Authentication failed
Carlos Jimenez Barranco
cjimenez at impala-net.com
Thu Jul 12 12:52:43 CEST 2007
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
Yes, it is PEAP.
Here is the debug:
rad_recv: Access-Request packet from host 172.24.230.15:1274, id=118, length=156
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xa4cad15c8a6ff988359776097d2a2648
EAP-Message = 0x020300061900
Message-Authenticator = 0xa0283d9445bd1fa36df5a7db7f704288
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 118 to 172.24.230.15:1274
EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1275, id=119, length=342
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x6e6c51314b76a2f62a5cecc3f9619a3d
EAP-Message = 0x020400c01980000000b61603010086100000820080a0a1d79a3221244464cdb897cba12e9da17d5f26c74ae6b70c264ce4c2ac4355a89bbac6ee9793b052693711d886e1311034beba4a23c797b613a8fcb968f3afd7ca11fb373739b0662074329aa35ad3683a4ef77f7e9cd96fe78bfd22cf6ea07ce28843c3e8173ded0a2f70ac6dc51d05e005fdc3ac1c743027fd37b5f91a4d1403010001011603010020efa33aa831080bbfb9545494e02f849d0e496c2cb8f3fe125308b14d8e401b2a
Message-Authenticator = 0xe35ea6d9060bf395da7a6fee6be9c1d6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 119 to 172.24.230.15:1275
EAP-Message = 0x01050031190014030100010116030100206fafa47a1c95be075428fe823b87526554684724ce47683c27a62f8a0614e943
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x884de7e54567f992c4295f91e9232494
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1276, id=120, length=156
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x884de7e54567f992c4295f91e9232494
EAP-Message = 0x020500061900
Message-Authenticator = 0x41823b1c88e1cdc292ffa3caf2d66b6e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 120 to 172.24.230.15:1276
EAP-Message = 0x0106002019001703010015697889c7a3599228e4a5d3eec7d2068f4926c57948
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb63de12e95ed9591476c6ed8dc8755ee
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1277, id=121, length=202
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xb63de12e95ed9591476c6ed8dc8755ee
EAP-Message = 0x02060034190017030100291828ef9227d584cacec539c489ae909a31b5b76d0b675483f109612f3a86cd3c82fd1cd04278507580
Message-Authenticator = 0x5ae6eb660582fb81597d313ffe02be24
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 6 length 52
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - host/PC-BARCMM2.it.local
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
PEAP: Got tunneled identity of host/PC-BARCMM2.it.local
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/PC-BARCMM2.it.local
PEAP: Sending tunneled request
EAP-Message = 0x0206001d01686f73742f50432d424152434d4d322e69742e6c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/PC-BARCMM2.it.local"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 6 length 29
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xef700e94932965fd864f8ee94ca84821
PEAP: Processing from tunneled session code 0x90fbdd8 11
EAP-Message = 0x010700321a0107002d1093a4c5f0bb0b1a2196b39884f2757dd6686f73742f50432d424152434d4d322e69742e6c6f63616c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xef700e94932965fd864f8ee94ca84821
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 121 to 172.24.230.15:1277
EAP-Message = 0x010700491900170301003e49c5bfa64167d421185b0b70ccaad9608da5c1866e2f4fa6ca6c39c326687062a77abb04a0454dacd4be809b90f4e724d6dc46d781e2275de386b7f1b00a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x71800117cdd97753f7c575cc34f0010c
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1278, id=122, length=256
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0x71800117cdd97753f7c575cc34f0010c
EAP-Message = 0x0207006a1900170301005f99131f0772aca0d9208d07a82eb0fa63e07c04a39095210d87ed1a490f0b0c555d42fbaf207a7612f2196ba78a506bcc4d6a3304f1be833b7a4b01586d277621e05ba4962f0611c9cdd9018ec57a2437bfbb6ce22afd4b153ed0e4349e7021
Message-Authenticator = 0x0d289cd236d1717c81b54462ef49e2fe
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 7 length 106
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
PEAP: Setting User-Name to host/PC-BARCMM2.it.local
PEAP: Adding old state with ef 70
PEAP: Sending tunneled request
EAP-Message = 0x020700531a0207004e31496f64a7358ab1dbfc78e62ef93398c000000000000000004a4f13cf5caf2d610532b70b0084f43d5cbc84377bf4b43400686f73742f50432d424152434d4d322e69742e6c6f63616c
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/PC-BARCMM2.it.local"
State = 0xef700e94932965fd864f8ee94ca84821
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 7 length 83
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 8
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/PC-BARCMM2.it.local with NT-Password
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key '
Exec-Program: /usr/bin/ntlm_auth --request-nt-key
username must be specified!
