Re : Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
OK radtest maman maman localhost 1812 testing123 Sending Access-Request of id 48 to 127.0.0.1 port 1812 User-Name = "maman" User-Password = "maman" NAS-IP-Address = 127.0.0.2 NAS-Port = 1812 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=48, length=20 Log ------------------------------------------------------------------------------------ Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 32769, id=48, length=57 User-Name = "maman" User-Password = "maman" NAS-IP-Address = 127.0.0.2 NAS-Port = 1812 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "maman", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop expand: %{User-Name} -> maman rlm_sql (sql): sql_set_user escaped user --> 'maman' rlm_sql (sql): Reserving sql socket id: 3 expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'maman' ORDER BY id rlm_sql (sql): User found in radcheck table expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'maman' ORDER BY id expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'maman' ORDER BY priority expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Professeurs' ORDER BY id rlm_sql (sql): User found in group Professeurs expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Professeurs' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "maman" rlm_pap: Using clear text password "maman" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [maman/maman] (from client localhost port 1812) +- entering group post-auth rlm_sql (sql): Processing sql_postauth expand: %{User-Name} -> maman rlm_sql (sql): sql_set_user escaped user --> 'maman' expand: %{User-Password} -> maman expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'maman', 'maman', 'Access-Accept', '2008-07-19 18:38:59') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'maman', 'maman', 'Access-Accept', '2008-07-19 18:38:59') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 48 to 127.0.0.1 port 32769 Finished request 359. Going to the next request Waking up in 4.9 seconds. Cleaning up request 359 ID 48 with timestamp +81320 Ready to process requests. rad_recv: Accounting-Request packet from host 10.10.44.246 port 1035, id=53, length=153 Acct-Session-Id = "00000000-00000007" Acct-Status-Type = Stop Acct-Authentic = RADIUS User-Name = "testuser01" NAS-IP-Address = 10.10.44.246 NAS-Port = 1 Called-Station-Id = "00-1C-F0-08-FB-F9:TLS" Calling-Station-Id = "00-12-F0-0C-97-61" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" Acct-Session-Time = 85 +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 10.10.44.246,NAS-IP-Address = 10.10.44.246,Acct-Session-Id = "00000000-00000007",User-Name = "testuser01"' rlm_acct_unique: Acct-Unique-Session-ID = "73713cdd1b906342". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "testuser01", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/10.10.44.246/detail-20080719 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/10.10.44.246/detail-20080719 expand: %t -> Sat Jul 19 18:39:41 2008 ++[detail] returns ok ++[unix] returns ok expand: /var/log/radius/radutmp -> /var/log/radius/radutmp expand: %{User-Name} -> testuser01 ++[radutmp] returns ok expand: %{User-Name} -> testuser01 rlm_sql (sql): sql_set_user escaped user --> 'testuser01' expand: %{Acct-Input-Gigawords} -> expand: %{Acct-Input-Octets} -> expand: %{Acct-Output-Gigawords} -> expand: %{Acct-Output-Octets} -> expand: %{Acct-Delay-Time} -> expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2008-07-19 18:39:41', acctsessiontime = '85', acctinputoctets = '0' << 32 | '0', acctoutputoctets = '0' << 32 | '0', acctterminatecause = '', acctstopdelay = '0', connectinfo_stop = 'CONNECT 54Mbps 802.11g' WHERE acctsessionid = '00000000-00000007' AND username = 'testuser01' AND nasipaddress = '10.10.44.246' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok expand: %{User-Name} -> testuser01 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 53 to 10.10.44.246 port 1035 Finished request 360. Cleaning up request 360 ID 53 with timestamp +81362 Going to the next request Ready to process requests. ----- Message d'origine ---- De : Alan DeKok <aland@deployingradius.com> À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that? Reveal MAP wrote:
Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
the output is too long, mailing list parameters won't accept it. i post part of the output that seem to give the point of misconfiguration. if it is not sufficient, please let me know, and i will find a way to put somewher the whole output of RADIUD -X. thank you. ... Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
What's the problem? You're using Samba to authenticate to Active Directory, and the password is wrong. Check that the passwords are correct. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____________________________________________________________________________ Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
participants (1)
-
Reveal MAP