Re: FreeRadius 2.1.6 + EAP-PEAP issue
I've configured realm DEFAULT in proxy.conf again: realm DEFAULT { type = radius authhost = LOCAL accthost = LOCAL } and deleted realm csd-notebook because csd-notebook is notebook name rather than domain name. Also I 've disabled suffix in sites-available/inner-tunnel However the authorization failed. Users file is as follows: oreshkin Cleartext-Password := "some_password" The output of /usr/local/sbin/radiusd -fX see below ---------------------------------------------- Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=0, length=235 Message-Authenticator = 0xc7b72f8f44b9019d1e6596594bee47ce Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 0 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry DEFAULT at line 178 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.14.240 port 4644 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=1, length=359 Message-Authenticator = 0x4291c54604eda73b733a699e7063b775 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b22bd585bc9fb874faddead5575b817db8addcd1c81e00b2c281afb9c1000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 1 length 132 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 122 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0075], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 084e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 1 to 192.168.14.240 port 4644 EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b0451d55d4a1629bfbae5b8a3ed01eaf71a929de6299ea93781a8bce6f9b700002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51 EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29 EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204 EAP-Message = 0x973082037fa0030201020201 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=2, length=233 Message-Authenticator = 0x9eb9f47a1942a94307aff7182503f53e Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.14.240 port 4644 EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577 EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1 EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975 EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa EAP-Message = 0xde231ca42761b9ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=3, length=233 Message-Authenticator = 0xd5ba7ca4e10b42c6e58c221070724350 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.14.240 port 4644 EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=4, length=565 Message-Authenticator = 0xa2a61477a53b60b658354bcf5a5dd1d2 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204015019800000014616030101061000010201006dc028926cb1603933da4f210b3255d7a12d0ae72ee0811c273846a08724f231a18f3234e3a0dc4ec9b97a5baeef3b94e574590d44c9d06362bd891a4971ee8a6882588dc9f20864932bc353adfe3593775356e1606cd69d4dc645a4209ea24ab9ea0fc1d6d3b5f5ba9f26b0f9cda2769cf5f2c7b5ecac183e4c12d94a3faf17193ba155c5f04e9180674473120fc12baca8a23d23f5f5207aee91dabba4848ad63c6097e91a75d253e656e3a1cd798caeff7ec76c936cc032a2e6db5efb79fb16f6577323039643289ccd091cfccdd2a48f55fe4fc4b779c85c597de1244af6e8062792374383f8 EAP-Message = 0xee13454f13c06f49eca30911f9ed0d48533b39011022aee714030100010116030100301b63e8378975cda4e824697202ab6aa211661792844f1b666230910a68d6b56770e93c18625038edec24b5e6e64d1961 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 4 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.14.240 port 4644 EAP-Message = 0x010500411900140301000101160301003018a79818d8a3a008ef8e73a60a5d08280ba0ea795698935644d2fb8596e06b974a3f645bb4dc20a023403bc2dc50bd34 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=5, length=233 Message-Authenticator = 0xad23b6d52887e419b59bf9786ae1c5a7 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.14.240 port 4644 EAP-Message = 0x0106002b19001703010020bdd18c77fc0f277e30704f01adb57a6b05d27093451ea712885b3b88a4ebf50b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=6, length=286 Message-Authenticator = 0xc85239940218f11c33907f886e24d8a4 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0206003b19001703010030f1d0da27fcb26de2e167c397e95a6d85e67407f10a14d668ff1e99b2412e5755d3cede615b2248e760e3735a49ac2cbc NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 6 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - csd-notebook\oreshkin [peap] Got tunneled request EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e server { PEAP: Got tunneled identity of csd-notebook\oreshkin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] EAP packet type response id 6 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x25d25b2625d541006018ba988c44b193 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x25d25b2625d541006018ba988c44b193 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.14.240 port 4644 EAP-Message = 0x0107004b19001703010040fbe95e817667101c89d2412ecd203190dac86403936911f6272afdd47ba71bd6c25e35d72c87d2fad10875f9be2cc13e0624b276bcdad6957fd87178a7360bf7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=7, length=334 Message-Authenticator = 0x2d76e9d19d4ac72f118f8ca7901ed8ef Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0207006b190017030100607c2da2c02f50b65226c6daf7da0b7319fb3cc73466aaf89c4f7d2f64f2af18bfe61540b809390fbf8b2f803aa6e39d7c0ceac7b04f9c12a420fd41f49b344d3801d16774aa3712feec81441cec6bb69ecf1029e4a98e077cd2cb4e191efd5cf8 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 7 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e server { PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" State = 0x25d25b2625d541006018ba988c44b193 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] EAP packet type response id 7 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.14.240 