Still no authentication

[tnt at kalik.co.yu]

The "and so on ..." bit is quite important to determine where and how
did the conversation stop. Please post the whole debug.

Ivan Kalik
Kalik Informatika ISP


Dana 11/11/2007, "Bernd" <s4ndm4n at gmx.de> piše:

>I think I have a problem, but I don't know what to do to fix it - RADIUS is
>running, Certificates to do PEAP are created, copied, settings are done
>(eap.cnf, radiusd.cnf) and the MySQL Database is filled with a test user.
>When I run the Server it tells me it's ready to process requests.
>
>When I try to connect to my Network with a Laptop (certs installed) using
>PEAP (MSCHAPv2), the Laptop finds the WLAN, I am asked to type in my
>username and PW and - it does not work.
>
>RADIUS Debug tells me this:
>
>Ready to process requests.
>rad_recv: Access-Request packet from host 192.168.1.6:1027, id=36,
>length=256
>        User-Name = "bnickaes"
>        NAS-IP-Address = 192.168.1.6
>        NAS-Identifier = "BBi5"
>        Framed-MTU = 1496
>        Called-Station-Id = "00-19-cb-1f-66-2d:BBi WLAN test"
>        Calling-Station-Id = "00-14-a5-3e-a8-ba"
>        NAS-Port-Type = Wireless-802.11
>        EAP-Message =
>0x0202007019800000006616030100610100005d03014736e9471b157a597019f0888c64f2ba
>32b91e4e1399ed9a7e0d2583ec412d1f20af53175a1d6ac82c8f8fa4976c5f19f15efdc73564
>f9bf04752c425b17feb14b001600040005000a000900640062000300060013001200630100
>        State = 0x1c573af9975491ac8be748bf8024ac41
>        Message-Authenticator = 0xb14c0d8f757b07ce5cdeda12c2f6a070
>  Processing the authorize section of radiusd.conf
>modcall: entering group authorize for request 12
>  modcall[authorize]: module "preprocess" returns ok for request 12
>  modcall[authorize]: module "chap" returns noop for request 12
>  modcall[authorize]: module "mschap" returns noop for request 12
>    rlm_realm: No '@' in User-Name = "bnickaes", looking up realm NULL
>    rlm_realm: No such realm "NULL"
>  modcall[authorize]: module "suffix" returns noop for request 12
>  rlm_eap: EAP packet type response id 2 length 112
>  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
>  modcall[authorize]: module "eap" returns updated for request 12
>radius_xlat:  'bnickaes'
>rlm_sql (sql): sql_set_user escaped user --> 'bnickaes'
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radcheck           WHERE Username = 'bnickaes'           ORDER BY id'
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radcheck           WHERE Username = 'bnickaes'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id'
>rlm_sql_mysql: query:  SELECT
>radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
>ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupcheck.GroupName ORDER BY radgroupcheck.id
>radius_xlat:  'SELECT id, UserName, Attribute, Value, op           FROM
>radreply           WHERE Username = 'bnickaes'           ORDER BY id'
>rlm_sql_mysql: query:  SELECT id, UserName, Attribute, Value, op
>FROM radreply           WHERE Username = 'bnickaes'           ORDER BY id
>radius_xlat:  'SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id'
>rlm_sql_mysql: query:  SELECT
>radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
>ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
>usergroup.Username = 'bnickaes' AND usergroup.GroupName =
>radgroupreply.GroupName ORDER BY radgroupreply.id
>rlm_sql (sql): Released sql socket id: 4
>  modcall[authorize]: module "sql" returns ok for request 12
>rlm_pap: Found existing Auth-Type, not changing it.
>  modcall[authorize]: module "pap" returns noop for request 12
>modcall: leaving group authorize (returns updated) for request 12
