Getting PEAP/MSChap-v2 working with Cisco AP1231G Access points.
Terry Pelley
Terry.Pelley at ocdsb.ca
Fri Sep 14 14:48:06 CEST 2007
FreeRADIUS Version 1.1.3-r0.1.2
I have been using FreeRADIUS for some time now to do simple MAC
authentication for the original implementation of our wireless network.
This of course was a temporary solution and I am trying to move all of the
users over to PEAP Authentication.
I Have been unable to get the PEAP Authentication to work with MSChap-v2.
All of my Access points are Cisco AP1231G Models.
I am fairly new to FreeRADIUS, so I expect what I am doing wrong is going
to be obvious to most but any advice would be welcomed. From what I can
see it appears that the User-Password attribute may not be getting
processed correctly as indicated by the following lines.
auth: Failed to validate the user.
Login incorrect: [C12660/<no User-Password attribute>] (from client
localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
I have included my debug output below.
Terry Pelley
Network Analyst
Business and Learning Technologies
Ottawa-Carleton District School Board
Debug Output.###########
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=1,
length=125
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x85aa28b563b14c66500cdbee3613d047
EAP-Message = 0x0202000b01433132363630
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 1 to xxx.xxx.xxx.xxx port 1645
EAP-Message = 0x01030016110100082abab9994950d11b433132363630
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x734179eb51b60c489589265407691b5c
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=2,
length=138
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x6c47bb7bdfb40f5047245b3ff39ad738
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x734179eb51b60c489589265407691b5c
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 2 to xxx.xxx.xxx.xxx port 1645
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x13c573d53e826031d83b6b1edc7b48a8
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=3,
length=212
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x2a5655347310a8601241f7abe218f989
EAP-Message =
0x0204005019800000004616030100410100003d030146ea79da12620feb62ae90bcb89ee2fffe650b3c45bc
8ed6d684bc598d417eed00001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x13c573d53e826031d83b6b1edc7b48a8
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 4 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 09cd], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 3 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x0105040a19c000000a2a160301004a02000046030146ea79dbc0b72f7f465487ff478709f071de1d3b8b1e
9d6438ecd574a1f1f8922016808fabeeb491a841f8d0c02de86ed4e88a3b2234d8bb1991055ad1b2446c4a00040016030109cd0b0009c9
0009c60004f4308204f030820459a003020102020102300d06092a864886f70d01010405003081ad311a30180603550403131146726565
5241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65
772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b
EAP-Message =
0x130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c79
40467265655241444955532e6e6574301e170d3036303431333031303830345a170d3136303431303031303030305a3081b1311e301c06
035504031315467265655241444955532e6e65742d536572766572310b3009060355040613025553310e300c06035504071305446f7665
72311630140603550408130d4e65772048616d70736869726531173015060355040a130e467265655241444955532e6e65743116301406
0355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c
EAP-Message =
0x6c7940467265655241444955532e6e657430819f300d06092a864886f70d010101050003818d0030818902
818100c52fed9c525523e090e52f74c1aa17e728f81326d6dc25fec0026a3b38d521f2c1534da84a50a71bfa98a73e41f1478ae2009823
4719694067607438c1b7729d1f83ba66d2f74def53d7b651446b1ca59be01e1d734e31ad3ab1baf2fac4bd42b3870fcb8de045f8c22c40
e549ce34d13facabff6dda49f3993d71b33951b3330203010001a382021830820214300c0603551d130101ff04023000301d0603551d0e
04160414deb8cba35c689399984553c2bb09245ffd24102f3081da0603551d230481d23081cf801468e090479d
EAP-Message =
0x6ed81e03d598e1d67ce31a0f96ad36a181b3a481b03081ad311a3018060355040313114672656552414449
55532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e6577204861
6d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d46726565205468696e6b6572
733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f04
04030202e4306f0603551d250468306606082b0601050507030106082b0601050507030206082b060105050703
EAP-Message = 0x0306082b0601050507030406082b0601050507030806
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5ff0a13a76110935f4f62436568f7102
Finished request 2
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=4,
length=138
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x9387267e436cd878e0b77dfa7e6a482e
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x5ff0a13a76110935f4f62436568f7102
