SV: how to set crypted password in 'users' file?

Torkel Mathisen torkel.mathisen at bbs.no
Fri Jan 27 14:36:11 CET 2006


> "Min Qiu" <mqiu at globalinternetworking.com> wrote:
> > However, cut and past the crypted password from /etc/shadow to 
> > the entry failed:
> > 
> >   mqiu    Auth-Type := Local, User-Password ==
"$1$CWOjXm2v$dzjrc385t1iQXMN0"
> 
>   UseL Crypt-Password := "$1$CWOjXm...


I'm using PEAP/MS-CHAPv2 for authentication. In the users file I only
got the login name and a clear-text password. 

I really want to start using Crypt-Password, but didn't quite get that
to work.

Do I understand it correctly you only need to take you standard unix
password from /etc/shadow and use that in users with Crypt-Password?

# more /etc/shadow
tom:jYyrl....:13112::::::

In users file I got:

tom	Crypt-Password := " jYyrl...."

I didn't get that to work.

What am I missing here?  Couldn't really find much info on it out there.

This is the debug log I got:

rad_recv: Access-Request packet from host 192.168.2.4:21654, id=120,
length=126
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0xca4c7181b9338edb3e176297682f33f7
        EAP-Message = 0x0201000801746f6d
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
  modcall[authorize]: module "preprocess" returns ok for request 16
  modcall[authorize]: module "mschap" returns noop for request 16
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 16
  rlm_eap: EAP packet type response id 1 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 16
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 16
modcall: group authorize returns updated for request 16
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 16
modcall: group authenticate returns handled for request 16 Sending
Access-Challenge of id 120 to 192.168.2.4:21654
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x01f769bbe79093c3c406a98a01294187
Finished request 16
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=121,
length=238
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0xcccf1d38bc8d263feddbb303acbdcb41
        EAP-Message =
0x020200661900160301005b01000057030143da12d4d113043b760adb7ce542b365f5d8
806e659d5eb591e677044dd072b000003000390038003500160013000a00330032002f00
66000500040065006400630062006000150012000900140011000800030100
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0x01f769bbe79093c3c406a98a01294187
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  modcall[authorize]: module "preprocess" returns ok for request 17
  modcall[authorize]: module "mschap" returns noop for request 17
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 17
  rlm_eap: EAP packet type response id 2 length 102
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 17
modcall: group authorize returns updated for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0654], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange
    TLS_accept: SSLv3 write key exchange A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A In SSL Handshake
Phase In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 17
modcall: group authenticate returns handled for request 17 Sending
Access-Challenge of id 121 to 192.168.2.4:21654
        EAP-Message =
0x0103040a19c0000007c3160301004a02000046030143da12ceeff958d58685992a9ce5
bfeb1c5e06eb608854a6bc6a0f8fd0707f1c202526f2d15e84192aa148769550a2367b5d
d014351ef0535610fffdc52871e02700390016030106540b00065000064d0002b3308202
af30820218a003020102020900b646b246bff02a86300d06092a864886f70d0101040500
30818d310b3009060355040613024e4f310d300b060355040813044f534c4f310d300b06
0355040713044f534c4f310f300d060355040a130642425320415331133011060355040b
130a66726565726164697573311b301906035504031312436c69656e7420636572746966
6963
        EAP-Message =
0x617465311d301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430
1e170d3035313032363132333432385a170d3036313032363132333432385a30818b310b
3009060355040613024e4f310d300b060355040813044f534c4f310d300b060355040713
044f534c4f310f300d060355040a130642425320415331133011060355040b130a667265
657261646975733119301706035504031310526f6f74206365727469666963617465311d
301b06092a864886f70d010901160e726f6f74406c6f63616c686f737430819f300d0609
2a864886f70d010101050003818d0030818902818100eead5285b5e9f7b939a2dfc1b7fe
f60a
        EAP-Message =
0xbd055de0ba27b2ef81244e0eabad60241727ff5fc724f36147d08ea5f9e3f0110dfb5a
2397c3906a00ab8eb28509e4a672b2c948c0b8007785f550b3908c2f49d7a113d6e7198d
9606e567fc38be816fb2acf60f18bfe56d0617ff7e651439ce9c8ed40363b5b1e4d0d96f
59a468a6650203010001a317301530130603551d25040c300a06082b0601050507030130
0d06092a864886f70d01010405000381810050aa5f1713a5025d21f128094104579eb85a
9ded57072baf72b2c0e3fbea766eb53c62e9bc2a5d1bc22f2615cc1fe88487e2d0b7e5ea
a045a8ae1734a85f28e6cd70d3340c2a51bfe7b974c13b9a1a4abebe373312d1d4b987e3
2368
        EAP-Message =
