ef4d1acc88e96ee8f90b412dcd1564de0280bd3bc8eb8f024c7753ee0fb3a1d9c9e7e1fc60e87aa7309ba76e44ac083788079b800f28c46bf4cdbc8423c40b6c897ec4a2ccaa95c4b59d0c035a00725cc5e943ec10dac7cf1669995ec20a26ffaedf7c0e7bdc2acc11882ecb3e9f9e06e8597dfc4c30a9d69210cdf2872ed848af5e1c89e2ed34a6db012129685b12f56d4bec3f6e13e7b43b6e00a81545a38f28090f1ff3ceca37a107ea01898d2269f7156ca7c74c8b20ead294a6a7d1d32eb70065bda7bcfe009a070c6f01a9b0b9674fa3cff08a1
EAP-Message = 0xd8bf0854f4d5920b817066b8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d299aa834161e655ea3ece36f0c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=146
Cleaning up request 1 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d299aa834161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200061900
Message-Authenticator = 0x6ae87b9fa610cc290341c3c8721eab9c
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x010303fc19401cd7c4c2a6889ffa64eb3b48b32b0004ab308204a73082038fa003020102020900d0b321af3f5e6edb300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133305a170d3038303731383134323133305a308193310b30090603
EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c61affd9b5606d309f732b738a593c3adc04fc3cd9d9b4b974c83e330b98f92eb01c54c4a73ba87e32181239a999468e387accc8edac79fe1d61b7331b3a4d5d658858ecdaa0e0119b6d2a958f7bf3
EAP-Message = 0x6c05b684d836361612e031a7c863de56c0c2eecea221506078f4f991d6f7f1b40882d1981e6be282cc6ca1e5555309375397dfc7b6a379cf23f9780841d540d83ac4a89847ec588c84073f1d8e4be9c2fc955cc79d12fc8e4e51a0bc388854a5fd8d19f7bf36495cdeade9dc373fdde84b6b4e452109c95785f65e663bdce3543241b34c49b8d41b1fe44362998a782bc18398a00b8261b303f9a6b025cb8165e6a107967a5f823a135c83611b99f5c0c30203010001a381fb3081f8301d0603551d0e0416041442ba48fa03771a044de938b92a0ac80bd48b46c83081c80603551d230481c03081bd801442ba48fa03771a044de938b92a0ac80bd48b
EAP-Message = 0x46c8a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d0b321af3f5e6edb300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009271c64430e33a20e02c5c3ea887afbda2e892a25f633961c5b13d6df2461f7675b2d3ef317087b1eeeef20c6855c4208c7d
EAP-Message = 0x22dbf87ea84011c3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d2999a934161e655ea3ece36f0c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=146
Cleaning up request 2 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d2999a934161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0x55eb06fdd249f58d4b098d211ef699db
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x010402e71900589c274af17f1a494850cb1028aea864d133e063ba83420b4e3c091030cb4a0c5e5913181a57a0ef4e965b1a1490eb20c705bfc44603e0e52aa98d2f47831b1e88e8cb4149a777c58356b40fcb237ad48b79a1e61a5a02e245b071293b2b25d6b3bbc2e1eb5e26db78735d8172015a39ae2ab6d93382ef0be94f0419a5a7101b93f3f91c7a124f75d5884e225990d032bb21374f62ebdca5a3add90be36aa926a41695835c2eb3f7e88337da950eb5394a9ffb5f63412909f5e387762b4bc9607be7d5871e1c160301020d0c0002090080d98dfb21f227dd0de0112a4e02b14ba70211061c5b376bb17b336613f8dc7867bf69d166fa9a
EAP-Message = 0x06947948dc5a2a0bb67aece8a2eb6ec595b94459607661010ebd873c133571818cf379124cde39be0e869e24c60c3ecaf1faaf1d96b46cb542c1a8207a4a2c8114788241b433bbe70a1c9ba7e56a3e27932254db2290c295e28300010200801e2c86c4785eeb02a0bb6dd6aa890202b7e118a106a5c230c576d7030939045bb009c2ac440005c74fe3659e3fd5b15f4554226f7dcd0131dc636b3d8b2152b63efc1cb23b6e8b0b3bd2960488c73b9bf499434d44629b813ff423fcf0580858aa6473354cce503e27925a2b5493fad07897a8f9ee105c4b949d6277b0ffa75d010034c14143a28ad289e2d0a39f498063167f73fcbf4000caa9c70a3905
EAP-Message = 0x71a008d47f3651cca5a115167ccf4c3990bbaf3507e2b958546eb5e323c7fe857e8394a68251ad5404da26810c662052e242961cb37eafcab475f322a740a0abd48178f31bed95df9004fb37f667282bdbaa9db8402640ffad48ecb15a49ea5db0ace40026026cd5ab50949ade5c903144779999672f88dd7885fcf946ed5c01779571173271d8503a0c3e43791e06a2c4400ff0553c76e15bf7624cf432dd2d44643827b4d29a8763738b073e09b1bbb3c6f2d411391976badabf00cd6ccbb57627e315142009a49e948f5911cf3873557dc60adfebd10a8892d1ac71109fb9cf9a3e6416030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d2998ae34161e655ea3ece36f0c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=344
