FreeRadius 2.1.6 + EAP-PEAP issue
Hello, I am configuring FreeRadius 2.1.6 to athenticate MS Vista user using EAP-PEAP protocol. The file users looks as follows: csd-notebook\user_name Cleartext-Password := "user_password" Where csd-notebook is notebook name. This setting is working. But I would like to make 2 improvements to current configuration. 1. to have an ability to specify only user name in users file in order to not depend on user computer name. I was trying to do this by changing some FR 2.1.6 configuration parameters but failed. 2. To add athentication by computer MAC address I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id == "00-16-EA-8A-DE-38" but got such error message: ..... [eap] EAP packet type response id 17 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject What parameters should I change to make these 2 configurations to work ? Current FR 2.1.6 configuration is as follows. eap.conf: ---------- peap { default_eap_type = mschapv2 copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = no virtual_server = "inner-tunnel" } modules/mschap: -------------- mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes } modules/preprocess: ------------------- preprocess { with_ascend_hack = no with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } modules/realm: -------------- realm ntdomain { format = prefix delimiter = "\\" } sites-available/default: ----------------------- authorize { preprocess mschap suffix } authenticate { Auth-Type MS-CHAP { mschap } ... } sites-available/inner-tunnel: ---------------------------- authorize { mschap suffix update control { Proxy-To-Realm := LOCAL } ... } Thank you.
Hi,
csd-notebook\user_name Cleartext-Password := "user_password"
Where csd-notebook is notebook name. This setting is working.
But I would like to make 2 improvements to current configuration.
1. to have an ability to specify only user name in users file in order to not depend on user computer name.
I was trying to do this by changing some FR 2.1.6 configuration parameters but failed.
you need to ensure that the preprocess module is called and that is configured with the nt_domain_hack = yes
2. To add athentication by computer MAC address
I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file
csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id == "00-16-EA-8A-DE-38"
[mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject
this log is very much chewed alan
Hi, I've configured modules/preprocess with with_ntdomain_hack = yes and tried again to authenticate Vista user but got as follows: -------------------------------------------------------- rad_recv: Access-Request packet from host 192.168.14.240 port 3882, id=0, length=235 Message-Authenticator = 0x1d3ad896dc4a74ba303ea91c436eb1de Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry DEFAULT at line 178 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Identity does not match User-Name, setting from EAP Identity. [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> oreshkin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 0 to 192.168.14.240 port 3882 Waking up in 4.9 seconds. Cleaning up request 0 ID 0 with timestamp +7 Ready to process requests. rad_recv: Access-Request packet from host 192.168.14.240 port 3883, id=0, length=235 Message-Authenticator = 0xa3e7a7ca6dba61b4439c131be684f918 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry DEFAULT at line 178 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Identity does not match User-Name, setting from EAP Identity. [eap] Failed in handler ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> oreshkin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 1 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 1 Sending Access-Reject of id 0 to 192.168.14.240 port 3883 Waking up in 4.9 seconds. ---------------------------------------------------------- Users file contains the line: oreshkin Cleartext-Password := "some_password" What is the cause ? On Wed, 8 Jul 2009 A.L.M.Buxey@lboro.ac.uk wrote:
Date: Wed, 8 Jul 2009 16:22:56 +0100 From: A.L.M.Buxey@lboro.ac.uk Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
Hi,
csd-notebook\user_name Cleartext-Password := "user_password"
Where csd-notebook is notebook name. This setting is working.
But I would like to make 2 improvements to current configuration.
1. to have an ability to specify only user name in users file in order to not depend on user computer name.
I was trying to do this by changing some FR 2.1.6 configuration parameters but failed.
you need to ensure that the preprocess module is called and that is configured with the nt_domain_hack = yes
2. To add athentication by computer MAC address
I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file
csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id == "00-16-EA-8A-DE-38"
[mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject
this log is very much chewed
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
I've configured modules/preprocess with
with_ntdomain_hack = yes
and tried again to authenticate Vista user but got as follows:
...