0x1edad7e4a54456fd7989e901485e9f2fcf7e8ed8e57fae97fb2fdd1fba5a50c683b7da
7f00039430820390308202f9a003020102020900b646b246bff02a84300d06092a864886
f70d010104050030818d310b3009060355040613024e4f310d300b060355040813044f53
4c4f310d300b060355040713044f534c4f310f300d060355040a13064242532041533113
3011060355040b130a66726565726164697573311b301906035504031312436c69656e74
206365727469666963617465311d301b06092a864886f70d010901160e726f6f74406c6f
63616c686f7374301e170d3035313032363132333432335a170d30373130323631323334
3233
        EAP-Message = 0x5a30818d310b3009060355040613024e4f310d300b06
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9d55183272e7e8d147d1763ad5c8ed57
Finished request 17
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=122,
length=142
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0xa593725371800702100eab1ea8ad7cb4
        EAP-Message = 0x020300061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0x9d55183272e7e8d147d1763ad5c8ed57
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
  modcall[authorize]: module "preprocess" returns ok for request 18
  modcall[authorize]: module "mschap" returns noop for request 18
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 18
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 18
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 18
modcall: group authorize returns updated for request 18
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 18
modcall: group authenticate returns handled for request 18 Sending
Access-Challenge of id 122 to 192.168.2.4:21654
        EAP-Message =
0x010403c919000355040813044f534c4f310d300b060355040713044f534c4f310f300d
060355040a130642425320415331133011060355040b130a66726565726164697573311b
301906035504031312436c69656e74206365727469666963617465311d301b06092a8648
86f70d010901160e726f6f74406c6f63616c686f737430819f300d06092a864886f70d01
0101050003818d0030818902818100bb9dc7f9a6b879ddde091ded35f3137693d1a9fa9d
2e2f1e20e1e49c9daf077fd1c4066e8e409eda68baac046ff390baedad93e603fdde7304
6df106c9c3775eb0e024a2682faf6469e778758b9c782a11ad0dcc25edca8f9efdee96cc
c1bc
        EAP-Message =
0x84850d853d4435da9ab22ec6c3dc4e6d9137e0ec36d705c923055aa8b900d833350203
010001a381f53081f2301d0603551d0e04160414227f0709429785a3169b9817627cd456
d617f2283081c20603551d230481ba3081b78014227f0709429785a3169b9817627cd456
d617f228a18193a4819030818d310b3009060355040613024e4f310d300b060355040813
044f534c4f310d300b060355040713044f534c4f310f300d060355040a13064242532041
5331133011060355040b130a66726565726164697573311b301906035504031312436c69
656e74206365727469666963617465311d301b06092a864886f70d010901160e726f6f74
406c
        EAP-Message =
0x6f63616c686f7374820900b646b246bff02a84300c0603551d13040530030101ff300d
06092a864886f70d0101040500038181001fb7ec3488fd3b6349d6cc33b5c6451ce1c2e8
ef8db6f4818cd017991f9649141c1767553c20303e262fec4bb351cda19b403bab78aa37
236ffc78dace1a39089ff037eb911a5133bc6b1f0275cc9e68bc4c8f487a4d2cdc8e7061
34e512d7e715ca81c5a7bb6cc668ca8181e898befeab40773de8f3eb6629ecd2c79d5f74
f1160301010d0c0001090040bd26276ade89a82c9cc4fa1af559608f7824b64ef630bdf0
368d885e300720c516da851d828b40f658ffbd6060bb0b6d23e138a280c51e9944d23bc6
9d73
        EAP-Message =
0xe66f000105004080781b4e0ebdfa4dde79fda9c2f99c36ba8434b8e2c6cbe4b873a6b8
f0c24494ce3ea163d3eb05d651079abef679ef2dde838e41ebafb42b534aaec821898a59
0080de2086a54d938f2c2d3a446413db13fe9eeb5d8159fed74beac2212ef1c1f809a1a6
b8275a4d21930a65094da267d45e76c039694ae341c61fbf742172b930dcd3718bf71093
8a95e8fbac60df82e40de250aace712bf1b0b0354c3f3cca05f78f8ed5789033d1d27799
cde792a039a14a50e6f923662b6a6da34d03a9b1dad916030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe587790d87edd421fd760ed8b79baaf5
Finished request 18
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=123,
length=276
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0xe46a52fc04818d9d38a198f1bf467c50
        EAP-Message =
0x0204008c190016030100461000004200401956b7a782c3ab01a817f72f7d57ba9f512f
37ee81d23f258450a3bfbe137146d1430bd6940591585c9f8276b3cfe3db7782ee27656f
a5948d3cf0818d83edd81403010001011603010030a8e41dd1f61c4a47083ac2b58605c0
5847306b109d5038dd412c77f790c627ec38c5a5813ea9edd0da4e9cacade1ee34
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0xe587790d87edd421fd760ed8b79baaf5
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
  modcall[authorize]: module "preprocess" returns ok for request 19
  modcall[authorize]: module "mschap" returns noop for request 19
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 19
  rlm_eap: EAP packet type response id 4 length 140
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 19
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 19
modcall: group authorize returns updated for request 19
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully SSL Connection
Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 19
