Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Re hello: Now i am trying to authenticate via PEAP a user existing onmy sql database: the output is too long, mailing list parameters won't accept it. i post part of the output that seem to give the point of misconfiguration. if it is not sufficient, please let me know, and i will find a way to put somewher the whole output of RADIUD -X. thank you. ---------------------------------------- auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Told to do MS-CHAPv2 for maman with NT-Password expand: --username=%{mschap:User-Name} -> --username=maman mschap2: dc expand: --challenge=%{mschap:Challenge:-00} -> --challenge=42199e911fc846b6 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=f597ba61948e2ca2d0d108962a8d4d933e2eceba92acfe27 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [maman/<via Auth-Type = EAP>] (from client Ap8500 port 2 cli 00-12-F0-0C-97-61 via TLS tunnel) } # server (null) PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x81da268 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled Sending Access-Challenge of id 32 to 10.10.44.246 port 1030 EAP-Message = 0x010800261900170301001b87ea6c21d531f819e4f7aa4107a0597deda9fd0e2abda3a5196a2d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15d6165412de0f4c4e5f14457cfcd56a Finished request 237. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.10.44.246 port 1030, id=33, length=194 User-Name = "maman" NAS-IP-Address = 10.10.44.246 NAS-Port = 2 Called-Station-Id = "00-1C-F0-08-FB-FA:PEAP" Calling-Station-Id = "00-12-F0-0C-97-61" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020800261900170301001b7f8d9a1114a91aa324b023d74676e1d5613e1824df38b29b776f9a State = 0x15d6165412de0f4c4e5f14457cfcd56a Message-Authenticator = 0x05c147f8e161153a89766257956164c0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "maman", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [maman/<via Auth-Type = EAP>] (from client Ap8500 port 2 cli 00-12-F0-0C-97-61) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> maman attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 33 to 10.10.44.246 port 1030 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 238. Going to the next request Waking up in 4.8 seconds. Cleaning up request 230 ID 25 with timestamp +80150 Cleaning up request 231 ID 26 with timestamp +80150 Cleaning up request 232 ID 27 with timestamp +80150 Cleaning up request 233 ID 28 with timestamp +80150 Cleaning up request 234 ID 29 with timestamp +80150 Cleaning up request 235 ID 30 with timestamp +80150 Cleaning up request 236 ID 31 with timestamp +80150 Cleaning up request 237 ID 32 with timestamp +80150 Cleaning up request 238 ID 33 with timestamp +80150 Ready to process requests. -------------------------------------- _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
Reveal MAP wrote:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
the output is too long, mailing list parameters won't accept it. i post part of the output that seem to give the point of misconfiguration. if it is not sufficient, please let me know, and i will find a way to put somewher the whole output of RADIUD -X. thank you. ... Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
What's the problem? You're using Samba to authenticate to Active Directory, and the password is wrong. Check that the passwords are correct. Alan DeKok.
participants (2)
-
Alan DeKok -
Reveal MAP