Win XP with 802.1x PEAP (EAP-MSCHAP V2)
Marc Charbonneau
MCharbonneau at ottawaheart.ca
Wed Apr 25 17:22:32 CEST 2007
Gentlemen, I could use your help.
I have a number of wireless devices that use FreeRADIUS to authenticate back to eDirectory with success while using Cisco's supplicant. The Cisco ADU (Aironet Desktop Utility) is configured with 802.1x PEAP (EAP-MSCHAP V2). For various reasons, I really need to make it work with the Microsoft supplicant. The Cisco docs indicate that it is possible to disable the use of their ADU to configure the WLAN card and use the Microsoft Wireless Configuration Manager in Windows XP. I would like to keep the same 802.1x authentication type, PEAP (EAP-MSCHAP V2).
I have followed Cisco's detailed docs on this change of configuration and I am not getting any success. RADIUSD log is below.
I have spent too much time on this issue, can someone please point me in the right direction.
Thanks much,
Marc
*-----------------------------------------------------RADIUSD LOG*-----------------------------------------------------
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=222, length=184
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x0209000f01554f48492d3430363238
Message-Authenticator = 0x8881c69556fbec1f966ab6b8081d75ec
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
modcall[authorize]: module "preprocess" returns ok for request 38
modcall[authorize]: module "chap" returns noop for request 38
modcall[authorize]: module "mschap" returns noop for request 38
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 38
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 38
rlm_eap: EAP packet type response id 9 length 15
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 38
modcall: group authorize returns updated for request 38
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 38
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 38
modcall: group authenticate returns handled for request 38
Sending Access-Challenge of id 222 to 192.168.242.4:32768
EAP-Message = 0x010a00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4dda1f635e420966fc8dbbcc69dda607
Finished request 38
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=223, length=267
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x020a005019800000004616030100410100003d0301462f5a5fd08496fa6f73faf534b5d9dfc37bd2c6669a9574fa88e6335c8ad88a00001600040005000a000900640062000300060013001200630100
State = 0x4dda1f635e420966fc8dbbcc69dda607
Message-Authenticator = 0x9018d1e50a6f18bc6b57d69c25671a00
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 39
modcall[authorize]: module "preprocess" returns ok for request 39
modcall[authorize]: module "chap" returns noop for request 39
modcall[authorize]: module "mschap" returns noop for request 39
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 39
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 39
rlm_eap: EAP packet type response id 10 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 39
modcall: group authorize returns updated for request 39
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 39
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 098e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 39
modcall: group authenticate returns handled for request 39
Sending Access-Challenge of id 223 to 192.168.242.4:32768
EAP-Message = 0x010b040a19c0000009eb160301004a020000460301462eb1d736542a8a4df2f4f3a5844ef939143c291aee6778ea4f87a6236ebf88207d4d3e0a6f3cce6751337b109c3c125ed04ea100b962d594018546de179773b4000400160301098e0b00098a0009870004e5308204e1308203c9a003020102020102300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e
EAP-Message = 0x170d3036313031303137343732365a170d3037313031303137343732365a3081a6310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653120301e060355040313176f6869736c6573312e6f747461776168656172742e63613123302106092a864886f70d010901161461646d696e406f747461776168656172742e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100bd9e19cc9f7510ee7a3170729413a3724cdf9b4355
EAP-Message = 0x500a711649144df5caee883e099d4229e52a023ee71fbad5fa7c91cd8374529160801c6323e357e3a313610c4ed3266e7d305015f0686e4cab8e2839099d7a36f5412774232e115fdbbace6238601a88ec0eb12134da278895a504f479bfeee87aa2ac9c50a9e387ae89fdfb6b6b0dc01abe0ea4f77b2a3e606b60c9c6be6d8b688ab34989c93f27240c43ba7b4e0ae8f42ad6b179411de526fcafe7fc75f257fdb551ec16d23876010e4cb5c0ea83c37be6ddaca2c455ab7b89ded92786d7cd1cb4bcf851f78845a4bd923293b50c86d8ac54f316ac3cd9917aadc265881e2b5ae30a1220d0798d2944930203010001a382014b308201473009060355
EAP-Message = 0x1d1304023000303006096086480186f842010d04231621596153542047656e65726174656420536572766572204365727469666963617465301106096086480186f8420101040403020640300b0603551d0f040403020520301d0603551d0e0416041470bf34961e35fdf4aaf4dcaee9a7e137e2652ec030819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e73746974
