Hi, I've got some problem when I try to Authorize with SQL and a windows client to Wireless connection. I configure my windowx xp wireless connection to works with PEAP. My freeradius version is 2.0.0 running on RHEL4 AS When I make a test with the command Radtest guillaume passtest localhost 1645 testing123 I've have this result rad_recv: Access-Request packet from host 127.0.0.1 port 34468, id=204, length=61 User-Name = "guillaume" User-Password = "passtest" NAS-IP-Address = 127.0.0.1 NAS-Port = 1645 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "passtest" rlm_pap: Using clear text password "passtest" rlm_pap: User authenticated successfully ++[pap] returns ok Sending Access-Accept of id 204 to 127.0.0.1 port 34468 Finished request 0. So authorize with SQL working for now but it's when I try to connect with the same parameter with my windows client I've got a access-reject and I don't know why. Here's my log when I try to connect. It's a very long log but I prefer to put more than less rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=0, length=207 Message-Authenticator = 0xc0f8d00a3b3681c80b0404fb1071f81a Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200000e016775696c6c61756d65 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_eap: EAP packet type response id 0 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 172.20.50.202 port 1063 EAP-Message = 0x01010016041092804dde8d0a06d99e5261ceb9722ac7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced520d38a3a459d69bfb6e15b4 Finished request 0. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=1, length=217 Message-Authenticator = 0x9c0bc150cd03185ca99cfd2e204c58d7 Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced520d38a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020100060319 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 1 to 172.20.50.202 port 1063 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced530e25a3a459d69bfb6e15b4 Finished request 1. Going to the next request Waking up in 0.8 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=2, length=291 Message-Authenticator = 0x67008b1dd66cde4ee9ecd8b2b31c8d8c Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced530e25a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0202005019800000004616030100410100003d030147c6ffb92935badbb2f4def8539d5a52639b98a4363eec5b7ef740726e82e7c600001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 2 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok rlm_eap: EAP packet type response id 2 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0758], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 172.20.50.202 port 1063 EAP-Message = 0x0103040019c0000007b5160301004a02000046030147c7006b5023edb8251602c6ff946dd78f76617b824a3413c4287a156bf01c8f20c91369c561e17ded084d214911019abb12dae5ac73a2aec294d406ec242f7f3300040016030107580b0007540007510003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303132313135313733305a170d3039303132303135313733305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a2eb8fe96fc33d9cf9957b100a3a3f52fe91e6a5388d635360f6f5854b52 EAP-Message = 0x06242ce2a82441b626d21ae76b774d4fb1452a8879d0308f7b7ceb863728c892df20626b3c9b690c0dcfcf6ad3b2a7b238408c380ab0c7350f9b53cff7a2d8d9fc5d3c06429efe11fe985e169bbe26e5bdcf0bc82defec1ec1bdaeb2ef5d81ff5121beb0056852f050c316517aa687b2eba144f18d9eccbab9584c610078d7953572f32599359196437af21cb73e70314a6e6dceb7062ed3ea1ef35413e2f3d8d38cee20d756bb51adea8cd556706cbfcbe96acc8b4eddcc44a144092e865eb9354a21da4729f0f295e494c8f74f7584619dd667080dfd04119753cbbca8e02f30710203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d0101040500038201010056ade8e3773dd290a848cdbfad5c1a59b2f35473597493243ceb820892754b92868e742b44030f7068a5d825931c8721b0976d23c21283548b8549a357907fe7b6076a36852d51fd3b6b862d4852055b58b2f1c133ae6e2af7868fb394a806f076675b18d3e2919dca32e7a3101364f25b48c0a4ab5a7c207a60175dee981c5bc15ecec9e544d74fc7d9999cc6ea5d42fd994734698b9e6a502d6d6c8785091b9494f5771e5391283e05f05f91c65ad034ee22f0384b7a676bbc962cd656236970fa309ba4ce2ed667eb57b8012032d8d57a27a00681ef80c7552c1cdeb91cf5f07534cef0a1 EAP-Message = 0x4ef83b331774e71485811454 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced500f25a3a459d69bfb6e15b4 Finished