Usage: [OPTION...]
--helper-protocol=helper protocol to use operate as a stdio-based helper
--username=STRING username
--domain=STRING domain name
--workstation=STRING workstation
--challenge=STRING challenge (HEX encoded)
--lm-response=STRING LM Response to the challenge
(HEX encoded)
--nt-response=STRING NT or NTLMv2 Response to the
challenge (HEX encoded)
--password=STRING User's plaintext password
--request-lm-key Retreive LM session key
--request-nt-key Retreive User (NT) session key
--diagnostics Perform diagnostics on the
authentictaion chain
--require-membership-of=STRING Require that a user be a member
of this group (either name or
SID) for authentication to
succeed
Help options
-?, --help Show this help message
--usage Display brief usage message
Common samba options:
-d, --debuglevel=DEBUGLEVEL Set debug level
-s, --configfile=CONFIGFILE Use alternative configuration
file
-l, --log-basename=LOGFILEBASE Basename for log/debug files
-V, --version Print version
Exec-Program output:
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 8
modcall: group Auth-Type returns reject for request 8
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 8
modcall: group authenticate returns reject for request 8
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client localhost port 0)
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x90d8c60 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 122 to 172.24.230.15:1278
EAP-Message = 0x010800261900170301001bc5c79a1b5d0753da26040c3590de04ab498dd1cf2b311c0d04db48
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe8f4e90b18573d9b55ac51a21f446398
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.24.230.15:1279, id=123, length=188
NAS-IP-Address = 172.24.230.15
NAS-Port-Type = Wireless-802.11
NAS-Port = 1
Framed-MTU = 1400
User-Name = "host/PC-BARCMM2.it.local"
Calling-Station-Id = "000e359071d6"
Called-Station-Id = "001188a187a0"
NAS-Identifier = "RoamAbout AP"
State = 0xe8f4e90b18573d9b55ac51a21f446398
EAP-Message = 0x020800261900170301001b9a969d66050e592940d2585b980c25ffe386404b86973332efe093
Message-Authenticator = 0xfa5a126c3667224edf78d15a852fa80e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "host/PC-BARCMM2.it.local", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Login incorrect: [host/PC-BARCMM2.it.local/<no User-Password attribute>] (from client 172.24.230.15 port 1 cli 000e359071d6)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 123 to 172.24.230.15:1279
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 116 with timestamp 4695fe85
Cleaning up request 3 ID 117 with timestamp 4695fe85
Cleaning up request 4 ID 118 with timestamp 4695fe85
Cleaning up request 5 ID 119 with timestamp 4695fe85
Cleaning up request 6 ID 120 with timestamp 4695fe85
Cleaning up request 7 ID 121 with timestamp 4695fe85
Cleaning up request 8 ID 122 with timestamp 4695fe85
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 123 with timestamp 4695fe86
Nothing to do. Sleeping until we see a request.
Thank you, Ivan
Carlos Jimenez Barranco
- Área de Postventa
Telf. +34 933034139
www.impala-net.com
Sistemas de Comunicaciones Corporativas
-----Mensaje original-----
De: freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.or [mailto:freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.or] En nombre de tnt at kalik.co.yu
Enviado el: jueves, 12 de julio de 2007 12:41
Para: FreeRadius users mailing list
Asunto: RE: Authentication failed
***********************
Mensaje examinado por el antivirus perimetral de Impala Network Solutions
***********-***********
What EAP method are you using? PEAP? Can you post the radiusd -X output.
