3com wx - peap-mschapv2 - freeradius - mysql

news.gmane.org A.Agostini at ifac.cnr.it
Fri Jun 9 16:45:56 CEST 2006 

Stefan Winter ha scritto:
> Hi,
> 
>>      users: Matched DEFAULT at 155
>>    modcall[authorize]: module "files" returns ok for request 203
>> modcall: group authorize returns updated for request 203
>>    rad_check_password:  Found Auth-Type EAP
>>    rad_check_password:  Found Auth-Type Local
>> Warning:  Found 2 auth-types on request for user 'agostini'
>> auth: type Local
>> auth: No User-Password or CHAP-Password attribute in the request
>> auth: Failed to validate the user.
> 
> reading the above section might have given you a clue that Auth-Type Local is 
> not a good thing (tm). Take a look in the "users" file, line 155, and see if 
> this might force Auth-Type Local. If it does, comment it out.
> 
Hi Stefan,
please to meet you, I'm following your discussion on "mobility" list. I am very 
interesting to EDUROAM here in Florence.

However, now I have checked "users" file; there was some DEFAULT row. Now I have 
correct it.
I have tried to modify the "Auth-Type" in radcheck table to: EAP (was Local), 
but the result is similar. Have you any idea what is wrong now?

Thanks
A.Agostini

Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 149.139.xxx.xxx:20002, id=35, length=159
         NAS-Port-Id = "2/1"
         Calling-Station-Id = "00-08-E3-B0-73-46"
         Called-Station-Id = "00-12-A9-17-08-40:wpa-experimental"
         Service-Type = Framed-User
         User-Name = "agostini"
         State = 0x07ddb48e264cc0bfa432dbc1a5a2bba8
         EAP-Message = 0x020a00061900
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "3Com"
         NAS-IP-Address = xxx.xxx.xxx.xxx
         Message-Authenticator = 0x0563e5b96edfc128b52b63cdd553b752
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
   modcall[authorize]: module "preprocess" returns ok for request 8
   modcall[authorize]: module "chap" returns noop for request 8
   modcall[authorize]: module "mschap" returns noop for request 8
     rlm_realm: No '@' in User-Name = "agostini", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 8
   rlm_eap: EAP packet type response id 10 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 8
radius_xlat:  'agostini'
rlm_sql (sql): sql_set_user escaped user --> 'agostini'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'agostini' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'agostini' ORDER BY id
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'agostini' ORDER BY id'
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'agostini' ORDER BY id
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 1
   modcall[authorize]: module "sql" returns ok for request 8
   modcall[authorize]: module "files" returns notfound for request 8
modcall: group authorize returns updated for request 8
   rad_check_password:  Found Auth-Type EAP
   rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'agostini'
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 35 to 149.139.32.61:20002
         Service-Type := Framed-User
         Tunnel-Type:0 := VLAN
         Tunnel-Private-Group-Id:0 := "ifac"
         EAP-Message = 
0x010b02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
         EAP-Message = 
0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
         EAP-Message = 
0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xbb58837b0ad36c22eccc43e62d0730b1
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 149.139.xxx.xxx:20002, id=36, length=159
         NAS-Port-Id = "2/1"
         Calling-Station-Id = "00-08-E3-B0-73-46"
         Called-Station-Id = "00-12-A9-17-08-40:wpa-experimental"
         Service-Type = Framed-User
         User-Name = "agostini"
         State = 0xbb58837b0ad36c22eccc43e62d0730b1
         EAP-Message = 0x020b00061900
         NAS-Port-Type = Wireless-802.11
         NAS-Identifier = "3Com"
         NAS-IP-Address = xxx.xxx.xxx.xxx
         Message-Authenticator = 0x0349691ed54a09348ce3734b3afbbcd8
   Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
   modcall[authorize]: module "preprocess" returns ok for request 9
   modcall[authorize]: module "chap" returns noop for request 9
   modcall[authorize]: module "mschap" returns noop for request 9
     rlm_realm: No '@' in User-Name = "agostini", looking up realm NULL
     rlm_realm: No such realm "NULL"
   modcall[authorize]: module "suffix" returns noop for request 9
   rlm_eap: EAP packet type response id 11 length 6
   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
   modcall[authorize]: module "eap" returns updated for request 9
radius_xlat:  'agostini'
rlm_sql (sql): sql_set_user escaped user --> 'agostini'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'agostini' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE 
Username = 'agostini' ORDER BY id
radius_xlat:  'SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT 
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op 
  FROM radgroupcheck,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'agostini' ORDER BY id'
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radreply WHERE 
Username = 'agostini' ORDER BY id
radius_xlat:  'SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT 
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op 
  FROM radgroupreply,usergroup WHERE usergroup.Username = 'agostini' AND 
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): Released sql socket id: 0
   modcall[authorize]: module "sql" returns ok for request 9
   modcall[authorize]: module "files" returns notfound for request 9
modcall: group authorize returns updated for request 9
   rad_check_password:  Found Auth-Type EAP
   rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'agostini'
auth: type "EAP"
   Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
   rlm_eap: Request found, released from the list
   rlm_eap: EAP/peap
   rlm_eap: processing type peap
   rlm_eap_peap: Authenticate
   rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
   rlm_eap_tls: ack handshake fragment handler
   eaptls_verify returned 1
   eaptls_process returned 13
   rlm_eap_peap: EAPTLS_HANDLED
   modcall[authenticate]: module "eap" returns handled for request 9
modcall: group authenticate returns handled for request 9
Sending Access-Challenge of id 36 to xxx.xxx.xxx.xxx:20002
         Service-Type := Framed-User
         Tunnel-Type:0 := VLAN
         Tunnel-Private-Group-Id:0 := "ifac"
         EAP-Message = 0x010c00061900
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0xfbbcc6567f4091f2cbd3633228aec4bc
Finished request 9
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 32 with timestamp 44898894
Cleaning up request 6 ID 33 with timestamp 44898894
Cleaning up request 7 ID 34 with timestamp 44898894
Cleaning up request 8 ID 35 with timestamp 44898894
Cleaning up request 9 ID 36 with timestamp 44898894
Nothing to do.  Sleeping until we see a request.

More information about the Freeradius-Users mailing list