eap/peap-mschap-v2 users file and check items
Sascha Lucas
slu at dmc.de
Mon Jul 3 10:12:33 CEST 2006
Hi,
I use successfully WinXP with peap-mschap-v2. But I'm unable to enter
aditional items in the check list.
The users file for working peap-mschap-v2 looks this way:
test Auth-Type := EAP, User-Password == "abc123"
And I want it also to check for NAS-IP and NAS-Port. Doing local tests (non
eap with radiusclient) this line works:
test Auth-Type := Local, User-Password == "abc123", NAS-IP-Address ==
10.41.10.252, NAS-Port == 20
With EAP:
test Auth-Type := EAP, User-Password == "abc123", NAS-IP-Address ==
10.41.10.252, NAS-Port == 20
it dosn't work. The output of radiusd -X is at the end of this mail.
I would be very pleased if someone could help.
Thanks,
Sascha.
# debug output eap/peap-mschap-v2 + users file + check items NAS-IP-Address
== 10.41.10.252, NAS-Port == 20
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=101,
length=198
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x020100090174657374
Message-Authenticator = 0xb9b550b43e6e65d1babc24d76d27d2d1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 1 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 101 to 10.41.10.252 port 3040
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3f9c073b23e622ceeb3a2886221f9ea5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=102,
length=287
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x3f9c073b23e622ceeb3a2886221f9ea5
EAP-Message =
0x0202005019800000004616030100410100003d030144a8d111da4d413b10bb2411c172ee75
8d06ca151d978c0f541b2348004478cf00001600040005000a00090064006200030006001300
1200630100
Message-Authenticator = 0x2fde818824e742555ed7b02d2d733927
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 102 to 10.41.10.252 port 3040
EAP-Message =
0x0103040a19c0000006f1160301004a02000046030144a8d0d24aee3e74a3550f10e6ada640
f87b148ff808970232709f9a8dd7650120bc88d3ebf81d424ab881a051ee756c679534cac2e9
a80f35ecb05a6f8a37f1b900040016030106940b00069000068d0002cd308202c930820232a0
03020102020102300d06092a864886f70d010104050030819f310b3009060355040613024341
3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974
7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63
616c686f7374311b301906035504031312436c69656e74206365
EAP-Message =
0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d
706c652e636f6d301e170d3034303132353133323631305a170d303530313234313332363130
5a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112
301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174
696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74
206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d
706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message =
0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a78
2098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014
a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f8
1ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603
551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d
921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd70845370834
96fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message =
0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f
295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003
020102020100300d06092a864886f70d010104050030819f310b300906035504061302434131
11300f0603550408130850726f76696e63653112301006035504071309536f6d652043697479
31153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f6361
6c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f
06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5558eafcc0c9270f0a601ce7ebf1b725
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=103,
length=213
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x5558eafcc0c9270f0a601ce7ebf1b725
EAP-Message = 0x020300061900
Message-Authenticator = 0x9a0049ea0d3c63a3f373ec1b17be7f1e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 103 to 10.41.10.252 port 3040
EAP-Message =
0x010402f71900170d3036303132343133323630375a30819f310b3009060355040613024341
3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974
7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63
616c686f7374311b301906035504031312436c69656e74206365727469666963617465312130
1f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06
092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8f
bff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message =
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249e
dd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229
963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e
1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7
bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111
300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931
153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message =
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572
74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d010104050003
81810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc27
43fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00
163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d437
3354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2f0902c5695d24029c1eae67f8dc832
Finished request 2
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=104,
length=399
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0xb2f0902c5695d24029c1eae67f8dc832
EAP-Message =
0x020400c01980000000b61603010086100000820080cdc24c42a026646a258768cba99c8fc4
663b97faad681ab4b16c9d1d3b2d9ae81c135f675421f42912ca2200a1d4f3df872397371893
daf6cb5d1507beb7b912d97bac7076e4e3478f09e551d07325007beba10800a4b45c6c0e03e9
7c89e2a691825b6f3c3525eb6372375ac810a64f5428e1f76862a25ff6b279a244a662bd1403
010001011603010020557f15b5d607d32153c083d37d3034377433cd9be47a7ee48bb08f112c
874082
Message-Authenticator = 0x3e3e1529d2ee38f6d8c665ae580efc89
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 104 to 10.41.10.252 port 3040
EAP-Message =
0x0105003119001403010001011603010020d0acff5a32a5a7090f28f276af642f1b085b4ce7
cec1fb78dc46b40dae44c357
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5a3f8611e2d4236ad72e3d7097e41e1f
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=105,
length=213
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x5a3f8611e2d4236ad72e3d7097e41e1f
EAP-Message = 0x020500061900
Message-Authenticator = 0x0d39014ab2d25712f51e1c1bc8a63100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 105 to 10.41.10.252 port 3040
EAP-Message =
0x0106002019001703010015a5bcc1098646b65ad2b7ceb329bb09c8fd5bfe9e6c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=106,
length=239
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8
EAP-Message =
0x02060020190017030100154e9945083e526ec76d94fe3b0faf652e8ae95dd20d
Message-Authenticator = 0x80e9ce6c56c810fe207d187abc8cf74b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 32
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - test
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020600090174657374
PEAP: Got tunneled identity of test
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to test
PEAP: Sending tunneled request
EAP-Message = 0x020600090174657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 6 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 156
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2f3b0fbb938453b949b7575007ebd51
PEAP: Processing from tunneled session code 0x8155688 11
EAP-Message =
0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2f3b0fbb938453b949b7575007ebd51
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 106 to 10.41.10.252 port 3040
EAP-Message =
0x010700351900170301002a86144ef69a225f4ed4aec94cff229b6e7f5e9438bd4208abd0ab
38146938c267556769c40433b3c0eb06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d12c4f6b1c13cc5148874296c3822ff
Finished request 5
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=107,
length=293
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x9d12c4f6b1c13cc5148874296c3822ff
EAP-Message =
0x020700561900170301004b0b304800bd1b9d9375cbc1e6fb87f6365c444c8792e9e9228d86
22cc6056f8d7a789ec2601020e063432f3e48f22c7ccf859ac3cb35f7c0888f405805dff811b
5d30a14fcc5f8bd671abb8
Message-Authenticator = 0x33f83a79238b43e64c642ec3ec17c1d9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 86
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e
6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374
PEAP: Setting User-Name to test
PEAP: Adding old state with d2 f3
PEAP: Sending tunneled request
EAP-Message =
0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e
6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "test"
State = 0xd2f3b0fbb938453b949b7575007ebd51
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 7 length 63
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 156
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x8155850 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 107 to 10.41.10.252 port 3040
EAP-Message =
0x010800261900170301001b118d4b906d0d0a0761d142e67ded34e61fefe0730e383181b4a1
d3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5f8f97e0a6faf1d69c594e447416078f
Finished request 6
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108,
length=245
Framed-MTU = 9178
NAS-IP-Address = 10.41.10.252
NAS-Identifier = "HP-2848_01"
User-Name = "test"
Service-Type = Administrative-User
Framed-Protocol = PPP
NAS-Port = 20
NAS-Port-Type = Ethernet
NAS-Port-Id = "20"
Called-Station-Id = "00-11-0a-a6-18-2c"
Calling-Station-Id = "00-20-ed-5d-d1-74"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x5f8f97e0a6faf1d69c594e447416078f
EAP-Message =
0x020800261900170301001ba6cfdc0618a8761283bb4f17f20c5e6b5db5599af0e735cffcaa
3b
Message-Authenticator = 0x00959c1f93d389cf96647d272fcead14
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry test at line 91
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108,
length=245
Sending Access-Reject of id 108 to 10.41.10.252 port 3040
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
More information about the Freeradius-Users
mailing list