[eap] Identity does not match User-Name, setting from EAP Identity.
That entry alters User-Name and shouldn't be used with EAP. It works fine with plain mschap but not here. Enable ntdomain in inner-tunnel virtual server (just under suffix) and create a local domain in proxy.conf: realm csd-notebook { } Ivan Kalik Kalik Informatika ISP
Hi,
That entry alters User-Name and shouldn't be used with EAP. It works fine with plain mschap but not here.
Enable ntdomain in inner-tunnel virtual server (just under suffix) and create a local domain in proxy.conf:
realm csd-notebook { }
i think his issue was that REALM could be anything random from the laptop - ie its the machine name not a proper set DOMAIN gregs-machine\blurky my-laptop\pinky test-xp-3\adminstaff3 etc. i think, in this case you need to use either attr rewrite or unlang to take that value and NULL it into Stripped-User-Name and then use Stripped-User-Name for the authentication step (ntlm_auth) instead though, from last looking at it, using MSCHAP:User-Name and required AD domain in ntlm_auth worked pretty fine with no fancy rewrites or unlang. alan
Hi, We don't use NTLM authorisation so, as I understand, ntlm_auth method is not suited for us. Could you briefly outline how to rewrite User-Name ... and what files should I modify ? Thanks. On Thu, 9 Jul 2009 A.L.M.Buxey@lboro.ac.uk wrote:
Date: Thu, 9 Jul 2009 11:50:07 +0100 From: A.L.M.Buxey@lboro.ac.uk Reply-To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> To: tnt@kalik.net, FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
Hi,
That entry alters User-Name and shouldn't be used with EAP. It works fine with plain mschap but not here.
Enable ntdomain in inner-tunnel virtual server (just under suffix) and create a local domain in proxy.conf:
realm csd-notebook { }
i think his issue was that REALM could be anything random from the laptop - ie its the machine name not a proper set DOMAIN
gregs-machine\blurky my-laptop\pinky test-xp-3\adminstaff3
etc.
i think, in this case you need to use either attr rewrite or unlang to take that value and NULL it into Stripped-User-Name and then use Stripped-User-Name for the authentication step (ntlm_auth) instead
though, from last looking at it, using MSCHAP:User-Name and required AD domain in ntlm_auth worked pretty fine with no fancy rewrites or unlang.
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've added ntdomain to sites-available/inner-tunnel after suffix in authorize section suffix ntdomain and added domain in proxy.conf realm csd-notebook { type = radius authhost = LOCAL accthost = LOCAL } All the same Vista client could not connect to WiFi network though radius server sent Access-Accept. See output of /usr/local/sbin/radiusd -fX below. But csd-notebook is not domain name, it is a computer name which can be random name. Also we do not use NTLM authorisation. What way to choose ? ---------------------------------------------------------------------- rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=20, length=235 Message-Authenticator = 0x6754868faae917f8ecf1de1b88ffbbff Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0214001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 20 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry DEFAULT at line 178 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 20 to 192.168.14.240 port 4177 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x011500061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa520ee591f8365bba7dae1345 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=21, length=359 Message-Authenticator = 0xd3c72a8422cc238deb3701cd984c13d6 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa520ee591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0215008419800000007a16030100750100007103014a5753e9b349d723fa3d51a41542ee5a204229fd96748679796b15a731767cdd000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 21 length 132 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 122 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0075], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 084e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 21 to 192.168.14.240 port 4177 EAP-Message = 0x0116040019c00000088b160301002a0200002603014a5753907bd1c0875fd008715f2c67278f2199d62aea212127d5799677f7611800002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51 EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29 EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204 EAP-Message = 0x973082037fa0030201020201 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa530de591f8365bba7dae1345 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=22, length=233 Message-Authenticator = 0x4c73bb06cf9b4a279cb5f25364c25214 