*********************** Mensaje examinado por el antivirus perimetral de Impala Network Solutions ***********-*********** Yes, it is PEAP. Here is the debug: rad_recv: Access-Request packet from host 172.24.230.15:1274, id=118, length=156 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0xa4cad15c8a6ff988359776097d2a2648 EAP-Message = 0x020300061900 Message-Authenticator = 0xa0283d9445bd1fa36df5a7db7f704288 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 118 to 172.24.230.15:1274 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e6c51314b76a2f62a5cecc3f9619a3d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.24.230.15:1275, id=119, length=342 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0x6e6c51314b76a2f62a5cecc3f9619a3d EAP-Message = 0x020400c01980000000b61603010086100000820080a0a1d79a3221244464cdb897cba12e9da17d5f26c74ae6b70c264ce4c2ac4355a89bbac6ee9793b052693711d886e1311034beba4a23c797b613a8fcb968f3afd7ca11fb373739b0662074329aa35ad3683a4ef77f7e9cd96fe78bfd22cf6ea07ce28843c3e8173ded0a2f70ac6dc51d05e005fdc3ac1c743027fd37b5f91a4d1403010001011603010020efa33aa831080bbfb9545494e02f849d0e496c2cb8f3fe125308b14d8e401b2a Message-Authenticator = 0xe35ea6d9060bf395da7a6fee6be9c1d6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 119 to 172.24.230.15:1275 EAP-Message = 0x01050031190014030100010116030100206fafa47a1c95be075428fe823b87526554684724ce47683c27a62f8a0614e943 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x884de7e54567f992c4295f91e9232494 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.24.230.15:1276, id=120, length=156 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0x884de7e54567f992c4295f91e9232494 EAP-Message = 0x020500061900 Message-Authenticator = 0x41823b1c88e1cdc292ffa3caf2d66b6e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 120 to 172.24.230.15:1276 EAP-Message = 0x0106002019001703010015697889c7a3599228e4a5d3eec7d2068f4926c57948 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb63de12e95ed9591476c6ed8dc8755ee Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.24.230.15:1277, id=121, length=202 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0xb63de12e95ed9591476c6ed8dc8755ee EAP-Message = 0x02060034190017030100291828ef9227d584cacec539c489ae909a31b5b76d0b675483f109612f3a86cd3c82fd1cd04278507580 Message-Authenticator = 0x5ae6eb660582fb81597d313ffe02be24 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 6 length 52 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - host/PC-BARCMM2.it.local rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c PEAP: Got tunneled identity of host/PC-BARCMM2.it.local PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to host/PC-BARCMM2.it.local PEAP: Sending tunneled request EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/PC-BARCMM2.it.local" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 6 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xef700e94932965fd864f8ee94ca84821 PEAP: Processing from tunneled session code 0x90fbdd8 11 EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xef700e94932965fd864f8ee94ca84821 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 121 to 172.24.230.15:1277 EAP-Message = 0x010700491900170301003e49c5bfa64167d421185b0b70ccaad9608da5c1866e2f4fa6ca6c39c326687062a77abb04a0454dacd4be809b90f4e724d6dc46d781e2275de386b7f1b00a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x71800117cdd97753f7c575cc34f0010c Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.24.230.15:1278, id=122, length=256 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0x71800117cdd97753f7c575cc34f0010c EAP-Message = 0x0207006a1900170301005f99131f0772aca0d9208d07a82eb0fa63e07c04a39095210d87ed1a490f0b0c555d42fbaf207a7612f2196ba78a506bcc4d6a3304f1be833b7a4b01586d277621e05ba4962f0611c9cdd9018ec57a2437bfbb6ce22afd4b153ed0e4349e7021 Message-Authenticator = 0x0d289cd236d1717c81b54462ef49e2fe Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 7 length 106 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c PEAP: Setting User-Name to host/PC-BARCMM2.it.local PEAP: Adding old state with ef 70 PEAP: Sending tunneled request EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/PC-BARCMM2.it.local" State = 0xef700e94932965fd864f8ee94ca84821 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 7 length 83 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 8 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password radius_xlat: '/usr/bin/ntlm_auth --request-nt-key ' Exec-Program: /usr/bin/ntlm_auth --request-nt-key username must be specified! Usage: [OPTION...] --helper-protocol=helper protocol to use operate as a stdio-based helper --username=STRING username --domain=STRING domain name --workstation=STRING workstation --challenge=STRING