EAP/TTLS PEAP MSCHAP

Eshun Benjamin bkeshun at yahoo.fr
Wed Apr 4 14:53:00 CEST 2007


Mac connects but ms windows does not.  I am doing server side cert. Error from ms windows.


 User-Name = "testgeneral"
        NAS-IP-Address = 10.1.5.26
        Called-Station-Id = "0016014d9158"
        Calling-Station-Id = "0019e3034ceb"
        NAS-Identifier = "0016014d9158"
        NAS-Port = 36
        Framed-MTU = 1400
        State = 0x3d946123f5f422f576bed1eb52863e55
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x0202005019800000004616030100410100003d030146139aedbfdec7d57168bf7fdbe984cfd19f5d1e7c13ee839e4b0a55d34aa86600001600040005000a000900640062000300060013001200630100
        Message-Authenticator = 0x3efce19c566f372e8744589f65d58401
Wed Apr  4 14:32:48 2007 : Debug:   Processing the authorize section of radiusd.conf
Wed Apr  4 14:32:48 2007 : Debug: modcall: entering group authorize for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling preprocess (rlm_preprocess) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "preprocess" returns ok for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from mschap (rlm_mschap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "mschap" returns noop for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) for request 74
Wed Apr  4 14:32:48 2007 : Debug:     rlm_realm: No '@' in User-Name = "testgeneral", looking up realm NULL
Wed Apr  4 14:32:48 2007 : Debug:     rlm_realm: No such realm "NULL"
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from suffix (rlm_realm) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "suffix" returns noop for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: EAP packet type response id 2 length 80
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "eap" returns updated for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling files (rlm_files) for request 74
Wed Apr  4 14:32:48 2007 : Debug:     users: Matched entry testgeneral at line 216
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from files (rlm_files) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "files" returns ok for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling etc_smbpasswd (rlm_passwd) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from etc_smbpasswd (rlm_passwd) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "etc_smbpasswd" returns notfound for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling pap (rlm_pap) for request 74
Wed Apr  4 14:32:48 2007 : Debug: rlm_pap: Found existing Auth-Type, not changing it.
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from pap (rlm_pap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "pap" returns noop for request 74
Wed Apr  4 14:32:48 2007 : Debug: modcall: leaving group authorize (returns updated) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   rad_check_password:  Found Auth-Type EAP
Wed Apr  4 14:32:48 2007 : Debug: auth: type "EAP"
Wed Apr  4 14:32:48 2007 : Debug:   Processing the authenticate section of radiusd.conf
Wed Apr  4 14:32:48 2007 : Debug: modcall: entering group authenticate for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: Request found, released from the list
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: EAP/peap
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: processing type peap
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_peap: Authenticate
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: processing TLS
Wed Apr  4 14:32:48 2007 : Debug: rlm_eap_tls:  Length Included
Wed Apr  4 14:32:48 2007 : Debug:   eaptls_verify returned 11 
Wed Apr  4 14:32:48 2007 : Debug:     (other): before/accept initialization 
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: before/accept initialization 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello  
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: SSLv3 read client hello A 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: SSLv3 write server hello A 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: >>> TLS 1.0 Handshake [length 038f], Certificate  
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: SSLv3 write certificate A 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: SSLv3 write server done A 
Wed Apr  4 14:32:48 2007 : Debug:     TLS_accept: SSLv3 flush data 
Wed Apr  4 14:32:48 2007 : Error:     TLS_accept:error in SSLv3 read client certificate A 
Wed Apr  4 14:32:48 2007 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
Wed Apr  4 14:32:48 2007 : Debug: In SSL Handshake Phase 
Wed Apr  4 14:32:48 2007 : Debug: In SSL Accept mode  
Wed Apr  4 14:32:48 2007 : Debug:   eaptls_process returned 13 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_peap: EAPTLS_HANDLED
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authenticate]: returned from eap (rlm_eap) for request 74
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authenticate]: module "eap" returns handled for request 74
Wed Apr  4 14:32:48 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 74
Sending Access-Challenge of id 0 to 10.1.5.26 port 2048
        EAP-Message = 0x010303f21900160301004a02000046030146139af0c3e704b47f4b6b436a8b07d916c60b21a951af6c2918a39cadca6aa22013971c62e79c9f9f6e232f6d035b7705438843f46c8e38f788750500db6621bf000400160301038f0b00038b00038800038530820381308202eaa003020102020900e8e427c494215d09300d06092a864886f70d0101050500308188310b30090603550406130244453110300e060355040813075361636873656e3110300e060355040713074472657364656e3110300e060355040a13074d50492d4342473111300f060355040b1308436f6d7075746572310f300d06035504031306736572766572311f301d06092a86
        EAP-Message = 0x4886f70d010901161061646d696e406d70692d6362672e6465301e170d3037303332343131313731395a170d3130303332333131313731395a308188310b30090603550406130244453110300e060355040813075361636873656e3110300e060355040713074472657364656e3110300e060355040a13074d50492d4342473111300f060355040b1308436f6d7075746572310f300d06035504031306736572766572311f301d06092a864886f70d010901161061646d696e406d70692d6362672e646530819f300d06092a864886f70d010101050003818d0030818902818100ac1158639bcdf711751f54bdf25c666d6f3a532967a7cba624a5167b
