Freeradius problem, EAP-TTLS works fine, EAP-PEAP does not
Following on an earlier thread: http://lists.freeradius.org/pipermail/freeradius-users/2010-June/msg00116.ht... Of which I couldn't get any answer unfortunately.. I am experiencing a similar problem. I am running freeradius that comes installed and configured with MacOS 10.6 server. A Windows XP can connect just fine using Microsoft Protected EAP. iPhone, mac os client connect just fine using EAP-TTLS Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but not with the default build-in PEAP. I have modified module/mschap as followed, as per various instructions: # Microsoft CHAP authentication # # This module supports MS-CHAP and MS-CHAPv2 authentication. # It also enforces the SMB-Account-Ctrl attribute. # mschap { # # If you are using /etc/smbpasswd, see the 'passwd' # module for an example of how to use /etc/smbpasswd authtype = MS-CHAP # if use_mppe is not set to no mschap will # add MS-CHAP-MPPE-Keys for MS-CHAPv1 and # MS-MPPE-Recv-Key/MS-MPPE-Send-Key for MS-CHAPv2 # use_mppe = yes # if mppe is enabled require_encryption makes # encryption moderate # require_encryption = yes # require_strong always requires 128 bit key # encryption # require_strong = yes # Windows sends us a username in the form of # DOMAIN\user, but sends the challenge response # based on only the user portion. This hack # corrects for that incorrect behavior. # with_ntdomain_hack = yes # The module can perform authentication itself, OR # use a Windows Domain Controller. This configuration # the "best" user name for the request. # ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } In the log, when connecting using Windows XP I would see: Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: sqlite3_open() = 0 Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: Opening sqlite database /private/etc/raddb/sqlite_radius_client_database for #4 Thu Aug 26 02:04:20 2010 : Info: rlm_sql_sqlite: sqlite3_open() = 0 Thu Aug 26 02:04:20 2010 : Info: Ready to process requests. Thu Aug 26 02:07:43 2010 : Auth: rlm_opendirectory: User <jean-yves.avenard> is authorized. When connecting with Windows 7, I would read: Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the user's uuid. Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0 Any hint about what I should be looking at? Mind new, I'm a complete noob when it comes to radius, I only started playing with it 2 days ago. Thank you for your help troubleshooting this matter. Regards Jean-Yves
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS 10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP. iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but not with the default build-in PEAP.
The log you posted shows a clear issue:
When connecting with Windows 7, I would read:
Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the user's uuid. Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Any hint about what I should be looking at?
Run the server in debugging mode (radiusd -X). Look for the above errors, and *read* the lines of text around them. Then use the information from the debug output to look the user up in OpenDirectory. Odds are that the user doesn't exist, which is why it can't get the UUID.
Mind new, I'm a complete noob when it comes to radius, I only started playing with it 2 days ago.
This isn't much of a RADIUS error. The user lookup in OpenDirectory fails, and the UUID wasn't found. The only issue is *who* was being looked up, and *why* the UUID wasn't found. Alan DeKok.
Hi On Thursday, August 26, 2010, Alan DeKok <aland@deployingradius.com> wrote:
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS 10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP. iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but not with the default build-in PEAP.
The log you posted shows a clear issue:
When connecting with Windows 7, I would read:
Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the user's uuid. Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Any hint about what I should be looking at?
Run the server in debugging mode (radiusd -X). Look for the above errors, and *read* the lines of text around them.
Then use the information from the debug output to look the user up in OpenDirectory. Odds are that the user doesn't exist, which is why it can't get the UUID.
I was the one doing the testing. Username/password are identical in all tests.
Mind new, I'm a complete noob when it comes to radius, I only started playing with it 2 days ago.
This isn't much of a RADIUS error. The user lookup in OpenDirectory fails, and the UUID wasn't found. The only issue is *who* was being looked up, and *why* the UUID wasn't found.
Will run radius in debug mode and report back. I'm still puzzled why there would be a difference between 7 and XP in the way they are transmitting the user name
check the capitalization of username. I have seen instances where xp clients sends all lower, and win7 capitalised the first two characters. nolan -- Nolan King Moulton Niguel Water District 27500 La Paz Rd. Laguna Niguel, CA 92677 (949) 425-3542 24hr: (949) 831-2500
On 8/26/2010 at 11:44 AM, in message <AANLkTikVfX7SynjsO3-nan1EVjTSL6vVKJs=HCTfZEtE@mail.gmail.com>, Jean-Yves Avenard <jyavenard@gmail.com> wrote: Hi
On Thursday, August 26, 2010, Alan DeKok <aland@deployingradius.com> wrote:
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS 10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP. iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but not with the default build-in PEAP.
The log you posted shows a clear issue:
When connecting with Windows 7, I would read:
Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the user's uuid. Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Any hint about what I should be looking at?
