XP auth + PEAP (debik)
debik
debik at vp.pl
Tue Dec 6 20:16:23 CET 2005
Could you sent me your configs.
A would like to lokk how you use other authentication.
----- Original Message -----
From: "mat yuh" <yusshalimee at yahoo.com>
To: <freeradius-users at lists.freeradius.org>
Sent: Tuesday, December 06, 2005 10:50 AM
Subject: Re: XP auth + PEAP (debik)
> i'm also have a problem to make PEAP works with XP
> SP2.The PAP, EAP-tls, EAP-ttls work very well.i
> realise that freeradius gives me this error :
>
> rlm_mschap: No User-Password configured. Cannot
> create LM-Password.
> rlm_mschap: No User-Password configured. Cannot
> create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for nurah with
> NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot perform
> authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns reject
> for request 6
> modcall: leaving group MS-CHAP (returns reject) for
> request 6
>
>
> i do read the maillist and search on google but cant
> make XP SP2 Work with PEAP. i'm using several NAS such
> as SMC BARRICADE 2804WBR and Linksys WRT54G. i do
> configure default_eap_type = peap in eap.conf and have
> a plain text password in users file :
>
> nurah User-Password == "mypasswd"
>
> ** i make a new users file and put nurah user only in
> it
>
> here is my complete debug message :
>
>
> -----------------------
>
> Initializing the thread pool...
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on proxy address * port 1814
> Ready to process requests.
> Nothing to do. Sleeping until we see a request.
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok
> for request 0
> modcall[authorize]: module "chap" returns noop for
> request 0
> modcall[authorize]: module "mschap" returns noop for
> request 0
> modcall[authorize]: module "chap" returns noop for
> request 0
> modcall[authorize]: module "unix" returns updated
> for request 0
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 0
> rlm_eap: EAP packet type response id 7 length 10
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 0
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 0
> modcall[authorize]: module "expiration" returns noop
> for request 0
> modcall[authorize]: module "logintime" returns noop
> for request 0
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 0
> modcall: leaving group authorize (returns updated) for
> request 0
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 0
> rlm_eap: EAP Identity
> rlm_eap: processing type tls
> rlm_eap_tls: Initiate
> rlm_eap_tls: Start returned 1
> modcall[authenticate]: module "eap" returns handled
> for request 0
> modcall: leaving group authenticate (returns handled)
> for request 0
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 5 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 1
> modcall[authorize]: module "preprocess" returns ok
> for request 1
> modcall[authorize]: module "chap" returns noop for
> request 1
> modcall[authorize]: module "mschap" returns noop for
> request 1
> modcall[authorize]: module "chap" returns noop for
> request 1
> modcall[authorize]: module "unix" returns updated
> for request 1
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 1
> rlm_eap: EAP packet type response id 8 length 65
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 1
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 1
> modcall[authorize]: module "expiration" returns noop
> for request 1
> modcall[authorize]: module "logintime" returns noop
> for request 1
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 1
> modcall: leaving group authorize (returns updated) for
> request 1
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 1
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> (other): before/accept initialization
> TLS_accept: before/accept initialization
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0032],
> ClientHello
> TLS_accept: SSLv3 read client hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a],
> ServerHello
> TLS_accept: SSLv3 write server hello A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 06cc],
> Certificate
> TLS_accept: SSLv3 write certificate A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004],
> ServerHelloDone
> TLS_accept: SSLv3 write server done A
> TLS_accept: SSLv3 flush data
> TLS_accept:error in SSLv3 read client certificate
> A
> In SSL Handshake Phase
> In SSL Accept mode
