EAP/TLS PEAP on Suse 9.3 Ldap backend eDirectory

Daniel Hesse dhesse at mmrcsl.org
Wed Sep 21 20:55:21 CEST 2005


HMMMM only part of the log was included....strange!!! 
here it is again 
 
WINXP 
    TLS_accept: SSLv3 read client key exchange A 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished 
    TLS_accept: SSLv3 read finished A 
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] 
    TLS_accept: SSLv3 write change cipher spec A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished 
    TLS_accept: SSLv3 write finished A 
    TLS_accept: SSLv3 flush data 
    (other): SSL negotiation finished successfully 
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED 
  modcall[authenticate]: module eap returns handled for request 2 
modcall: group authenticate returns handled for request 2 
Sending Access-Challenge of id 180 to 10.10.4.20:2500 
        EAP-Message =
0x0104003119001403010001011603010020fb444951ea0360a043b79a34ac4ca533ae9744e6dc6fd7cda10c7b0470fbc55b

        Message-Authenticator = 0x00000000000000000000000000000000 
        State = 0xd86ec63a7680f4308aeb922aa999e201 
Finished request 2 
Going to the next request 
--- Walking the entire request list --- 
Waking up in 5 seconds... 
rad_recv: Access-Request packet from host 10.10.4.20:2501, id=181,
length=136 
        NAS-IP-Address = 10.10.4.20 
        NAS-Port-Type = Wireless-802.11 
        NAS-Port = 0 
        Framed-MTU = 1400 
        User-Name = dhesse 
        Calling-Station-Id = 001109229950 
        Called-Station-Id = 000e6acd7ff5 
        NAS-Identifier = dhlab_3com 
        State = 0xd86ec63a7680f4308aeb922aa999e201 
        EAP-Message = 0x020400061900 
        Message-Authenticator = 0x76ad5ea260dbcc6ec8c011c9c7faa527 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 3 
  modcall[authorize]: module preprocess returns ok for request 3 
  modcall[authorize]: module chap returns noop for request 3 
  modcall[authorize]: module mschap returns noop for request 3 
    rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL 
    rlm_realm: No such realm NULL 
  modcall[authorize]: module suffix returns noop for request 3 
  rlm_eap: EAP packet type response id 4 length 6 
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation 
  modcall[authorize]: module eap returns updated for request 3 
    users: Matched entry DEFAULT at line 152 
  modcall[authorize]: module files returns ok for request 3 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for dhesse 
radius_xlat:  '(uid=dhesse)' 
radius_xlat:  'o=StormLake' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) 
rlm_ldap: Added the eDirectory password in check items 
rlm_ldap: looking for check items in directory... 
rlm_ldap: looking for reply items in directory... 
rlm_ldap: user dhesse authorized to use remote access 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module ldap returns ok for request 3 
modcall: group authorize returns updated for request 3 
  rad_check_password:  Found Auth-Type EAP 
auth: type EAP 
  Processing the authenticate section of radiusd.conf 
modcall: entering group authenticate for request 3 
  rlm_eap: Request found, released from the list 
  rlm_eap: EAP/peap 
  rlm_eap: processing type peap 
  rlm_eap_peap: Authenticate 
  rlm_eap_tls: processing TLS 
rlm_eap_tls: Received EAP-TLS ACK message 
  rlm_eap_tls: ack handshake is finished 
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap_peap: EAPTLS_SUCCESS 
  modcall[authenticate]: module eap returns handled for request 3 
modcall: group authenticate returns handled for request 3 
Sending Access-Challenge of id 181 to 10.10.4.20:2501 
        EAP-Message =
0x0105002019001703010015bc0c8b230b6818687fdf49953a86ea2a7c92d8f0be 
        Message-Authenticator = 0x00000000000000000000000000000000 
        State = 0x34fc3101d2597dcae9f02eb68c529953 
Finished request 3 
Going to the next request 
Waking up in 5 seconds... 
rad_recv: Access-Request packet from host 10.10.4.20:2502, id=182,
length=164 
        NAS-IP-Address = 10.10.4.20 
        NAS-Port-Type = Wireless-802.11 
        NAS-Port = 0 
        Framed-MTU = 1400 
        User-Name = dhesse 
        Calling-Station-Id = 001109229950 
        Called-Station-Id = 000e6acd7ff5 
        NAS-Identifier = dhlab_3com 
        State = 0x34fc3101d2597dcae9f02eb68c529953 
        EAP-Message =
0x02050022190017030100171d156bb7f6783f7d189e1907099a9fa7309a04e469c5b1 
        Message-Authenticator = 0xe538669776929af733db5ebd93558b24 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 4 
  modcall[authorize]: module preprocess returns ok for request 4 
