XP auth + PEAP (debik)
mat yuh
yusshalimee at yahoo.com
Tue Dec 6 10:50:44 CET 2005
i'm also have a problem to make PEAP works with XP
SP2.The PAP, EAP-tls, EAP-ttls work very well.i
realise that freeradius gives me this error :
rlm_mschap: No User-Password configured. Cannot
create LM-Password.
rlm_mschap: No User-Password configured. Cannot
create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for nurah with
NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject
for request 6
modcall: leaving group MS-CHAP (returns reject) for
request 6
i do read the maillist and search on google but cant
make XP SP2 Work with PEAP. i'm using several NAS such
as SMC BARRICADE 2804WBR and Linksys WRT54G. i do
configure default_eap_type = peap in eap.conf and have
a plain text password in users file :
nurah User-Password == "mypasswd"
** i make a new users file and put nurah user only in
it
here is my complete debug message :
-----------------------
Initializing the thread pool...
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
Nothing to do. Sleeping until we see a request.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok
for request 0
modcall[authorize]: module "chap" returns noop for
request 0
modcall[authorize]: module "mschap" returns noop for
request 0
modcall[authorize]: module "chap" returns noop for
request 0
modcall[authorize]: module "unix" returns updated
for request 0
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 0
rlm_eap: EAP packet type response id 7 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 0
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 0
modcall[authorize]: module "expiration" returns noop
for request 0
modcall[authorize]: module "logintime" returns noop
for request 0
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 0
modcall: leaving group authorize (returns updated) for
request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled
for request 0
modcall: leaving group authenticate (returns handled)
for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok
for request 1
modcall[authorize]: module "chap" returns noop for
request 1
modcall[authorize]: module "mschap" returns noop for
request 1
modcall[authorize]: module "chap" returns noop for
request 1
modcall[authorize]: module "unix" returns updated
for request 1
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 1
rlm_eap: EAP packet type response id 8 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 1
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 1
modcall[authorize]: module "expiration" returns noop
for request 1
modcall[authorize]: module "logintime" returns noop
for request 1
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 1
modcall: leaving group authorize (returns updated) for
request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032],
ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc],
Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 1
modcall: leaving group authenticate (returns handled)
for request 1
Finished request 1
Going to the next request
Waking up in 5 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok
for request 2
modcall[authorize]: module "chap" returns noop for
request 2
modcall[authorize]: module "mschap" returns noop for
request 2
modcall[authorize]: module "chap" returns noop for
request 2
modcall[authorize]: module "unix" returns updated
for request 2
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 2
rlm_eap: EAP packet type response id 9 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 2
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 2
modcall[authorize]: module "expiration" returns noop
for request 2
modcall[authorize]: module "logintime" returns noop
for request 2
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 2
modcall: leaving group authorize (returns updated) for
request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 2
modcall: leaving group authenticate (returns handled)
for request 2
rad_recv: Access-Request packet from host 192.168.2.1
port 1025, id=7, length=91
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0207000a016e75726168
Message-Authenticator =
0x68f9afa71809cd05fb71ab8686f18320
Sending Access-Challenge of id 7 to 192.168.2.1 port
1025
EAP-Message = 0x010800061920
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x504617b0d4dd078d15c5d6ad12aff5f1
rad_recv: Access-Request packet from host 192.168.2.1
port 1026, id=8, length=164
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x504617b0d4dd078d15c5d6ad12aff5f1
EAP-Message =
0x0208004119800000003716030100320100002e0301ae311dd3edd1dea83725e444a8d98d1e6112c10ebfcddacd153cf88067247bfc01000006000a000500040100
Message-Authenticator =
0x8413f48fc7e59bb15e4f6ed10532a5d9
Sending Access-Challenge of id 8 to 192.168.2.1 port
1026
EAP-Message =
0x0109040a19c000000729160301004a02000046030143963da2133ae46a6fdcc84d872a6f77f8447a49f37e19e9ab11f900f2c11630207acd91607051139b88ec441c90932b9ca122526d8e65d3ed5229d33d9c5008ae000a0016030106cc0b0006c80006c50002c9308202c53082022e020900f2585747fdc421f1300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c0603550403
