Hi, I am trying to authenticate users using eap/ttls and internal mschap-v2. Currently I haven't set any auth-type in the users, just a password. This because auth-type := EAP (which is sugested in quite a few howto's is appearantly wrong acccording to the list and the docs. It seems like I'm allmost there cause I get a certificate at the supplicant. (O well, looks like there's something working:) I've googled around but have not found a solution, I hope someone could give me a hint in the right direction. Thanks a lot for any help, Kozy. here are the last lines of freeradius' output: Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 143 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "TestUser" MS-CHAP-Challenge = 0x6440b13c0e6ad28c3b7dd0a235d1b4ac MS-CHAP2-Response = 0x7d000ecb95ad6821c49c069a52d75b4791670000000000000000b49eccb3efc33e4b06047b50518e4ea66fdf6da9b98c4261 FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "TestUser" MS-CHAP-Challenge = 0x6440b13c0e8ad28a3b7dd0a235d1b4ac MS-CHAP2-Response = 0x7d000ecb95ad6821c49c069a52d75b7791670000000000000000b49eccb3efd33e8a06047b50518e4ea66fdf6da9b98c4261 FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.0.30 Called-Station-Id = "002217d46891" Calling-Station-Id = "000d93ddf8f6" NAS-Identifier = "001227d44891" NAS-Port = 35 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 5 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 5 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns ok) for request 5 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. TTLS: Got tunneled reply RADIUS code 3 TTLS: Got tunneled Access-Reject rlm_eap: Handler failed in EAP/ttls rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 0 with timestamp 43026bef Nothing to do. Sleeping until we see a request.
"Koos Beens" <koos@vera-groningen.nl> wrote:
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' ... modcall: leaving group authorize (returns ok) for request 5 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action.
You deleted the "mschap" entry from the "authenticate" section. Don't do that. Alan DeKok.
"Koos Beens" <koos@vera-groningen.nl> wrote:
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' ... modcall: leaving group authorize (returns ok) for request 5 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action.
You deleted the "mschap" entry from the "authenticate" section.
Don't do that.
Alan DeKok.
It is now working fine if I set mschap on the supplicant. If I set mschap-v2 however it waits forever while authenticating while radius is keeping repeating the last few messages. What can I do to solve it? Here's the output: Sending Access-Accept of id 0 to 192.168.0.4 port 1026 MS-MPPE-Recv-Key = 0xfe00eb1b1e74d1f1f7ca6bc49108 MS-MPPE-Send-Key = 0x29eb1ee202d656d7c014d936017c MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Recv-Key = 0x60fe9859f1b3f94569a45616b65ab8d6f7f23ad0efb5aafd8e8746070bc7bc MS-MPPE-Send-Key = 0x6328e25652da39b0ff5eb16f2e6d314843201e1206c12b73539e5e733fbb08 EAP-Message = 0x03050004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "TestUser" Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 5 ID 0 with timestamp 43038d5b Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=129 User-Name = "TestUser" NAS-IP-Address = 192.168.0.4 Called-Station-Id = "001217d45891" Calling-Station-Id = "000d93edf8f6" NAS-Identifier = "001217d45891" NAS-Port = 35 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201000d0154657374557572 Message-Authenticator = 0x0d19505516fa507c6b8f913938de43 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 1 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbd4781d526084e898aba9280a52ab572 Finished request 6 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=140 User-Name = "TestUser" NAS-IP-Address = 192.168.0.4 Called-Station-Id = "001217d45891" Calling-Station-Id = "000d93edf8f6" NAS-Identifier = "001217d45891" NAS-Port = 35 Framed-MTU = 1400 State = 0xbd4781d526084e898aba9280a52ab572 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200060315 Message-Authenticator = 0x8d40293482bea86e457103007aa6609e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/ttls rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challene of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x01300061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2cd35d70b11751775357b0de8ce89a Finished request 7 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=268 User-Name = "TestUser" NAS-IP-Address = 192.168.0.4 Called-Station-Id = "007d45891" Calling-Station-Id = "0003edf8f6" NAS-Identifier = "0012d45891" NAS-Port = 35 Framed-MTU = 1400 State = 0x2cd37013b11751775357b0de8ce89a NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203008615800000007c160301007701000073030143038d78cba4d41f41d6beccd967b9bccb98b0f657ddb82a9918735529a02b203c4b9b037b5db06da2407a6f5a4284e62fd5c59d69631df387a9f74ce87796002c00050004000aff830009ff82000300080006ff8000010016001500140013001200110018001b001a001700190100 Message-Authenticator = 0x001ca8ac3f9a4e2b992151ad3749a1c9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 3 length 134 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0077], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0706], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x0104040a15c000000763160301004a02000046030143038d774f89f8702941bc28ad5fab196df1da88dc10e3ae10485a46e4c5df8e20bd630b7e75af93485db9bb31b92bf615d8c690b4bb03ed5a5b4a3bcfbf79982c00050016030107060b0007020006ff0002fd308202f930820262a003020102020900c0cd65a00c598f300d06092a864886f70d01010405003081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e31443042060355040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c EAP-Message = 0x20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c301e170d3035303830333138323933325a170d3036303830333138323933325a3081b3310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e314430420605040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310f300d0603550403130677632d3233383125302306092a864886 EAP-Message = 0xf70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c30819f300d06092a864886f70d010101050003818d003081890281810096a0f8a0df1bbc4bbe569236e51cb3b31b1470736b82ea9a6f15784eaf4ec8b07ae508c07719c2676a8fd7c7a78de69115b47dda69d3f9d52b8653f9b86fd569a75f0b3fdf8980a90da4cb06500e205dea10da1942b1e68453d4bdad99f0f5c9b3c5c1f2191a884c94a872b42fd723cb445d3d187b395992fea2d3b649d350203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000a4f3d2dc962563c00bf60e9f760b672daf2 EAP-Message = 0x85559f62c03c4f00a32ac06e605f5c640ca67f7acbbec964ecbef0edd335fdbec000dd143a021834ef83b9b00ffeef47696ad4eabe4adfaed2bf8fa2ae19be256c5c5be23d044c1d0c53a29f965686a224a9a2ccf9bfc5cf757e4cf24e69cf5bbb0b8535d9e0ed21dab2c28d12f70003fc308203f830820361a003020102020900c0cd6500c2a598e300d06092a864886f70d01010405003081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e314442060355040a133b566572612047726f6e696e67656e202d20436c756220666f722074686520696e7465 EAP-Message = 0x726e61696f6e616c20506f7020756e64657267726f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x19c612cc675ed1faba24af4d9b51f8 Finished request 8 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=140 User-Name = "TestUser" NAS-IP-Address = 192.168.100.4 Called-Station-Id = "00121d45891" Calling-Station-Id = "000d9edf8f6" NAS-Identifier = "001217d4591" NAS-Port = 35 Framed-MTU = 1400 State = 0x19c612cc675ed1fae2ba24af4d9b5f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061500 Message-Authenticator = 0x710acdf8f2e6d3338f9f2de5836af0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x0105036d158000000763756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c301e170d303530383033318313430315a170d3035303930323138313430315a3081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e3443042060355040a133b566572612047726f6e696e67656e202d20436c756220666f72207468620696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d0109011616 EAP-Message = 0x6b6f6f7340766572612d67726f6e696e67656e2e6e6c30819f300d06092a864886f70d0101010500818d0030818902818100c06bb7a492f9bd8270a9756026bc6c8b84f2aa9622e476c1304ae458133cab3fcdc25bd417751550f0509a0521a5ec23f90a4453f399b51418090704180b05846f0a2b2cc305ff1f8f4627094382d8c581c78510c91cf154a6376fdd13d9072966bb2d62bd281539babb2f27bb41f1f5e41ef8bd74f0fd9972164e5af2b450203010001a382011830820114301d0603551d0e0416041483ee2641b14809e14ecf14e8df86e588dbe956283081e40603551d230481dc3081d9801483ee2641b14809e14ecf14e8df86 EAP-Message = 0xe588dbe95628a181b5a481b23081af310b3009060355040613024e4c311230100603550408130947726f6e696e67656e311230100603550407130947726f6e696e67656e31443042060355040a133b562612047726f6e696e67656e202d20436c756220666f722074686520696e7465726e6174696f6e616c20506f7020756e64657267726f756e64310b30090603550403130253453125302306092a864886f70d01090116166b6f6f7340766572612d67726f6e696e67656e2e6e6c820900c0cd65a00c598e300c0603551d13040530030101ff300d06092a864886f70d010104050003818100768fe8b56f4b2db1a231034bff4e2fababad51 EAP-Message = 0xd7e0bb7c7cd294dfeb5bd2c80896124350be56c18c1d370333aba0a2df2dae9354f1f07695be21138fbbd907b1a8a12ea8738a58d5df80f59349ff12c64eb22855e914faf48d1e09b30ead1eb60f33b31b520b6c4e3feb0cadf2fd69c83d0c7832125335963736cf2a961bbb16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc63024dae978abe26ad08471f1575567 