Need help with 802.1X authentication to Active Directory
Bryant Marsh
bryantmarsh at cookielee.com
Tue Jun 19 21:31:06 CEST 2007
Hi Ivan,
Here is the output of the RADIUSD -X
[root at cl-radius ~]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/eap.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: ntlm_auth = "usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: cipher_list = "(null)"
tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=165,
length=181
User-Name = "host/sqlwebdev.corp.cookielee.com"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message =
0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d
Message-Authenticator = 0x6c001337c02e78516e0e2aa23aa551ef
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 165 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x586ce0d49898e2796b78e79ec0b2fef3
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=165,
length=181
Sending duplicate reply to client 10.10.2.174:21645 - ID: 165
Re-sending Access-Challenge of id 165 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Cleaning up request 0 ID 165 with timestamp 46782ad7
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166,
length=181
User-Name = "host/sqlwebdev.corp.cookielee.com"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message =
0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d
Message-Authenticator = 0x57923ccc37781e9907512c6f43cef272
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 1
rlm_eap: EAP packet type response id 2 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 166 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c1edda1e285bd67cd9e264d2c2a43d2
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166,
length=181
Sending duplicate reply to client 10.10.2.174:21645 - ID: 166
Re-sending Access-Challenge of id 166 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Cleaning up request 1 ID 166 with timestamp 46782b20
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166,
length=181
User-Name = "host/sqlwebdev.corp.cookielee.com"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message =
0x0202002601686f73742f73716c7765626465762e636f72702e636f6f6b69656c65652e636f6d
Message-Authenticator = 0x57923ccc37781e9907512c6f43cef272
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_realm: No '\' in User-Name = "host/sqlwebdev.corp.cookielee.com",
looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 166 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6aea15319877954c01899ceb8f35cd5d
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=166,
length=181
Sending duplicate reply to client 10.10.2.174:21645 - ID: 166
Re-sending Access-Challenge of id 166 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Cleaning up request 2 ID 166 with timestamp 46782b2b
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167,
length=137
User-Name = "CORP\\bugman"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message = 0x0202001001434f52505c6275676d616e
Message-Authenticator = 0x38e2f68ebda0a5f0f55f94b1fe3ad839
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman"
rlm_realm: No such realm "CORP"
modcall[authorize]: module "ntdomain" returns noop for request 3
rlm_eap: EAP packet type response id 2 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 167 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa8ae9293037f9137daaaf1f4b61cc0f5
Finished request 3
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167,
length=137
Sending duplicate reply to client 10.10.2.174:21645 - ID: 167
Re-sending Access-Challenge of id 167 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 167 with timestamp 46782ba6
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167,
length=137
User-Name = "CORP\\bugman"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message = 0x0202001001434f52505c6275676d616e
Message-Authenticator = 0x38e2f68ebda0a5f0f55f94b1fe3ad839
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman"
rlm_realm: No such realm "CORP"
modcall[authorize]: module "ntdomain" returns noop for request 4
rlm_eap: EAP packet type response id 2 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 167 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa270cc6b99660c3c2cae5de5fdbfda61
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=167,
length=137
Sending duplicate reply to client 10.10.2.174:21645 - ID: 167
Re-sending Access-Challenge of id 167 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Cleaning up request 4 ID 167 with timestamp 46782bb0
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168,
length=137
User-Name = "CORP\\bugman"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message = 0x0202001001434f52505c6275676d616e
Message-Authenticator = 0xc99fddd5d26268a110ee68d3ccba91d0
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman"
rlm_realm: No such realm "CORP"
modcall[authorize]: module "ntdomain" returns noop for request 5
rlm_eap: EAP packet type response id 2 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 168 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x77b7e7cdda3989a1b128b7d5334311c2
Finished request 5
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168,
length=137
Sending duplicate reply to client 10.10.2.174:21645 - ID: 168
Re-sending Access-Challenge of id 168 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 168 with timestamp 46782bf8
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168,
length=137
User-Name = "CORP\\bugman"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-0F-34-A8-FB-0A"
Calling-Station-Id = "00-14-38-A7-F4-2B"
EAP-Message = 0x0202001001434f52505c6275676d616e
Message-Authenticator = 0xc99fddd5d26268a110ee68d3ccba91d0
NAS-Port = 50010
NAS-Port-Type = Ethernet
NAS-IP-Address = 10.10.2.174
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "CORP\bugman", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_realm: Looking up realm "CORP" for User-Name = "CORP\bugman"
rlm_realm: No such realm "CORP"
modcall[authorize]: module "ntdomain" returns noop for request 6
rlm_eap: EAP packet type response id 2 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 152
users: Matched entry DEFAULT at line 171
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 168 to 10.10.2.174 port 21645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b41a15d99600d47f03b461bf870cbb6
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.10.2.174:21645, id=168,
length=137
Sending duplicate reply to client 10.10.2.174:21645 - ID: 168
Re-sending Access-Challenge of id 168 to 10.10.2.174 port 21645
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 168 with timestamp 46782c03
Nothing to do. Sleeping until we see a request.
No. I mean this:
# If you see the server send an Access-Challenge,
# and the client never sends another Access-Request,
# then
#
# STOP!
#
# The server certificate has to have special OID's
# in it, or else the Microsoft clients will silently
# fail. See the "scripts/xpextensions" file for
# details, and the following page:
#
# http://support.microsoft.com/kb/814394/en-us
#
# For additional Windows XP SP2 issues, see:
#
# http://support.microsoft.com/kb/885453/en-us
#
# Note that we do not necessarily agree with their
# explanation... but the fix does appear to work.
What you have posted is just a snip of the whole conversation. If it is
the end of it then this is most likely your problem. But to be sure you
need to post the whole thing.
Ivan Kalik
Kalik Infprmatika ISP
--
View this message in context: http://www.nabble.com/Need-help-with-802.1X-authentication-to-Active-Directory-tf3925261.html#a11201237
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list