EAP-Message =
0x13154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d301e170d3035313230343036323235325a170d3135313230323036323235325a30819f310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b130249543110300e06035504031307636f6c696e75783124302206092a864886f70d01090116156e757261683132314073747265616d79782e63
EAP-Message =
0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100a9c3198f512e0c50674463c59ce454415fd1df0496491d5d8830044248d602fbf9112117e2f5fea88aa6433add26cfdbc17303650260e43b551990fe5f45e826147cacae5469311b55fde41305b972580db938c16dcd73cb44f47c978b8fb205c9489ff748fd7e87ff9555a004f44ed3eeb18e982aa1c7e8dcdd49af87f3d15f0203010001300d06092a864886f70d01010505000381810090ab8b57db0a519e89a3d18882f98dde739a0e21fa1c26bf754f9f7835dc34a146aec1327de98a1ec8cb03b930da518cac8e06ce7d39685697f3d226388cc2f2b8464672e272
EAP-Message =
0x0ca42ab3184e5e0669b1dc545b928b3341c4beb5ef574f51a9192f5fd153c91d698d7b957befe425ef45fd1eb81631c44229f9c6405a4a3ec3000003f6308203f23082035ba003020102020900d4a1f9d8d7737d14300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d010901
EAP-Message =
0x16156e757261683132314073747265616d79782e636f
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xf4c74c157d0597a1dce1a727f6888730
rad_recv: Access-Request packet from host 192.168.2.1
port 1027, id=9, length=105
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0xf4c74c157d0597a1dce1a727f6888730
EAP-Message = 0x020900061900
Message-Authenticator =
0xe882c439bd4c462b3d3d457e586fa9a3
Sending Access-Challenge of id 9 to 192.168.2.1 port
1027
EAP-Message =
0x010a032f19006d301e170d3035313230343036323234315a170d3135313230323036323234315a3081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b30090Finished
request 2
Going to the next request
Waking up in 5 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok
for request 3
modcall[authorize]: module "chap" returns noop for
request 3
modcall[authorize]: module "mschap" returns noop for
request 3
modcall[authorize]: module "chap" returns noop for
request 3
modcall[authorize]: module "unix" returns updated
for request 3
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 3
rlm_eap: EAP packet type response id 10 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 3
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 3
modcall[authorize]: module "expiration" returns noop
for request 3
modcall[authorize]: module "logintime" returns noop
for request 3
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 3
modcall: leaving group authorize (returns updated) for
request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086],
ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length
0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010],
Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length
0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010],
Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled
for request 3
modcall: leaving group authenticate (returns handled)
for request 3
Finished request 3
Going to the next request
Waking up in 5 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok
for request 4
modcall[authorize]: module "chap" returns noop for
request 4
modcall[authorize]: module "mschap" returns noop for
request 4
modcall[authorize]: module "chap" returns noop for
request 4
modcall[authorize]: module "unix" returns updated
for request 4
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 4
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 4
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 4
modcall[authorize]: module "expiration" returns noop
for request 4
modcall[authorize]: module "logintime" returns noop
for request 4
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 4
modcall: leaving group authorize (returns updated) for
request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled
for request 4
modcall: leaving group authenticate (returns handled)
for request 4
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok
for request 5
modcall[authorize]: module "chap" returns noop for
request 5
modcall[authorize]: module "mschap" returns noop for
request 5
modcall[authorize]: module "chap" returns noop for
request 5
modcall[authorize]: module "unix" returns updated
for request 5
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 5
rlm_eap: EAP packet type response id 12 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 5
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 5
modcall[authorize]: module "expiration" returns noop
for request 5
modcall[authorize]: module "logintime" returns noop
for request 5
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 5
modcall: leaving group authorize (returns updated) for
request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Identity - nurah
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of nurah
PEAP: Setting default EAP type for tunneled EAP
session.
