Freeradius Authentication to Actice Directory
John Wan
J.Wan at mbs.edu
Fri Feb 23 01:17:11 CET 2007
Hi Sanni,
Do you use Chillispots for the login screen or use other method.
Thanks for your information.
Regards
John
-----Original Message-----
From: freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+j.wan=mbs.edu at lists.freeradius.org] On
Behalf Of sanni
Sent: Friday, 23 February 2007 1:47 AM
To: freeradius-users at lists.freeradius.org
Subject: Freeradius Authentication to Actice Directory
I configured a freeradius server which should authenticate users on a
Windows
2003 Active Directory server.
Here are my configs:
http://sanni.org/stuff/radius/clients.conf
http://sanni.org/stuff/radius/eap.conf
http://sanni.org/stuff/radius/radiusd.conf
http://sanni.org/stuff/radius/users
The Clients are Windows XP SP2 with WPA2 Patch.
If i try to authenticate with a Dell Laptop and its integratet wlan card
it works fine (log: http://sanni.org/stuff/radius/works.txt).
But if i try to logon on with a PC, which has a USB wlan card
(http://www.avm.de/de/Produkte/FRITZBox/FRITZ_WLAN_USB_Stick/index.html)
i get "Exec-Program output: Logon failure (0xc000006d)". Settings are
the same. And the USB stick works in the Laptop also.
I seems that the freeradius works correct with laptops, but why doesn't
it work with normal PCs.
Here is the full debug, of a try with a normal PC:
root at lmtsu001:/var/log/radius# radiusd -X Starting - reading
configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = ""
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /lib
Module: Loaded PAP
pap: encryption_scheme = "md5"
pap: auto_header = no
Module: Instantiated pap (pap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/lmtsu001.pem"
tls: certificate_file = "/etc/raddb/certs/lmtsu001.pem"
tls: CA_file = "/etc/raddb/certs/LiebherrRootCA.pem"
tls: private_key_password = "secret"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=20,
length=192
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message = 0x02020013014c4d5457324b5c6c6d7465647630
Message-Authenticator = 0xdddd1f4219da4e9ab9795e715ae0852d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
modcall[authorize]: module "files" returns notfound for request 0
rlm_eap: EAP packet type response id 2 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 20 to 10.5.253.161 port 32768
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa95f7b6453528d1cff0d066b3104a7f6
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=21,
length=271
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message =
0x0203005019800000004616030100410100003d030145dd994586ca939faaaeaba54545
809612b1e8f0a0ca8e00c8630a29d87109c900001600040005000a000900640062000300
060013001200630100
State = 0xa95f7b6453528d1cff0d066b3104a7f6
Message-Authenticator = 0x19fbf8bedb7f072096c22e5a04418ac1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
modcall[authorize]: module "files" returns notfound for request 1
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0474], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 21 to 10.5.253.161 port 32768
EAP-Message =
0x0104040a19c0000004d1160301004a02000046030145dd993e78c0527b162d5f7e38ec
c295064684576f281936e17393ec79554b9420a92ab4e0e944eb0f2c7e1f42a712fcf909
9fae74a95aa19e9725c037390cfe8500040016030104740b00047000046d00046a308204
663082034ea003020102020a44445dec0001000008bb300d06092a864886f70d01010505
003054310b30090603550406130244453111300f060355040a13084c6965626865727231
11300f060355040b13085a4544562d4f5247311f301d060355040313164c696562686572
72456e746572707269736543413031301e170d3037303132353134353733395a170d3130
3031
EAP-Message =
0x32343134353733395a3081b4310b3009060355040613024445311b3019060355040813
12426164656e20577565727474656d626572673119301706035504071310426164205363
68757373656e726965643111300f060355040a13084c69656268657272310c300a060355
040b13034c4d543120301e060355040313176c6d7473753030312e6c6d742e6c69656268
6572722e69312a302806092a864886f70d010901161b6d69636861656c2e64657765696e
406c696562686572722e636f6d30819f300d06092a864886f70d010101050003818d0030
818902818100b369494643464bc0605937bc85aec08540102c9cf5ae605ec1855ff2ed63
5dbf
EAP-Message =
0x3c64d3242c426067843f1d6555523c5d0e2697dab98a86852477ec576ec552e36da7cd
f78812851ba984b352ea4b88c7b7c9d323fe4d10b8406cdc40b69110ace0ef94431baa7f
ecb716dccdaa298ca31bcc05933b9357a5813a2afca1522c250203010001a382015b3082