Run the server in debugging mode (radiusd -X). Look for the above errors, and *read* the lines of text around them.
Then use the information from the debug output to look the user up in OpenDirectory. Odds are that the user doesn't exist, which is why it can't get the UUID.
I was the one doing the testing. Username/password are identical in all tests.
Mind new, I'm a complete noob when it comes to radius, I only started playing with it 2 days ago.
This isn't much of a RADIUS error. The user lookup in OpenDirectory fails, and the UUID wasn't found. The only issue is *who* was being looked up, and *why* the UUID wasn't found.
Will run radius in debug mode and report back. I'm still puzzled why there would be a difference between 7 and XP in the way they are transmitting the user name
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 27 August 2010 05:19, Nolan King <nking@mnwd.com> wrote:
check the capitalization of username. I have seen instances where xp clients sends all lower, and win7 capitalised the first two characters.
What do you do in this case then? Have a script run by freeradius putting all characters as lower case?
Hi On 26 August 2010 23:35, Alan DeKok <aland@deployingradius.com> wrote:
Jean-Yves Avenard wrote:
I am running freeradius that comes installed and configured with MacOS 10.6 server.
A Windows XP can connect just fine using Microsoft Protected EAP. iPhone, mac os client connect just fine using EAP-TTLS
Windows 7 will connect fine using Securew2 EAP-TTLS supplicant ; but not with the default build-in PEAP.
The log you posted shows a clear issue:
When connecting with Windows 7, I would read:
Thu Aug 26 02:21:52 2010 : Auth: rlm_opendirectory: Could not get the user's uuid. Thu Aug 26 02:21:53 2010 : Error: rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0
Any hint about what I should be looking at?
Run the server in debugging mode (radiusd -X). Look for the above errors, and *read* the lines of text around them.
Then use the information from the debug output to look the user up in OpenDirectory. Odds are that the user doesn't exist, which is why it can't get the UUID.
Mind new, I'm a complete noob when it comes to radius, I only started playing with it 2 days ago.
This isn't much of a RADIUS error. The user lookup in OpenDirectory fails, and the UUID wasn't found. The only issue is *who* was being looked up, and *why* the UUID wasn't found.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Allright... Here are some logs... rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=51, length=163 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x027e000f01686f73742f72616d6f6e Message-Authenticator = 0x4f4536256e97a2b596511e8560ef07ca +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 126 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop rlm_opendirectory: The host 192.168.0.20 does not have an access group. rlm_opendirectory: Could not get the user's uuid. ++[opendirectory] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [snip] By default it tries to connect with the computer name rather than the user name.. Going into the Advanced option, I can force the type of authentication use to "User Authentication"...
From there it worked ...
Jean-Yves Avenard wrote:
Here are some logs... ... rlm_opendirectory: The host 192.168.0.20 does not have an access group.
And... what does this message mean? It's an OpenDirectory error message, so find out what it means, and how to fix it.
rlm_opendirectory: Could not get the user's uuid.
Which looks like a direct consequence of the previous message.
By default it tries to connect with the computer name rather than the user name..
Because that's what's in the RADIUS packet. If you want it to use something *other* than what's in the packet, you will need to configure the server to use the correct field. So which field do you want to use? Alan DeKok.
Hi On 27 August 2010 20:46, Alan DeKok <aland@deployingradius.com> wrote:
Jean-Yves Avenard wrote:
Here are some logs... ... rlm_opendirectory: The host 192.168.0.20 does not have an access group.
And... what does this message mean? It's an OpenDirectory error message, so find out what it means, and how to fix it.
192.168.0.20 is the wireless access point
rlm_opendirectory: Could not get the user's uuid.
Which looks like a direct consequence of the previous message.
no, this is a consequence of it trying to lookup the machine name instead of the user name
By default it tries to connect with the computer name rather than the user name..
Because that's what's in the RADIUS packet. If you want it to use something *other* than what's in the packet, you will need to configure the server to use the correct field.
So which field do you want to use?
As mentioned before; the username. You seem to miss the point that the issue occurs *only* with Win 7 clients. All other clients are fine.
Jean-Yves Avenard wrote:
You seem to miss the point that the issue occurs *only* with Win 7 clients. All other clients are fine.
I don't really care which client it is. All that matters is: a) what data is in the packet b) what you configure the server to do with that data You have posted output from (a). That's nice. You *also* need (as I said already) to configure the server for (b). Unfortunately, the OpenDirectory module does not take any configuration. This means that you will need to edit the "User-Name" attribute *before* it is used by the opendirectory module. So... what *should* the User-Name look like? This is for you to decide. Alan DeKok.
