Still no authentication

tnt at kalik.co.yu tnt at kalik.co.yu
Sun Nov 11 14:22:13 CET 2007


The "and so on ..." bit is quite important to determine where and how
did the conversation stop. Please post the whole debug.

Ivan Kalik
Kalik Informatika ISP


Dana 11/11/2007, "Bernd" <s4ndm4n at gmx.de> piše:

>I think I have a problem, but I don't know what to do to fix it - RADIUS is
>running, Certificates to do PEAP are created, copied, settings are done
>(eap.cnf, radiusd.cnf) and the MySQL Database is filled with a test user.
>When I run the Server it tells me it's ready to process requests.
>
>When I try to connect to my Network with a Laptop (certs installed) using
>PEAP (MSCHAPv2), the Laptop finds the WLAN, I am asked to type in my
>username and PW and - it does not work.
>
>RADIUS Debug tells me this:
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.1.6:1027, id=36,
>length=256
>        User-Name = "bnickaes"
>        NAS-IP-Address = 192.168.1.6
>        NAS-Identifier = "BBi5"
>        Framed-MTU = 1496
>        Called-Station-Id = "00-19-cb-1f-66-2d:BBi WLAN test"
>        Calling-Station-Id = "00-14-a5-3e-a8-ba"
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message =
>0x0202007019800000006616030100610100005d03014736e9471b157a597019f0888c64f2ba
>32b91e4e1399ed9a7e0d2583ec412d1f20af53175a1d6ac82c8f8fa4976c5f19f15efdc73564
>f9bf04752c425b17feb14b001600040005000a000900640062000300060013001200630100
>        State = 0x1c573af9975491ac8be748bf8024ac41
>        Message-Authenticator = 0xb14c0d8f757b07ce5cdeda12c2f6a070
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 12
>  modcall[authorize]: module "preprocess" returns ok for request 12
>  modcall[authorize]: module "chap" returns noop for request 12
>  modcall[authorize]: module "mschap" returns noop for request 12
>    rlm_realm: No '@' in User-Name = "bnickaes", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 12
>  rlm_eap: EAP packet type response id 2 length 112
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 12
>radius_xlat:  'bnickaes'
>rlm_sql (sql): sql_set_user escaped user --> 'bnickaes'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radcheck           WHERE Username = 'bnickaes'           ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radcheck           WHERE Username = 'bnickaes'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radreply           WHERE Username = 'bnickaes'           ORDER BY id'
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radreply           WHERE Username = 'bnickaes'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 4
>  modcall[authorize]: module "sql" returns ok for request 12
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 12
>modcall: leaving group authorize (returns updated) for request 12
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 12
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/peap
>  rlm_eap: processing type peap
>  rlm_eap_peap: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 075b], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>    TLS_accept: SSLv3 write server done A
>    TLS_accept: SSLv3 flush data
>    TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  rlm_eap_peap: EAPTLS_HANDLED
>  modcall[authenticate]: module "eap" returns handled for request 12
>modcall: leaving group authenticate (returns handled) for request 12
>Sending Access-Challenge of id 36 to 192.168.1.6 port 1027
>        EAP-Message =
>0x0103040a19c0000007b8160301004a0200004603014736e98b65609455a21ef05c01b85131
>0ea51b4d64d3efc8da5d618a1ad35f34208c101f1f581270999dfb1eb285802ebbf9a2bcd4fb
>94a3e82ecc4f9fc0a6e2cb000400160301075b0b0007570007540003a6308203a23082028aa0
>03020102020102300d06092a864886f70d0101040500308193310b3009060355040613024652
>310f300d060355040813065261646975733112301006035504071309536f6d65776865726531
>153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116
>1161646d696e406578616d706c652e636f6d3126302406035504
>        EAP-Message =
>0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d30
>37313130373134333834375a170d3038313130363134333834375a307c310b30090603550406
>13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c
>6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966
>69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f
>6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b39ce1ac
>f0f1d9d6d70e21f6296a1641eb5902cf64fd1e4542652851f83b
>        EAP-Message =
>0xa00fa1b7df9fca03131f92f41be7e5d162d71bf91f740fdfac8fcd0df46c31895d81405e6d
>f28103ef244753bd42b1b1ca6ddc4415eba090ced2084944626c815ed764795f9f4667fc851e
>a23224ffcfe374f6007e96e86bbb552ef308a1ba6f4db62648aef4d32f82fe4a25b837377f44
>1f0c212f3be30caa15d3fb587f1dd81b3d5fb83e76d9a8db16646c0fed788b08347a90be2fd2
>05e2bf6c20e893f8dfe0520c7e0d94747b579d37dec0eeb1201ed42d476f5224597d5cc66ca2
>9fdbfe5c62e99bccb861a11742bdd63081201964f744441fe7b024d1ec5d4bbb32d316506f02
>03010001a317301530130603551d25040c300a06082b06010505
>        EAP-Message =
>0x070301300d06092a864886f70d0101040500038201010065205f756eae963e5a0ddf7e982f
>b453ede31c5c913da37cf87ddd9a7a7ae7e195caa5e6de89327098ec5e9763185909a63bc3e9
>c86085cbf31d84a2e14c9e8c93d841cb29eb080ff8dd7076d6929cb4c821994718b13bafe196
>83eea9a98e54eb8e0fcb8ebcc988ab5e3116785088f31d9968b49ef1b3c017b7720360dadafb
>44dd9645c389bb7cd5b362884dc03d35302d267bcfaabe56cfb8f2a1bc46e7632cea223f72ca
>3aa0329a76284ff85c109fee855ebc69d7e82cdceef73fcfbea095dd080d2e58eedace1e13cb
>4f008d0a8f731d3eaa17d17462e67164cdab589e305e5bf2c2e3
>        EAP-Message = 0x9390707123f3c195a6b9dd93b1605ae7e0c7d20c49b3
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x4693336b54c59c785a6b877b8ff1fa6e
>Finished request 12
>Going to the next request
>Waking up in 3 seconds...
>
>And so on...
>
>Can someone help me please...I don't know whats wrong there.
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list