request 2. Going to the next request Waking up in 0.8 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=3, length=217 Message-Authenticator = 0xba417f3e033cd9fcf8c4c2e53f416738 Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced500f25a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 172.20.50.202 port 1063 EAP-Message = 0x010403c5190013559c54570ad5a13906baeb81710003a5308203a130820289a003020102020100300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303132313135313732385a170d3038303232303135313732385a308193310b300906035504061302465231 EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a8a1e7188c420cb6ff8596090d8e233bc30e781e27043a496a27b5746c937995271af82aa455e0690890e59c8a555e217c36f8a3d54af84142255b3bc51f32154d86c907cfbafb817fc200b18f3bbc64ef55591eaa61e0 EAP-Message = 0x5a7982bbfd37ddf1aaf6f78b5fbc81f640296b0355495b9d02d25babddea1629f6b9e0385aa4996d92a04d61eae841fb011d60fd8b0b494889c6aa89e5c846fa59c3a7a442768ee1220808e12a26c28e72f5765e4ddff5b8a95d6ba839c1d300251f8ae324b5d6053ab65b617173924581d531f8c77f16a1f166beab51de3cf197e68ac22771de49054b2ac5b36b3d96c4786af29e0b8c8d310b2b025f61392a77459057f3b04da2250203010001300d06092a864886f70d0101040500038201010029695a2cc9d688aaa25217efc5282b4504670ceb8b29c5c706f4fa2fa5c3add45ee3a6c763e99518d6ba58018acd6a02c41bfd57dfd2f44954d404 EAP-Message = 0x71e3add200d77b9bd2e1c132a12a64342f319d54fa023e29fefe206b380fe3817e9390edca3ca4eebd64b539e53178b502897f08da96010c79a3ddc8624cda44c46e858f81975ba8d58d334519bee708117517cf9bdb0803289a13f568b60fbe3389ee6f0aad043510311730d6232c05d5781292590e2dd0c269461254122f461843eb17837a64fda6ffc7ba2c41a6c080d6660c1b7db277025167df8ad183b4dbce207cafdecdbf147208cee0d4214f8eecf0c0bb892c36ecdd5ae04f0feb0a5505030a9c16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced510825a3a459d69bfb6e15b4 Finished request 3. Going to the next request Waking up in 0.7 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=4, length=533 Message-Authenticator = 0xe640831a6cc1058b837e7b6545553c8c Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced510825a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204014019800000013616030101061000010201003ef99f78853242dd37a0999badd0c8e7bc39ba21ee71c1c9c633d152b26e7a310206e488e788890ef82ba0c3932be05b59061114e14feb774ecaeb4d4de693087ac94eaa32d2ed368128d6e56fbc56d44ae31e9c047d560fc66ee76908262459a7a5372daf0f72d94bfcd159d5d0114c7241e249ea8ac4461456ec8009194d5d2085fd0f16ae12f8a077288b94615178ce0ad69ca6b8ddedb7fd7a74e4b07c8362905a12baf6e2535342e453f8200c59aacba2e1aa0275fb3c15259a80cd6808d73c89dcd3fe009c3c0ccbd3d5e0d46e1ff38772f8e205de408a701aa310affa4f6fc4ad83645a8d EAP-Message = 0x19aaf6afac987e2b53eacf2d5b558e1aad52e4c560f33fcc1403010001011603010020c30bee50878b3e356c158179fc51845d809915f2fbbf73dd7241b9a16a005793 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 0 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok rlm_eap: EAP packet type response id 4 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 310 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 172.20.50.202 port 1063 EAP-Message = 0x01050031190014030100010116030100208bb299fbb9a8ecc9529ec3acf8080b4fbee9264638e3344eeed742f31342fac0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced560925a3a459d69bfb6e15b4 Finished request 4. Going to the next request Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=5, length=217 Message-Authenticator = 0x220b76bfe2d6dbe7846eb66729e647a3 Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced560925a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500061900 NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 5 to 172.20.50.202 port 1063 EAP-Message = 0x0106002019001703010015b5d9ed38c16abe949007856112163c349f47653a9a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced570a25a3a459d69bfb6e15b4 Finished request 5. Going to the next request Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=6, length=248 Message-Authenticator = 0x6915c4ca0dac6f36bcbb06a505b09b13 Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced570a25a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020600251900170301001a6e27e83a583513f96734491893052bc45e331dea5a817514c96d NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_eap: EAP packet type response id 6 length 