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled
> for request 1
> modcall: leaving group authenticate (returns handled)
> for request 1
> Finished request 1
> Going to the next request
> Waking up in 5 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 2
> modcall[authorize]: module "preprocess" returns ok
> for request 2
> modcall[authorize]: module "chap" returns noop for
> request 2
> modcall[authorize]: module "mschap" returns noop for
> request 2
> modcall[authorize]: module "chap" returns noop for
> request 2
> modcall[authorize]: module "unix" returns updated
> for request 2
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 2
> rlm_eap: EAP packet type response id 9 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 2
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 2
> modcall[authorize]: module "expiration" returns noop
> for request 2
> modcall[authorize]: module "logintime" returns noop
> for request 2
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 2
> modcall: leaving group authorize (returns updated) for
> request 2
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 2
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake fragment handler
> eaptls_verify returned 1
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled
> for request 2
> modcall: leaving group authenticate (returns handled)
> for request 2
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1025, id=7, length=91
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> EAP-Message = 0x0207000a016e75726168
> Message-Authenticator =
> 0x68f9afa71809cd05fb71ab8686f18320
> Sending Access-Challenge of id 7 to 192.168.2.1 port
> 1025
> EAP-Message = 0x010800061920
> Message-Authenticator =
> 0x00000000000000000000000000000000
> State = 0x504617b0d4dd078d15c5d6ad12aff5f1
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1026, id=8, length=164
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> State = 0x504617b0d4dd078d15c5d6ad12aff5f1
> EAP-Message =
> 0x0208004119800000003716030100320100002e0301ae311dd3edd1dea83725e444a8d98d1e6112c10ebfcddacd153cf88067247bfc01000006000a000500040100
> Message-Authenticator =
> 0x8413f48fc7e59bb15e4f6ed10532a5d9
> Sending Access-Challenge of id 8 to 192.168.2.1 port
> 1026
> EAP-Message =
> 0x0109040a19c000000729160301004a02000046030143963da2133ae46a6fdcc84d872a6f77f8447a49f37e19e9ab11f900f2c11630207acd91607051139b88ec441c90932b9ca122526d8e65d3ed5229d33d9c5008ae000a0016030106cc0b0006c80006c50002c9308202c53082022e020900f2585747fdc421f1300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c0603550403
> EAP-Message =
> 0x13154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d301e170d3035313230343036323235325a170d3135313230323036323235325a30819f310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b130249543110300e06035504031307636f6c696e75783124302206092a864886f70d01090116156e757261683132314073747265616d79782e63
> EAP-Message =
> 0x6f6d30819f300d06092a864886f70d010101050003818d0030818902818100a9c3198f512e0c50674463c59ce454415fd1df0496491d5d8830044248d602fbf9112117e2f5fea88aa6433add26cfdbc17303650260e43b551990fe5f45e826147cacae5469311b55fde41305b972580db938c16dcd73cb44f47c978b8fb205c9489ff748fd7e87ff9555a004f44ed3eeb18e982aa1c7e8dcdd49af87f3d15f0203010001300d06092a864886f70d01010505000381810090ab8b57db0a519e89a3d18882f98dde739a0e21fa1c26bf754f9f7835dc34a146aec1327de98a1ec8cb03b930da518cac8e06ce7d39685697f3d226388cc2f2b8464672e272
> EAP-Message =
> 0x0ca42ab3184e5e0669b1dc545b928b3341c4beb5ef574f51a9192f5fd153c91d698d7b957befe425ef45fd1eb81631c44229f9c6405a4a3ec3000003f6308203f23082035ba003020102020900d4a1f9d8d7737d14300d06092a864886f70d01010505003081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d010901
> EAP-Message =
> 0x16156e757261683132314073747265616d79782e636f
> Message-Authenticator =
> 0x00000000000000000000000000000000
> State = 0xf4c74c157d0597a1dce1a727f6888730
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1027, id=9, length=105
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> State = 0xf4c74c157d0597a1dce1a727f6888730
> EAP-Message = 0x020900061900
> Message-Authenticator =
> 0xe882c439bd4c462b3d3d457e586fa9a3
> Sending Access-Challenge of id 9 to 192.168.2.1 port
> 1027
> EAP-Message =
> 0x010a032f19006d301e170d3035313230343036323234315a170d3135313230323036323234315a3081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b30090Finished
> request 2
> Going to the next request