EAP-Message = 0x7574653111300f060355040313086f6869736c657331
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0d45f794c16d885a70ce95b2f9482a78
Finished request 39
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=224, length=193
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x020b00061900
State = 0x0d45f794c16d885a70ce95b2f9482a78
Message-Authenticator = 0x52561bab2e8c9afa9b6d07292146a53b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
modcall[authorize]: module "preprocess" returns ok for request 40
modcall[authorize]: module "chap" returns noop for request 40
modcall[authorize]: module "mschap" returns noop for request 40
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 40
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 40
rlm_eap: EAP packet type response id 11 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 40
modcall: group authorize returns updated for request 40
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 40
modcall: group authenticate returns handled for request 40
Sending Access-Challenge of id 224 to 192.168.242.4:32768
EAP-Message = 0x010c04061940820100301f0603551d1104183016811461646d696e406f747461776168656172742e636130090603551d1204023000300d06092a864886f70d01010505000382010100b2eb4b296d4d38a8f0eca582b092107e24976a83c5b6068922d3348769521e0a4b57f3e843d50c851db4ad541f6342beea24a6467e73a53fae3be20573bf824b87ce49a1dc946dfc2ecb2579136eff8464c5d5f4266cc9dbde9ad6766007960ed23c7a47cd05ddea1bbfcf494af0af491e273729a6f52aa172d7e7ba09741280098d4ce25d2c951733bf9a56647a247040d11781025175e1da1cc5b546e8deb8c71bbc52e521e0b38006447eee72c4d6c31192b2
EAP-Message = 0x47b9ef622eb5c5162e8f13fb856bf31e447f2a3ca9f32b77eb99ab60fad53474c452a8749d06fcce810f7855c5340edeb4b5f77ce880e780565c0b60fd3d2f60ca91b2ba676191090fc7e5f400049c3082049830820380a003020102020100300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e170d3036313030323139313331335a170d3136303932393139
EAP-Message = 0x313331335a3072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733130820122300d06092a864886f70d01010105000382010f003082010a0282010100e050a5f7f6204276dce3df6c20ddc3cf195f382301b3c374408ce528cd5ef3d4931ccaa304b9105b09377d3cf3b3489665496581c1c2b4b95ae785fe925f203eb266ac65e1d9a463cde7f7befe5f843d5cff41b4cea891cf8918cfd0634d2806e31a4f
EAP-Message = 0x7b2d4e8dd26cae6b4ba5418df21a65073208af5afe60ff565d0616a37493a1cfc94899ccd85fed161653736d0addd1a4e267112f08f81506243ab63f9700a5529e22967dac11a2b8ffa1f3239f784ecc5299d8c31d6d159386aceb39b32f29d6cb784249f234baab3b1845e418bd2df18b71f801d80787f17fddfed27494885eda51d2c05e29a5ad33330920cdd040d13e2c54c432d29667a3ef2f9c4d0203010001a382013730820133300f0603551d130101ff040530030101ff302c06096086480186f842010d041f161d596153542047656e657261746564204341204365727469666963617465301106096086480186f842010104040302010630
EAP-Message = 0x0b0603551d0f040403020106301d0603551d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa69c23be214cea213ab71772ec162e3e
Finished request 40
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=225, length=193
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x020c00061900
State = 0xa69c23be214cea213ab71772ec162e3e
Message-Authenticator = 0xaa8de108a0eecfcde92e4c62ed858be4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
modcall[authorize]: module "preprocess" returns ok for request 41
modcall[authorize]: module "chap" returns noop for request 41
modcall[authorize]: module "mschap" returns noop for request 41
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 41
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 41
rlm_eap: EAP packet type response id 12 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 41
modcall: group authorize returns updated for request 41
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 41
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 41
modcall: group authenticate returns handled for request 41
Sending Access-Challenge of id 225 to 192.168.242.4:32768
EAP-Message = 0x010d01f119000e041604144998ca048e04b60db2fb700a2b3716b300fcb77930819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733182010030090603551d110402300030090603551d1204023000300d06092a864886f70d010105050003820101009a6086c121e9b175d4b9c5e9406243685a58250199
EAP-Message = 0x513347d581ba358ed6c64ac14e2782da6d6e9b40df6221c2d25e1eb785004c49bb4bb8c8889c417db67e00082324108726a295dd3121c67ddd83d7453726ce22abd2887e7ab93f829566a259347004b581a21e96db42ee57c3f29ede27882370daf38a45c331dd3c7f37a3d8c3740dd5e3ff107bd9b50dd2a9c3f18b550962f9ce5d4dda747c13b135a888f7db26648c436102b4393b7ec907d1cfaa04fac70f244c677442ea413bddd490cf144e38604f9bacbe91b9b7eb23ecf768048d71d23976d9899db5267d4f6f0ea00897c1642c3a4f70d8e21f2f04285554faa174ce6971cc6986e7c87f56ce2016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x66033bb93efe19bc2d9927ae35020a1c
Finished request 41
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=226, length=509
