freeRADIUS with PEAP doesn't authenticate WinXp supplicant
Apangshu Saha
apangshu at gmail.com
Tue Jun 12 09:17:49 CEST 2007
Dear All,
I am using winxp as supplicant and configured every possible configuration
files of freeRADIUS to support PEAP.
But still the log file in server shows like following: and the client
doesnot authenticated.
whatshould i do in Winxp supplicant....at the time of connection it shows to
enter Username/Password/Logon Domain......what is that Logon Domain?
What should i enter here?what configuration setting i should make in
xpsupplicant?
plz see the following log file and help me what should i do?
/
/************log file**************************8
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=214
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0xd316349afcfe1dc084768fa39e502497
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201005019800000004616030100410100003d0301466ef55151e34499d4e0e15c72bb20474e547f6ca8156439c527ad5ac76c0a0700001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xf71f7a4777cdd86d08877ab3de3ec762
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 05f6], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
EAP-Message =
0x0102040a19c000000653160301004a020000460301466e470fa9c7109a172aed739dfa7cc7f5a64a8e4281076ebcc58c4a7676bee920a8c128e283cab0f2a26570674f1984771c0818971f23474e5db5a2bf5c77392100040016030105f60b0005f20005ef00028930820285308201eea003020102020102300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b74
EAP-Message =
0x6140636461632e696e301e170d3037303532393035303635315a170d3038303532383035303635315a307b310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450554e45310d300b060355040a130443444143310d300b060355040b13044e495347310f300d060355040313065052414a414b311f301d06092a864886f70d01090116105072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100c4682bbf78964108c4b94d5976695394751375febb82827ad98069865b6e8e8d5d151e4c22cb8b1b96d300972bc5b2905316b1b485d54c060eb3
EAP-Message =
0x19fe4f7248c37e493aa7a0459f6e8f6c50400f4e22e3bdd804ed998e9f9bfeab26e7d2c2ae2f99c7453670daf7cea13f891febc690c9be4ada506eba501d31fa49daf7fa8b130203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100159024193168e51423e2d73826a6e2bb07937a3de03bd4fe61eef65a0c00b6e0da6d08e51ae89f8bc12b312e29306466e53caae1f4ef4cb1cb0174c250621b520a265296de3c53df587a3a3c3f922b6949a95fbda7d149503d53361270cbb4043fcdb99a44011b1042efe168c70fd493123fb3a6f997671ef304f287cbc842ab000360308203
EAP-Message =
0x5c308202c5a0030201020209009271838f2a65231f300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e301e170d3037303532393035303530385a170d3039303532383035303530385a307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a13044344
EAP-Message = 0x4143310d300b060355040b13044e4953473111300f06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x66261f68c0a988471b7dbd1406aa25a9
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=140
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0x66261f68c0a988471b7dbd1406aa25a9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200061900
Message-Authenticator = 0x715b22052c0a834c8ab26540be3c7ee1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 2
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
EAP-Message =
0x0103025919000355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100b4695f7f4ac6d738e8f1ba01d9ba31b7a55ec069aa18e5323fafd646b55a2c5fcf8777d20a34ebe6e6b3c7210f75cd3c0b9a1298565c6f4408fcb71fd95906402256723fe9c98d4d5ce6d6d47e2e705f2acf120d40ec9df1f05f376e9e61702409c1ab1df14225f2592720037abb529527f0140f266dda722bc85ee638e0927d0203010001a381e33081e0301d0603551d0e041604146e8a698195a518d1efe841869bc3b87746e660e430
EAP-Message =
0x81b00603551d230481a83081a580146e8a698195a518d1efe841869bc3b87746e660e4a18181a47f307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e8209009271838f2a65231f300c0603551d13040530030101ff300d06092a864886f70d010105050003818100876aaf9ca0aebb3f6331d22edc4d8a8fb3828e6db868fc65f40f2ab80dfba2a06bdedb167a348a1bdc59
EAP-Message =
0xb14cb59fb92bce6dac1822379ecb469faba3a4dd0efd449f7dd3ae13dd0cce3ed2a59f2c83f88a75585a94e269b51ce27008bc2dbd4e3493e7657b09f1f07eaed60ab55c9ef636d587e3aa7c530c0b3ef8c01b875a4316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xeeffea22eecd70571b93074167e1f9d9
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=326
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0xeeffea22eecd70571b93074167e1f9d9
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020300c01980000000b6160301008610000082008057a095505e914a7b5abe8025749ed79d441c0253ffc67fca83b899e2f086449bb015e9389edc1e440c81e28aa97382183f45cc7ce253fb95218c43cafde60441baa54bb5fb50a7b44e9ae8ab6b4c83028e015e96fe32f4f66aa315cf6d61bb1f73767316d4a238ea9a5601ab94c31fc149d571858362ca64d87222891897bcbe1403010001011603010020e6f71473f403b2d477ad3db5019876b535c1f3d63622c01e65ce12f09f82f056
Message-Authenticator = 0x1adf37f766e60a62b2a64ea969e12a2e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 3
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
EAP-Message =
0x0104003119001403010001011603010020ac7b7eae7df6a094a06aac986552e097a71e014578dcdac2d0aa555ac0e82762
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe09ac59efcfd79cdce50681ada73421e
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=140
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0xe09ac59efcfd79cdce50681ada73421e
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xc678535af140a79e91368303e815f863
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 4
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
EAP-Message =
0x0105002019001703010015ebc8d24acae130428ed6d6893d7ce9eabb27a803bb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcffd82ce7722fb003680179d65ba88e3
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=170
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0xcffd82ce7722fb003680179d65ba88e3
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0205002419001703010019c215488e5af95d08053d8add389cf76bec07c3b8a752467f63
Message-Authenticator = 0xf659306a361f36453617aadc3172c0c5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 36
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testuser
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of testuser
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testuser
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 5
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: No such EAP type mschapv2
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 5
modcall: leaving group authenticate (returns invalid) for request 5
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 0 to 192.168.6.14 port 2049
EAP-Message =
0x010600261900170301001b070ae9621b3a0172525b8ec994d48f8ba1eaa1993e5bad037fbc82
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xced664250055f6ce7932cae33490350b
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0,
length=172
User-Name = "testuser"
NAS-IP-Address = 192.168.6.14
Called-Station-Id = "0012172a3da3"
Calling-Station-Id = "00131008616c"
NAS-Identifier = "0012172a3da3"
NAS-Port = 5
Framed-MTU = 1400
State = 0xced664250055f6ce7932cae33490350b
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020600261900170301001bbdd92f192251db8ca1d0badadf2540be9d4e58ac52a5b914f2a17d
Message-Authenticator = 0xb04c98dd979b625880b0b41a63bd758d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
users: Matched entry testuser at line 215
modcall[authorize]: module "files" returns ok for request 6
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module "pap" returns noop for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 6
modcall: leaving group authenticate (returns invalid) for request 6
auth: Failed to validate the user.
Delaying request 6 for 1 seconds
Finished request 6
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 192.168.6.14 port 2049
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 6 ID 0 with timestamp 466e4711
Nothing to do. Sleeping until we see a request.
/*************end of log file*******/
with thanks...
apangshu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070612/4c532519/attachment.html>
More information about the Freeradius-Users
mailing list