> Waking up in 5 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 3
> modcall[authorize]: module "preprocess" returns ok
> for request 3
> modcall[authorize]: module "chap" returns noop for
> request 3
> modcall[authorize]: module "mschap" returns noop for
> request 3
> modcall[authorize]: module "chap" returns noop for
> request 3
> modcall[authorize]: module "unix" returns updated
> for request 3
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 3
> rlm_eap: EAP packet type response id 10 length 200
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 3
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 3
> modcall[authorize]: module "expiration" returns noop
> for request 3
> modcall[authorize]: module "logintime" returns noop
> for request 3
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 3
> modcall: leaving group authorize (returns updated) for
> request 3
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 3
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Length Included
> eaptls_verify returned 11
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086],
> ClientKeyExchange
> TLS_accept: SSLv3 read client key exchange A
> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length
> 0001]
> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010],
> Finished
> TLS_accept: SSLv3 read finished A
> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length
> 0001]
> TLS_accept: SSLv3 write change cipher spec A
> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010],
> Finished
> TLS_accept: SSLv3 write finished A
> TLS_accept: SSLv3 flush data
> (other): SSL negotiation finished successfully
> SSL Connection Established
> eaptls_process returned 13
> rlm_eap_peap: EAPTLS_HANDLED
> modcall[authenticate]: module "eap" returns handled
> for request 3
> modcall: leaving group authenticate (returns handled)
> for request 3
> Finished request 3
> Going to the next request
> Waking up in 5 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 4
> modcall[authorize]: module "preprocess" returns ok
> for request 4
> modcall[authorize]: module "chap" returns noop for
> request 4
> modcall[authorize]: module "mschap" returns noop for
> request 4
> modcall[authorize]: module "chap" returns noop for
> request 4
> modcall[authorize]: module "unix" returns updated
> for request 4
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 4
> rlm_eap: EAP packet type response id 11 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 4
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 4
> modcall[authorize]: module "expiration" returns noop
> for request 4
> modcall[authorize]: module "logintime" returns noop
> for request 4
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 4
> modcall: leaving group authorize (returns updated) for
> request 4
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 4
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> rlm_eap_tls: Received EAP-TLS ACK message
> rlm_eap_tls: ack handshake is finished
> eaptls_verify returned 3
> eaptls_process returned 3
> rlm_eap_peap: EAPTLS_SUCCESS
> modcall[authenticate]: module "eap" returns handled
> for request 4
> modcall: leaving group authenticate (returns handled)
> for request 4
> Finished request 4
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 4 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok
> for request 5
> modcall[authorize]: module "chap" returns noop for
> request 5
> modcall[authorize]: module "mschap" returns noop for
> request 5
> modcall[authorize]: module "chap" returns noop for
> request 5
> modcall[authorize]: module "unix" returns updated
> for request 5
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 5
> rlm_eap: EAP packet type response id 12 length 43
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 5
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 5
> modcall[authorize]: module "expiration" returns noop
> for request 5
> modcall[authorize]: module "logintime" returns noop
> for request 5
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 5
> modcall: leaving group authorize (returns updated) for
> request 5
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding
> tunneled attributes.
> rlm_eap_peap: Identity - nurah
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Got tunneled identity of nurah
> PEAP: Setting default EAP type for tunneled EAP
> session.