  modcall[authorize]: module chap returns noop for request 4 
  modcall[authorize]: module mschap returns noop for request 4 
    rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL 
    rlm_realm: No such realm NULL 
  modcall[authorize]: module suffix returns noop for request 4 
  rlm_eap: EAP packet type response id 5 length 34 
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation 
  modcall[authorize]: module eap returns updated for request 4 
    users: Matched entry DEFAULT at line 152 
  modcall[authorize]: module files returns ok for request 4 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for dhesse 
radius_xlat:  '(uid=dhesse)' 
radius_xlat:  'o=StormLake' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) 
rlm_ldap: Added the eDirectory password in check items 
rlm_ldap: looking for check items in directory... 
rlm_ldap: looking for reply items in directory... 
rlm_ldap: user dhesse authorized to use remote access 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module ldap returns ok for request 4 
modcall: group authorize returns updated for request 4 
  rad_check_password:  Found Auth-Type EAP 
auth: type EAP 
  Processing the authenticate section of radiusd.conf 
modcall: entering group authenticate for request 4 
  rlm_eap: Request found, released from the list 
  rlm_eap: EAP/peap 
  rlm_eap: processing type peap 
  rlm_eap_peap: Authenticate 
  rlm_eap_tls: processing TLS 
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake 
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK 
  rlm_eap_peap: Session established.  Decoding tunneled attributes. 
  rlm_eap_peap: Identity - dhesse 
  rlm_eap_peap: Tunneled data is valid. 
  PEAP: Got tunneled identity of dhesse 
  PEAP: Setting default EAP type for tunneled EAP session. 
  PEAP: Setting User-Name to dhesse 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 4 
  modcall[authorize]: module preprocess returns ok for request 4 
  modcall[authorize]: module chap returns noop for request 4 
  modcall[authorize]: module mschap returns noop for request 4 
    rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL 
    rlm_realm: No such realm NULL 
  modcall[authorize]: module suffix returns noop for request 4 
  rlm_eap: EAP packet type response id 5 length 11 
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation 
  modcall[authorize]: module eap returns updated for request 4 
    users: Matched entry DEFAULT at line 152 
  modcall[authorize]: module files returns ok for request 4 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for dhesse 
radius_xlat:  '(uid=dhesse)' 
radius_xlat:  'o=StormLake' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) 
rlm_ldap: Added the eDirectory password in check items 
rlm_ldap: looking for check items in directory... 
rlm_ldap: looking for reply items in directory... 
rlm_ldap: user dhesse authorized to use remote access 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module ldap returns ok for request 4 
modcall: group authorize returns updated for request 4 
  rad_check_password:  Found Auth-Type EAP 
auth: type EAP 
  Processing the authenticate section of radiusd.conf 
modcall: entering group authenticate for request 4 
  rlm_eap: EAP Identity 
  rlm_eap: processing type mschapv2 
rlm_eap_mschapv2: Issuing Challenge 
  modcall[authenticate]: module eap returns handled for request 4 
modcall: group authenticate returns handled for request 4 
  PEAP: Got tunneled Access-Challenge 
  modcall[authenticate]: module eap returns handled for request 4 
modcall: group authenticate returns handled for request 4 
Sending Access-Challenge of id 182 to 10.10.4.20:2502 
        EAP-Message =
0x010600371900170301002c2e60ef6cbaeb243c56acedee7a7f10fd837170ff8a7cf9db7376f6b80f3978e34405f8355b645ec66f716d00

        Message-Authenticator = 0x00000000000000000000000000000000 
        State = 0x5658e0fa40025a64a9c21e91575b399d 
Finished request 4 
Going to the next request 
Waking up in 5 seconds... 
rad_recv: Access-Request packet from host 10.10.4.20:2503, id=183,
length=218 
        NAS-IP-Address = 10.10.4.20 
        NAS-Port-Type = Wireless-802.11 
        NAS-Port = 0 
        Framed-MTU = 1400 
        User-Name = dhesse 
        Calling-Station-Id = 001109229950 
        Called-Station-Id = 000e6acd7ff5 
        NAS-Identifier = dhlab_3com 
        State = 0x5658e0fa40025a64a9c21e91575b399d 
        EAP-Message =
0x020600581900170301004dde7841f54a1023bc51de5b1049a3f40bc6a3885985ce3a25d2bb4eccc1b5750fb81735d317f01cdf5be04fa5ffb8d4ba2d8c4797bcc127929b672758a2ffe8fc4618d3ac27af90766780edb361