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa530de591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021600061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 22 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 22 to 192.168.14.240 port 4177 EAP-Message = 0x011703fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577 EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1 EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975 EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa EAP-Message = 0xde231ca42761b9ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa500ce591f8365bba7dae1345 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=23, length=233 Message-Authenticator = 0x0aee9f5b511c9ae23c11446eac0b4e78 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa500ce591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021700061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 23 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 23 to 192.168.14.240 port 4177 EAP-Message = 0x011800a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5103e591f8365bba7dae1345 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=24, length=565 Message-Authenticator = 0xe9c4f9e868333481bc3f992f2aa1a741 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5103e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021801501980000001461603010106100001020100769931e3139b93cc6c593060914bd072373bf39b834fc024fb0301eefb15b34f82ae8cf3f40c278ea48339b759562a70691bdae9d2787df103615f2aee215cb348ed881852c4ad851294b3d059196973ac2a88668fcdf0d8a8ea6990c1275a1a97c6401424fd45d143464a1d6bcbfd87adabbed5cdabf6f0f53784888117ec0b1b3ce8f820a58486284749ec6e0520fa08015f4f074688c4771582566051b2afe546df7d788aad9c25d2d2e1f6fedb700855ad1d3165284f8d8ae3dc3391230ca11134654abfbd4e27eed42eb42a15d65d2098c2b8f58d3183a0fc1d9766aa383093787acc0fb6af EAP-Message = 0x467d42b176b10ba4938cff43e0d0da7d98c84de4befb83c11403010001011603010030eabb7f82b63254797b0a1058de5b2d4683403cd5c5c3340b930caa85db25f479d8ea1deb4d5ba5f201b8b9a84f4d97b4 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 24 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 24 to 192.168.14.240 port 4177 EAP-Message = 0x0119004119001403010001011603010030f7a902a3cc95bd20025641fbee76e796b867fe811ed81d7ee337cddd4e18653d17378c0a926cce7da53c2afad9fc45a4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5602e591f8365bba7dae1345 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=25, length=233 Message-Authenticator = 0x6cbaa61eb18daa20c579bee2679f4174 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5602e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021900061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 25 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 25 to 192.168.14.240 port 4177 EAP-Message = 0x011a002b190017030100207cf398479d0eae664ea314f623103e57f103334f1e634464e707d81835ffd07f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5701e591f8365bba7dae1345 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=26, length=286 Message-Authenticator = 0x0574dd2cb5f885828ab6b8015307a036 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5701e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021a003b19001703010030b9c978edc0ec85f275c5f03d0842f19284727199eef9a38ad70976a9aed64260087d178e30252c000cd38f572293b58c NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 26 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - csd-notebook\oreshkin [peap] Got tunneled request EAP-Message = 0x021a001a016373642d6e6f7465626f6f6b5c6f726573686b696e server { PEAP: Got tunneled identity of csd-notebook\oreshkin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x021a001a016373642d6e6f7465626f6f6b5c6f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[control] returns ok [eap] EAP packet type response id 26 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x011b002f1a011b002a10c8f5c4e66039ee0c0248b00e7a4eb5456373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8cc4b76f8cdfad527821b84c1697460f [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x011b002f1a011b002a10c8f5c4e66039ee0c0248b00e7a4eb5456373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8cc4b76f8cdfad527821b84c1697460f [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 26 to 192.168.14.240 port 4177 EAP-Message = 0x011b004b19001703010040a35bf50ba3bd99ea37448038a8d40802007487a075177b0419b54533f76c23a67a7f0a32592f07733e74dbaa940fcf35f71de88e734ea8cad58818ef2509ebe9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5400e591f8365bba7dae1345 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=27, length=334 Message-Authenticator = 0x6377408684ab7b0dafbfd5a5d5aa9dff Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5400e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021b006b19001703010060bfbb8b002571807f3de09f5d37b7ea172b19ad7e8e6595473c7c3ecefc0f824eaa77be7eda4097a947ecbc9455c005b27d8ca23437273901a23d701f9aaaeb5a1f0a53765f353340a0a2bf5d08afa72fc1f262e00427b89039fcd28945e9d6d8 