>  rad_check_password:  Found Auth-Type EAP
>auth: type "EAP"
>  Processing the authenticate section of radiusd.conf
>modcall: entering group authenticate for request 12
>  rlm_eap: Request found, released from the list
>  rlm_eap: EAP/peap
>  rlm_eap: processing type peap
>  rlm_eap_peap: Authenticate
>  rlm_eap_tls: processing TLS
>rlm_eap_tls:  Length Included
>  eaptls_verify returned 11
>    (other): before/accept initialization
>    TLS_accept: before/accept initialization
>  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
>    TLS_accept: SSLv3 read client hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
>    TLS_accept: SSLv3 write server hello A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 075b], Certificate
>    TLS_accept: SSLv3 write certificate A
>  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>    TLS_accept: SSLv3 write server done A
>    TLS_accept: SSLv3 flush data
>    TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>  eaptls_process returned 13
>  rlm_eap_peap: EAPTLS_HANDLED
>  modcall[authenticate]: module "eap" returns handled for request 12
>modcall: leaving group authenticate (returns handled) for request 12
>Sending Access-Challenge of id 36 to 192.168.1.6 port 1027
>        EAP-Message =
>0x0103040a19c0000007b8160301004a0200004603014736e98b65609455a21ef05c01b85131
>0ea51b4d64d3efc8da5d618a1ad35f34208c101f1f581270999dfb1eb285802ebbf9a2bcd4fb
>94a3e82ecc4f9fc0a6e2cb000400160301075b0b0007570007540003a6308203a23082028aa0
>03020102020102300d06092a864886f70d0101040500308193310b3009060355040613024652
>310f300d060355040813065261646975733112301006035504071309536f6d65776865726531
>153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116
>1161646d696e406578616d706c652e636f6d3126302406035504
>        EAP-Message =
>0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d30
>37313130373134333834375a170d3038313130363134333834375a307c310b30090603550406
>13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c
>6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966
>69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f
>6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b39ce1ac
>f0f1d9d6d70e21f6296a1641eb5902cf64fd1e4542652851f83b
>        EAP-Message =
>0xa00fa1b7df9fca03131f92f41be7e5d162d71bf91f740fdfac8fcd0df46c31895d81405e6d
>f28103ef244753bd42b1b1ca6ddc4415eba090ced2084944626c815ed764795f9f4667fc851e
>a23224ffcfe374f6007e96e86bbb552ef308a1ba6f4db62648aef4d32f82fe4a25b837377f44
>1f0c212f3be30caa15d3fb587f1dd81b3d5fb83e76d9a8db16646c0fed788b08347a90be2fd2
>05e2bf6c20e893f8dfe0520c7e0d94747b579d37dec0eeb1201ed42d476f5224597d5cc66ca2
>9fdbfe5c62e99bccb861a11742bdd63081201964f744441fe7b024d1ec5d4bbb32d316506f02
>03010001a317301530130603551d25040c300a06082b06010505
>        EAP-Message =
>0x070301300d06092a864886f70d0101040500038201010065205f756eae963e5a0ddf7e982f
>b453ede31c5c913da37cf87ddd9a7a7ae7e195caa5e6de89327098ec5e9763185909a63bc3e9
>c86085cbf31d84a2e14c9e8c93d841cb29eb080ff8dd7076d6929cb4c821994718b13bafe196
>83eea9a98e54eb8e0fcb8ebcc988ab5e3116785088f31d9968b49ef1b3c017b7720360dadafb
>44dd9645c389bb7cd5b362884dc03d35302d267bcfaabe56cfb8f2a1bc46e7632cea223f72ca
>3aa0329a76284ff85c109fee855ebc69d7e82cdceef73fcfbea095dd080d2e58eedace1e13cb
>4f008d0a8f731d3eaa17d17462e67164cdab589e305e5bf2c2e3
>        EAP-Message = 0x9390707123f3c195a6b9dd93b1605ae7e0c7d20c49b3
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x4693336b54c59c785a6b877b8ff1fa6e
>Finished request 12
>Going to the next request
>Waking up in 3 seconds...
>
>And so on...
>
>Can someone help me please...I don't know whats wrong there.
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>