EAP/peap: MSCHAP Success
Hello, I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth seems to authenticate successful, but freeradius is sending another access-challenge istead of access-accept. Finally, authentication fails. Any ideas? Thanks, Dietmar rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29, length=323 User-Name = "xxxx" Calling-Station-Id = "00-aa-aa-aa-aa-aa" Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd" NAS-Port = 29 NAS-IP-Address = x.x.x.x NAS-Identifier = "xxxx" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "111" EAP-Message = 0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc State = 0x7641829c70499b7e3361ddd3f9666230 Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165 +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to yyyy\xxxx +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry DEFAULT at line 1 users: Matched entry DEFAULT at line 460 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy expand: --username=%{mschap:User-Name:-None} -> --username=xxxx mschap2: b0 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8fc3f2bd3e12c979 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064 Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 29 to x.x.x.x port 32770 EAP-Message = 0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7641829c71489b7e3361ddd3f9666230 Finished request 17.
That's because it's doing EAP mschapv2 not plain mschap. It's normal to get a couple more Challenge-Requests before process is over. Ivan Kalik Kalik Informatika ISP Dana 7/7/2008, "db7td@gmx.de" <db7td@gmx.de> piše:
Hello,
I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth seems to authenticate successful, but freeradius is sending another access-challenge istead of access-accept. Finally, authentication fails.
Any ideas?
Thanks, Dietmar
rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29, length=323 User-Name = "xxxx" Calling-Station-Id = "00-aa-aa-aa-aa-aa" Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd" NAS-Port = 29 NAS-IP-Address = x.x.x.x NAS-Identifier = "xxxx" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "111" EAP-Message = 0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc State = 0x7641829c70499b7e3361ddd3f9666230 Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165 +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to yyyy\xxxx +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry DEFAULT at line 1 users: Matched entry DEFAULT at line 460 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy expand: --username=%{mschap:User-Name:-None} -> --username=xxxx mschap2: b0 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8fc3f2bd3e12c979 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064 Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 29 to x.x.x.x port 32770 EAP-Message = 0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7641829c71489b7e3361ddd3f9666230 Finished request 17. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hmm, it is in fact doing many access-challenges, but the one I have sent it the last one... There is no access-accept (and no reject). Dietmar -------- Original-Nachricht --------
Datum: Mon, 07 Jul 2008 15:29:24 +0100 Von: "Ivan Kalik" <tnt@kalik.net> An: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Betreff: Re: EAP/peap: MSCHAP Success
That's because it's doing EAP mschapv2 not plain mschap. It's normal to get a couple more Challenge-Requests before process is over.
Ivan Kalik Kalik Informatika ISP
Dana 7/7/2008, "db7td@gmx.de" <db7td@gmx.de> piše:
Hello,
I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth seems to authenticate successful, but freeradius is sending another access-challenge istead of access-accept. Finally, authentication fails.
Any ideas?
Thanks, Dietmar
rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29, length=323 User-Name = "xxxx" Calling-Station-Id = "00-aa-aa-aa-aa-aa" Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd" NAS-Port = 29 NAS-IP-Address = x.x.x.x NAS-Identifier = "xxxx" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "111" EAP-Message = 0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc State = 0x7641829c70499b7e3361ddd3f9666230 Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165 +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to yyyy\xxxx +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry DEFAULT at line 1 users: Matched entry DEFAULT at line 460 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy expand: --username=%{mschap:User-Name:-None} -> --username=xxxx mschap2: b0 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8fc3f2bd3e12c979 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064 Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 29 to x.x.x.x port 32770 EAP-Message = 0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7641829c71489b7e3361ddd3f9666230 Finished request 17. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem solved: ntlm_auth of Samba 3.2.0 seems not to work with Freeradius 2.0.5. After downgrading Samba to 3.0.29 everything is fine again. Dietmar -------- Original-Nachricht --------
Datum: Mon, 07 Jul 2008 16:40:35 +0200 Von: db7td@gmx.de An: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>, freeradius-users@lists.freeradius.org Betreff: Re: EAP/peap: MSCHAP Success
Hmm, it is in fact doing many access-challenges, but the one I have sent it the last one... There is no access-accept (and no reject).
