PEAP-MSCHAPv2 authentication failure
Sayantan Bhowmick
sbhowmick at novell.com
Mon Jan 23 11:28:23 CET 2006
Hi ,
I am trying to do PEAP MSCHAPv2 authentication. I am using
FreeRADIUS version 1.1.0 on Suse 9.0 and WinXP as the Suplicant. When I
select "Automatically use my Windows Logon name and password
(and domain if any)" in the network properties, WinXP tries to login as
domain-name\\user-name. I have enabled the "realm ntdomain" option in
radiusd.conf and have created an entry in the proxy.conf file. However
the authentication still fails. I am using eDirectory as my user store
and (I cannot use the ntlm_auth option as I do not have a AD setup). The
debug log is as follows. Can anyone please tell me how to get this
working?
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=96,
length=190
Sending Access-Reject of id 96 to 10.0.0.1 port 21647
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Cleaning up request 29 ID 90 with timestamp 43cde14f
Cleaning up request 30 ID 91 with timestamp 43cde14f
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=97,
length=165
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0xc0e1ca5411e453f15a1eb6bd2ee27743
EAP-Message =
0x0201001f014e4f56454c4c2d5154354d384230385c72616469757375736572
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 36
modcall[authorize]: module "preprocess" returns ok for request 36
modcall[authorize]: module "chap" returns noop for request 36
modcall[authorize]: module "mschap" returns noop for request 36
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 36
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 36
rlm_eap: EAP packet type response id 1 length 31
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 36
modcall[authorize]: module "files" returns notfound for request 36
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 36
modcall: leaving group authorize (returns updated) for request 36
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 36
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 36
modcall: leaving group authenticate (returns handled) for request 36
Sending Access-Challenge of id 97 to 10.0.0.1 port 21647
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x30170192891d3d63f0d026f17eb0b65e
Finished request 36
Going to the next request
--- Walking the entire request list ---
Cleaning up request 31 ID 92 with timestamp 43cde150
Cleaning up request 32 ID 93 with timestamp 43cde150
Cleaning up request 33 ID 94 with timestamp 43cde150
Cleaning up request 34 ID 95 with timestamp 43cde150
Cleaning up request 35 ID 96 with timestamp 43cde150
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=98,
length=264
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0xbae42c51a49613f3780756f23a9426a4
EAP-Message =
0x0202007019800000006616030100610100005d030143cde01037e38d07b56687db452982f13b38491004de1d3e5e7ebd2d8c38d2852098cad41ce7d8a49d186a5bda5eb7564b59c7983e162adbac1cca703d6138ad96001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0x30170192891d3d63f0d026f17eb0b65e
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 37
modcall[authorize]: module "preprocess" returns ok for request 37
modcall[authorize]: module "chap" returns noop for request 37
modcall[authorize]: module "mschap" returns noop for request 37
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 37
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 37
rlm_eap: EAP packet type response id 2 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 37
modcall[authorize]: module "files" returns notfound for request 37
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 37
modcall: leaving group authorize (returns updated) for request 37
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 37
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 02c9], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 37
modcall: leaving group authenticate (returns handled) for request 37
Sending Access-Challenge of id 98 to 10.0.0.1 port 21647
EAP-Message =
0x0103032c1900160301004a02000046030143cde156e65381a0707183b050fe81c6c03ec222517fb41975fa15889e4c2c5820c41756c1e99ec4f7be2b83825263faf89799efea61abd3e8857b2d2447af244400040016030102c90b0002c50002c20002bf308202bb30820224a003020102020101300d06092a864886f70d0101040500308196310b300906035504061302494e31123010060355040813096b61726e6174616b61311230100603550407130962616e67616c6f7265310f300d060355040a13066e6f76656c6c310c300a060355040b1303626c72311c301a060355040313136e6161732e626c722e6e6f76656c6c2e636f6d3122302006
EAP-Message =