challenge (HEX encoded) --lm-response=STRING LM Response to the challenge (HEX encoded) --nt-response=STRING NT or NTLMv2 Response to the challenge (HEX encoded) --password=STRING User's plaintext password --request-lm-key Retreive LM session key --request-nt-key Retreive User (NT) session key --diagnostics Perform diagnostics on the authentictaion chain --require-membership-of=STRING Require that a user be a member of this group (either name or SID) for authentication to succeed Help options -?, --help Show this help message --usage Display brief usage message Common samba options: -d, --debuglevel=DEBUGLEVEL Set debug level -s, --configfile=CONFIGFILE Use alternative configuration file -l, --log-basename=LOGFILEBASE Basename for log/debug files -V, --version Print version Exec-Program output: Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 8 modcall: group Auth-Type returns reject for request 8 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 8 modcall: group authenticate returns reject for request 8 auth: Failed to validate the user. Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client localhost port 0) PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x90d8c60 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 122 to 172.24.230.15:1278 EAP-Message = 0x010800261900170301001bc5c79a1b5d0753da26040c3590de04ab498dd1cf2b311c0d04db48 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe8f4e90b18573d9b55ac51a21f446398 Finished request 8 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.24.230.15:1279, id=123, length=188 NAS-IP-Address = 172.24.230.15 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Framed-MTU = 1400 User-Name = "host/PC-BARCMM2.it.local" Calling-Station-Id = "000e359071d6" Called-Station-Id = "001188a187a0" NAS-Identifier = "RoamAbout AP" State = 0xe8f4e90b18573d9b55ac51a21f446398 EAP-Message = 0x020800261900170301001b9a969d66050e592940d2585b980c25ffe386404b86973332efe093 Message-Authenticator = 0xfa5a126c3667224edf78d15a852fa80e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 9 modcall: group authenticate returns invalid for request 9 auth: Failed to validate the user. Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 000e359071d6) Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 123 to 172.24.230.15:1279 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 116 with timestamp 4695fe85 Cleaning up request 3 ID 117 with timestamp 4695fe85 Cleaning up request 4 ID 118 with timestamp 4695fe85 Cleaning up request 5 ID 119 with timestamp 4695fe85 Cleaning up request 6 ID 120 with timestamp 4695fe85 Cleaning up request 7 ID 121 with timestamp 4695fe85 Cleaning up request 8 ID 122 with timestamp 4695fe85 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 123 with timestamp 4695fe86 Nothing to do. Sleeping until we see a request. Thank you, Ivan Carlos Jimenez Barranco - Área de Postventa Telf. +34 933034139 www.impala-net.com Sistemas de Comunicaciones Corporativas -----Mensaje original----- De: freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.or] En nombre de tnt@kalik.co.yu Enviado el: jueves, 12 de julio de 2007 12:41 Para: FreeRadius users mailing list Asunto: RE: Authentication failed *********************** Mensaje examinado por el antivirus perimetral de Impala Network Solutions ***********-*********** What EAP method are you using? PEAP? Can you post the radiusd -X output. Ivan Kalik Kalik Informatika ISP Dana 12/7/2007, "Carlos Jimenez Barranco" <cjimenez@impala-net.com> piše:
*********************** Mensaje examinado por el antivirus perimetral de Impala Network Solutions ***********-***********
Hello, Stefan:
As you told us, the supplicant was sending an empty username. We had to introduce manually the username and password because wireless card was not taking correctly domain login values and using an empty value. The most recent log is:
Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client localhost port 0) Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client 172..24.230.15 port 1 cli 00118865b6e5)
Thank you,
Carlos Jimenez Barranco - Área de Postventa Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original----- De: freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com@lists.freeradius.org] En nombre de Stefan Winter Enviado el: jueves, 12 de julio de 2007 10:51 Para: FreeRadius users mailing list Asunto: Re: Authentication failed
Hi,
About the supplicant, we are using just Windows XP. We have tried with several wireless card (enterasys one, integrated Intel Centrino 2200b/g...). I have may not understood the supplicant meaning, tell me then, please. I thought it could be a problem related to the way the freeradius deals credentials (i. e. MSCHAP, with_ntdomain_hack value...).