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 4 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x010604061940082b0601050507030506082b0601050507030606082b0601050507030706082b0601050508
0202060a2b06010401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e65743025
0603551d12041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186f84201010404030202
c4302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d06092a864886f70d01
01040500038181007662b3b6b60fc4dd059c85c504e04f19d060660b72b0b2b0a70f99324f3f7499a81d0fc9be
EAP-Message =
0xbe049e43e2838532195b27deba265f2a5b62da9d95a87c9e50ec264bd467e8db60f54ebeb9972228c05359
53e51baeb35ce908fa9e335e68d77a440074263ef771dd949c5312f4d985f6bcc9d3e0b8e32d7f1f83ddcb70e1929afc0004cc308204c8
30820431a003020102020101300d06092a864886f70d01010405003081ad311a301806035504031311467265655241444955532e6e6574
2d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65772048616d7073686972
6531173015060355040a130e467265655241444955532e6e657431163014060355040b130d4672656520546869
EAP-Message =
0x6e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955
532e6e6574301e170d3036303431333031303531325a170d3136303431303031303531325a3081ad311a30180603550403131146726565
5241444955532e6e65742d4341310b3009060355040613025553310e300c06035504071305446f766572311630140603550408130d4e65
772048616d70736869726531173015060355040a130e467265655241444955532e6e657431163014060355040b130d4672656520546869
6e6b6572733129302706092a864886f70d010901161a4a6566662e5265696c6c7940467265655241444955532e
EAP-Message =
0x6e657430819f300d06092a864886f70d010101050003818d0030818902818100d9a1e9eb8dfc66796b854d
0dde4ce84379bc84f46fa7e2a8165d571d417f42bb482867554d44cccd69f9c0e463b97651d84d0470e58ffae406d9182f4b071e9ba481
75ea28f5b09ccef89ed7d05875ef188b05276682a2ff93f2b036af66394802207c829c43b388e24f71f315ef158061ccba5b27e4327b46
14e56f451ee2ad0203010001a38201f4308201f0300f0603551d130101ff040530030101ff301d0603551d0e0416041468e090479d6ed8
1e03d598e1d67ce31a0f96ad363081da0603551d230481d23081cf801468e090479d6ed81e03d598e1d67ce31a
EAP-Message = 0x0f96ad36a181b3a481b03081ad311a301806
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x05a71bebf0e68eb436ba851a1069c1e9
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=5,
length=138
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x53b6ff3e904ba17f428901174910de9f
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x05a71bebf0e68eb436ba851a1069c1e9
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 5 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x010702301900035504031311467265655241444955532e6e65742d4341310b300906035504061302555331
0e300c06035504071305446f766572311630140603550408130d4e65772048616d70736869726531173015060355040a130e4672656552
41444955532e6e657431163014060355040b130d46726565205468696e6b6572733129302706092a864886f70d010901161a4a6566662e
5265696c6c7940467265655241444955532e6e6574820101300b0603551d0f040403020106306f0603551d250468306606082b06010505
07030106082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703080608
EAP-Message =
0x2b0601050507030506082b0601050507030606082b0601050507030706082b06010505080202060a2b0601
0401823714020230250603551d11041e301c811a4a6566662e5265696c6c7940467265655241444955532e6e6574301106096086480186
f84201010404030200c7302906096086480186f842010d041c161a5669736974207777772e467265655241444955532e6e65742021300d
06092a864886f70d01010405000381810000674d1b82e8db81e5a6fdb44ba24f89738dc5954c777fa794282102a5a8b3376a39e2aadc4b
e4d3833545cd0ea6fda3208a2a9ed4619f3dd71302f1327d4d65035933c1fc05b542ff65d9f971306a4b97932f
EAP-Message =
0x283257f64f66c8947edd4f93ee7ccf279d826338e05dee101e2524fdbe3000a60605c1070d081b97da24da
dbf316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x402ad25b6167d63f4d49a90417269d2a
Finished request 4
Going to the next request
--- Walking the entire request list ---
Waking up in 4 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=6,
length=324
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x90d4c8b0f49ded28f4259944626a11db
EAP-Message =
0x020700c01980000000b61603010086100000820080a7578fd88aebb8530564dff4e840e9e373d47725cbb2
ea170409b8a5eceab4bfb3968fbebee32ed953c9e38be3aca01f10735d3d2540445022e36dd47e7dc5b7a5c0b1c270ee716fc75fbf7996
1a0120149faa656cf951961bfc94d1e92ae420c36cb14d2f0a14c3e538fdf37cf96f2553b370c205954251f4345795918cdfea14030100
01011603010020d8080d7bd1bd611040eb207b7ba5926cfb794b8967ea0302fe0ce8fdfda57483
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x402ad25b6167d63f4d49a90417269d2a
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 7 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 6 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x0108003119001403010001011603010020f1071c8236e6cdec340e80c204de51d422d9a394f3bb47548ebc
25dd26951588
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x05f8c978699fcafe9a8b8257d497b7fe
Finished request 5