Hi On 27 August 2010 23:06, Alan DeKok <aland@deployingradius.com> wrote:
Jean-Yves Avenard wrote:
You seem to miss the point that the issue occurs *only* with Win 7 clients. All other clients are fine.
I don't really care which client it is. All that matters is:
a) what data is in the packet
b) what you configure the server to do with that data
You have posted output from (a). That's nice. You *also* need (as I said already) to configure the server for (b).
Okay.. As requested. Here is the log from the Win 7 client, when it is configured in Advanced Settings -> 802.11X Settings -> Specify authentication mode: user authentication I've preceded each line with > so if like me you are using gmail, it's easier to skip through
rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=103, length=177 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d40016016a65616e2d797665732e6176656e617264 Message-Authenticator = 0xd617293cc36f9d2934e4364c48696da2 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 212 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop rlm_opendirectory: The host 192.168.0.20 does not have an access group. rlm_opendirectory: User <jean-yves.avenard> is authorized. ++[opendirectory] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 103 to 192.168.0.20 port 65513 EAP-Message = 0x01d500061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca49563ed3c34eaeaec5306add89 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=104, length=304 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d5008319800000007916030100740100007003014c7bbc6f1988ef8942fd2a91e0d171c08e57e6f23dbce06bfb570dc2a39ee7b2000018002f00350005000ac013c014c009c00a00320038001300040100002fff010001000000001600140000116a65616e2d797665732e6176656e617264000a0006000400170018000b00020100 State = 0x56ebca49563ed3c34eaeaec5306add89 Message-Authenticator = 0xdc87572842154eda0af298bfad361a81 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 213 length 131 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 121 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 068a], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 104 to 192.168.0.20 port 65513 EAP-Message = 0x01d6040019c0000006c7160301002a0200002603014c7bbc638660cb91c478e7233be221fa9048c65948c4c27d19bd88e7929394d500002f00160301068a0b00068600068300035930820355308202bea003020102020310adba300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3130303431333134353235365a170d3132303631333039353833315a3081df3129302706035504051320746c43354c615a425030302f657a714b566677455a63 EAP-Message = 0x63762d45315673313930310b300906035504061302415531153013060355040a140c2a2e6879647269782e636f6d31133011060355040b130a475438313233373633343131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311530130603550403140c2a2e6879647269782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dfe086b6803479d87cf9f96937d58d42cf97af5d9edeb9c490d0cabb200c6030fc1b EAP-Message = 0x0b0b158d736b5205d8d769004bf9afabe7ff51b3ce3b00be1584bfa56660d8082ad02b47d3c85f64920342d33833bf9258e6c28d35a4c2f8dbec5db493f05683e08e74daedcc64544f09619008df99cdc2324c6d5853f244feb3b0c3cca90203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604147612da889e2204ca3467cd2b5ea70e1fc3f674f1303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d2504 EAP-Message = 0x16301406082b0601050507030106082b06010505070302300d06092a864886f70d0101050500038181006908f00a8df2c62e7579a020b6502c4c719ccc84ee9a7b0c9f291e3ee5af018f20427ea856275fea68d22077d6db2c921f2ec0be3777b0bb59e454ed4eb2c69fd197b9e539aea8472e6b3a5b4ef731ccbebf8a4549e005d1268e298b2a8d331170db1f99bfc7edba01cf733d902174d55480437e4d47580e6edafaee58ea72b20003243082032030820289a003020102020435def4cf300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b13244571 EAP-Message = 0x756966617820536563757265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca49573dd3c34eaeaec5306add89 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=105, length=179 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d600061900 State = 0x56ebca49573dd3c34eaeaec5306add89 Message-Authenticator = 0xba5d2001604fd40f63be2a0066f39618 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 214 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 105 to 192.168.0.20 port 65513 EAP-Message = 0x01d702d7190020436572746966696361746520417574686f72697479301e170d3938303832323136343135315a170d3138303832323136343135315a304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c15db158670862eea09a2d1f086d911468980a1efeda046f13846221c3d17cce9f05e0b801f04e34ece28a950464acf16b535f05b3cb6780bf42028efedd0109ece100144ffcfbf00cdd43ba5b2be11f80709915 EAP-Message = 0x579316f10f976ab7c268231ccc4d5930ac511e3baf2bd6ee63457bc5d95f50d2e3500f3a88e7bf14fde0c7b90203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479310d300b0603550403130443524c31301a0603551d1004133011810f32303138303832323136343135315a300b0603551d0f040403020106301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d0e04 EAP-Message = 