RE: RE: Problems to do an SSID based authentication
------------------------------
Message: 3 Date: Mon, 16 Nov 2009 10:03:22 +0000 From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk> Subject: Re: Problems to do an SSID based authentication To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <20091116100322.GB5662@lboro.ac.uk> Content-Type: text/plain; charset=us-ascii
Hi,
I am trying to do an SSID based authentication per user. What I mean is that i try in the users.conf file to check for which SSID the users is trying to use to login and if it is wrong it shall do an reject for that user.
The problem is that i dont succeed with this so I thought it does not hurt to ask the ones who knows. My users.conf file looks like this:
Peter Cleartext-Password := "kaffe" , Called-Station-Id == "04-0B-6B-33-62-35:raket" Jens Cleartext-Password := "kaffe" , Called-Station-Id == "02-0B-6B-33-62-35:3"
so Peter can only connect from 04-0B-6B-33-62-35:raket and Jens can only get on from 02-0B-6B-33-62-35:3 ?
okay - where is your log from 'radiusd -X' ?
alan
Hi Alan! The logs from my radius -X is following: rad_recv: Access-Request packet from host 192.168.118.10 port 42531, id=97, length=194 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x02020009014a656e73 Message-Authenticator = 0x12ec684d2cb511be9cf431ceeae1a5c8 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry Jens at line 92 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 97 to 192.168.118.10 port 42531 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b5e336db4711a92c3e7dc829 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 46429, id=98, length=316 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b5e336db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x0203007119800000006716030100620100005e03014b01325d9b7522753ffde3bdcb960b88f167535ca9ec96ffa88e3f5577fc7b4c000018002f00350005000ac013c014c009c00a00320038001300040100001d0000000900070000046a656e73000a0006000400170018000b00020100 Message-Authenticator = 0xbb5e04e25bd1a69911623d1fa6fc555e NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 113 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 103 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0062], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 98 to 192.168.118.10 port 46429 EAP-Message = 0x0104040019c00000089b160301002a0200002603014b013261232f65081c0647ecdd136d4ba6d37a900ca54c63b1b42d0f9f08ec7a00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039313131313133323535335a170d3130313131313133323535335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5187e7bc255b26ddc283d48c5dcada8d45ed681856a7f9964de908c976390f87aae337b8f13cb67c519e95fbc0236cb71ce6cf1a0053a679a2fae47334b EAP-Message = 0xea63f5d29523c2f790377a0f7cb808d1074d9dfd6eb6edb07b4244089b2c50ffb516d69ad94a252aa72af8fa371165337209dd7a5bc0701ca910f54d0de7e8cf202bae28ebdf3b68682b2f1de412b1b59152b1b747187c9a2d97fcea02d853f59e0c311bc87629914ce11a408218ff0cf921a48bc972da546c99ebf0a566e3604700c2315631113c160eb770f7632f47ccec74feefeede6352656ad5c918b7ea13eb6f6e11fbe331be19d787a2f5e9b2a1cea1a353190c6b3736a45051e2be8bb0910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010029d7cb5c38650e56d0 EAP-Message = 0xe1db3d87bb0b9a1a034fd23fdc928795988fae1c3b2d262a84fa06284b4a506ba315d584b6a6eed742d6e3e92f2df7194fa8b1c5f53a5d2f18f595eab97e219a024b5753a6ea48eabe8106c5c28ffb2b124c02bd19f56771f35014de4569e7f720951ded3033591943c853049bb4a245cef1270593e844e6e0a4d442023fa1cb17874b4f734963a6eece8ca51d5d253e539027eb5ef96eecb0c4d6163045767728dac1a444712e50bdba71ab058c09b35fbade6d3d30c779acfccca0e260cde86d2d15c4bffe47584863ad94965d3584805bce24d9228198b5c78b761fd3d6b89b25a2430c731ee485840ecbac95171a03f2b0d77346c40004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b4e436db4711a92c3e7dc829 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 41440, id=99, length=209 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b4e436db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x020400061900 Message-Authenticator = 0xc16a7984a9f721ee6d94d31f7659a249 