Finished request 9 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=330 User-Name = "TestUser" NAS-IP-Address = 192.168.0.4 Called-Station-Id = "0012175891" Calling-Station-Id = "0003edf8f6" NAS-Identifier = "0012d45891" NAS-Port = 35 Framed-MTU = 1400 State = 0xc63024da78abe26ad08471f1575567 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500c41580000ba16030100861000008200802189076c137e46b7afe24adde8afc91153edd5ee01b07906a756b0d006c76f7e78f25e0841b07822ebb278ce25d85f2746b14c400e5a70c777953ffb1552e906848f38595c449dfe328c4ebe0e28f2d5189a54354db48da6ff5402e97c1e7c2ca8e5b9a355b8c6ddafddc17b00748b876575678122ce6443363f5eae5a3cb14030100010116030100240cec26f1a320287a78dbaef380e96ecff129ec81b63cbd0a881d6f6d24ec0c19643713ed Message-Authenticator = 0x87c1ac4912f50886b42dd93841fe1fd3 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: EAP packet type response id 5 length 196 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 0 to 192.168.0.4 port 1026 EAP-Message = 0x010600391580000002f140301000101160301002452b652ba709c7190e13871ac45647b05cc66804ad143e6cf07d34e9cdb7ab1e98b229d3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe064087eb0bc5d11666273925e1a01c9 Finished request 10 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.0.4 port 1026, id=0, length=277 User-Name = "TestUser" NAS-IP-Address = 192.168.0.4 Called-Station-Id = "0017d45891" Calling-Station-Id = "0003edf8f6" NAS-Identifier = "0017d45891" NAS-Port = 35 Framed-MTU = 1400 State = 0xe06408b0bc5d666273925e1a01c9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206008f158000000085170301008066b70b12659cce7d136c04500a2063ee5e20a3f8055564e453415eff7208b80cba62fed70b22636f8e211ec41bba271aab8010ad89aecc510634659d10826f7c6c6d162547e9b739c9ef8f2738d0d74a160cc5a63c73a44e3d1bee2384322303b9de92f98d6b9e0e601408ba01d88c4e2352ab7bffd4d67d4545c520320c0c Message-Authenticator = 0xef4b6103b1653738a0cba32b34fbbd3b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 modcall[authorize]: module "mschap" returns noop for request 11 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: EAP packet type response id 6 length 143 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. TTLS: Got tunneled request User-Name = "TestUser" MS-CHAP-Challenge = 0xc0eb97214c04f72f045cf383a6b87aec MS-CHAP2-Response = 0x6600793724d64b5f6bd466c5a43112f62300000000000000009347d3b8744557799d0d4d323a0b931f103e78918172d080 FreeRADIUS-Proxied-To = 127.0.0.1 TTLS: Sending tunneled request User-Name = "TestUser" MS-CHAP-Challenge = 0xcb9721c04f72f045cf383a6b87aec MS-CHAP2-Response = 0x6600793724d64b5f6bd466c4c53112f62300000000000000009347d3b8744557799d0d4d323a0b931f103e78918172d080 FreeRADIUS-Proxied-To = 127.0.0.1 NAS-IP-Address = 192.168.100.4 Called-Station-Id = "00121d45891" Calling-Station-Id = "000d9edf8f6" NAS-Identifier = "001217d4591" NAS-Port = 35 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP' modcall[authorize]: module "mschap" returns ok for request 11 rlm_realm: No '@' in User-Name = "TestUser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 11 users: Matched entry TestUser at line 206 modcall[authorize]: module "files" returns ok for request 11 modcall: leaving group authorize (returns ok) for request 11 rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 11 rlm_mschap: Told to do MS-CHAPv2 for TestUser with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 11 modcall: leaving group MS-CHAP (returns ok) for request 11 TTLS: Got tunneled reply RADIUS code 2 MS-CHAP2-Success = 0x66533d636336336534326435336563346166636239636333333438636230633664653566643765336364 MS-MPPE-Recv-Key = 0xdb42b2fda5c99138697af7c0416ffac MS-MPPE-Send-Key = 0x4febcc146921dc46949345c68e58d04 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 TTLS: Got tunneled Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 11 modcall: leaving group authenticate (returns ok) for request 11 Sending Access-Accept of id 0 to 192.168.0.4 port 1026 MS-MPPE-Recv-Key = 0xdb42b2fda5c99e8697af7c0416ffac MS-MPPE-Send-Key = 0x4febcc1469213dc449345c68e58d04 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Recv-Key = 0x1d865bdcd18b29fa3b24c5e040a94a6691015658fcef7d6c335967349ef3d5 MS-MPPE-Send-Key = 0x86b2b619fd8b39a5f7a7f6f7a87bcf304a694996dc02a42283d0e49c6468cdf EAP-Message = 0x03060004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "TestUser" Finished request 11 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 11 ID 0 with timestamp 43038d77 Nothing to do. Sleeping until we see a request.
participants (2)
-
Alan DeKok -
Koos Beens