0x16041448e668f92bd2b295d747d82320104f3398909fd4300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d01010505000381810058ce29eafcf7deb5ce02b917b585d1b9e3e095cc25310d00a6926e7fb692639e5095d19a6fe411de63856e98eea8ff5ac8d355b2667157dec021eb3d2aa72349010486427bfcee7fa21652b56767d340db3b2658b228773dae147761d6fa2a6627a00dfaa7735cea70f1942165445ffafcef2968a9a28779ef79ef4fac07773816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca49543cd3c34eaeaec5306add89 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=106, length=381 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d700d01980000000c61603010086100000820080c6238de17d3505d52f67e05190dda102bac42ce3dda3f1160dc48fdf0f030dc3bd75a41e8ba6fd4345b6d97d6213f2e8e6395d0e762ac64543d790409d7b050d898adbc615a1efd4a7a4280e782d9d1b63d4ba3c56ad0c6350564d937cfcbc2896901cf4908f615daff21b72cf0b6d15dc6076af070c1a42f4f9c060c279df24140301000101160301003008a5f1ed66228073f1e8d76de392579a7b1dd1743f79c127b429f1022eb9ed92d457ca0541ec88dd5443b24612555521 State = 0x56ebca49543cd3c34eaeaec5306add89 Message-Authenticator = 0xa844fe6f8705aa634490d82244ca6717 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 215 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 106 to 192.168.0.20 port 65513 EAP-Message = 0x01d8004119001403010001011603010030871e1d85c5e7a6f2dc2b24b6f380deb7162c192558a035576389cb6516c5c1b554cf47031c40173be061ca8c37a86476 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca495533d3c34eaeaec5306add89 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=107, length=179 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d800061900 State = 0x56ebca495533d3c34eaeaec5306add89 Message-Authenticator = 0x58d3f7836001e4de5c66b0f0690293fc +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 216 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 107 to 192.168.0.20 port 65513 EAP-Message = 0x01d9002b190017030100201558a359dbf74ae6fc65f62583f774446eb7b95973a80ed47ccc32b5510dc40c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca495232d3c34eaeaec5306add89 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=108, length=232 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02d9003b190017030100308c7db30e12a98adde5eea9d84f120dddd6423d6524e2292cc307630e7548484a7bf50c77624ed1615fb9d458a6b4b93e State = 0x56ebca495232d3c34eaeaec5306add89 Message-Authenticator = 0x43696038a9644d24ae76625f007a23d8 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 217 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - jean-yves.avenard [peap] Got tunneled request EAP-Message = 0x02d90016016a65616e2d797665732e6176656e617264 server { PEAP: Got tunneled identity of jean-yves.avenard PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to jean-yves.avenard Sending tunneled request EAP-Message = 0x02d90016016a65616e2d797665732e6176656e617264 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "jean-yves.avenard" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 217 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01da002b1a01da00261043ab8b6696518e3d977d7e43cfbbe4556a65616e2d797665732e6176656e617264 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4fa813f74f7209c552ff372f4aeadb16 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01da002b1a01da00261043ab8b6696518e3d977d7e43cfbbe4556a65616e2d797665732e6176656e617264 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4fa813f74f7209c552ff372f4aeadb16 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 108 to 192.168.0.20 port 65513 EAP-Message = 0x01da004b19001703010040fe03996117bf5d58930069397a6f4274e1fe6de21db623b4da95c09b068614931d91f318dab53ffe9da4f6f7f2b51e946241a04ea19b98858ae5f8719ede8c41 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca495331d3c34eaeaec5306add89 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=109, length=280 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02da006b190017030100606a6800fadb31147345321c0441ded410513b8acbff36d2111ec021f0ce54e3ce36806865010d19b9b86a8309b0feccfa44db665feb586e4ca932fb0dd79cd61fc8600f6ac45ddd775ea4de0d3815f737d4469bfb1de8108d97db27c1609e1c30 State = 0x56ebca495331d3c34eaeaec5306add89 Message-Authenticator = 0xf90ce475234bb39e5904bf9f3fcbee00 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 218 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02da004c1a02da004731371b44b1d34d564423fd33a0a766298f0000000000000000dc783dfb319f1434f2ef4ddb10101167ad0f145d457b9283006a65616e2d797665732e6176656e617264 server { PEAP: Setting User-Name to jean-yves.avenard Sending tunneled request EAP-Message = 0x02da004c1a02da004731371b44b1d34d564423fd33a0a766298f0000000000000000dc783dfb319f1434f2ef4ddb10101167ad0f145d457b9283006a65616e2d797665732e6176656e617264 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "jean-yves.avenard" State = 0x4fa813f74f7209c552ff372f4aeadb16 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 218 length 76 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] No NT-Password configured. Trying OpenDirectory Authentication. [mschap] OD username_string = jean-yves.avenard, OD shortUserName=jean-yves.avenard (length = 17) [mschap] dsDoDirNodeAuth returns stepbuff: S=E8966B7B7AFD6594A863C42AA12032861CE2F8345616e2298f0000?I0??"