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.118.10 port 41440 EAP-Message = 0x010503fc194000a95ceefb4e6190af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131313133323535335a170d3130313131313133323535335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a5e320972e46e5b85513eac3a27f6505180668b395d4ffdebbe5458f615bb40d7ee9ae7c614be07ef57a43ec1127f128b45d58221b60d1838612c614bb26c99fdbb8c08c2cc4ecaae11df4f657241eb6b8e7a8d0317d7e00f45f2f5bc50ce9e835d3b61101a0fbe8c989d012bf8d7b EAP-Message = 0x8cf31f35ca2bdc11512934f57fb4a9eb7e95b35e47b609b98a818fdeb8df415bd2574b9a907497521a446fd14969b20de542ae7abc809b56cf0e927b54b2a5519708125a38067897ffa35428799384416cb9028c0e777c6268009f696e67f2c747f9a7c09ef0cb3873ce6e22b148d43f0ad28018311d625f85820115d75358d0c7f79c534fff1552d8cde0e514b9b7554b0203010001a381fb3081f8301d0603551d0e041604148a192d95e8fb6f6ba1f6554ccf4e2bd534ff14143081c80603551d230481c03081bd80148a192d95e8fb6f6ba1f6554ccf4e2bd534ff1414a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a95ceefb4e6190af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a3ccd6974415ace1b6b6cce8b3c02dde0d00a6aee049f97c5a5e460849a40ef10e697d8a27e1b7c4bbe6122d145c9a7202d059a831c1563e973e76edb22c927d276199b16bba81a5a8301119debfc3957d9d EAP-Message = 0xba5e475db5bc4553 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b7e536db4711a92c3e7dc829 Finished request 3. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 40388, id=100, length=209 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b7e536db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x020500061900 Message-Authenticator = 0xde1528468a95c4082d87b885c07692c0 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.118.10 port 40388 EAP-Message = 0x010600b519003ed1cdfb8ce78c8b13e8c9d49553950dba115cafd7a3d3b93b0811bcc48f642f85e57b50ef7e8b45884e991ed7d0c7c69974877b6a931e94e2b1c18241af3f56e898cdb6bf5694cf634aaed5728ab48884f93efe217772425cb71b9be6cf27aaea718f270d33593165e215533f99daf1e5a542c9052a6ecb35ccfcdd4a4c02d7d8d6d2baa96840f6498c506d054bd3023a6c1f719d133364e1eeea225c9724dc6dba0de411f816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b6e636db4711a92c3e7dc829 Finished request 4. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 49250, id=101, length=541 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b6e636db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x02060150198000000146160301010610000102010010da40c2277f97a716be9418364b5d036b2a1a438427372a3179fcb8f45d4f59e8f81cc24e5c03785cdd6e7e33b9472c294099bb429c2c07045b19bbff7ae2743f3ed3fa2a34a011e574d64f397990cc9cb3e308d556f4120545fd635471309e8f45b67549279c41e73bb92e817d67172a6b15b0c8da5118469fa5bcd4539916582b4dd8e678da06deeddf6bcede7de238449c9601f1efce3f23e9534c68e2a897d705e32f388f7ea3412ab5b90e85c6b508d2f04eb257e22b5c39f7fafef009a921184fbf1193c173fcb3c656cc93ee6f668c60f2fedb92897e0d558f49d8d656c76acd0a28a5a9 EAP-Message = 0x7a95a196ccf65f220a7130f1a338a8509b848359491e67d11403010001011603010030c85bc66fdd1fc7aef16588704d5a25cdca879ac3585be0e73d728e1aa18bb4cb2b6a5f030a417088af50b29ab56d3fc5 Message-Authenticator = 0xc3a9938ec998ab0398c5709115ad2bdf NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.118.10 port 49250 EAP-Message = 0x0107004119001403010001011603010030f5dceab2b5b355a2312fe20092d891872280be1ba05a477e51657ccadb327d91249380718ec8a006eb278245f449ed2d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b1e736db4711a92c3e7dc829 Finished request 5. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 41427, id=102, length=209 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b1e736db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x020700061900 Message-Authenticator = 0x77f82d817673e2f1d72bdf70771fe83d NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 102 to 192.168.118.10 port 41427 EAP-Message = 0x0108002b1900170301002006e1b5d62349a17609d76b94114fff9f2c956820f402a63434ebe33c0ab23254 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b0e836db4711a92c3e7dc829 Finished request 6. Going to the next request Waking up in 4.2 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 46562, id=103, length=246 