wpa auth.xp stuck on login
Collen Blijenberg
collen at mail.hermanjordan.nl
Wed Aug 30 16:03:39 CEST 2006
Good day to you all,
I'm kinda stuck with authenticating a windows xp sp2 laptop to a wlan - ap
that uses wpa.
i followed the 802.1X port based auth howto from tldp.org but no luck.
the idea is to use ms-chapv2,eap,tls,peap
in the log file i can see the user auth. come by, but no errors or
problems showed up.
the other day, a friend tried is with his mac i-book, and he did get in!?
but now my xp machine doesn't.. dunno where it goes wrong..
starting radiusd -XX gives alot of output, but no error's shown either.
here is a small dump..
---------
rad_recv: Access-Request packet from host 10.0.0.20:3072, id=0, length=125
User-Name = "collen"
NAS-IP-Address = 10.0.0.20
Called-Station-Id = "0016b69e59c3"
Calling-Station-Id = "00166f980e78"
NAS-Identifier = "0016b69e59c3"
NAS-Port = 46
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200000b01636f6c6c656e
Message-Authenticator = 0xe97abfadc688db9d412503fc8a0e283f
Wed Aug 30 15:53:02 2006 : Debug: Processing the authorize section of
radiusd.conf
Wed Aug 30 15:53:02 2006 : Debug: modcall: entering group authorize for
request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling
auth_log (rlm_detail) for request 0
Wed Aug 30 15:53:02 2006 : Debug: radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/10.0.0.20/auth-detail-20060830'
Wed Aug 30 15:53:02 2006 : Debug: rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/10.0.0.20/auth-detail-20060830
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
auth_log (rlm_detail) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module
"auth_log" returns ok for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "mschap"
returns noop for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: EAP packet type response id
0 length 11
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "eap"
returns updated for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 0
Wed Aug 30 15:53:02 2006 : Debug: users: Matched entry collen at
line 217
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "files"
returns ok for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall: leaving group authorize
(returns updated) for request 0
Wed Aug 30 15:53:02 2006 : Debug: rad_check_password: Found Auth-Type EAP
Wed Aug 30 15:53:02 2006 : Debug: auth: type "EAP"
Wed Aug 30 15:53:02 2006 : Debug: Processing the authenticate section
of radiusd.conf
Wed Aug 30 15:53:02 2006 : Debug: modcall: entering group authenticate
for request 0
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: EAP Identity
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: processing type tls
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: Initiate
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: Start returned 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authenticate]: returned
from eap (rlm_eap) for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall[authenticate]: module "eap"
returns handled for request 0
Wed Aug 30 15:53:02 2006 : Debug: modcall: leaving group authenticate
(returns handled) for request 0
Sending Access-Challenge of id 0 to 10.0.0.20 port 3072
Reply-Message = "Go and See your system administrator"
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x514be7fc208b2ee1df2cc191b5282f3a
Wed Aug 30 15:53:02 2006 : Debug: Finished request 0
Wed Aug 30 15:53:02 2006 : Debug: Going to the next request
Wed Aug 30 15:53:02 2006 : Debug: --- Walking the entire request list ---
Wed Aug 30 15:53:02 2006 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.20:3072, id=0, length=212
User-Name = "collen"
NAS-IP-Address = 10.0.0.20
Called-Station-Id = "0016b69e59c3"
Calling-Station-Id = "00166f980e78"
NAS-Identifier = "0016b69e59c3"
NAS-Port = 46
Framed-MTU = 1400
State = 0x514be7fc208b2ee1df2cc191b5282f3a
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201005019800000004616030100410100003d030144f67859f94017b05e178d502a2f37b42e86f6cb6d6d13bd90a07398bdb3115900001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x0fb306b26777d99c2b78ac78fcbbcf85
Wed Aug 30 15:53:02 2006 : Debug: Processing the authorize section of
radiusd.conf
Wed Aug 30 15:53:02 2006 : Debug: modcall: entering group authorize for
request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling
preprocess (rlm_preprocess) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module
"preprocess" returns ok for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling
auth_log (rlm_detail) for request 1
Wed Aug 30 15:53:02 2006 : Debug: radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/10.0.0.20/auth-detail-20060830'
Wed Aug 30 15:53:02 2006 : Debug: rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/freeradius/var/log/radius/radacct/10.0.0.20/auth-detail-20060830
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
auth_log (rlm_detail) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module
"auth_log" returns ok for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
mschap (rlm_mschap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "mschap"
returns noop for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling eap
(rlm_eap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: EAP packet type response id
1 length 80
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: No EAP Start, assuming it's
an on-going EAP conversation
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
eap (rlm_eap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "eap"
returns updated for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 1
Wed Aug 30 15:53:02 2006 : Debug: users: Matched entry collen at
line 217
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authorize]: module "files"
returns ok for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall: leaving group authorize
(returns updated) for request 1
Wed Aug 30 15:53:02 2006 : Debug: rad_check_password: Found Auth-Type EAP
Wed Aug 30 15:53:02 2006 : Debug: auth: type "EAP"
Wed Aug 30 15:53:02 2006 : Debug: Processing the authenticate section
of radiusd.conf
Wed Aug 30 15:53:02 2006 : Debug: modcall: entering group authenticate
for request 1
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: Request found, released
from the list
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: EAP/peap
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap: processing type peap
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_peap: Authenticate
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: processing TLS
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: Length Included
Wed Aug 30 15:53:02 2006 : Debug: eaptls_verify returned 11
Wed Aug 30 15:53:02 2006 : Debug: (other): before/accept initialization
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: before/accept
initialization
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake
[length 0041], ClientHello
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: SSLv3 read client hello A
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 004a], ServerHello
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: SSLv3 write server hello A
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 0694], Certificate
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: SSLv3 write certificate A
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake
[length 0004], ServerHelloDone
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: SSLv3 write server done A
Wed Aug 30 15:53:02 2006 : Debug: TLS_accept: SSLv3 flush data
Wed Aug 30 15:53:02 2006 : Error: TLS_accept:error in SSLv3 read
client certificate A
Wed Aug 30 15:53:02 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Aug 30 15:53:02 2006 : Debug: In SSL Handshake Phase
Wed Aug 30 15:53:02 2006 : Debug: In SSL Accept mode
Wed Aug 30 15:53:02 2006 : Debug: eaptls_process returned 13
Wed Aug 30 15:53:02 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED
Wed Aug 30 15:53:02 2006 : Debug: modsingle[authenticate]: returned
from eap (rlm_eap) for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall[authenticate]: module "eap"
returns handled for request 1
Wed Aug 30 15:53:02 2006 : Debug: modcall: leaving group authenticate
(returns handled) for request 1
Sending Access-Challenge of id 0 to 10.0.0.20 port 3072
Reply-Message = "Go and See your system administrator"
EAP-Message =
0x0102040a19c0000006f1160301004a02000046030144f5983e2a3f2787f349e2c803691e2bd1dcecb00c4cdf71d8130966b67808e0203c016a91c6fb93cb2a5b767bd564efb362ae8b997c45585ec2c3ff446bda25e800040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x98cb9ce82b22aff87c8ddd218edbc40a
Wed Aug 30 15:53:02 2006 : Debug: Finished request 1
Wed Aug 30 15:53:02 2006 : Debug: Going to the next request
Wed Aug 30 15:53:02 2006 : Debug: rl_next: returning NULL
---------------
Cheers
Collen..
More information about the Freeradius-Users
mailing list