0x092a864886f70d0109011613766c616b73686d69406e6f76656c6c2e636f6d301e170d3036303131353039313732315a170d3037303131353039313732315a308196310b300906035504061302494e31123010060355040813094b61726e6174616b61311230100603550407130942616e67616c6f7265310f300d060355040a13066e6f76656c6c310c300a060355040b1303626c72311c301a060355040313136e6161732e626c722e6e6f76656c6c2e636f6d3122302006092a864886f70d0109011613766c616b73686d69406e6f76656c6c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bd30a2ae1a5e0b79
EAP-Message =
0x6a579ae6a8811ab9f8d4268af8e634c6d45b6d187f856a9bf21ccf77dbd1607b0e30f549a5cf727a10419ea797632b8ea3cb7b2da486a87f4e03577a155e88b485f3a1338ece3895c06af1de3b05b3012ef48deb530374474c41010ad20171c4a6aace2834348b61b425718ee644f37db42fe993896702ed0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000381810090f21869733cd9c066ccc4b31190f2b046018aae8033e45a4169ae4abdf279bc379b58a1dc293f151f47c0723e178977a8968788fd4f5477fd6887f2fb2923fc301d0945d663a0748b155173226166109ae525fa
EAP-Message =
0x6d0cc0b0fe4c70d87317087d8943f8503e348ba86b7404cb694152402fa721d49c843166c9dbd02367a712f316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb06143185187045946233d6d2d2c3b26
Finished request 37
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=99,
length=344
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0xc224f01dc2ec8fa57bc2a3c7d10298d9
EAP-Message =
0x020300c01980000000b6160301008610000082008009aea6c45bb6e83e208942a8860d55173d55609477de80a04f5db20465607a590027af716c86cf863f954d32bf7b6ba4cd03cc3c85bd42349c33a9e6216d0aa0e87d10d45681ced190942258e854a69d66a1d87008375f7900fab4f78547e2771b0ab90cd71262bd017cbe0a5978414253e47aa355c6fee76dd4508cae63a4c11403010001011603010020d44c9738132c2bba9b91c197ba5ff1ffb4c28155de15444ab5d883e5dd1e7f7d
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0xb06143185187045946233d6d2d2c3b26
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
modcall[authorize]: module "preprocess" returns ok for request 38
modcall[authorize]: module "chap" returns noop for request 38
modcall[authorize]: module "mschap" returns noop for request 38
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 38
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 38
rlm_eap: EAP packet type response id 3 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 38
modcall[authorize]: module "files" returns notfound for request 38
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 38
modcall: leaving group authorize (returns updated) for request 38
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 38
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 38
modcall: leaving group authenticate (returns handled) for request 38
Sending Access-Challenge of id 99 to 10.0.0.1 port 21647
EAP-Message =
0x01040031190014030100010116030100201bf97f47ae5aa98860bd2e30d7331168bc89f98d2f5b2ad11fd396615fd5f1d4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc780aa08396ffb1c35a75497291b8fdb
Finished request 38
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=100,
length=158
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0x3154553f21590012b75b060c868b9ca0
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0xc780aa08396ffb1c35a75497291b8fdb
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 39
modcall[authorize]: module "preprocess" returns ok for request 39
modcall[authorize]: module "chap" returns noop for request 39
modcall[authorize]: module "mschap" returns noop for request 39
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 39
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 39
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 39
modcall[authorize]: module "files" returns notfound for request 39
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 39
modcall: leaving group authorize (returns updated) for request 39
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 39
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 39
modcall: leaving group authenticate (returns handled) for request 39
Sending Access-Challenge of id 100 to 10.0.0.1 port 21647
EAP-Message =
0x0105002019001703010015f120056b0d74f0081a5778c6a2e63f5259d178614f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd524583cf95094fbbb21590d618d3ea1
Finished request 39
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=101,
length=206
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0x500765e49ff9a772deda42ec6bf25f00
EAP-Message =
0x020500361900170301002b9f4628f9bf7f16b7b889332d0116236b4c47a0cd3c4cc754895f22383d0d72cd8d9102d5babeb09e78bd1b