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b0e836db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x0208002b19001703010020cbfe496129842adde6abe7771cdf82d089fab1b8692359688c355d1abd7fe18d Message-Authenticator = 0x51bd0d083ea0991de4ba0666c3bf3f7d NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - Jens [peap] Got tunneled request EAP-Message = 0x02080009014a656e73 server { PEAP: Got tunneled identity of Jens PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to Jens Sending tunneled request EAP-Message = 0x02080009014a656e73 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "Jens" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 222 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = Reject Auth-Type = Reject, rejecting user Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 [peap] Got tunneled reply RADIUS code 3 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.118.10 port 46562 EAP-Message = 0x0109002b19001703010020f22961f4b8fc8ef302e9d02a6ff60318dc7009c8c6b95edda5d0b74179b60ba9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb5e02fd1b3e936db4711a92c3e7dc829 Finished request 7. Going to the next request Waking up in 4.1 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" State = 0xb5e02fd1b3e936db4711a92c3e7dc829 Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x0209002b1900170301002049d78ce8e977e9c3a54ef1cb5206e2f30a857981ca29de1d574ae788718f8397 Message-Authenticator = 0x10d7ce191f17a6482ce049589e279cd0 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "Jens", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> Jens attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246 Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104 Waking up in 0.6 seconds. rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246 Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104 Waking up in 0.3 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 104 to 192.168.118.10 port 41030 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.0 seconds. Cleaning up request 1 ID 97 with timestamp +46 Cleaning up request 2 ID 98 with timestamp +46 Waking up in 0.1 seconds. Cleaning up request 3 ID 99 with timestamp +46 Waking up in 0.2 seconds. Cleaning up request 4 ID 100 with timestamp +47 Waking up in 0.1 seconds. Cleaning up request 5 ID 101 with timestamp +47 Waking up in 0.1 seconds. Cleaning up request 6 ID 102 with timestamp +47 Cleaning up request 7 ID 103 with timestamp +47 Waking up in 1.0 seconds. To be able to get the log from start I had to stop the radius server while the windows machine tried to do to a authorization a second time since it does it three times before it accepts the fact it can't authorize. Best regards/ Peter
------------------------------
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 55, Issue 68 ************************************************
_________________________________________________________________ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soc...
My users.conf file looks like this:
Peter Cleartext-Password := "kaffe" , Called-Station-Id == "04-0B-6B-33-62-35:raket" Jens Cleartext-Password := "kaffe" , Called-Station-Id == "02-0B-6B-33-62-35:3"
The logs from my radius -X is following:
rad_recv: Access-Request packet from host 192.168.118.10 port 42531, id=97, length=194 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "Jens" Acct-Session-Id = "82200128" Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10" Calling-Station-Id = "00-26-BB-14-50-CF" Called-Station-Id = "02-0B-6B-33-62-35:3" EAP-Message = 0x02020009014a656e73 Message-Authenticator = 0x12ec684d2cb511be9cf431ceeae1a5c8 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.118.10 +- entering group authorize {...} ... Sending tunneled request EAP-Message = 0x02080009014a656e73 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "Jens" server inner-tunnel { ...
You haven't got ssid in inner-tunnel request. Enable copy_request_to_tunnel in peap section of eap.conf. Ivan Kalik Kalik Informatika ISP
participants (2)
-
Peter Carlstedt -
tnt@kalik.net