> PEAP: Setting User-Name to nurah
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok
> for request 5
> modcall[authorize]: module "chap" returns noop for
> request 5
> modcall[authorize]: module "mschap" returns noop for
> request 5
> modcall[authorize]: module "chap" returns noop for
> request 5
> modcall[authorize]: module "unix" returns updated
> for request 5
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 5
> rlm_eap: EAP packet type response id 12 length 10
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 5
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 5
> modcall[authorize]: module "expiration" returns noop
> for request 5
> modcall[authorize]: module "logintime" returns noop
> for request 5
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 5
> modcall: leaving group authorize (returns updated) for
> request 5
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 5
> rlm_eap: EAP Identity
> rlm_eap: processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> modcall[authenticate]: module "eap" returns handled
> for request 5
> modcall: leaving group authenticate (returns handled)
> for request 5
> 60355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c06c98b52f07e40b7a
> EAP-Message =
> 0x2bbc8195354322a1add2669b6490fa1e283485c0199c6c19b98d39f46d7a7794b2fcb00d603527c59937017b94ec55cb13fff98f955756e542a51615102155fb2b5488df44df901c8a3c4ff33cfeef393201adedaea261e0f09ba0b761b75ea936fefa309dcf4123e6181d6195933dc8d6bac8059cfb5d0203010001a382011630820112301d0603551d0e041604142ce51d8df33c708efad4c61573507ce4ab53dca23081e20603551d230481da3081d780142ce51d8df33c708efad4c61573507ce4ab53dca2a181b3a481b03081ad310b3009060355040613024d593111300f060355040813084b656c616e74616e311330110603550407130a4b6f
> EAP-Message =
> 0x746120426861727531233021060355040a131a4e7572616820436f6d6d756e636174696f6e2053646e20426864310b3009060355040b13024954311e301c060355040313154e7572616820436f6d6d756e636174696f6e2043413124302206092a864886f70d01090116156e757261683132314073747265616d79782e636f6d820900d4a1f9d8d7737d14300c0603551d13040530030101ff300d06092a864886f70d0101050500038181002e723b0585ba7578446d0e31b3ca76f6a1cf7687cec687370f7cc19705f9f65fd9de89f88dd29289067f36429c986aa5b2acb0385db81ae478977e3c8afe5cac922f868c287102958f6480d804137a857b
> EAP-Message =
> 0x8cfd7b67dc75baae0473ebef570bc0818109395d7719dfc91c433512fdd6024ed7b95be263199c0a8b0b2b91e53ebf16030100040e000000
> Message-Authenticator =
> 0x00000000000000000000000000000000
> State = 0xf555032e67d9a39b1882d1f8fcf09959
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1028, id=10, length=299
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> State = 0xf555032e67d9a39b1882d1f8fcf09959
> EAP-Message =
> 0x020a00c81980000000be16030100861000008200807b7478a2410e8462f3f7d10c0e9d50d19af9a741141bc370f1a8f6c75bf709f3acf214824e4cfc94f0dbe7fca16f0dc4e2cd2e2f07ee3fed801a4927f4cebbc81d3412d562849a1cc97326393602377db60bda2d700cbbcc7dc22e7a4fc2cb46f3a39d2ac03757b6c18c90ee28092771f720d783860385fa53a3b91c4ba1349614030100010116030100287b7da10c2e9631775cb253b814a2e0b7c2ae490e1315919d7ccdbcdffc15f7ead55393c895763aa0
> Message-Authenticator =
> 0x797234f69da5e2f9b286b496e7f012de
> Sending Access-Challenge of id 10 to 192.168.2.1 port
> 1028
> EAP-Message =
> 0x010b00391900140301000101160301002859982aa195439003edaefa0a02d39657f462c138c0a491cb9e3a2e8f53e454d78cf70c2593081536
> Message-Authenticator =
> 0x00000000000000000000000000000000
> State = 0x2e87fe669ff8f70b4f366ff026238bf3
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1029, id=11, length=105
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> State = 0x2e87fe669ff8f70b4f366ff026238bf3
> EAP-Message = 0x020b00061900
> Message-Authenticator =
> 0x076cfe5e1e00f1331f6ab47739023c5b
> Sending Access-Challenge of id 11 to 192.168.2.1 port
> 1029
> EAP-Message =
> 0x010c004819001703010018f1089fc93f10c7b3aff1fbd2de8e9f777555699758858a8817030100207d2beb720e59cd6554e8de7952b4bf30ba3209e191279c2413e014da3b750b3a
> Message-Authenticator =
> 0x00000000000000000000000000000000