????????? (len=40) ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x01db00331a03da002e533d45383936364237423741464436353934413836334334324141313230333238363143453246383334 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4fa813f74e7309c552ff372f4aeadb16 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x01db00331a03da002e533d45383936364237423741464436353934413836334334324141313230333238363143453246383334 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4fa813f74e7309c552ff372f4aeadb16 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 109 to 192.168.0.20 port 65513 EAP-Message = 0x01db005b19001703010050af77e16588bd1a0669684b744b7386bbccdca1d8a0c554b94ce6fa65b3e404b652546af93c89b1779e6ed50ca043c0fc675638201f09f07336e1f5890ccc375ca6b0a82585461517f3efa7d0607be02c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca495030d3c34eaeaec5306add89 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=110, length=216 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02db002b19001703010020a698915f58535a61ac9e89cd7d8b67c249930e37a6dc9f3ac6a24cc17a496c05 State = 0x56ebca495030d3c34eaeaec5306add89 Message-Authenticator = 0x1d75c784913c112a990a8338c6569695 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 219 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x02db00061a03 server { PEAP: Setting User-Name to jean-yves.avenard Sending tunneled request EAP-Message = 0x02db00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "jean-yves.avenard" State = 0x4fa813f74e7309c552ff372f4aeadb16 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 219 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x03db0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "jean-yves.avenard" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x03db0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "jean-yves.avenard" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 110 to 192.168.0.20 port 65513 EAP-Message = 0x01dc002b190017030100203e47a88e8ae2f4b63f9dd0d78a10db0b899d41f2966124be7a8e31aca594282a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x56ebca495137d3c34eaeaec5306add89 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=111, length=216 User-Name = "jean-yves.avenard" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x02dc002b19001703010020bbb1b1cb33d1827663c63b0f1e128d63d8b06d4658eb690c80d4916c8dc1646a State = 0x56ebca495137d3c34eaeaec5306add89 Message-Authenticator = 0x57111afa6e1374748e54800df1147e8a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "jean-yves.avenard", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 220 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 111 to 192.168.0.20 port 65513 MS-MPPE-Recv-Key = 0x6b7c57469ccfdccfa399fc3d20b47021bb81c6f71d05ed2d2f085306f06ce8a1 MS-MPPE-Send-Key = 0xe1d0265f9a991b9030206da68cf419b6fd84d3fb9e4e2d9345402fe9eba57440 EAP-Message = 0x03dc0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "jean-yves.avenard" Finished request 8. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 103 with timestamp +28 Cleaning up request 1 ID 104 with timestamp +28 Cleaning up request 2 ID 105 with timestamp +28 Cleaning up request 3 ID 106 with timestamp +28 Cleaning up request 4 ID 107 with timestamp +28 Cleaning up request 5 ID 108 with timestamp +28 Cleaning up request 6 ID 109 with timestamp +28 Cleaning up request 7 ID 110 with timestamp +28 Cleaning up request 8 ID 111 with timestamp +28 Ready to process requests.
This is from a Win 7 client, using default configuration settings that is just username / password and that Authentication is PEAP:MSCHAPv2
rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=112, length=163 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0272000f01686f73742f72616d6f6e Message-Authenticator = 0xafc736013ac7d55d3093782b7d03d604 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 114 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop rlm_opendirectory: The host 192.168.0.20 does not have an access group. rlm_opendirectory: Could not get the user's uuid. ++[opendirectory] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 112 to 192.168.0.20 port 65513 EAP-Message = 0x017300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2901333729722a271ee22a85a9879908 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=113, length=285 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0273007719800000006d16030100680100006403014c7bbde9787032bb1126f5fce5f22fd277f962afa64bce2d5bf8407c4319fc04000018002f00350005000ac013c014c009c00a003200380013000401000023ff010001000000000a000800000572616d6f6e000a0006000400170018000b00020100 State = 0x2901333729722a271ee22a85a9879908 Message-Authenticator = 0xd82e921b4c981a07c773647fc0786b91 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 115 length 119 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 109 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0068], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 068a], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 113 to 192.168.0.20 port 65513 EAP-Message = 