        Message-Authenticator = 0xb1ca667f588b5c0be2ebe759ba2d3d71 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 5 
  modcall[authorize]: module preprocess returns ok for request 5 
  modcall[authorize]: module chap returns noop for request 5 
  modcall[authorize]: module mschap returns noop for request 5 
    rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL 
    rlm_realm: No such realm NULL 
  modcall[authorize]: module suffix returns noop for request 5 
  rlm_eap: EAP packet type response id 6 length 88 
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation 
  modcall[authorize]: module eap returns updated for request 5 
    users: Matched entry DEFAULT at line 152 
  modcall[authorize]: module files returns ok for request 5 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for dhesse 
radius_xlat:  '(uid=dhesse)' 
radius_xlat:  'o=StormLake' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) 
rlm_ldap: Added the eDirectory password in check items 
rlm_ldap: looking for check items in directory... 
rlm_ldap: looking for reply items in directory... 
rlm_ldap: user dhesse authorized to use remote access 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module ldap returns ok for request 5 
modcall: group authorize returns updated for request 5 
  rad_check_password:  Found Auth-Type EAP 
auth: type EAP 
  Processing the authenticate section of radiusd.conf 
modcall: entering group authenticate for request 5 
  rlm_eap: Request found, released from the list 
  rlm_eap: EAP/peap 
  rlm_eap: processing type peap 
  rlm_eap_peap: Authenticate 
  rlm_eap_tls: processing TLS 
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake 
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK 
  rlm_eap_peap: Session established.  Decoding tunneled attributes. 
  rlm_eap_peap: EAP type mschapv2 
  rlm_eap_peap: Tunneled data is valid. 
  PEAP: Setting User-Name to dhesse 
  PEAP: Adding old state with 27 d7 
  Processing the authorize section of radiusd.conf 
modcall: entering group authorize for request 5 
  modcall[authorize]: module preprocess returns ok for request 5 
  modcall[authorize]: module chap returns noop for request 5 
  modcall[authorize]: module mschap returns noop for request 5 
    rlm_realm: No '@' in User-Name = dhesse, looking up realm NULL 
    rlm_realm: No such realm NULL 
  modcall[authorize]: module suffix returns noop for request 5 
  rlm_eap: EAP packet type response id 6 length 65 
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation 
  modcall[authorize]: module eap returns updated for request 5 
    users: Matched entry DEFAULT at line 152 
  modcall[authorize]: module files returns ok for request 5 
rlm_ldap: - authorize 
rlm_ldap: performing user authorization for dhesse 
radius_xlat:  '(uid=dhesse)' 
radius_xlat:  'o=StormLake' 
rlm_ldap: ldap_get_conn: Checking Id: 0 
rlm_ldap: ldap_get_conn: Got Id: 0 
rlm_ldap: performing search in o=StormLake, with filter (uid=dhesse) 
rlm_ldap: Added the eDirectory password in check items 
rlm_ldap: looking for check items in directory... 
rlm_ldap: looking for reply items in directory... 
rlm_ldap: user dhesse authorized to use remote access 
rlm_ldap: ldap_release_conn: Release Id: 0 
  modcall[authorize]: module ldap returns ok for request 5 
modcall: group authorize returns updated for request 5 
  rad_check_password:  Found Auth-Type EAP 
auth: type EAP 
  Processing the authenticate section of radiusd.conf 
modcall: entering group authenticate for request 5 
  rlm_eap: Request found, released from the list 
  rlm_eap: EAP/mschapv2 
  rlm_eap: processing type mschapv2 
  Processing the authenticate section of radiusd.conf 
modcall: entering group Auth-Type for request 5 
  rlm_mschap: Told to do MS-CHAPv2 for dhesse with NT-Password 
rlm_mschap: adding MS-CHAPv2 MPPE keys 
  modcall[authenticate]: module mschap returns ok for request 5 
modcall: group Auth-Type returns ok for request 5 
MSCHAP Success 
  modcall[authenticate]: module eap returns handled for request 5 
modcall: group authenticate returns handled for request 5 
  PEAP: Got tunneled Access-Challenge 
  modcall[authenticate]: module eap returns handled for request 5 
modcall: group authenticate returns handled for
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050921/89838b71/attachment.html>


More information about the Freeradius-Users mailing list