Failed to authenticate the user.
Hi! I have problem with user authentication. I have Freeradius 2.1.5 with Daloradius and meru controller here is log from freeradius -X ------------------------- rad_recv: Access-Request packet from host 192.168.1.17 port 32768, id=151, length=281 User-Name = "test@test.pl" NAS-IP-Address = 192.168.1.17 NAS-Port = 4097 Called-Station-Id = "00-02-B6-35-D2-D2:eduroam_secure" Calling-Station-Id = "00-13-E8-82-90-FD" Framed-MTU = 1250 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 802.11b/g" EAP-Message = 0x02040060190017030100203f76662de7ba5ad6abd3ddd6e1c9d1e3ce30c9a7c8c3d75d2f72704e3f1dfb741703010030022f4ed8866f1068cb5e6ba40fda334eefba9d407ef8c915bf3b7c14b3019e11c9add4a556e43c6c993f1e18262484d6 State = 0x611ce3106318fa3ccfeca13fec4558b9 Message-Authenticator = 0x6d9a86305cb15774a87d56fa5e9288e6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "test.pl" for User-Name = "test@test.pl" [suffix] Found realm "test.pl" [suffix] Adding Realm = "test.pl" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok ++[files] returns noop [sql] expand: %{User-Name} -> test@test.pl [sql] sql_set_user escaped user --> 'test@test.pl' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'test@test.pl' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'test@test.pl' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'test@test.pl' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++? if ("%{control:Proxy-To-Realm}" == 'mojman') expand: %{control:Proxy-To-Realm} -> ? Evaluating ("%{control:Proxy-To-Realm}" == 'mojman') -> FALSE ++? if ("%{control:Proxy-To-Realm}" == 'mojman') -> FALSE Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [peap] FAIL: Forcibly stopping session resumption as it is not allowed. [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Delaying reject of request 32 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 32 Sending Access-Reject of id 151 to 192.168.1.17 port 32768 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. --------------------------------- Please help
Paweł Pogorzelski wrote: ...
[peap] Success [peap] FAIL: Forcibly stopping session resumption as it is not allowed. [eap] Freeing handler
Arg. FreeRADIUS tells OpenSSL to *not* allow session resumption, and it still negotiates session resumption. Which OS are you using? Which version of OpenSSL? Alan DeKok.
participants (2)
-
Alan DeKok -
Paweł Pogorzelski