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0xd524583cf95094fbbb21590d618d3ea1
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
modcall[authorize]: module "preprocess" returns ok for request 40
modcall[authorize]: module "chap" returns noop for request 40
modcall[authorize]: module "mschap" returns noop for request 40
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 40
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 40
rlm_eap: EAP packet type response id 5 length 54
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 40
modcall[authorize]: module "files" returns notfound for request 40
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 40
modcall: leaving group authorize (returns updated) for request 40
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - NOVELL-QT5M8B08\radiususer
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x0205001f014e4f56454c4c2d5154354d384230385c72616469757375736572
PEAP: Got tunneled identity of NOVELL-QT5M8B08\radiususer
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to NOVELL-QT5M8B08\radiususer
PEAP: Sending tunneled request
EAP-Message =
0x0205001f014e4f56454c4c2d5154354d384230385c72616469757375736572
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "NOVELL-QT5M8B08\\radiususer"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
modcall[authorize]: module "preprocess" returns ok for request 40
modcall[authorize]: module "chap" returns noop for request 40
modcall[authorize]: module "mschap" returns noop for request 40
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 40
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 40
rlm_eap: EAP packet type response id 5 length 31
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 40
modcall[authorize]: module "files" returns notfound for request 40
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 40
modcall: leaving group authorize (returns updated) for request 40
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 40
modcall: leaving group authenticate (returns handled) for request 40
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x010600341a0106002f104ad7cc649e19606ba5cf6b902c46de3c4e4f56454c4c2d5154354d384230385c72616469757375736572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab3f885870f4b2e228c2e2fd3996877f
PEAP: Processing from tunneled session code 0x81322f0 11
EAP-Message =
0x010600341a0106002f104ad7cc649e19606ba5cf6b902c46de3c4e4f56454c4c2d5154354d384230385c72616469757375736572
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab3f885870f4b2e228c2e2fd3996877f
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 40
modcall: leaving group authenticate (returns handled) for request 40
Sending Access-Challenge of id 101 to 10.0.0.1 port 21647
EAP-Message =
0x0106004b190017030100407de03240adbd762422070120ce2fd3ad4cfc8fba0586405bb679b99b30b40b4a139ec05f0083dbfac92c61992020d68eaf25d05437ae106852e13444e875ac44
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x854a43d41f4a91f014d50a2323cc297b
Finished request 40
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=102,
length=244
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0xb124902320674b1cbfc425311dae3d5f
EAP-Message =
0x0206005c19001703010051dfdb9b3818f3d67ec6a394585162b309c3451fc457ebc7cee5bdd6e92966806691202d6aa0f4ce3c6ab7e0783681d80f5dce8cc2c140748e20cd6f5840fad4340f50742d1000b2e9d84f0d0a58840acb5f
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0x854a43d41f4a91f014d50a2323cc297b
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
modcall[authorize]: module "preprocess" returns ok for request 41
modcall[authorize]: module "chap" returns noop for request 41
modcall[authorize]: module "mschap" returns noop for request 41
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 41
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 41
rlm_eap: EAP packet type response id 6 length 92
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 41
modcall[authorize]: module "files" returns notfound for request 41
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 41
modcall: leaving group authorize (returns updated) for request 41
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 41
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020600451a02060040313f2289804b354f2f8652d94f68709d620000000000000000440794d18a32023e3ce637a190306d62f66dae289bbd01020072616469757375736572
PEAP: Setting User-Name to NOVELL-QT5M8B08\radiususer
PEAP: Adding old state with ab 3f
PEAP: Sending tunneled request
EAP-Message =