37 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - guillaume PEAP: Got tunneled identity of guillaume PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to guillaume +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 2 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 6 to 172.20.50.202 port 1063 EAP-Message = 0x0107003a1900170301002fecaf21a73ddbad75e42aa30dc5d0d2489a475ea8b653ef48600c15b788c513f3653ff92d6399cb21abb210cbc9374e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced540b25a3a459d69bfb6e15b4 Finished request 6. Going to the next request Waking up in 0.5 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=7, length=302 Message-Authenticator = 0x7287204fcda0fbdaa0909c61c390db5d Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced540b25a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0207005b190017030100501535a8ff853e55baa970b95035da4cc5ed023c4fc2bff19dacdb32c539c6fb422a96edb8dd7cf0b34268b75d80b0b850d575c6894afafca7e0be7250dddd00044bdd0fe6176b0b6afd5e670b2567f46c NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 1 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_eap: EAP packet type response id 7 length 91 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to guillaume +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 0 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok rlm_eap: EAP packet type response id 7 length 68 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Told to do MS-CHAPv2 for guillaume with NT-Password expand: --username=%{mschap:User-Name:-None} -> --username=guillaume rlm_mschap: No NT-Domain was found in the User-Name. expand: --domain=%{mschap:NT-Domain:-intranet} -> --domain=intranet mschap2: c4 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=4384da4f07ddf5b1 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=b4e365eb0f01c659d845bd177f80139ebbe46ada409725f1 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled Sending Access-Challenge of id 7 to 172.20.50.202 port 1063 EAP-Message = 0x010800261900170301001b43e26227f37525d5072bc3647428c3fafce33dd5f49b549f0194e0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x520c3ced550425a3a459d69bfb6e15b4 Finished request 7. Going to the next request Waking up in 0.4 seconds. rad_recv: Access-Request packet from host 172.20.50.202 port 1063, id=8, length=249 Message-Authenticator = 0x7c5457d18a2ab93316e3cb7416ec9acb Service-Type = Framed-User User-Name = "guillaume\000" Framed-MTU = 1488 State = 0x520c3ced550425a3a459d69bfb6e15b4 Called-Station-Id = "00-0F-3D-AB-1C-07:testGuillaume" Calling-Station-Id = "00-0E-35-99-F3-E9" NAS-Identifier = "D-Link Access Point" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020800261900170301001b3116a7abe82507e5348d4e6f2e108f5b1c80d2e51db813beebcc1f NAS-IP-Address = 172.20.50.202 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "guillaume", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop expand: %{User-Name} -> guillaume rlm_sql (sql): sql_set_user escaped user --> 'guillaume' rlm_sql (sql): Reserving sql socket id: 4 expand: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guillaume' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok rlm_eap: EAP packet type response id 8 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> guillaume attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.4 seconds. Waking up in 0.1 seconds. Waking up in 0.1 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 8 to 172.20.50.202 port 1063 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.4 seconds. Cleaning up request 0 ID 0 with timestamp +14 Waking up in 0.1 seconds. Cleaning up request 1 ID 1 with timestamp +14 Cleaning up request 2 ID 2 with timestamp +14 Cleaning up request 3 ID 3 with timestamp +15 Cleaning up request 4 ID 4 with timestamp +15 Cleaning up request 5 ID 5 with timestamp +15 Cleaning up request 6 ID 6 with timestamp +15 Waking up in 0.1 seconds. Cleaning up request 7 ID 7 with timestamp +15 Waking up in 1.0 seconds. Cleaning up request 8 ID 8 with timestamp +15 Ready to process requests. Thanks for the help ---------------------------- Guillaume Chartrand Technicien informatique Cégep régional de Lanaudière Centre administratif, Repentigny (450) 470-0911 poste 7218