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=7,
length=138
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0xd6dd6119858638da70df2a9147c7a486
EAP-Message = 0x020800061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x05f8c978699fcafe9a8b8257d497b7fe
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 7 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x0109002019001703010015482065584b7c70bc8c6870baae24014341d756b1f9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe78002ce41f0ccf2a79c28dc1d491876
Finished request 6
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=8,
length=166
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x60a26279e0c87ed6ee707db18a9228c5
EAP-Message =
0x0209002219001703010017f07f268d447d7cd34ec25dcd533f63e527d6ddd4c6910a
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0xe78002ce41f0ccf2a79c28dc1d491876
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 34
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - C12660
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of C12660
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to C12660
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 9 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 8 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x010a00371900170301002cadd82261d07f090bdbebeda865056e11d059384fa1df810906df9559bd8005e3
77f38f07917424a3a61c80ce
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbb97c77fadc7f0fe144db4c94230c406
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=9,
length=220
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0xb9cdb400a3aa33c86b387410714aa409
EAP-Message =
0x020a00581900170301004de1a29bdfb877e82649f8555a6271b0629e2e42f305702e520510148e1e7559a8
4b01030e9cdc6fd6bfc99edd4a99a625298df3077046688852a37e8de0f0450d92b423836558a5da2ef4d1e1d4
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0xbb97c77fadc7f0fe144db4c94230c406
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 10 length 88
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to C12660
PEAP: Adding old state with 89 38
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 10 length 65
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 8
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for C12660 with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 8
modcall: leaving group MS-CHAP (returns reject) for request 8
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 8
modcall: leaving group authenticate (returns reject) for request 8
auth: Failed to validate the user.
Login incorrect: [C12660/<no User-Password attribute>] (from client
localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 9 to xxx.xxx.xxx.xxx port 1645
EAP-Message =
0x010b00261900170301001bffa738fbcf207d384d16215ca7b8b84af1e9931abfca58062618f4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x09dc8afc60ab61b4a60d20c8118a9879
Finished request 8
Going to the next request
Waking up in 3 seconds...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:1645, id=10,
length=170
User-Name = "C12660"
Framed-MTU = 1400
Called-Station-Id = "0011.aaaa.17b0"
Calling-Station-Id = "0004.1e45.382e"
Service-Type = Login-User
Message-Authenticator = 0x69506c8cf1653acc63c6025c65831643
EAP-Message =
0x020b00261900170301001beecc46bc9861adaac15f64eaa0510883ad1a144c17c697388f38b5
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
State = 0x09dc8afc60ab61b4a60d20c8118a9879
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Identifier = "AP1231G"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: No '@' in User-Name = "C12660", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 875
modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier
in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: leaving group authenticate (returns invalid) for request 9
auth: Failed to validate the user.
Login incorrect: [C12660/<no User-Password attribute>] (from client
OCDSB_HQ port 257 cli 0004.2350.382e)
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 1 with timestamp 46ea79da
Sending Access-Reject of id 10 to xxx.xxx.xxx.xxx port 1645
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 2 with timestamp 46ea79db
Cleaning up request 2 ID 3 with timestamp 46ea79db
Cleaning up request 3 ID 4 with timestamp 46ea79db
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 5 with timestamp 46ea79dc
Cleaning up request 5 ID 6 with timestamp 46ea79dc
Cleaning up request 6 ID 7 with timestamp 46ea79dc
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 8 with timestamp 46ea79dd
Cleaning up request 8 ID 9 with timestamp 46ea79dd
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 10 with timestamp 46ea79de
Nothing to do. Sleeping until we see a request.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070914/3568d21f/attachment.html>
More information about the Freeradius-Users
mailing list