Ivan Kalik
Kalik Informatika ISP
Dana 12/7/2007, "Carlos Jimenez Barranco" <cjimenez at impala-net.com>
piše:
>
>***********************
>Mensaje examinado por el antivirus perimetral de Impala Network Solutions
>***********-***********
>
>
>Hello, Stefan:
>
>As you told us, the supplicant was sending an empty username. We had to introduce manually the username and password because wireless card was not taking correctly domain login values and using an empty value.
>The most recent log is:
>
>Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client localhost port 0) Thu Jul 12 11:03:38 2007 : Auth: Login incorrect: [barcmm2/<no User-Password attribute>] (from client 172..24.230.15 port 1 cli 00118865b6e5)
>
>
>Thank you,
>
>Carlos Jimenez Barranco
>- Área de Postventa
> Telf. +34 933034139
>
>
>www.impala-net.com
>
>Sistemas de Comunicaciones Corporativas
>
>
>
>
>
>-----Mensaje original-----
>De: freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org [mailto:freeradius-users-bounces+cjimenez=impala-net.com at lists.freeradius.org] En nombre de Stefan Winter
>Enviado el: jueves, 12 de julio de 2007 10:51
>Para: FreeRadius users mailing list
>Asunto: Re: Authentication failed
>
>Hi,
>
>> About the supplicant, we are using just Windows XP. We have tried with
>> several wireless card (enterasys one, integrated Intel Centrino
>> 2200b/g...). I have may not understood the supplicant meaning, tell me
>> then, please. I thought it could be a problem related to the way the
>> freeradius deals credentials (i. e. MSCHAP, with_ntdomain_hack value...).
>
>FreeRADIUS can't do *anything* if it doesn't know who to authenticate. Your
>NAS is sending an *empty* username. As far as I can tell, your problem does
>not lie on the server side, but on the client side.
>
>Stefan
>
>--
>Stefan WINTER
>
>Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
>la Recherche
>Ingenieur Forschung & Entwicklung
>
>6, rue Richard Coudenhove-Kalergi
>L-1359 Luxembourg
>E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
>http://www.restena.lu Fax: +352 422473
>
>
>___________________________________________________________________________
>
>Este mensaje se dirije exclusivamente a su destinatario y puede contener
>información privilegiada o confidencial de Impala Network Solutions S.L.
>Si no es vd. el destinatario indicado, queda notificado de que la utilización,
>divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
>Si ha recibido este mensaje por error, le rogamos nos lo comunique
>inmediatamente por esta misma via y proceda a su destrucción.
>
>
>This message is intended exclusively for its addressee and may contain
>information that is CONFIDENTIAL and protected by professional privilege.
>If you are not the intended recipient you are hereby notified that any
>dissemination, copy or disclosure of this communication is strictly
>prohibited by law. If this message has been received in error, please
>immediately notify us via e-mail and delete it.
>___________________________________________________________________________
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
___________________________________________________________________________
Este mensaje se dirije exclusivamente a su destinatario y puede contener
información privilegiada o confidencial de Impala Network Solutions S.L.
Si no es vd. el destinatario indicado, queda notificado de que la utilización,
divulgación y/o copia sin autorización está prohibida en virtud de la legislación vigente.
Si ha recibido este mensaje por error, le rogamos nos lo comunique
inmediatamente por esta misma via y proceda a su destrucción.
This message is intended exclusively for its addressee and may contain
information that is CONFIDENTIAL and protected by professional privilege.
If you are not the intended recipient you are hereby notified that any
dissemination, copy or disclosure of this communication is strictly
prohibited by law. If this message has been received in error, please
immediately notify us via e-mail and delete it.
___________________________________________________________________________
More information about the Freeradius-Users
mailing list