        EAP-Message = 0xfb5c89d5a3f9d86fe9a7a2b0899925a4373725bed9eb20d41f05019541ee096201bb57b8f01646ac62884f36d54ea32620a11c760e769ace49d8d7dc42b3ba35c6d410b2fddbc2d689536f66646e94f594b516cb5b312f96f562529bcd7015540fd2be7d0203010001a381f03081ed301d0603551d0e041604141acd4d6d72dc026df7d0a5e77ea636e2c9bcfd4f3081bd0603551d230481b53081b280141acd4d6d72dc026df7d0a5e77ea636e2c9bcfd4fa1818ea4818b308188310b30090603550406130244453110300e060355040813075361636873656e3110300e060355040713074472657364656e3110300e060355040a13074d50492d4342
        EAP-Message = 0x473111300f060355040b1308436f6d7075746572310f300d06035504031306736572766572311f301d06092a864886f70d010901161061646d696e406d70692d6362672e6465820900e8e427c494215d09300c0603551d13040530030101ff300d06092a864886f70d0101050500038181009e5e89fa8a5e26ce9710bfde499a2b36d412f5acff40b544eec4839a67b768e6a778a5b8d54c8ad8b3ec8f438e96e0740103cbdb3e64c751e722e2c3538dccac3a993b94824ba4e48ba40ebc5c7b37c5c6048616f3b10d7f3d4b23cd84cd1e3e4b318e75d4fcd637ee1b5f263cd4adb006a80f62639825f6fb1a284e254a89be16030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4e138cc588a831123b8c899c1e03c4fc
Wed Apr  4 14:32:48 2007 : Debug: Finished request 74
Wed Apr  4 14:32:48 2007 : Debug: Going to the next request
Wed Apr  4 14:32:48 2007 : Debug: rl_next:  returning NULL
Wed Apr  4 14:32:48 2007 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.1.5.26:2048, id=0, length=143
        User-Name = "testgeneral"
        NAS-IP-Address = 10.1.5.26
        Called-Station-Id = "0016014d9158"
        Calling-Station-Id = "0019e3034ceb"
        NAS-Identifier = "0016014d9158"
        NAS-Port = 36
        Framed-MTU = 1400
        State = 0x4e138cc588a831123b8c899c1e03c4fc
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020300061900
        Message-Authenticator = 0xf89ebcfef5ea8e2a15b9fc63884890df
Wed Apr  4 14:32:48 2007 : Debug:   Processing the authorize section of radiusd.conf
Wed Apr  4 14:32:48 2007 : Debug: modcall: entering group authorize for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling preprocess (rlm_preprocess) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "preprocess" returns ok for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling mschap (rlm_mschap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from mschap (rlm_mschap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "mschap" returns noop for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling suffix (rlm_realm) for request 75
Wed Apr  4 14:32:48 2007 : Debug:     rlm_realm: No '@' in User-Name = "testgeneral", looking up realm NULL
Wed Apr  4 14:32:48 2007 : Debug:     rlm_realm: No such realm "NULL"
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from suffix (rlm_realm) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "suffix" returns noop for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling eap (rlm_eap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: EAP packet type response id 3 length 6
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from eap (rlm_eap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "eap" returns updated for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling files (rlm_files) for request 75
Wed Apr  4 14:32:48 2007 : Debug:     users: Matched entry testgeneral at line 216
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from files (rlm_files) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "files" returns ok for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling etc_smbpasswd (rlm_passwd) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from etc_smbpasswd (rlm_passwd) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "etc_smbpasswd" returns notfound for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: calling pap (rlm_pap) for request 75
Wed Apr  4 14:32:48 2007 : Debug: rlm_pap: Found existing Auth-Type, not changing it.
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authorize]: returned from pap (rlm_pap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authorize]: module "pap" returns noop for request 75
Wed Apr  4 14:32:48 2007 : Debug: modcall: leaving group authorize (returns updated) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   rad_check_password:  Found Auth-Type EAP
Wed Apr  4 14:32:48 2007 : Debug: auth: type "EAP"
Wed Apr  4 14:32:48 2007 : Debug:   Processing the authenticate section of radiusd.conf
Wed Apr  4 14:32:48 2007 : Debug: modcall: entering group authenticate for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authenticate]: calling eap (rlm_eap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: Request found, released from the list
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: EAP/peap
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap: processing type peap
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_peap: Authenticate
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: processing TLS
Wed Apr  4 14:32:48 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_tls: ack handshake fragment handler
Wed Apr  4 14:32:48 2007 : Debug:   eaptls_verify returned 1 
Wed Apr  4 14:32:48 2007 : Debug:   eaptls_process returned 13 
Wed Apr  4 14:32:48 2007 : Debug:   rlm_eap_peap: EAPTLS_HANDLED
Wed Apr  4 14:32:48 2007 : Debug:   modsingle[authenticate]: returned from eap (rlm_eap) for request 75
Wed Apr  4 14:32:48 2007 : Debug:   modcall[authenticate]: module "eap" returns handled for request 75
Wed Apr  4 14:32:48 2007 : Debug: modcall: leaving group authenticate (returns handled) for request 75

 
==================================================

Benjamin K. Eshun




	

	
		
___________________________________________________________________________ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070404/bd9b12f0/attachment.html>


More information about the Freeradius-Users mailing list