0x0174040019c0000006c7160301002a0200002603014c7bbde9f613a30decd1cdeac197e2ec339769a8d7bcb28291d2ac2e12e6971300002f00160301068a0b00068600068300035930820355308202bea003020102020310adba300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479301e170d3130303431333134353235365a170d3132303631333039353833315a3081df3129302706035504051320746c43354c615a425030302f657a714b566677455a63 EAP-Message = 0x63762d45315673313930310b300906035504061302415531153013060355040a140c2a2e6879647269782e636f6d31133011060355040b130a475438313233373633343131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293130312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311530130603550403140c2a2e6879647269782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100dfe086b6803479d87cf9f96937d58d42cf97af5d9edeb9c490d0cabb200c6030fc1b EAP-Message = 0x0b0b158d736b5205d8d769004bf9afabe7ff51b3ce3b00be1584bfa56660d8082ad02b47d3c85f64920342d33833bf9258e6c28d35a4c2f8dbec5db493f05683e08e74daedcc64544f09619008df99cdc2324c6d5853f244feb3b0c3cca90203010001a381ae3081ab300e0603551d0f0101ff0404030204f0301d0603551d0e041604147612da889e2204ca3467cd2b5ea70e1fc3f674f1303a0603551d1f04333031302fa02da02b8629687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f73656375726563612e63726c301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d2504 EAP-Message = 0x16301406082b0601050507030106082b06010505070302300d06092a864886f70d0101050500038181006908f00a8df2c62e7579a020b6502c4c719ccc84ee9a7b0c9f291e3ee5af018f20427ea856275fea68d22077d6db2c921f2ec0be3777b0bb59e454ed4eb2c69fd197b9e539aea8472e6b3a5b4ef731ccbebf8a4549e005d1268e298b2a8d331170db1f99bfc7edba01cf733d902174d55480437e4d47580e6edafaee58ea72b20003243082032030820289a003020102020435def4cf300d06092a864886f70d0101050500304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b13244571 EAP-Message = 0x756966617820536563757265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2901333728752a271ee22a85a9879908 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=114, length=172 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x027400061900 State = 0x2901333728752a271ee22a85a9879908 Message-Authenticator = 0x90c632ba5132116016e8d8feb31e52fe +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 116 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 114 to 192.168.0.20 port 65513 EAP-Message = 0x017502d7190020436572746966696361746520417574686f72697479301e170d3938303832323136343135315a170d3138303832323136343135315a304e310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c15db158670862eea09a2d1f086d911468980a1efeda046f13846221c3d17cce9f05e0b801f04e34ece28a950464acf16b535f05b3cb6780bf42028efedd0109ece100144ffcfbf00cdd43ba5b2be11f80709915 EAP-Message = 0x579316f10f976ab7c268231ccc4d5930ac511e3baf2bd6ee63457bc5d95f50d2e3500f3a88e7bf14fde0c7b90203010001a38201093082010530700603551d1f046930673065a063a061a45f305d310b30090603550406130255533110300e060355040a130745717569666178312d302b060355040b1324457175696661782053656375726520436572746966696361746520417574686f72697479310d300b0603550403130443524c31301a0603551d1004133011810f32303138303832323136343135315a300b0603551d0f040403020106301f0603551d2304183016801448e668f92bd2b295d747d82320104f3398909fd4301d0603551d0e04 EAP-Message = 0x16041448e668f92bd2b295d747d82320104f3398909fd4300c0603551d13040530030101ff301a06092a864886f67d074100040d300b1b0556332e3063030206c0300d06092a864886f70d01010505000381810058ce29eafcf7deb5ce02b917b585d1b9e3e095cc25310d00a6926e7fb692639e5095d19a6fe411de63856e98eea8ff5ac8d355b2667157dec021eb3d2aa72349010486427bfcee7fa21652b56767d340db3b2658b228773dae147761d6fa2a6627a00dfaa7735cea70f1942165445ffafcef2968a9a28779ef79ef4fac07773816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x290133372b742a271ee22a85a9879908 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=115, length=374 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x027500d01980000000c61603010086100000820080c92305f633ebb13d1146dac01d43c19047e5326b42434518e7daf6b6623a19eb1cd877ea3efc03f68c6e2614e424aa04bfc5f953155573bc9ce818f3d2c890a0986847a5ef8733880fb1451c8ba1b4b36120c346e9e9050d6eb253a78a737fd68aca89bf2f45fa6572741c52ff660419e9117178a9109ccf7bc8764a62b64277140301000101160301003073f845987a3f1b2b628142eed10e04383a69c24f9d047c9b032610d8757b0747ee669a44da75dee822ffd2a21e838ef2 State = 0x290133372b742a271ee22a85a9879908 Message-Authenticator = 0x9bb5cc74512ad0bdceaaaf921164c7a8 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 117 length 208 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 198 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 115 to 192.168.0.20 port 65513 EAP-Message = 0x0176004119001403010001011603010030614cc88b6f7fd4b02100d31466fed38c2cfe56fa4efb2ce43875c82841816c33f1e706863ce88f5c5af738f47c5e1fa0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x290133372a772a271ee22a85a9879908 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=116, length=172 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x027600061900 State = 0x290133372a772a271ee22a85a9879908 Message-Authenticator = 0xca39a76697f59adcaa15916a78e16ed2 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 118 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 