modcall: group authenticate returns handled for request 19 Sending
Access-Challenge of id 123 to 192.168.2.4:21654
        EAP-Message =
0x0105004119001403010001011603010030ce2c434e35fb212ac38231785cfe6254011f
6ba35117e4646cf00bbf953c6b066f22bcee4cc8b3ef5cc39256db3caaeb
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf025fd8e565713ab2d84e5c2e70d458d
Finished request 19
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=124,
length=142
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0x67a54a6c52f34f3fb1c2345eab772beb
        EAP-Message = 0x020500061900
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0xf025fd8e565713ab2d84e5c2e70d458d
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
  modcall[authorize]: module "preprocess" returns ok for request 20
  modcall[authorize]: module "mschap" returns noop for request 20
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 20
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 20
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 20
modcall: group authorize returns updated for request 20
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 20
modcall: group authenticate returns handled for request 20 Sending
Access-Challenge of id 124 to 192.168.2.4:21654
        EAP-Message =
0x0106005019001703010020861055143e567a7983ee6fdee7b96ee5ac168b27f53cfa7a
483a887edb3e5fad1703010020274966df3940b946f0133ab5b369666fa2b951a8dcef3a
33a39e1f0149fd0a2c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4351dc490c0b5fa9ce050331e95b4a8c
Finished request 20
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=125,
length=216
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0xb74a9c2705a1e4a5bb285e1f237f6907
        EAP-Message =
0x0206005019001703010020b98d88b09105603c50aed6c63b0a496280dc967239c0dcf7
b0fc6d44d4066f8417030100209b45c361ff602db1f721657022bc562ccd60e2944d0909
2b3f584ca382208a66
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0x4351dc490c0b5fa9ce050331e95b4a8c
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
  modcall[authorize]: module "preprocess" returns ok for request 21
  modcall[authorize]: module "mschap" returns noop for request 21
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 21
  rlm_eap: EAP packet type response id 6 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 21
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - tom
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message = 0x0206000801746f6d
  PEAP: Got tunneled identity of tom
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to tom
  PEAP: Sending tunneled request
        EAP-Message = 0x0206000801746f6d
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "tom"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
  modcall[authorize]: module "preprocess" returns ok for request 21
  modcall[authorize]: module "mschap" returns noop for request 21
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 21
  rlm_eap: EAP packet type response id 6 length 8
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 21
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 21
modcall: group authorize returns updated for request 21
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 21
modcall: group authenticate returns handled for request 21
  PEAP: Got tunneled reply RADIUS code 11
        EAP-Message =
0x0107001d1a0107001810f559eab1de040978486cc8240bc9fc38746f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x87e2826b16f8823836e26ab0eb30ea43
  PEAP: Processing from tunneled session code 13f990 11
        EAP-Message =
0x0107001d1a0107001810f559eab1de040978486cc8240bc9fc38746f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x87e2826b16f8823836e26ab0eb30ea43
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 21
modcall: group authenticate returns handled for request 21 Sending
Access-Challenge of id 125 to 192.168.2.4:21654
        EAP-Message =
0x0107006019001703010020e3b653d595d25e64701bedcbf517dab7528b7daa7011a867
c75fcbc5aa3848f01703010030d47a1361647a15fad7d74625539b6c5e48aaef79a73b14
376c819190100a72c4bb4e3f4732ad303a36e8841934e43de7
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xc8c29a6f523c9436faf6b89c2be76270
Finished request 21
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=126,
length=264
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0x9d2ad1b239f7b15e750e94398f63000b
        EAP-Message =
0x02070080190017030100209878c315a02346056bdf20f975ef71910a1a3499443cbae0
33def49166ea9f4c1703010050c3c779df9414a351e45f38633330f0c9b43e27141c6959
115b1a2c8041e551d8ba4da1f4b35356a6eb94b879d1f0f441136e707266df25a79e6238
4b6b6c3c388bb5156f1e39bd8f73972a62783b31ee
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0xc8c29a6f523c9436faf6b89c2be76270
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 22
  modcall[authorize]: module "preprocess" returns ok for request 22