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x020d0140198000000136160301010610000102010086e0f9ad658ba724bdd476c7d85b8546179334b45eb22fbbdd454326aa5ac1d00e73314dd9f1d1062acb9cb6a7a52017d219aed52f301eecdd6cc9ecaa430687a8506d5133313796465869536c861713fc98b50c7e4fc4e2e049bae00a01c919f33a9992fdb17c6c01efcb6ecb9fdfa076a46cc353164b53da2794ed7629cfc550488076a11513bdb0ce38361b61159bf5c62a93c6f322ff0d7f10c11b42c76be143fa2d7ce697b917df9948758e41f0fde6fefc636a5174b0f7fed1133e911cad334551be4fed1a9e8a2ea891d53f2bb5480c36ab18f17e454edb9b363dca569106885aefc2f07b
EAP-Message = 0x54693c4cc6fc46d497033ae13a2bd4232717955983f96bab1403010001011603010020855695767ea53d5e8315327a5db64cf94eecbd1e8dc21c668149e5249ab54709
State = 0x66033bb93efe19bc2d9927ae35020a1c
Message-Authenticator = 0x780254fe75985fe63ca23fedb0cb7bbb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 42
modcall[authorize]: module "preprocess" returns ok for request 42
modcall[authorize]: module "chap" returns noop for request 42
modcall[authorize]: module "mschap" returns noop for request 42
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 42
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 42
rlm_eap: EAP packet type response id 13 length 253
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 42
modcall: group authorize returns updated for request 42
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 42
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 42
modcall: group authenticate returns handled for request 42
Sending Access-Challenge of id 226 to 192.168.242.4:32768
EAP-Message = 0x010e0031190014030100010116030100204c6f7e2f074eaf9fff787a15e29a6d0d4cca30295d1d5f9fde2ca041aa17f6b6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b3a5e790f37b4700e491742dbc7cf95
Finished request 42
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220
User-Name = "UOHI-40628"
Calling-Station-Id = "00-40-96-B1-43-BB"
Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"
NAS-Port = 1
NAS-IP-Address = 192.168.242.4
NAS-Identifier = "UOHIWLAN2"
Vendor-14179-Attr-1 = 0x00000002
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "23"
EAP-Message = 0x020e00211980000000171503010012aab9a07fd9c55ae9bc2a0bd0e1128b5157f7
State = 0x7b3a5e790f37b4700e491742dbc7cf95
Message-Authenticator = 0xa502333e39b077923bc35b03b4aaec26
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 43
modcall[authorize]: module "preprocess" returns ok for request 43
modcall[authorize]: module "chap" returns noop for request 43
modcall[authorize]: module "mschap" returns noop for request 43
rlm_realm: No '@' in User-Name = "UOHI-40628", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 43
rlm_ldap: - authorize
rlm_ldap: performing user authorization for UOHI-40628
radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'
radius_xlat: 'o=OHICO'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))
rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess
rlm_ldap: Added the eDirectory password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user UOHI-40628 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 43
rlm_eap: EAP packet type response id 14 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 43
modcall: group authorize returns updated for request 43
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 43
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied
TLS Alert read:fatal:access denied
rlm_eap_peap: No data inside of the tunnel.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 43
modcall: group authenticate returns invalid for request 43
auth: Failed to validate the user.
Processing the post-auth section of radiusd.conf
modcall: entering group Post-Auth-Type for request 43
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: eDirectory account policy check failed.
rlm_ldap: NDS error: failed authentication (-669)
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[post-auth]: module "ldap" returns reject for request 43
modcall: group Post-Auth-Type returns reject for request 43
Delaying request 43 for 1 seconds
Finished request 43
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220
Sending Access-Reject of id 227 to 192.168.242.4:32768
EAP-Message = 0x040e0004
Message-Authenticator = 0x00000000000000000000000000000000
Reply-Message = "NDS error: failed authentication (-669)"
--- Walking the entire request list ---
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 38 ID 222 with timestamp 462eb1d7
Cleaning up request 39 ID 223 with timestamp 462eb1d7
Cleaning up request 40 ID 224 with timestamp 462eb1d7
Cleaning up request 41 ID 225 with timestamp 462eb1d7
Cleaning up request 42 ID 226 with timestamp 462eb1d7
Cleaning up request 43 ID 227 with timestamp 462eb1d7
Nothing to do. Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070425/95c83433/attachment.html>
More information about the Freeradius-Users
mailing list