Dietmar
-------- Original-Nachricht --------
Datum: Mon, 07 Jul 2008 15:29:24 +0100 Von: "Ivan Kalik" <tnt@kalik.net> An: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Betreff: Re: EAP/peap: MSCHAP Success
That's because it's doing EAP mschapv2 not plain mschap. It's normal to get a couple more Challenge-Requests before process is over.
Ivan Kalik Kalik Informatika ISP
Dana 7/7/2008, "db7td@gmx.de" <db7td@gmx.de> piše:
Hello,
I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth seems to authenticate successful, but freeradius is sending another access-challenge istead of access-accept. Finally, authentication fails.
Any ideas?
Thanks, Dietmar
rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29, length=323 User-Name = "xxxx" Calling-Station-Id = "00-aa-aa-aa-aa-aa" Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd" NAS-Port = 29 NAS-IP-Address = x.x.x.x NAS-Identifier = "xxxx" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "111" EAP-Message =
0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc
State = 0x7641829c70499b7e3361ddd3f9666230 Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165 +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to yyyy\xxxx +- entering group authorize ++[preprocess] returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry DEFAULT at line 1 users: Matched entry DEFAULT at line 460 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy expand: --username=%{mschap:User-Name:-None} -> --username=xxxx mschap2: b0 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8fc3f2bd3e12c979 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064 Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 29 to x.x.x.x port 32770 EAP-Message =
Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7641829c71489b7e3361ddd3f9666230 Finished request 17. - List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You have a full debug of accepted peap authentication via ntlm_auth
posted today:
http://lists.freeradius.org/pipermail/freeradius-users/2008-July/msg00149.html
Your supplicant is most likely broken. Find out why it gave up and fix it.
Ivan Kalik
Kalik Informatika ISP
Dana 7/7/2008, "db7td@gmx.de" <db7td@gmx.de> piše:
>Hmm, it is in fact doing many access-challenges, but the one I have sent it the last one... There is no access-accept (and no reject).
>
>
>Dietmar
>
>
>-------- Original-Nachricht --------
>> Datum: Mon, 07 Jul 2008 15:29:24 +0100
>> Von: "Ivan Kalik" <tnt@kalik.net>
>> An: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
>> Betreff: Re: EAP/peap: MSCHAP Success
>
>> That's because it's doing EAP mschapv2 not plain mschap. It's normal
>> to get a couple more Challenge-Requests before process is over.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>>
>> Dana 7/7/2008, "db7td@gmx.de" <db7td@gmx.de> pi¨e:
>>
>> >Hello,
>> >
>> >I have some problems with freeradius 2.0.5 and ntlm_auth: ntlm_auth seems
>> to authenticate successful, but freeradius is sending another
>> access-challenge istead of access-accept. Finally, authentication fails.
>> >
>> >Any ideas?
>> >
>> >Thanks,
>> > Dietmar
>> >
>> >
>> >rad_recv: Access-Request packet from host x.x.x.x port 32770, id=29,
>> length=323
>> > User-Name = "xxxx"
>> > Calling-Station-Id = "00-aa-aa-aa-aa-aa"
>> > Called-Station-Id = "bb-bb-bb-bb-bb-bb:abcd"
>> > NAS-Port = 29
>> > NAS-IP-Address = x.x.x.x
>> > NAS-Identifier = "xxxx"
>> > Airespace-Wlan-Id = 1
>> > Service-Type = Framed-User
>> > Framed-MTU = 1300
>> > NAS-Port-Type = Wireless-802.11
>> > Tunnel-Type:0 = VLAN
>> > Tunnel-Medium-Type:0 = IEEE-802
>> > Tunnel-Private-Group-Id:0 = "111"
>> > EAP-Message =
>> 0x020800901900170301002068300aa7af68cd11d993c8573581cfda02004335dd25b185c1caa58932f2c445170301006099a8478aa1f46aaee96b7280da1a3112f767ad35f728c5011d8328935379ce01eaf5a2b8bacd04a3ff66b08517d524b80e09809b94ae7720e5de155cb5d9ef20ffbd207bef659afb95d25c15b9898b401ff7eac15cd25109681c5150b976c6bc
>> > State = 0x7641829c70499b7e3361ddd3f9666230
>> > Message-Authenticator = 0xc43073f681146021f4c82a9d2d1ce165
>> >+- entering group authorize
>> >++[preprocess] returns ok
>> >++[mschap] returns noop
>> > rlm_realm: No '@' in User-Name = "xxxx", looking up realm NULL
>> > rlm_realm: No such realm "NULL"
>> >++[suffix] returns noop
>> > rlm_eap: EAP packet type response id 8 length 144
>> > rlm_eap: Continuing tunnel setup.