116 to 192.168.0.20 port 65513 EAP-Message = 0x0177002b19001703010020c3009d54f21929eb7ee0043e7771df5f0a7cbf6ebd66def03565bb4aaa4cb41b Message-Authenticator = 0x00000000000000000000000000000000 State = 0x290133372d762a271ee22a85a9879908 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=117, length=209 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0277002b190017030100201dd6103b6d0f86c6ac33fe86888f5a13b10970a1ef222f1e83ce55a94db4d942 State = 0x290133372d762a271ee22a85a9879908 Message-Authenticator = 0xf6428db91fea81a03c903f8278eff0d5 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 119 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - host/ramon [peap] Got tunneled request EAP-Message = 0x0277000f01686f73742f72616d6f6e server { PEAP: Got tunneled identity of host/ramon PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to host/ramon Sending tunneled request EAP-Message = 0x0277000f01686f73742f72616d6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/ramon" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 119 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x017800241a0178001f107ea40ec7760d14474dee0b4e6b9d640c686f73742f72616d6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x017800241a0178001f107ea40ec7760d14474dee0b4e6b9d640c686f73742f72616d6f6e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 117 to 192.168.0.20 port 65513 EAP-Message = 0x0178004b190017030100403251f76d20afd9bd1be50ca770e4ef315fcdfa3f286f641d8b2749d8d76da28e8e70a4806aa2896c655c5546437e2c2060ac44ca854f654f8f54c2d99e35fbbf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x290133372c792a271ee22a85a9879908 Finished request 14. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=118, length=273 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0278006b190017030100608c8234cfe2ebd7ca29c77661768564cafeaff5313f126a180cf96473c6f51f73ab881585286f454f4f1ed6a8600f1b593ca21d6a787532921d6579661db9d2387e25bf325b263313892981bfb3128d7b30389ebd7ecd5abf3c6051142047e407 State = 0x290133372c792a271ee22a85a9879908 Message-Authenticator = 0x6f9193d476c9b00a3e44db300044fe8d +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 120 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x027800451a0278004031d1cf5a51ae82bba33c59afaccdbe4563000000000000000000000000000000000000000000000000000000000000000000686f73742f72616d6f6e server { PEAP: Setting User-Name to host/ramon Sending tunneled request EAP-Message = 0x027800451a0278004031d1cf5a51ae82bba33c59afaccdbe4563000000000000000000000000000000000000000000000000000000000000000000686f73742f72616d6f6e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/ramon" State = 0xfbc0fc99fbb8e6c1acf79e9f2cef3e77 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 120 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] No NT-Password configured. Trying OpenDirectory Authentication. rlm_mschap: getUserNodeRef(): dsGetRecordList() status = 0, recCount=0 [mschap] od_mschap_auth: getUserNodeRef() failed ++[mschap] returns fail [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 EAP-Message = 0x04780004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 EAP-Message = 0x04780004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 118 to 192.168.0.20 port 65513 EAP-Message = 0x0179002b190017030100201d0da92cec780afeb07d044ae3bec2d0bbae6f756cb641bf7afb941c603d3bfb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x290133372f782a271ee22a85a9879908 Finished request 15. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=119, length=209 User-Name = "host/ramon" NAS-IP-Address = 192.168.0.20 NAS-Port = 0 Called-Station-Id = "00-1C-B3-AD-13-5F:HYDRIX-TEST" Calling-Station-Id = "C4-46-19-25-31-52" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11" EAP-Message = 0x0279002b19001703010020c105223815949c87f20ddf78237c265be8030e828d278b2f87db880eadcd2bf8 State = 0x290133372f782a271ee22a85a9879908 Message-Authenticator = 0xe5350e69dd68ba1c0ab8e39eaed51b5e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/ramon", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 121 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> host/ramon attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 16 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 16 Sending Access-Reject of id 119 to 192.168.0.20 port 65513 EAP-Message = 0x04790004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 9 ID 112 with timestamp +418 Cleaning up request 10 ID 113 with timestamp +418 Cleaning up request 11 ID 114 with timestamp +418 Cleaning up request 12 ID 115 with timestamp +418 Cleaning up request 13 ID 116 with timestamp +418 Cleaning up request 14 ID 117 with timestamp +418 Cleaning up request 15 ID 118 with timestamp +418 Waking up in 1.0 seconds. Cleaning up request 16 ID 119 with timestamp +418 Ready to process requests.
Unfortunately, the OpenDirectory module does not take any configuration. This means that you will need to edit the "User-Name" attribute *before* it is used by the opendirectory module.
So... what *should* the User-Name look like? This is for you to decide.