PEAP: Setting User-Name to nurah
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok
for request 5
modcall[authorize]: module "chap" returns noop for
request 5
modcall[authorize]: module "mschap" returns noop for
request 5
modcall[authorize]: module "chap" returns noop for
request 5
modcall[authorize]: module "unix" returns updated
for request 5
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 5
rlm_eap: EAP packet type response id 12 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 5
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 5
modcall[authorize]: module "expiration" returns noop
for request 5
modcall[authorize]: module "logintime" returns noop
for request 5
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 5
modcall: leaving group authorize (returns updated) for
request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled
for request 5
modcall: leaving group authenticate (returns handled)
for request 5
60355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c06c98b52f07e40b7a
EAP-Message =
0x2bbc8195354322a1add2669b6490fa1e283485c0199c6c19b98d39f46d7a7794b2fcb00d603527c59937017b94ec55cb13fff98f955756e542a51615102155fb2b5488df44df901c8a3c4ff33cfeef393201adedaea261e0f09ba0b761b75ea936fefa309dcf4123e6181d6195933dc8d6bac8059cfb5d0203010001a382011630820112301d0603551d0e041604142ce51d8df33c708efad4c61573507ce4ab53dca23081e20603551d230481da3081d780142ce51d8df33c708efad4c61573507ce4ab53dca2a181b3a481b03081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f
EAP-Message =
0x746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d820900d4a1f9d8d7737d14300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002e723b0585ba7578446d0e31b3ca76f6a1cf7687cec687370f7cc19705f9f65fd9de89f88dd29289067f36429c986aa5b2acb0385db81ae478977e3c8afe5cac922f868c287102958f6480d804137a857b
EAP-Message =
0x8cfd7b67dc75baae0473ebef570bc0818109395d7719dfc91c433512fdd6024ed7b95be263199c0a8b0b2b91e53ebf16030100040e000000
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xf555032e67d9a39b1882d1f8fcf09959
rad_recv: Access-Request packet from host 192.168.2.1
port 1028, id=10, length=299
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0xf555032e67d9a39b1882d1f8fcf09959
EAP-Message =
0x020a00c81980000000be16030100861000008200807b7478a2410e8462f3f7d10c0e9d50d19af9a741141bc370f1a8f6c75bf709f3acf214824e4cfc94f0dbe7fca16f0dc4e2cd2e2f07ee3fed801a4927f4cebbc81d3412d562849a1cc97326393602377db60bda2d700cbbcc7dc22e7a4fc2cb46f3a39d2ac03757b6c18c90ee28092771f720d783860385fa53a3b91c4ba1349614030100010116030100287b7da10c2e9631775cb253b814a2e0b7c2ae490e1315919d7ccdbcdffc15f7ead55393c895763aa0
Message-Authenticator =
0x797234f69da5e2f9b286b496e7f012de
Sending Access-Challenge of id 10 to 192.168.2.1 port
1028
EAP-Message =
0x010b00391900140301000101160301002859982aa195439003edaefa0a02d39657f462c138c0a491cb9e3a2e8f53e454d78cf70c2593081536
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x2e87fe669ff8f70b4f366ff026238bf3
rad_recv: Access-Request packet from host 192.168.2.1
port 1029, id=11, length=105
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x2e87fe669ff8f70b4f366ff026238bf3
EAP-Message = 0x020b00061900
Message-Authenticator =
0x076cfe5e1e00f1331f6ab47739023c5b
Sending Access-Challenge of id 11 to 192.168.2.1 port
1029
EAP-Message =
0x010c004819001703010018f1089fc93f10c7b3aff1fbd2de8e9f777555699758858a8817030100207d2beb720e59cd6554e8de7952b4bf30ba3209e191279c2413e014da3b750b3a
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x1f0cea76398ad5e6af48a1bfe5667d65
rad_recv: Access-Request packet from host 192.168.2.1
port 1030, id=12, length=142
User-Name = "nurah"
NAS-IP-Address = 192.168.2.1
NAS-Identifier = "AP"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x1f0cea76398ad5e6af48a1bfe5667d65
EAP-Message =
0x020c002b19001703010020869dc6c24a3ce923587a617c19c1da7a14c44a17929e213eab2023743f1be8c3
Message-Authenticator =
0x3642782edda868940e8fed95b40490cb
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020c000a016e75726168
PEAP: Sending tunneled request
EAP-Message = 0x020c000a016e75726168
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "nurah"
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x010d001f1a010d001a10650acba154cea10853bd3a630dd8b4316e75726168
Message-Authenticat PEAP: Got tunneled
Access-Challenge
modcall[authenticate]: module "eap" returns handled
for request 5
modcall: leaving group authenticate (returns handled)
for request 5
Finished request 5
Going to the next request
Waking up in 4 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok
for request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "mschap" returns noop for
request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "unix" returns updated
for request 6
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 6
rlm_eap: EAP packet type response id 13 length 99