> State = 0x1f0cea76398ad5e6af48a1bfe5667d65
> rad_recv: Access-Request packet from host 192.168.2.1
> port 1030, id=12, length=142
> User-Name = "nurah"
> NAS-IP-Address = 192.168.2.1
> NAS-Identifier = "AP"
> NAS-Port = 29
> Service-Type = Framed-User
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> State = 0x1f0cea76398ad5e6af48a1bfe5667d65
> EAP-Message =
> 0x020c002b19001703010020869dc6c24a3ce923587a617c19c1da7a14c44a17929e213eab2023743f1be8c3
> Message-Authenticator =
> 0x3642782edda868940e8fed95b40490cb
> PEAP: Got tunneled EAP-Message
> EAP-Message = 0x020c000a016e75726168
> PEAP: Sending tunneled request
> EAP-Message = 0x020c000a016e75726168
> FreeRADIUS-Proxied-To = 127.0.0.1
> User-Name = "nurah"
> PEAP: Got tunneled reply RADIUS code 11
> EAP-Message =
> 0x010d001f1a010d001a10650acba154cea10853bd3a630dd8b4316e75726168
> Message-Authenticat PEAP: Got tunneled
> Access-Challenge
> modcall[authenticate]: module "eap" returns handled
> for request 5
> modcall: leaving group authenticate (returns handled)
> for request 5
> Finished request 5
> Going to the next request
> Waking up in 4 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 6
> modcall[authorize]: module "preprocess" returns ok
> for request 6
> modcall[authorize]: module "chap" returns noop for
> request 6
> modcall[authorize]: module "mschap" returns noop for
> request 6
> modcall[authorize]: module "chap" returns noop for
> request 6
> modcall[authorize]: module "unix" returns updated
> for request 6
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 6
> rlm_eap: EAP packet type response id 13 length 99
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 6
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 6
> modcall[authorize]: module "expiration" returns noop
> for request 6
> modcall[authorize]: module "logintime" returns noop
> for request 6
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 6
> modcall: leaving group authorize (returns updated) for
> request 6
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding
> tunneled attributes.
> rlm_eap_peap: EAP type mschapv2
> rlm_eap_peap: Tunneled data is valid.
> PEAP: Setting User-Name to nurah
> PEAP: Adding old state with 79 06
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 6
> modcall[authorize]: module "preprocess" returns ok
> for request 6
> modcall[authorize]: module "chap" returns noop for
> request 6
> modcall[authorize]: module "mschap" returns noop for
> request 6
> modcall[authorize]: module "chap" returns noop for
> request 6
> modcall[authorize]: module "unix" returns updated
> for request 6
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 6
> rlm_eap: EAP packet type response id 13 length 64
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 6
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 6
> modcall[authorize]: module "expiration" returns noop
> for request 6
> modcall[authorize]: module "logintime" returns noop
> for request 6
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 6
> modcall: leaving group authorize (returns updated) for
> request 6
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 6
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/mschapv2
> rlm_eap: processing type mschapv2
> Processing the authenticate section of radiusd.conf
> modcall: entering group MS-CHAP for request 6
> rlm_mschap: No User-Password configured. Cannot
> create LM-Password.
> rlm_mschap: No User-Password configured. Cannot
> create NT-Password.
> rlm_mschap: Told to do MS-CHAPv2 for nurah with
> NT-Password
> rlm_mschap: FAILED: No NT/LM-Password. Cannot
> perform authentication.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
> modcall[authenticate]: module "mschap" returns
> reject for request 6
> modcall: leaving group MS-CHAP (returns reject) for
> request 6
> rlm_eap: Freeing handler
> modcall[authenticate]: module "eap" returns reject
> for request 6
> modcall: leaving group authenticate (returns reject)
> for request 6
> auth: Failed to validate the user.
> PEAP: Tunneled authentication was rejected.
