Has anyone gotten Machine Authentication with PEAP working? rad_recv: Access-Request packet from host 10.0.1.21:32768, id=2, length=342 User-Name = "host/boy-it-tel-2528.campus.bridgew.edu" Calling-Station-Id = "00-0B-7D-1B-B0-BA" Called-Station-Id = "00-0B-85-5F-66-E0:Wireless@BSC" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900791900170301006ed6d5858d2d5e437d5127e2f91a69520faa2104d0573c0a1d 098dce6c763982b9a2b160a55541d1fcec125fb106c4668c 0d3d5b4facf2737febb2a5f98c4344d36b9c4fbcf52f2b6d3d613b79f6a123bf30d5e5bc 09d2cf2859aabada6c297a14d782995bce310f879a006e2c6ba0 State = 0x332bd4a26a3495ca8b876c3936b99a50 Message-Authenticator = 0x4fec0b430cc29964546aa3c9fee52d2c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 40 modcall[authorize]: module "preprocess" returns ok for request 40 radius_xlat: '/var/log/freeradius/radacct/10.0.1.21/auth-detail-20060309' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.0.1.21/auth-detail-2 0060309 modcall[authorize]: module "auth_log" returns ok for request 40 modcall[authorize]: module "chap" returns noop for request 40 modcall[authorize]: module "mschap" returns noop for request 40 rlm_realm: No '@' in User-Name = "host/boy-it-tel-2528.campus.bridgew.edu", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 40 rlm_eap: EAP packet type response id 9 length 121 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 40 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 40 modcall: leaving group authorize (returns updated) for request 40 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 40 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020900621a0209005d310575b329205687211101eef2ea1463b60000000000000000c9 2c121419368a6b599e159c9ef21bbc4d98138946d6df2900 686f73742f626f792d69742d74656c2d323532382e63616d7075732e627269646765772e 656475 PEAP: Setting User-Name to host/boy-it-tel-2528.campus.bridgew.edu PEAP: Adding old state with c0 be PEAP: Sending tunneled request EAP-Message = 0x020900621a0209005d310575b329205687211101eef2ea1463b60000000000000000c9 2c121419368a6b599e159c9ef21bbc4d98138946d6df2900 686f73742f626f792d69742d74656c2d323532382e63616d7075732e627269646765772e 656475 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/boy-it-tel-2528.campus.bridgew.edu" State = 0xc0be9e82d71e93ec07c4074441377fb0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 40 modcall[authorize]: module "preprocess" returns ok for request 40 radius_xlat: '/var/log/freeradius/radacct/127.0.0.1/auth-detail-20060309' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-2 0060309 modcall[authorize]: module "auth_log" returns ok for request 40 modcall[authorize]: module "chap" returns noop for request 40 modcall[authorize]: module "mschap" returns noop for request 40 rlm_realm: No '@' in User-Name = "host/boy-it-tel-2528.campus.bridgew.edu", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 40 rlm_eap: EAP packet type response id 9 length 98 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 40 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 40 modcall: leaving group authorize (returns updated) for request 40 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 40 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 40 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/boy-it-tel-2528.campus.bridgew.edu with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 31 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=boy-it-tel-2528$ --domain=campus --challenge=8498683817c21d86 --nt-response=c92c 121419368a6b599e159c9ef21bbc4d98138946d6df29 ' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=boy-it-tel-2528$ --domain=campus --challenge=8498683817c21d86 --nt-response=c92c1 21419368a6b599e159c9ef21bbc4d98138946d6df29 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 40 modcall: leaving group MS-CHAP (returns reject) for request 40 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 40 modcall: leaving group authenticate (returns reject) for request 40 auth: Failed to validate the user. Login incorrect: [host/boy-it-tel-2528.campus.bridgew.edu] (from client localhost port 0) PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x8159120 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 40 modcall: leaving group authenticate (returns handled) for request 40 Sending Access-Challenge of id 2 to 10.0.1.21 port 32768 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010a00261900170301001b2b70132064acd535306c54d37e22679711096bbe69821ed0 d2af6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe08ef92e3bc5a82f8011159dff79c57f Finished request 40 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32768, id=3, length=259 User-Name = "host/boy-it-tel-2528.campus.bridgew.edu" Calling-Station-Id = "00-0B-7D-1B-B0-BA" Called-Station-Id = "00-0B-85-5F-66-E0:Wireless@BSC" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00261900170301001b59c0444996b63b6d1b27e0dff445c27caccb8c1f8d17fe91 0776d1 State = 0xe08ef92e3bc5a82f8011159dff79c57f Message-Authenticator = 0x0fccb825852b2ffc878a6a3a2cf5d31a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 41 modcall[authorize]: module "preprocess" returns ok for request 41 radius_xlat: '/var/log/freeradius/radacct/10.0.1.21/auth-detail-20060309' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/10.0.1.21/auth-detail-2 0060309 modcall[authorize]: module "auth_log" returns ok for request 41 modcall[authorize]: module "chap" returns noop for request 41 modcall[authorize]: module "mschap" returns noop for request 41 rlm_realm: No '@' in User-Name = "host/boy-it-tel-2528.campus.bridgew.edu", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 41 rlm_eap: EAP packet type response id 10 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 41 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 41 modcall: leaving group authorize (returns updated) for request 41 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 41 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 41 modcall: leaving group authenticate (returns invalid) for request 41 auth: Failed to validate the user. Login incorrect: [host/boy-it-tel-2528.campus.bridgew.edu] (from client private-network-1 port 29 cli 00-0B-7D-1B-B0-BA) Delaying request 41 for 1 seconds Finished request 41