Hi! I'd finally knew why the client (Xp-SP2) was sending the username "PEAP-MacAddress" to the radius. I have installed the "Cisco Aironet Client Utility" (and the aironet drivers), and this software changed the EAP methods on XP and sends the mentioned user instead of the real one when tries PEAP auth. Now, the real username comes to the radius, the authorize comes ok, but the authenticate returns "handled" and the client doesn't authenticates well. I was looking the debug output and now i don't see where i can dig for details. EAP/TLS works fine already. Maybe i'm misleading something? What i'm doing wrong? Again, thks a lot for your help, it's annoying answer to too many similar questions, i know, but i didn't find something to do now of this. AND, i was thinking on make an updated version of the guides so ppl with less exp (like me!) can read and don't disturb you. =)
Yeah yeah! I forgot the debug log: rad_recv: Access-Request packet from host 192.168.20.7:55049, id=131, length=136 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x024f000a016a6169726f Message-Authenticator = 0x2d2f9ce59d72aedecb32c31db5cbf1ed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 131 to 192.168.20.7:55049 EAP-Message = 0x015000061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73087f91b1e8f8d908364c1aeea4fc1f Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55048, id=132, length=224 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x73087f91b1e8f8d908364c1aeea4fc1f Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0250005019800000004616030100410100003d030142ceeedbb9bd19eb466e47c1cf1b58144e405ca28fb495535ea26f31c0d0762200001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xca8acd898fe7920feb3e4ef9dc5f726f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0662], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 132 to 192.168.20.7:55048 EAP-Message = 0x0151040a19c0000006bf160301004a02000046030142ceeeaaf4b602690da1f35abd58e43c3dd7c20e50a16c129c51c0fe8eb4a3d2207cde606f9c16fb1ce7356f8d93f1d4ad8bd9a128233f42261549bff71d5cab9100040016030106620b00065e00065b0002c4308202c030820229a003020102020900f12ab1347a5cd9e1300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e61206465 EAP-Message = 0x20496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333932335a170d3036303632323138333932335a30819d310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573310f300d060355040313066f6e65626f7830819f300d06092a864886f70d010101050003818d00308189028181 EAP-Message = 0x00d30db19c37a7284f5f673101f2773ac3924fc774d15b7f55bc563b955b73aff9ac4f61d88aadaab244f47e944cdba13890f54008bd9ef1c553229e671ac5f4ffe6bb9bea797ac67188e37b9db3fb60006b68a8b3d01f73e9600612ae2d6bd4f0ce313e761bbdd177d9344579bd17565cc7b12a944820f52ab29365d22e4a24d30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000795bf4630d57fde5f57eb8b0d4f0ceab17fd13b31437e09d666c1a5f7e3c6bc095b29442d889460764b7108194e06cc690a8b4e5ce1bc45744d57ffff07a9326ff1ac7e0d066e2cc86f83 EAP-Message = 0x8db90cbfa1ecd56e767573304003569d1693f6cf224e9a651d9d2e78a208ce2aed4ac4f0da6187ca561c946c98d24aa0161d9bf2080003913082038d308202f6a003020102020900f12ab1347a5cd9df300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333631 EAP-Message = 0x395a170d3037303632323138333631395a30818c310b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x14001116f181b54c942b09fd80aef71c Finished request 1 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 131 with timestamp 42ceeeaa Cleaning up request 1 ID 132 with timestamp 42ceeeaa Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.20.7:55048, id=134, length=136 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0250000a016a6169726f Message-Authenticator = 0xb431301d9011c62b576d14f5efb3a5b9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 2 modcall: group authorize returns ok for request 2 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 134 to 192.168.20.7:55048 EAP-Message = 0x015100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xddedfde893839de06b51e844b09e3ebb Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55050, id=135, length=224 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0xddedfde893839de06b51e844b09e3ebb Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0251005019800000004616030100410100003d030142ceeee64365b8c3abb6f2dae11480f9273de1acf18d4e59f721f3b2a3431db700001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xb346132bc4dfc481619c8cf2299e9d12 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns ok for request 3 modcall: group authorize returns ok for request 3 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0662], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 135 to 192.168.20.7:55050 EAP-Message = 0x0152040a19c0000006bf160301004a02000046030142ceeeb544f3df0b475a13bd05a5b7709a67e441654df4421b3624382dc0fac420c88321324cce1b8d5bf956a124e91c951fa1b526438b6876005211d8de6aa2e300040016030106620b00065e00065b0002c4308202c030820229a003020102020900f12ab1347a5cd9e1300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e61206465 EAP-Message = 0x20496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333932335a170d3036303632323138333932335a30819d310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573310f300d060355040313066f6e65626f7830819f300d06092a864886f70d010101050003818d00308189028181 