FreeRADIUS can't do *anything* if it doesn't know who to authenticate. Your NAS is sending an *empty* username. As far as I can tell, your problem does not lie on the server side, but on the client side.
Stefan
-- Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener información privilegiada o confidencial de Impala Network Solutions S.L. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos nos lo comunique inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ___________________________________________________________________________
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ___________________________________________________________________________ Este mensaje se dirije exclusivamente a su destinatario y puede contener información privilegiada o confidencial de Impala Network Solutions S.L. Si no es vd. el destinatario indicado, queda notificado de que la utilización, divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos nos lo comunique inmediatamente por esta misma via y proceda a su destrucción. This message is intended exclusively for its addressee and may contain information that is CONFIDENTIAL and protected by professional privilege. If you are not the intended recipient you are hereby notified that any dissemination, copy or disclosure of this communication is strictly prohibited by law. If this message has been received in error, please immediately notify us via e-mail and delete it. ___________________________________________________________________________
Hi, okay, now that the User-Name thing is fixed, another problem with your config shows up. The ntlm_auth line is way too short! Therefore, the key can't be retrieved. Is there maybe a line wrap in radiusd.conf, line "ntlm_auth = ..." or something? The shipped ntlm_auth line works by default! Yours is only '/usr/bin/ntlm_auth --request-nt-key ' i.e. it's missing all the important parts! Stefan
modcall: entering group Auth-Type for request 8 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password radius_xlat: '/usr/bin/ntlm_auth --request-nt-key ' Exec-Program: /usr/bin/ntlm_auth --request-nt-key username must be specified!
Usage: [OPTION...] --helper-protocol=helper protocol to use operate as a stdio-based helper --username=STRING username --domain=STRING domain name --workstation=STRING workstation --challenge=STRING challenge (HEX encoded) --lm-response=STRING LM Response to the challenge (HEX encoded) --nt-response=STRING NT or NTLMv2 Response to the challenge (HEX encoded) --password=STRING User's plaintext password --request-lm-key Retreive LM session key --request-nt-key Retreive User (NT) session key --diagnostics Perform diagnostics on the authentictaion chain --require-membership-of=STRING Require that a user be a member of this group (either name or SID) for authentication to succeed
Help options -?, --help Show this help message --usage Display brief usage message
Common samba options: -d, --debuglevel=DEBUGLEVEL Set debug level -s, --configfile=CONFIGFILE Use alternative configuration file -l, --log-basename=LOGFILEBASE Basename for log/debug files -V, --version Print version Exec-Program output: Exec-Program: returned: 1 rlm_mschap: External script failed.
-- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: stefan.winter@restena.lu Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473
Hi, err, hello. have a look at your debug logs.
rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password radius_xlat: '/usr/bin/ntlm_auth --request-nt-key ' Exec-Program: /usr/bin/ntlm_auth --request-nt-key username must be specified! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
how are you calling ntlm_auth in your radiusd.conf ? - looks like you're not passing the User-Name, realm OR challenge (!) that fact that ntlm_auth spews out its options at you is very telling. folk, scan through your debug output....for PEAP (and some others) it may seem that the EAP bit is just being continuously called - thats somewhat true as it passes through about 6 times whilst setting up the inner stuff. go through those 6 or so times and then the good juicy stuff appears. alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Carlos Jimenez Barranco -
Stefan Winter