Cleaning up request 3 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d2998ae34161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400cc190016030100861000008200804316d20c6a7c178058561a988cd4c857a1818bca9d6381d259ad888eb8590fb37aa41737e0465ed1c8645c4b84abd506a7d30c4bb7a7a10f909b9feb1f8a51b8430d748d87f03c7df6a01a3bb99c178da207b3a19c540469709f2845ba90768f8ec804175b2e9afaa80dccc2107919f7580b1953431922cdeda4f877c91e174f14030100010116030100300f7ef3899514ebb34daa12ac552eb8f9eb8841016f046ea3a63e53aadfb3e3397a93e73456cc41e1135861707733b220
Message-Authenticator = 0xdea135864ef03eb8674379a35331fd5f
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 204
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x0105004119001403010001011603010030e6a2e4f9f396f695728dfc74be50459b34dea2ec026e3b041e64ad32a19bfc01ce00a4f39422c30e86d83059c040853f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d299faf34161e655ea3ece36f0c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=146
Cleaning up request 4 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d299faf34161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0xaa2e2ed89ffe2379528536376d6b3678
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x0106002b190017030100203d19543fef6a354b15802fa24ac6be930472a2bb2963b2cd40acb8569178208b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d299eac34161e655ea3ece36f0c
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=236
Cleaning up request 5 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d299eac34161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020600601900170301002006f9c4c30ed6970d17049ecab64a52b6bd0147e5e8aa1632efba5d9bc17ad65517030100307342716fd8fa732607a62a93a4ea9d0be8cd1c9717af27bb67b840bc0a308060563c313805c8b9810e19ba7a0485738a
Message-Authenticator = 0x8aa405f4d2a413e1dfdf4f6019925a83
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 96
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - userX
PEAP: Got tunneled identity of userX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to userX
auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x0107003b1900170301003083a87eb6970e9d00f7463517385ede5e1301a3788b857b995947b8b8ab618a56ac5422ade8ea7d08e6be181deb19075e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9baa2d299dad34161e655ea3ece36f0c
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0, length=236
Cleaning up request 6 ID 0 with timestamp +41
User-Name = "userX"
NAS-IP-Address = 172.16.27.37
Called-Station-Id = "001c1066a106"
Calling-Station-Id = "001cdf77bb4d"
NAS-Identifier = "001c1066a106"
NAS-Port = 1
Framed-MTU = 1400
State = 0x9baa2d299dad34161e655ea3ece36f0c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0207006019001703010020e1e6a5669a6e1f2fad8b18557490b2a36580caac37130035ec533f519aa058651703010030ea09edd1a98107005cbbefece6de1029da93fab2b2f14456b2a2728ff91532a35d075fb23197f925da6206a6e1ee5db1
Message-Authenticator = 0xd2a2e7d67cd0ea7f1d069d4ebf3731cc
+- entering group authorize
++[preprocess] returns ok
expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 96
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> userX
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 0 to 172.16.27.37 port 3072
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 7 ID 0 with timestamp +41
Ready to process requests.
Andy An wrote:...
> Hi Ivan:
> The password is in the ldap server as one of attributes binded to the
> user (userPassword: {CRYPT}something).
> rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter
> (uid=andyan)
...The debug output disagrees with you.
> WARNING: No "known good" password was found in LDAP. Are you sure that
> the user is configured correctly?
There is no known good password available.
Again, it helps to READ the debug output yourself. The warning
messages are clear, and are written in simple English.
Alan DeKok.