> rlm_eap_peap: FAILURE
> modcall[authenticate]: module "eap" returns handled
> for request 6
> modcall: leaving group authenticate (returns handled)
> for request 6
> Finished request 6
> Going to the next request
> Waking up in 4 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 7
> modcall[authorize]: module "preprocess" returns ok
> for request 7
> modcall[authorize]: module "chap" returns noop for
> request 7
> modcall[authorize]: module "mschap" returns noop for
> request 7
> modcall[authorize]: module "chap" returns noop for
> request 7
> modcall[authorize]: module "unix" returns updated
> for request 7
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 7
> rlm_eap: EAP packet type response id 14 length 43
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 7
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 7
> modcall[authorize]: module "expiration" returns noop
> for request 7
> modcall[authorize]: module "logintime" returns noop
> for request 7
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 7
> modcall: leaving group authorize (returns updated) for
> request 7
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 7
> rlm_eap: Request found, released from the list
> rlm_eap: EAP/peap
> rlm_eap: processing type peap
> rlm_eap_peap: Authenticate
> rlm_eap_tls: processing TLS
> eaptls_verify returned 7
> rlm_eap_tls: Done initial handshake
> eaptls_process returned 7
> rlm_eap_peap: EAPTLS_OK
> rlm_eap_peap: Session established. Decoding
> tunneled attributes.
> rlm_eap_peap: Received EAP-TLV response.
> rlm_eap_peap: Tunneled data is valid.
> rlm_eap_peap: Had sent TLV failure. User was
> rejcted rejected earlier in this session.
> rlm_eap: Handler failed in EAP/peap
> rlm_eap: Failed in EAP select
> modcall[authenticate]: module "eap" returns invalid
> for request 7
> modcall: leaving group authenticate (returns invalid)
> for request 7
> auth: Failed to validate the user.
> Delaying request 7 for 1 seconds
> Finished request 7
> Going to the next request
> Waking up in 4 seconds...
> Delaying request 7 for 1 seconds
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 8
> modcall[authorize]: module "preprocess" returns ok
> for request 8
> modcall[authorize]: module "chap" returns noop for
> request 8
> modcall[authorize]: module "mschap" returns noop for
> request 8
> modcall[authorize]: module "chap" returns noop for
> request 8
> modcall[authorize]: module "unix" returns updated
> for request 8
> rlm_realm: No '@' in User-Name = "nurah", looking
> up realm NULL
> rlm_realm: No such realm "NULL"
> modcall[authorize]: module "suffix" returns noop for
> request 8
> rlm_eap: EAP packet type response id 3 length 6
> rlm_eap: No EAP Start, assuming it's an on-going EAP
> conversation
> modcall[authorize]: module "eap" returns updated for
> request 8
> users: Matched entry nurah at line 9
> modcall[authorize]: module "files" returns ok for
> request 8
> modcall[authorize]: module "expiration" returns noop
> for request 8
> modcall[authorize]: module "logintime" returns noop
> for request 8
> rlm_pap: Found existing Auth-Type, not changing it.
> modcall[authorize]: module "pap" returns noop for
> request 8
> modcall: leaving group authorize (returns updated) for
> request 8
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 8
> rlm_eap: Request not found in the list
> rlm_eap: Either EAP-request timed out OR EAP-response
> to an unknown EAP-request
> rlm_eap: Failed in handler
> modcall[authenticate]: module "eap" returns invalid
> for request 8
> modcall: leaving group authenticate (returns invalid)
> for request 8
> auth: Failed to validate the user.
> Delaying request 8 for 1 seconds
> Finished request 8
> Going to the next request
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 7 with timestamp 43963da2
> Cleaning up request 3 ID 10 with timestamp 43963da2
> Cleaning up request 1 ID 8 with timestamp 43963da2
> Cleaning up request 2 ID 9 with timestamp 43963da2
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 5 ID 12 with timestamp 43963da3
> Cleaning up request 4 ID 11 with timestamp 43963da3
> Cleaning up request 6 ID 13 with timestamp 43963da3
> Cleaning up request 7 ID 14 with timestamp 43963da3
> Waking up in 3 seconds...
> --- Walking the entire request list ---
> Cleaning up request 8 ID 3 with timestamp 43963da6
> Nothing to do. Sleeping until we see a request.
>
>
>
>
> __________________________________________
> Yahoo! DSL - Something to write home about.
> Just $16.99/mo. or less.
> dsl.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list