Mac PEAP authentication with FreeRADIUS Pre2.0

King, Michael MKing at bridgew.edu
Thu Feb 1 22:21:11 CET 2007 

> -----Original Message-----
> 
> When I try a Mac (PowerMac 10.4.8, but have tried also on 10.3.x), it
> seems to not work.  The Mac throws an error "802.1x Authentication has
> failed."

After more testing, and staring at the debug's, it seems this is where
the break-down is, the MAC isn't answering the tunneled-Access
Challenge.  Least, this is what I'm thinking. (This is a different
debug)

modcall:  entering group authenticate for request 23
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall:  entering group MS-CHAP for request 23
  rlm_mschap: No Cleartext-Password configured.  Cannot create
LM-Password.
  rlm_mschap: No Cleartext-Password configured.  Cannot create
NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat:  '--username=mking'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
 mschap2: 94
radius_xlat:  '--challenge=4ebfbb2c2373c4c9'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:
'--nt-response=a53b88d2b14aead7f697498aa066c2d02e79c3d0a6e84427'
Exec-Program output: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B
Exec-Program-Wait: plaintext: NT_KEY: 1BA2159EDC0597637BA8848B83AA9B2B
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 23
modcall: group MS-CHAP returns ok for request 23
MSCHAP Success
  modcall[authenticate]: module "eap" returns handled for request 23
modcall: group authenticate returns handled for request 23
  PEAP: Got tunneled reply RADIUS code 11
        MS-CHAP2-Success =
0x0d533d6533366237333831626238393964326130666133656535646333383130363161
6663303239326336
        EAP-Message =
0x010e00331a030d002e533d653336623733383162623839396432613066613365653564
63333831303631616663303239326336
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xfd5c09024628badca09e5ae9eec682e7
  PEAP: Processing from tunneled session code 0x81c1788 11
        MS-CHAP2-Success =
0x0d533d6533366237333831626238393964326130666133656535646333383130363161
6663303239326336
        EAP-Message =
0x010e00331a030d002e533d653336623733383162623839396432613066613365653564
63333831303631616663303239326336
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xfd5c09024628badca09e5ae9eec682e7
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 23
modcall: group authenticate returns handled for request 23
Sending Access-Challenge of id 4 to 10.0.1.22 port 32769
        EAP-Message =
0x010e005b1900170301005075b366b0bc3665ce9cc4c3bb5d4907020fce14dcf06c5ffb
cdc725c126803bd0de38918995021346758fc00ed823cc7b13be5d69ed780a80ac04bfcb
9cb85dee2ab382e8b88b3a7b7cdccfc227583867
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xf3f735fa7f444b2ef47757092fcbef29
Finished request 23
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 253 with timestamp 45c257be
Cleaning up request 20 ID 1 with timestamp 45c257be
Cleaning up request 22 ID 3 with timestamp 45c257be

More information about the Freeradius-Users mailing list