EAP-Message = 0x00d30db19c37a7284f5f673101f2773ac3924fc774d15b7f55bc563b955b73aff9ac4f61d88aadaab244f47e944cdba13890f54008bd9ef1c553229e671ac5f4ffe6bb9bea797ac67188e37b9db3fb60006b68a8b3d01f73e9600612ae2d6bd4f0ce313e761bbdd177d9344579bd17565cc7b12a944820f52ab29365d22e4a24d30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181000795bf4630d57fde5f57eb8b0d4f0ceab17fd13b31437e09d666c1a5f7e3c6bc095b29442d889460764b7108194e06cc690a8b4e5ce1bc45744d57ffff07a9326ff1ac7e0d066e2cc86f83 EAP-Message = 0x8db90cbfa1ecd56e767573304003569d1693f6cf224e9a651d9d2e78a208ce2aed4ac4f0da6187ca561c946c98d24aa0161d9bf2080003913082038d308202f6a003020102020900f12ab1347a5cd9df300d06092a864886f70d010104050030818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e6573301e170d3035303632323138333631 EAP-Message = 0x395a170d3037303632323138333631395a30818c310b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xec0b973431f71a502800565992b6383f Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55049, id=136, length=150 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0xec0b973431f71a502800565992b6383f Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x025200061900 Message-Authenticator = 0xc73e6ff689061aefca58101db936ceec Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 4 modcall: group authorize returns ok for request 4 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 136 to 192.168.20.7:55049 EAP-Message = 0x015302c51900300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d617469636120792054656c65636f6d756e69636163696f6e657330819f300d06092a864886f70d010101050003818d0030818902818100a4d3a6bb7f0b08a448a8b84fe5236a0ef724951374d6320389f264f2c5007aee8cfc1cfd319e16e1cb910c5cfd07821ac809e1ac9baade2e618b7addf29844732d923ca1103395642bd3f9c230d4aace EAP-Message = 0xb77b9b2e3f96436860556ece59ee48b29a57b7824847e851a6829cc9dbefe96b24e9fb66d03e368cdcd4e40c7a7b66230203010001a381f43081f1301d0603551d0e0416041433bfd1100827d8643dcde9ca1ce76b25f46446913081c10603551d230481b93081b6801433bfd1100827d8643dcde9ca1ce76b25f4644691a18192a4818f30818c310b300906035504061302434f311830160603550408130f56616c6c652064656c204361756361310d300b0603550407130443616c69311e301c060355040a1315556e6976657273696461642064656c2056616c6c6531343032060355040b132b4f666963696e6120646520496e666f726d61746963 EAP-Message = 0x6120792054656c65636f6d756e69636163696f6e6573820900f12ab1347a5cd9df300c0603551d13040530030101ff300d06092a864886f70d0101040500038181003e06154dfd6945605d183a420498b80e43472ddc37ba210af99451122c28c0f9c0fe3a8c35e5fbf834e8c9359cab9c8a5178c6e93656d1aa4a90a40114d600bdc2698199b4adb031c83633ac990f05f42244a771769d888393d4c183f71cfdbaad74a467189ae89427f68d1e55ac68320bc63370dac576cfeaa005fc9855ef5e16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x452ba4fa3fffa459e48b222a2fb297af Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.20.7:55048, id=137, length=336 User-Name = "jairo" NAS-IP-Address = 192.168.20.7 Called-Station-Id = "00-0c-41-b1-37-07" Calling-Station-Id = "00-0b-7d-0f-f7-35" NAS-Identifier = "Linksys BEFW11S4-V4.X" State = 0x452ba4fa3fffa459e48b222a2fb297af Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x025300c01980000000b61603010086100000820080c0337c715dc7bb20f9f3ae1c93ce91eeda23be9896f04a24a1a7eaa6c51d638f8fc423ff24639244ed837813aa94a1a1a4c8a25cbcb2a90d23ef570c7f4a4b77dbeda413aec277fd687a5e2798f6ce785ee93f517ed0ecab1f0f8ec59e208bebfc34c424df943b2996d3beba71dfe26d2434a3204ad3254ff966a329baa096c514030100010116030100209700c2ca07ba2fdfc3915277a9605110f596184a58fd99d554c3a8d15db4155d Message-Authenticator = 0x83310e6f7130347158203374e0a4ddaf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 radius_xlat: 'jairo' rlm_sql (sql): sql_set_user escaped user --> 'jairo' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jairo' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jairo' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jairo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type Eap auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 137 to 192.168.20.7:55048 EAP-Message = 0x0154003119001403010001011603010020533c1f673a3aee80f1deaaed2ff144a756db39c16558b0aceda3820f62eaa87c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1aa36da01070891e38754bc1d457eb2b Finished request 5 Going to the next request Waking up in 6 seconds... On 7/8/05, Mario Alberto Cruz Gartner <mario.cruz@gmail.com> wrote:
Hi! I'd finally knew why the client (Xp-SP2) was sending the username "PEAP-MacAddress" to the radius. I have installed the "Cisco Aironet Client Utility" (and the aironet drivers), and this software changed the EAP methods on XP and sends the mentioned user instead of the real one when tries PEAP auth.
Now, the real username comes to the radius, the authorize comes ok, but the authenticate returns "handled" and the client doesn't authenticates well.
I was looking the debug output and now i don't see where i can dig for details. EAP/TLS works fine already.
Maybe i'm misleading something? What i'm doing wrong?
Again, thks a lot for your help, it's annoying answer to too many similar questions, i know, but i didn't find something to do now of this. AND, i was thinking on make an updated version of the guides so ppl with less exp (like me!) can read and don't disturb you. =)
participants (1)
-
Mario Alberto Cruz Gartner