>> >++[eap] returns ok
>> > rad_check_password: Found Auth-Type EAP
>> >auth: type "EAP"
>> >+- entering group authenticate
>> > rlm_eap: Request found, released from the list
>> > rlm_eap: EAP/peap
>> > rlm_eap: processing type peap
>> > rlm_eap_peap: Authenticate
>> > rlm_eap_tls: processing TLS
>> > eaptls_verify returned 7
>> > rlm_eap_tls: Done initial handshake
>> > eaptls_process returned 7
>> > rlm_eap_peap: EAPTLS_OK
>> > rlm_eap_peap: Session established. Decoding tunneled attributes.
>> > rlm_eap_peap: EAP type mschapv2
>> > PEAP: Setting User-Name to yyyy\xxxx
>> >+- entering group authorize
>> >++[preprocess] returns ok
>> >++[mschap] returns noop
>> > rlm_realm: No '@' in User-Name = "yyyy\xxxx", looking up realm NULL
>> > rlm_realm: No such realm "NULL"
>> >++[suffix] returns noop
>> > rlm_eap: EAP packet type response id 8 length 73
>> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>> >++[eap] returns updated
>> > users: Matched entry DEFAULT at line 1
>> > users: Matched entry DEFAULT at line 460
>> >++[files] returns ok
>> >++[expiration] returns noop
>> >++[logintime] returns noop
>> >rlm_pap: WARNING! No "known good" password found for the user.
>> Authentication may fail because of this.
>> >++[pap] returns noop
>> > rad_check_password: Found Auth-Type EAP
>> >auth: type "EAP"
>> >+- entering group authenticate
>> > rlm_eap: Request found, released from the list
>> > rlm_eap: EAP/mschapv2
>> > rlm_eap: processing type mschapv2
>> >+- entering group MS-CHAP
>> > rlm_mschap: No Cleartext-Password configured. Cannot create
>> LM-Password.
>> > rlm_mschap: No Cleartext-Password configured. Cannot create
>> NT-Password.
>> > rlm_mschap: Told to do MS-CHAPv2 for xxxx with NT-Password
>> > expand: --domain=%{mschap:NT-Domain} -> --domain=yyyyyy
>> > expand: --username=%{mschap:User-Name:-None} -> --username=xxxx
>> > mschap2: b0
>> > expand: --challenge=%{mschap:Challenge:-00} ->
>> --challenge=8fc3f2bd3e12c979
>> > expand: --nt-response=%{mschap:NT-Response:-00} ->
>> --nt-response=9c59f2bc45acacb2fe7b4068cb014b9aed12664f7135d064
>> >Exec-Program output: NT_KEY: 09360732CEED74278E86C2D9A9EBB694
>> >Exec-Program-Wait: plaintext: NT_KEY: 09360732CEED74278E86C2D9A9EBB694
>> >Exec-Program: returned: 0
>> >rlm_mschap: adding MS-CHAPv2 MPPE keys
>> >++[mschap] returns ok
>> >MSCHAP Success
>> >++[eap] returns handled
>> > PEAP: Got tunneled Access-Challenge
>> >++[eap] returns handled
>> >Sending Access-Challenge of id 29 to x.x.x.x port 32770
>> > EAP-Message =
>> 0x0109005b190017030100508b5c946b956210b83f4d4dc1110d22be38775b1fab7e98154dc59571b3e81b6d2f4c06139ebfbaeae78d6b41cd6ef643f1a67d56b96bf669bbb0aab6e6df36281122e5b85d6a1543990e7cd0d61523ed
>> > Message-Authenticator = 0x00000000000000000000000000000000
>> > State = 0x7641829c71489b7e3361ddd3f9666230
>> >Finished request 17.
>> >-
>> >List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> >
>> >
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
participants (2)
-
db7td@gmx.de -
Ivan Kalik