port 4644 EAP-Message = 0x0108002b19001703010020e115ecd70a889350618f29e8f4a572cd7c64594ae44e91e6055f135741eaecaa Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe5d6fd38e2dee4a1475d0e8cf897c815 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=8, length=270 Message-Authenticator = 0xecdae1b55152a8a2ef087d9bd8a66196 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xe5d6fd38e2dee4a1475d0e8cf897c815 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0208002b1900170301002052aa1efefa6381f26fd8b080dbca42aec420f9ecdd25202ae99be921f5c87946 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 8 to 192.168.14.240 port 4644 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=0, length=235 Message-Authenticator = 0x82ce06670e9708994657db6e99797f0f Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 0 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 159 [files] users: Matched entry DEFAULT at line 178 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.14.240 port 4645 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d4d40aa04898feef3a314aec Finished request 9. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=1, length=359 Message-Authenticator = 0xdfc6e3ae05b7b29a3804a7ceb87aa21a Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d4d40aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b7104b1f57bc93e28b85523b677cdf26bdc4b525bf8d2dbd576305c308000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 1 length 132 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 122 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0075], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 084e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 1 to 192.168.14.240 port 4645 EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b045614a6324f3c131733e1656d36c7cdc05d3e7efc26f0dafe308a3e167100002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51 EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29 EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204 EAP-Message = 0x973082037fa0030201020201 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d5d70aa04898feef3a314aec Finished request 10. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=2, length=233 Message-Authenticator = 0xe9705077e183f8e0b2606d2a3c3c459a Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d5d70aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.14.240 port 4645 EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577 EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1 EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975 EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa EAP-Message = 0xde231ca42761b9ba Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d6d60aa04898feef3a314aec Finished request 11. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=3, length=233 Message-Authenticator = 0x1e2ff4b489a4de159827aab639bd6890 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d6d60aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.14.240 port 4645 EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d7d10aa04898feef3a314aec Finished request 12. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=4, length=565 Message-Authenticator = 0xe0f7604deb4ffea48fad72630295746a Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d7d10aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x02040150198000000146160301010610000102010040a0bbd21114460374ea847a8cfb452d4a76957a8bbe24215e8c7ef45558e784673cd14ffa782c9ec28d2396dfe1d68527fafa1488398c2659a3871717572c755762577cf4735a574e09bd839f3ef640d659fa63d343c3af3ddb936f044d553d748586a6ec3bc3e40567b7adfecb3d66f3c5f35d0adbf167dfa59c6aa80eee03d77a28027b2c79f6b3fa8726f1560af0662ba3cf48887af153a0a8b02b9a884ebd8e0d9ed03891b8aa38c80ca82130cad1bceffc26c009c8efc4afe6ccfbc02b8c046c5ae4148c808239cb717bdcddfa31b2fe53ba02663131314f14b2a165722f687aa151f71473 EAP-Message = 0xd666cd73db54137a1615b073781cb99cbc1eda54a289a91d1403010001011603010030dbec19a1707dbc6463870f29c6814ace6d586965b688ce398c1fd5f4e5d3ce007c9344b2b8d0099f13f6904b33a753e3 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 4 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.14.240 port 4645 EAP-Message = 0x0105004119001403010001011603010030c7541f4c6b1d38fe80f877cee878439df3d490a4efc2633091bc615343fc3839d5c7642f6591cc2f9879d62a1705f080 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d0d00aa04898feef3a314aec Finished request 13. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=5, length=233 Message-Authenticator = 0x11eebe0d6cdaf85b60ca227fe26f9e84 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d0d00aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500061900 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.14.240 port 4645 EAP-Message = 0x0106002b19001703010020eb441efea0fb1cfba98cf447d294850f6713eb7802f73c7c9509cf3225be6520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d1d30aa04898feef3a314aec Finished request 14. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=6, length=286 Message-Authenticator = 0xc9779862b2bb4b963b789b4f1caff461 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d1d30aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0206003b19001703010030ee00f29c7e81a1b74d61b660b055be4853409b7d94398107e66e0077c86a9ef97c0cdcd6017a2742364a38cb761ae602 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 6 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - csd-notebook\oreshkin [peap] Got tunneled request EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e server { PEAP: Got tunneled identity of csd-notebook\oreshkin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] EAP packet type response id 6 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xafd8dd7aafdfc7b171389911d924f927 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xafd8dd7aafdfc7b171389911d924f927 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.14.240 port 4645 EAP-Message = 0x0107004b190017030100407cab0f0bf7be50c85590a26810487d488811ae73028ee037e8f69b61f505d7392fc41fde69904f28d019f676647ef8cf4ea3fbe981cc4c5f107482bb4273fe84 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d2d20aa04898feef3a314aec Finished request 15. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=7, length=334 Message-Authenticator = 0x84f664bee88394ee0715e23758f1f5fa Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d2d20aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0207006b19001703010060886abf524a168b8fff75dec933bda3fd512fe4c2a9e429daa6fb69ec3aaa701fcdc25254ad1d301a7dd7c8489c5ecc5ca4dee27db7ef7f24a3849c163a9154f02c8361f7d3e6903ac465cc05f0d09d5aaa1441c1fd807508913321e88d6e37bf NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 7 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e server { PEAP: Setting User-Name to csd-notebook\oreshkin Sending tunneled request EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "csd-notebook\\oreshkin" State = 0xafd8dd7aafdfc7b171389911d924f927 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound ++[control] returns notfound [eap] EAP packet type response id 7 length 67 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 159 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.14.240 port 4645 EAP-Message = 0x0108002b19001703010020ab648c0254fc31a1d201e50cec71b9b2ada1e22adbf6d28f3d43a98e1e8cafda Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd4d513f8d3dd0aa04898feef3a314aec Finished request 16. Going to the next request rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=8, length=270 Message-Authenticator = 0xac3aecf22d6a5d03e4f588afbbb5e559 Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 State = 0xd4d513f8d3dd0aa04898feef3a314aec Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0208002b19001703010020395ac391ddc6dff81a2db59e5d67b7c823bf07a6baaa24e022620012e56e4b22 NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1" +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL [suffix] Found realm "DEFAULT" [suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin" [suffix] Adding Realm = "DEFAULT" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [ntdomain] Request already proxied. Ignoring. ++[ntdomain] returns ok [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 17 for 1 seconds Going to the next request Cleaning up request 0 ID 0 with timestamp +11 Cleaning up request 1 ID 1 with timestamp +11 Cleaning up request 2 ID 2 with timestamp +11 Cleaning up request 3 ID 3 with timestamp +11 Cleaning up request 4 ID 4 with timestamp +11 Cleaning up request 5 ID 5 with timestamp +11 Cleaning up request 6 ID 6 with timestamp +11 Cleaning up request 7 ID 7 with timestamp +11 Waking up in 0.8 seconds. Sending delayed reject for request 17 Sending Access-Reject of id 8 to 192.168.14.240 port 4645 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 0.1 seconds. Cleaning up request 8 ID 8 with timestamp +11 Waking up in 3.8 seconds. --------------------------------------------- What's wrong ? May be you would like to see my radius config files for checking ? Thanks. On Fri, 10 Jul 2009, Ivan Kalik wrote:
Date: Fri, 10 Jul 2009 18:10:12 +0100 (BST) From: Ivan Kalik <tnt@kalik.net> To: Anatoly Oreshkin <Anatoly.Oreshkin@pnpi.spb.ru> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
and added domain in proxy.conf
realm csd-notebook { type = radius authhost = LOCAL accthost = LOCAL }
All the same Vista client could not connect to WiFi network though radius server sent Access-Accept. See output of /usr/local/sbin/radiusd -fX below.
Debug AP and see why Vista failed to connect.
But csd-notebook is not domain name, it is a computer name which can be random name. Also we do not use NTLM authorisation. What way to choose ?
Enable DEFAULT realm (and dsable suffix in inner-tunnel):
realm DEFAULT { }
That should ake care of any notebook name.
---------------------------------------------------------------------- rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=20, length=235 Message-Authenticator = 0x6754868faae917f8ecf1de1b88ffbbff Service-Type = Framed-User User-Name = "csd-notebook\\oreshkin" Framed-MTU = 1488 Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And" Calling-Station-Id = "00-16-EA-8A-DE-38" NAS-Identifier = "3Com Access Point 7760" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0214001a016373642d6e6f7465626f6f6b5c6f726573686b696e NAS-IP-Address = 192.168.14.240 NAS-Port = 1 NAS-Port-Id = "STA port # 1"
...
Sending Access-Accept of id 29 to 192.168.14.240 port 4177 MS-MPPE-Recv-Key = 0xc12171c0071fd6f4098e5f68b570202b25bbc5d89f31d63e13645dd645e87a6d MS-MPPE-Send-Key = 0x5b383c69c087a07603a627033e58f4bf17fcf505f534f1c85117f22acf0d1ec3 EAP-Message = 0x031d0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "oreshkin"
Connection problem might have to do with User-Name being altered. EAP *really* dislike that.
Ivan Kalik Kalik Informatika ISP
hi, the client config means the machine name comes through - reconfigure the client ot NOT use the windows login/password - is under the PEAP settings for the client supplicant. then they'll log in as plain username / password rather than the additional junk. if you want to support random client configs you'll need to do a lot more work and debugging - I'm sure a consultant can help you further alan
participants (2)
-
A.L.M.Buxey@lboro.ac.uk -
Anatoly Oreshkin