freeRADIUS with PEAP doesn't authenticate WinXp supplicant
Dear All, I am using winxp as supplicant and configured every possible configuration files of freeRADIUS to support PEAP. But still the log file in server shows like following: and the client doesnot authenticated. whatshould i do in Winxp supplicant....at the time of connection it shows to enter Username/Password/Logon Domain......what is that Logon Domain? What should i enter here?what configuration setting i should make in xpsupplicant? plz see the following log file and help me what should i do? / /************log file**************************8 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=214 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xd316349afcfe1dc084768fa39e502497 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201005019800000004616030100410100003d0301466ef55151e34499d4e0e15c72bb20474e547f6ca8156439c527ad5ac76c0a0700001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xf71f7a4777cdd86d08877ab3de3ec762 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05f6], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0102040a19c000000653160301004a020000460301466e470fa9c7109a172aed739dfa7cc7f5a64a8e4281076ebcc58c4a7676bee920a8c128e283cab0f2a26570674f1984771c0818971f23474e5db5a2bf5c77392100040016030105f60b0005f20005ef00028930820285308201eea003020102020102300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b74 EAP-Message = 0x6140636461632e696e301e170d3037303532393035303635315a170d3038303532383035303635315a307b310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450554e45310d300b060355040a130443444143310d300b060355040b13044e495347310f300d060355040313065052414a414b311f301d06092a864886f70d01090116105072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100c4682bbf78964108c4b94d5976695394751375febb82827ad98069865b6e8e8d5d151e4c22cb8b1b96d300972bc5b2905316b1b485d54c060eb3 EAP-Message = 0x19fe4f7248c37e493aa7a0459f6e8f6c50400f4e22e3bdd804ed998e9f9bfeab26e7d2c2ae2f99c7453670daf7cea13f891febc690c9be4ada506eba501d31fa49daf7fa8b130203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100159024193168e51423e2d73826a6e2bb07937a3de03bd4fe61eef65a0c00b6e0da6d08e51ae89f8bc12b312e29306466e53caae1f4ef4cb1cb0174c250621b520a265296de3c53df587a3a3c3f922b6949a95fbda7d149503d53361270cbb4043fcdb99a44011b1042efe168c70fd493123fb3a6f997671ef304f287cbc842ab000360308203 EAP-Message = 0x5c308202c5a0030201020209009271838f2a65231f300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e301e170d3037303532393035303530385a170d3039303532383035303530385a307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a13044344 EAP-Message = 0x4143310d300b060355040b13044e4953473111300f06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x66261f68c0a988471b7dbd1406aa25a9 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=140 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0x66261f68c0a988471b7dbd1406aa25a9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0x715b22052c0a834c8ab26540be3c7ee1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 2 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0103025919000355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100b4695f7f4ac6d738e8f1ba01d9ba31b7a55ec069aa18e5323fafd646b55a2c5fcf8777d20a34ebe6e6b3c7210f75cd3c0b9a1298565c6f4408fcb71fd95906402256723fe9c98d4d5ce6d6d47e2e705f2acf120d40ec9df1f05f376e9e61702409c1ab1df14225f2592720037abb529527f0140f266dda722bc85ee638e0927d0203010001a381e33081e0301d0603551d0e041604146e8a698195a518d1efe841869bc3b87746e660e430 EAP-Message = 0x81b00603551d230481a83081a580146e8a698195a518d1efe841869bc3b87746e660e4a18181a47f307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e8209009271838f2a65231f300c0603551d13040530030101ff300d06092a864886f70d010105050003818100876aaf9ca0aebb3f6331d22edc4d8a8fb3828e6db868fc65f40f2ab80dfba2a06bdedb167a348a1bdc59 EAP-Message = 0xb14cb59fb92bce6dac1822379ecb469faba3a4dd0efd449f7dd3ae13dd0cce3ed2a59f2c83f88a75585a94e269b51ce27008bc2dbd4e3493e7657b09f1f07eaed60ab55c9ef636d587e3aa7c530c0b3ef8c01b875a4316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeeffea22eecd70571b93074167e1f9d9 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=326 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xeeffea22eecd70571b93074167e1f9d9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300c01980000000b6160301008610000082008057a095505e914a7b5abe8025749ed79d441c0253ffc67fca83b899e2f086449bb015e9389edc1e440c81e28aa97382183f45cc7ce253fb95218c43cafde60441baa54bb5fb50a7b44e9ae8ab6b4c83028e015e96fe32f4f66aa315cf6d61bb1f73767316d4a238ea9a5601ab94c31fc149d571858362ca64d87222891897bcbe1403010001011603010020e6f71473f403b2d477ad3db5019876b535c1f3d63622c01e65ce12f09f82f056 Message-Authenticator = 0x1adf37f766e60a62b2a64ea969e12a2e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 3 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0104003119001403010001011603010020ac7b7eae7df6a094a06aac986552e097a71e014578dcdac2d0aa555ac0e82762 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe09ac59efcfd79cdce50681ada73421e Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=140 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xe09ac59efcfd79cdce50681ada73421e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xc678535af140a79e91368303e815f863 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 4 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0105002019001703010015ebc8d24acae130428ed6d6893d7ce9eabb27a803bb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcffd82ce7722fb003680179d65ba88e3 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=170 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xcffd82ce7722fb003680179d65ba88e3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0205002419001703010019c215488e5af95d08053d8add389cf76bec07c3b8a752467f63 Message-Authenticator = 0xf659306a361f36453617aadc3172c0c5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 36 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testuser rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testuser Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: No such EAP type mschapv2 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x010600261900170301001b070ae9621b3a0172525b8ec994d48f8ba1eaa1993e5bad037fbc82 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xced664250055f6ce7932cae33490350b Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=172 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xced664250055f6ce7932cae33490350b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600261900170301001bbdd92f192251db8ca1d0badadf2540be9d4e58ac52a5b914f2a17d Message-Authenticator = 0xb04c98dd979b625880b0b41a63bd758d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 6 modcall: leaving group authenticate (returns invalid) for request 6 auth: Failed to validate the user. Delaying request 6 for 1 seconds Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 6 ID 0 with timestamp 466e4711 Nothing to do. Sleeping until we see a request. /*************end of log file*******/ with thanks... apangshu
Apangshu Saha wrote:
Dear All, I am using winxp as supplicant and configured every possible configuration files of freeRADIUS to support PEAP.
You are very clearly NOT following the documentation, and NOT following the suggestions on this list.
plz see the following log file and help me what should i do?
Stop editing the default configuration to break it. You don't know what you're doing, and the changes you're making to the configuration files are preventing PEAP from working. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi,
rlm_eap: EAP Identity rlm_eap: No such EAP type mschapv2 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE
you've messed up your config in some nice wacky way. take the default eap.conf and radiusd.conf and only edit the bits you really need to. alan
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Alan Dekok -
Apangshu Saha