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 27 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021b00431a021b003e31819c7b1f2f8d867cafd6f0976e6cd29c0000000000000000538c3df64ded3d79745d4b6e21702de83ca497d34302d34b006f726573686b696e server { PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x021b00431a021b003e31819c7b1f2f8d867cafd6f0976e6cd29c0000000000000000538c3df64ded3d79745d4b6e21702de83ca497d34302d34b006f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" State = 0x8cc4b76f8cdfad527821b84c1697460f server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[control] returns ok [eap] EAP packet type response id 27 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x011c00331a031b002e533d39333632383542353544363242393846463634333641323246434133313633463230443633373333 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8cc4b76f8dd8ad527821b84c1697460f [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x011c00331a031b002e533d39333632383542353544363242393846463634333641323246434133313633463230443633373333 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8cc4b76f8dd8ad527821b84c1697460f [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 27 to 192.168.14.240 port 4177 EAP-Message = 0x011c005b19001703010050abccee58e5726f5b3913595f28b77e17951e779c9392439824aed552eac47b7c9f14b166653341e272ac25914c28a1d6dbb9c55d4f912de1bf4ae76fd9a85e24cf3e164168b24fb155f39ffbc968f3db Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5507e591f8365bba7dae1345 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=28, length=270 Message-Authenticator = 0x4c98e3edbda80d90f35e45d515a2a8af Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5507e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021c002b19001703010020020ffb1916a6287e3fc7338c22eeafab91d8e94329c9f4c762b96345c077f2a1 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 28 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x021c00061a03 server { PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x021c00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" State = 0x8cc4b76f8dd8ad527821b84c1697460f server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok ++[control] returns ok [eap] EAP packet type response id 28 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry oreshkin at line 229 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x031c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "oreshkin" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x031c0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "oreshkin" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 28 to 192.168.14.240 port 4177 EAP-Message = 0x011d002b19001703010020b6e09090e6565d2213c2146da4d560c520e75e59c28702e5e916bd639c277d0f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x521bfcaa5a06e591f8365bba7dae1345 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=29, length=270 Message-Authenticator = 0xcc38941510510c2776d853ce35ba7fd2 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0x521bfcaa5a06e591f8365bba7dae1345 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x021d002b190017030100207f0f1fe523589d2f59034ac7bab4797406f777f4d2cd797d272eadab787d8e77 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin" [ntdomain] Found realm "csd-notebook" [ntdomain] Adding Stripped-User-Name = "oreshkin" [ntdomain] Adding Realm = "csd-notebook" [ntdomain] Authentication realm is LOCAL. ++[ntdomain] returns ok [eap] EAP packet type response id 29 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 29 to 192.168.14.240 port 4177 MS-MPPE-Recv-Key = 0xc12171c0071fd6f4098e5f68b570202b25bbc5d89f31d63e13645dd645e87a6d MS-MPPE-Send-Key = 0x5b383c69c087a07603a627033e58f4bf17fcf505f534f1c85117f22acf0d1ec3 EAP-Message = 0x031d0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "oreshkin" Finished request 9. Going to the next request Waking up in 4.9 seconds. -------------------------------------------------------- Thanks On Thu, 9 Jul 2009, Ivan Kalik wrote:
Date: Thu, 9 Jul 2009 11:04:11 +0100 (BST) From: Ivan Kalik <tnt@kalik.net> To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
Hi,
I've configured modules/preprocess with
with_ntdomain_hack = yes
and tried again to authenticate Vista user but got as follows:
...
[eap] Identity does not match User-Name, setting from EAP Identity.
That entry alters User-Name and shouldn't be used with EAP. It works fine with plain mschap but not here.
Enable ntdomain in inner-tunnel virtual server (just under suffix) and create a local domain in proxy.conf:
realm csd-notebook { }
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Anatoly Oreshkin -
Ivan Kalik