0x020600451a02060040313f2289804b354f2f8652d94f68709d620000000000000000440794d18a32023e3ce637a190306d62f66dae289bbd01020072616469757375736572
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "NOVELL-QT5M8B08\\radiususer"
State = 0xab3f885870f4b2e228c2e2fd3996877f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
modcall[authorize]: module "preprocess" returns ok for request 41
modcall[authorize]: module "chap" returns noop for request 41
modcall[authorize]: module "mschap" returns noop for request 41
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 41
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 41
rlm_eap: EAP packet type response id 6 length 69
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 41
modcall[authorize]: module "files" returns notfound for request 41
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 41
modcall: leaving group authorize (returns updated) for request 41
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 41
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 41
rlm_mschap: NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for NOVELL-QT5M8B08\radiususer with
NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 41
modcall: leaving group MS-CHAP (returns reject) for request 41
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 41
modcall: leaving group authenticate (returns reject) for request 41
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x8131920 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 41
modcall: leaving group authenticate (returns handled) for request 41
Sending Access-Challenge of id 102 to 10.0.0.1 port 21647
EAP-Message =
0x010700261900170301001b0c7a82c5514721a2d8d3834226c34505a34b4f953fbdd9d4833003
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd938c409155970af38b0177b7e6d5a17
Finished request 41
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=103,
length=190
User-Name = "NOVELL-QT5M8B08\\radiususer"
Framed-MTU = 1400
Called-Station-Id = "0040.96a3.2e04"
Calling-Station-Id = "0002.2da4.e20e"
Message-Authenticator = 0x6ce6c15659c49c764a2fea869f71f6c5
EAP-Message =
0x020700261900170301001b8c2ee15eaa56664149b4c14cd0abc92ca2b7c6d63af98433be6643
NAS-Port-Type = Wireless-802.11
NAS-Port = 400
State = 0xd938c409155970af38b0177b7e6d5a17
Service-Type = Framed-User
NAS-IP-Address = 10.0.0.1
NAS-Identifier = "ap"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 42
modcall[authorize]: module "preprocess" returns ok for request 42
modcall[authorize]: module "chap" returns noop for request 42
modcall[authorize]: module "mschap" returns noop for request 42
rlm_realm: No '@' in User-Name = "NOVELL-QT5M8B08\radiususer",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 42
rlm_realm: Looking up realm "NOVELL-QT5M8B08" for User-Name =
"NOVELL-QT5M8B08\radiususer"
rlm_realm: Found realm "NOVELL-QT5M8B08"
rlm_realm: Adding Stripped-User-Name = "radiususer"
rlm_realm: Proxying request from user radiususer to realm
NOVELL-QT5M8B08
rlm_realm: Adding Realm = "NOVELL-QT5M8B08"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "ntdomain" returns noop for request 42
rlm_eap: EAP packet type response id 7 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 42
modcall[authorize]: module "files" returns notfound for request 42
rlm_ldap: - authorize
rlm_ldap: performing user authorization for radiususer
radius_xlat: '(cn=radiususer)'
radius_xlat: 'o=novell'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=novell, with filter (cn=radiususer)
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user radiususer authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 42
modcall: leaving group authorize (returns updated) for request 42
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 42
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 42
modcall: leaving group authenticate (returns invalid) for request 42
auth: Failed to validate the user.
Delaying request 42 for 1 seconds
Finished request 42
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.0.1:21647, id=103,
length=190
Sending Access-Reject of id 103 to 10.0.0.1 port 21647
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 36 ID 97 with timestamp 43cde156
Cleaning up request 37 ID 98 with timestamp 43cde156
Cleaning up request 38 ID 99 with timestamp 43cde156
Cleaning up request 39 ID 100 with timestamp 43cde156
Cleaning up request 40 ID 101 with timestamp 43cde156
Cleaning up request 41 ID 102 with timestamp 43cde156
Thanks and Regards.
-Sayantan.
More information about the Freeradius-Users
mailing list