I'm not sure I follow what you re saying here... I am only interested at this stage by the user name, not the computer name as part of the "User-Name" If you could point me to directions on how to configure the server for (b), it would be greatly appreciated. Kind regards Jean-Yves
On Mon, Aug 30, 2010 at 9:25 PM, Jean-Yves Avenard <jyavenard@gmail.com> wrote:
This is from a Win 7 client, using default configuration settings that is just username / password and that Authentication is PEAP:MSCHAPv2
rad_recv: Access-Request packet from host 192.168.0.20 port 65513, id=112, length=163 User-Name = "host/ramon"
So... what *should* the User-Name look like? This is for you to decide.
I'm not sure I follow what you re saying here... I am only interested at this stage by the user name, not the computer name as part of the "User-Name"
If you could point me to directions on how to configure the server for (b), it would be greatly appreciated.
I think what Alan is saying is look at what User-Name being sent by the CLIENT. Your Win7 client log says the client is sending "User-Name = "host/ramon"". If you want it to be something like, change the client configuration. At this point, it has nothing to do with server configuration. There might be some checkbox somewhere on your Win7 that says "Authenticate as computer when computer information is available" or something like that. Uncheck it. Windows 7 user might be able to help you more (or you could ask MS). -- Fajar
Hi On 31 August 2010 02:04, Fajar A. Nugraha <fajar@fajar.net> wrote:
I think what Alan is saying is look at what User-Name being sent by the CLIENT. Your Win7 client log says the client is sending "User-Name = "host/ramon"". If you want it to be something like, change the client configuration. At this point, it has nothing to do with server configuration.
There might be some checkbox somewhere on your Win7 that says "Authenticate as computer when computer information is available" or something like that. Uncheck it. Windows 7 user might be able to help you more (or you could ask MS).
Allright, so this is what I thought it was and I have provided the solution already. On Windows 7, you go into Advanced Settings -> 802.11X Settings -> Specify authentication mode: and select "user authentication"
Jean-Yves Avenard wrote:
As requested. Here is the log from the Win 7 client, when it is configured in Advanced Settings -> 802.11X Settings -> Specify authentication mode: user authentication
The first debug log shows the user being found by the "unix" module. i.e. the User-Name has an entry in /etc/passwd, or the Apple equivalent. The second debug log shows that the user is *not* found by the "unix" module.
I'm not sure I follow what you re saying here... I am only interested at this stage by the user name, not the computer name as part of the "User-Name"
I'm aware of that. I'm saying that *you* need to figure out which is which, and edit the configuration to use the right one.
If you could point me to directions on how to configure the server for (b), it would be greatly appreciated.
Edit raddb/sites-enabled/inner-tunnel, the "authorize" section: authorize { ... if (User-Name =~ /\/(.*)/) { update request { Stripped-User-Name := "%{1}" } } ... }
Hi On Tuesday, August 31, 2010, Alan DeKok <aland@deployingradius.com> wrote:
The first debug log shows the user being found by the "unix" module. i.e. the User-Name has an entry in /etc/passwd, or the Apple equivalent.
The second debug log shows that the user is *not* found by the "unix" module.
Yes, because in the 2nd case, Win 7 sent the name of the computer instead.
I'm aware of that. I'm saying that *you* need to figure out which is which, and edit the configuration to use the right one.
But configuration where? on the freeradius server or win 7?
If you could point me to directions on how to configure the server for (b), it would be greatly appreciated.
Edit raddb/sites-enabled/inner-tunnel, the "authorize" section:
authorize { ...
if (User-Name =~ /\/(.*)/) { update request { Stripped-User-Name := "%{1}" } } ... }
This would only help if the user format is in the form of blah/user ; which it isn't when the user name is sent and not the computer's name. Looking at the log, I don't think that when win7 sent the computer name as the login, the user's name is sent anywhere, so configuration change can only be done on the win7 client JY
On Tue, Aug 31, 2010 at 10:41 AM, Jean-Yves Avenard <jyavenard@gmail.com> wrote:
Looking at the log, I don't think that when win7 sent the computer name as the login, the user's name is sent anywhere, so configuration change can only be done on the win7 client
So did you finaly manage to get it working by changing the configuration on the client? -- Fajar
Hi On 31 August 2010 13:58, Fajar A. Nugraha <fajar@fajar.net> wrote:
On Tue, Aug 31, 2010 at 10:41 AM, Jean-Yves Avenard <jyavenard@gmail.com> wrote:
Looking at the log, I don't think that when win7 sent the computer name as the login, the user's name is sent anywhere, so configuration change can only be done on the win7 client
So did you finaly manage to get it working by changing the configuration on the client?
oh yes... Did so last week and reported it here :) You go and edit a new wireless profile, you go into Advanced Settings -> 802.11X Settings -> Specify authentication mode: and select "user authentication"
participants (5)
-
Alan DeKok -
Fajar A. Nugraha -
Jean-Yves Avenard -
Nolan King -
Phil Mayers