  modcall[authorize]: module "mschap" returns noop for request 22
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 22
  rlm_eap: EAP packet type response id 7 length 128
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 22
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 22
modcall: group authorize returns updated for request 22
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 22
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled EAP-Message
        EAP-Message =
0x0207003e1a020700393142075ce59f9f56c20c9450dacfb16719000000000000000082
6eced611d60ee5d7210dae21fc092feea130cda60dc20b00746f6d
  PEAP: Setting User-Name to tom
  PEAP: Adding old state with 87 e2
  PEAP: Sending tunneled request
        EAP-Message =
0x0207003e1a020700393142075ce59f9f56c20c9450dacfb16719000000000000000082
6eced611d60ee5d7210dae21fc092feea130cda60dc20b00746f6d
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "tom"
        State = 0x87e2826b16f8823836e26ab0eb30ea43
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 22
  modcall[authorize]: module "preprocess" returns ok for request 22
  modcall[authorize]: module "mschap" returns noop for request 22
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 22
  rlm_eap: EAP packet type response id 7 length 62
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 22
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 22
modcall: group authorize returns updated for request 22
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 22
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 22
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for tom with NT-Password
  rlm_mschap: FAILED: No NT/LM-Password.  Cannot perform authentication.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 22
modcall: group Auth-Type returns reject for request 22
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 22
modcall: group authenticate returns reject for request 22
auth: Failed to validate the user.
  PEAP: Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Processing from tunneled session code 13d510 3
        MS-CHAP-Error = "\007E=691 R=1"
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 22
modcall: group authenticate returns handled for request 22 Sending
Access-Challenge of id 126 to 192.168.2.4:21654
        EAP-Message =
0x010800501900170301002034ec685c2b912545f1031530f58388b24aece3d1c5a1e6ad
7524be8fae97e666170301002092e90a5a4fa826732e0e6f7d40e5f7e2e479be944828ac
1cfc5c834ce25d63ee
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcf7e24cad3cbebfbecc69ab44ffbf055
Finished request 22
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=127,
length=216
        User-Name = "tom"
        Framed-MTU = 1400
        Called-Station-Id = "000e.8401.cd50"
        Calling-Station-Id = "0015.0015.adaa"
        Message-Authenticator = 0x23d78c9d414b457846d9b2e67ac8a3fb
        EAP-Message =
0x02080050190017030100208eae795e2f64e1197538b8b8d43a62e36a5fc554ab74ce71
9c4792f5c8f1950e1703010020c246d14d200e1f734767a119ea00370e15b84bbf8cf0e0
de160acdaa668d6fab
        NAS-Port-Type = Wireless-802.11
        NAS-Port = 268
        State = 0xcf7e24cad3cbebfbecc69ab44ffbf055
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.2.4
        NAS-Identifier = "AP1100-D2"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 23
  modcall[authorize]: module "preprocess" returns ok for request 23
  modcall[authorize]: module "mschap" returns noop for request 23
    rlm_realm: No '@' in User-Name = "tom", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 23
  rlm_eap: EAP packet type response id 8 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 23
    users: Matched entry tom at line 91
  modcall[authorize]: module "files" returns ok for request 23
modcall: group authorize returns updated for request 23
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 23
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure, rejecting.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 23
modcall: group authenticate returns invalid for request 23
auth: Failed to validate the user.
Delaying request 23 for 1 seconds
Finished request 23
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.2.4:21654, id=127,
length=216
Sending Access-Reject of id 127 to 192.168.2.4:21654
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 120 with timestamp 43da12ce Cleaning up
request 17 ID 121 with timestamp 43da12ce Cleaning up request 18 ID 122
with timestamp 43da12ce Cleaning up request 19 ID 123 with timestamp
43da12ce Cleaning up request 20 ID 124 with timestamp 43da12ce Cleaning
up request 21 ID 125 with timestamp 43da12ce Cleaning up request 22 ID
126 with timestamp 43da12ce Cleaning up request 23 ID 127 with timestamp
43da12ce Nothing to do.  Sleeping until we see a request.




More information about the Freeradius-Users mailing list