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 6
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 6
modcall[authorize]: module "expiration" returns noop
for request 6
modcall[authorize]: module "logintime" returns noop
for request 6
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 6
modcall: leaving group authorize (returns updated) for
request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to nurah
PEAP: Adding old state with 79 06
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok
for request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "mschap" returns noop for
request 6
modcall[authorize]: module "chap" returns noop for
request 6
modcall[authorize]: module "unix" returns updated
for request 6
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 6
rlm_eap: EAP packet type response id 13 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 6
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 6
modcall[authorize]: module "expiration" returns noop
for request 6
modcall[authorize]: module "logintime" returns noop
for request 6
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 6
modcall: leaving group authorize (returns updated) for
request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot
create LM-Password.
rlm_mschap: No User-Password configured. Cannot
create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for nurah with
NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot
perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns
reject for request 6
modcall: leaving group MS-CHAP (returns reject) for
request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject
for request 6
modcall: leaving group authenticate (returns reject)
for request 6
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled
for request 6
modcall: leaving group authenticate (returns handled)
for request 6
Finished request 6
Going to the next request
Waking up in 4 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok
for request 7
modcall[authorize]: module "chap" returns noop for
request 7
modcall[authorize]: module "mschap" returns noop for
request 7
modcall[authorize]: module "chap" returns noop for
request 7
modcall[authorize]: module "unix" returns updated
for request 7
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 7
rlm_eap: EAP packet type response id 14 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 7
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 7
modcall[authorize]: module "expiration" returns noop
for request 7
modcall[authorize]: module "logintime" returns noop
for request 7
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 7
modcall: leaving group authorize (returns updated) for
request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was
rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid
for request 7
modcall: leaving group authenticate (returns invalid)
for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 4 seconds...
Delaying request 7 for 1 seconds
--- Walking the entire request list ---
Waking up in 1 seconds...
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok
for request 8
modcall[authorize]: module "chap" returns noop for
request 8
modcall[authorize]: module "mschap" returns noop for
request 8
modcall[authorize]: module "chap" returns noop for
request 8
modcall[authorize]: module "unix" returns updated
for request 8
rlm_realm: No '@' in User-Name = "nurah", looking
up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for
request 8
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 8
users: Matched entry nurah at line 9
modcall[authorize]: module "files" returns ok for
request 8
modcall[authorize]: module "expiration" returns noop
for request 8
modcall[authorize]: module "logintime" returns noop
for request 8
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for
request 8
modcall: leaving group authorize (returns updated) for
request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response
to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid
for request 8
modcall: leaving group authenticate (returns invalid)
for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 7 with timestamp 43963da2
Cleaning up request 3 ID 10 with timestamp 43963da2
Cleaning up request 1 ID 8 with timestamp 43963da2
Cleaning up request 2 ID 9 with timestamp 43963da2
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 12 with timestamp 43963da3
Cleaning up request 4 ID 11 with timestamp 43963da3
Cleaning up request 6 ID 13 with timestamp 43963da3
Cleaning up request 7 ID 14 with timestamp 43963da3
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 8 ID 3 with timestamp 43963da6
Nothing to do. Sleeping until we see a request.
__________________________________________
Yahoo! DSL Something to write home about.
Just $16.99/mo. or less.
dsl.yahoo.com
More information about the Freeradius-Users
mailing list