0157300b0603551d0f0404030205a0301d0603551d0e0416041483d2835d90edabd05298
74fbae5d7a534e20c5a7303b06092b0601040182371507042e302c06242b060104018237
150885b9b113e8be6587d99111e0d81382c1ba07817081d1953f9daa2402016402010630
1f0603551d230418301680145d8e0e61cd050d159d72d205abd7775fb09cbac430460603
551d
EAP-Message =
0x1f043f303d303ba039a0378635687474703a2f2f6470312e6c696562686572722e636f
6d2f4c69656268657272456e7465727072697365434130312831292e63726c305106082b
0601050507010104453043304106082b060105050730028635687474703a2f2f6470312e
6c696562686572722e636f6d2f4c69656268657272456e74657270726973654341303128
31292e63727430130603551d25040c300a06082b06010505070301301b06092b06010401
8237150a040e300c300a06082b06010505070301300d06092a864886f70d010105050003
8201010014e9db390f59b52bc62469fe2013c9ce9ade4435a91add0cbdb98142d2926838
3af4
EAP-Message = 0xf6307c4d76f61ad1a2b57f53c38f870bded3021a9f1d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4afc67a3e8014fee131055371aa38023
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=22,
length=197
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message = 0x020400061900
State = 0x4afc67a3e8014fee131055371aa38023
Message-Authenticator = 0x299c938225edf0c465675cbec851f3d1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
modcall[authorize]: module "files" returns notfound for request 2
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 22 to 10.5.253.161 port 32768
EAP-Message =
0x010500d719004e8f1edcca934c54c42f6f512d7d25b9ef39fe2c6e15c74264b2734400
b8aa05d51c9607fd98008e50cb6c5daa5630305585d45185dd6bea73fb29de949e8a3614
52043724878b2d5112db973dcbd6b4fabbd77086c4320d49a4bbc671e09e032bf32127ad
0f76c6543883cc11336e07ad341ac8e5bce9a941e3cb8f85d80de4e34b53dc7774d176be
2616193cec8121c1c195f88ea1513e8589e8675fcb20809566ff30fa456a00a9f066a81b
dc848c2140ec6e5589a7da0d1ec84ceb28a3e2ca8851cede63bbb716030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x530b2dba728bbaa88434d2d0792a4a28
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=23,
length=383
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message =
0x020500c01980000000b616030100861000008200803fff72d54b14ed9df96aeb3fe680
43f44992f3ebddf67c1b42a23376810cb99c04c51e873ec6305fa2ca19774ce4992c8679
2b7187d6acb390335e4e56ae11967f63353c641d15ee982e9795e859d787140055b6993c
41f5ea8da9b58149cd78f94d6cbbf43c2ef9163274e3723455b5cca3e050dae91f647f2d
a364b0b2e322140301000101160301002070573150efbe715780423828c05b5fb3a1bf18
338ab44785fddcc5593af59157
State = 0x530b2dba728bbaa88434d2d0792a4a28
Message-Authenticator = 0xd94e80495369db6b588447a6e209e185
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
modcall[authorize]: module "files" returns notfound for request 3
rlm_eap: EAP packet type response id 5 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 23 to 10.5.253.161 port 32768
EAP-Message =
0x0106003119001403010001011603010020371c7467b748a133b50fd00510553f3bb3b2
454509afc6b0c0f78d5d52dbd8b3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfa3d7a965dd0ad213b7e4b58554e38dc
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=24,
length=197
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message = 0x020600061900
State = 0xfa3d7a965dd0ad213b7e4b58554e38dc
Message-Authenticator = 0xcd43325aa4181859a93c812343af9008
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
modcall[authorize]: module "files" returns notfound for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 24 to 10.5.253.161 port 32768
EAP-Message =
0x010700201900170301001591a2d21ce9953bc2b489072a8be60b8fb76e64d61c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x239b7587e5d69633313552d097ccd5ce
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=25,
length=233
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message =
0x0207002a1900170301001fd67e5d53095da3e44b5bae83c9b5c86e8a74d67efc0aaffd
881709822ab76e
State = 0x239b7587e5d69633313552d097ccd5ce
Message-Authenticator = 0xf555dcfbbd229d838e3680f49290f0a4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
modcall[authorize]: module "files" returns notfound for request 5
rlm_eap: EAP packet type response id 7 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - LMTW2K\lmtedv0
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of LMTW2K\lmtedv0
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to LMTW2K\lmtedv0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
modcall[authorize]: module "files" returns notfound for request 5
rlm_eap: EAP packet type response id 7 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 25 to 10.5.253.161 port 32768
EAP-Message =
0x0108003f190017030100344db8a99be139eaac9dd7ebd5f85642c00726a56913fd781c
51c94645fadef1cf3aae988f035e7624bb08f338b4f2ee27085e83a4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd89568e532d25257fb891e6d0cc2a2dd
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=26,
length=287
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message =
0x020800601900170301005536511a892ca59ce94a2a971136f8ff49a3ee3b0992110977
ef18cb3c7064117b3c0a316b26fe6d508e0551811c491cbdfa33b9717a471c7827861818
92662ee41a462d130ddc4f59f0c9bccf8c93daf3d3dc7de764
State = 0xd89568e532d25257fb891e6d0cc2a2dd
Message-Authenticator = 0x154cd4e6319551e54988fd8aa494aa4d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
modcall[authorize]: module "files" returns notfound for request 6
rlm_eap: EAP packet type response id 8 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to LMTW2K\lmtedv0
PEAP: Adding old state with fc 10
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
modcall[authorize]: module "files" returns notfound for request 6
rlm_eap: EAP packet type response id 8 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for lmtedv0 with NT-Password
radius_xlat: Running registered xlat function of module mschap for
string 'User-Name'
radius_xlat: '--username=lmtedv0'
radius_xlat: Running registered xlat function of module mschap for
string 'Challenge'
mschap2: fc
radius_xlat: '--challenge=0db1cf76e0c965cb'
radius_xlat: Running registered xlat function of module mschap for
string 'NT-Response'
radius_xlat:
'--nt-response=12a9fde094819f06320066f1e7dfe14a3592948c31aee8bd'
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: leaving group MS-CHAP (returns reject) for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: leaving group authenticate (returns reject) for request 6
auth: Failed to validate the user.
Login incorrect (rlm_mschap: Logon failure (0xc000006d)):
[LMTW2K\\lmtedv0] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 26 to 10.5.253.161 port 32768
EAP-Message =
0x010900261900170301001b2939686bcf3fef828e50293342fcbfa3dabbb7981f84c2d2
0af334
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x543585135e55b58d928a2a90b9f60379
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.5.253.161:32768, id=27,
length=229
User-Name = "LMTW2K\\lmtedv0"
Calling-Station-Id = "00-04-0E-FC-54-BA"
Called-Station-Id = "00-19-A9-FD-9E-A0:DATA"
NAS-Port = 29
NAS-IP-Address = 10.5.253.161
NAS-Identifier = "Cisco_71:72:27"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
EAP-Message =
0x020900261900170301001bdb86f77b75f354a83e03cdef1366f87ebbd85c6a045e8f83
5d742d
State = 0x543585135e55b58d928a2a90b9f60379
Message-Authenticator = 0x18b6efd956617405afa59369cf816869
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
modcall[authorize]: module "files" returns notfound for request 7
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected
earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
Login incorrect: [LMTW2K\\lmtedv0] (from client lmt-wc01 port 29 cli
00-04-0E-FC-54-BA)
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
--
View this message in context:
http://www.nabble.com/Freeradius-Authentication-to-Actice-Directory-tf32
73167.html#a9101194
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
_______________________________________________________________________________
Notice from Melbourne Business School Ltd
The information contained in this e-mail is confidential, and is intended for
the named person's use only. It may contain proprietary or legally privileged
information. If you have received this email in error, please notify the
sender and delete it immediately. You must not, directly or indirectly, use,
disclose, distribute, print, or copy any part of this message if you are not
the intended recipient
Internet communications are not secure. You should scan this message and any
attachments for viruses. Melbourne Business School does not accept any
liability for loss or damage which may result from receipt of this message or
any attachments.
______________________________________________________________________________
More information about the Freeradius-Users
mailing list