PEAP mschapv2 using xp native supplicant
Ryan Setiawan H
ryan.setiawan at banknisp.com
Wed Aug 27 04:38:43 CEST 2008
> The passwords you've added are invalid. The debug message is telling
> you that.
>
> Perhaps you could try posting WHAT you entered as LM-Password and
> NT-Password. Odds are you entered invalid ones. Because the debug
> message is telling you that they're invalid.
>
Here the attribute at LDAP server for user testing
dn: uid=testing,ou=dialup,dc=zzz,dc=com
dialupAccess: dialup
gidNumber: 1000
uid: testing
userPassword: Testing10
objectClass: posixGroup
objectClass: radiusprofile
objectClass: uidObject
objectClass: top
objectClass: sambaAccount
radiusTunnelType: VLAN
radiusTunnelMediumType: IEEE-802
cn: testing
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
rid: 1
radiusTunnelPrivateGroupId: 101
radiusCallingStationId: 00-16-36-5a-f1-e4
radiusLoginTime: WK0800-1800
lmPassword: Testing10
ntPassword: Testing10
> You are making it difficult for anyone to help you. Giving out as
> little information as possible in every message is counter-productive.
>
> Alan DeKok.
>
Sorry Alan, I don't intend to do that and make it difficult. it just
usually people don't like a lot text show up and make them bored to read
it, so I pick the message which I conclude have to do with the problem...
I include all debug below... thanks for your help
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0201000c0174657374696e67
Message-Authenticator = 0x58d7a85d7797a6a111db87923f69e24a
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
++[checkval] returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 31800
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 31800
EAP-Message = 0x01020016041048440cae339c25dd9942d481c619058c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a7375571e0e26109302528641e5
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a7375571e0e26109302528641e5
EAP-Message = 0x020200060319
Message-Authenticator = 0x2c169b4ad0f19c446a99e338e6b1a7c6
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4
++[checkval] returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 31800
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 31800
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737456030e26109302528641e5
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737456030e26109302528641e5
EAP-Message =
0x0203005019800000004616030100410100003d030148b4bc69321696e0d1656dab694d3c387eff81c6eae128e69ac7f10a7e7ccf4700001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x3f0d589e8606511eced69d8ef80183c1
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0104040019c0000008bb160301004a02000046030148b4b7efd619a7e04a0c6ed4869fb7366f65093d0a8b1dda8d4e857c85a7b61120ea4ccb554796cbb559177b4c8dc61620f99c3b5aea4153b4407df3b5b4e924ef000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad
EAP-Message =
0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c
EAP-Message = 0xe7889fcefb2540ca2a830a91
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737751030e26109302528641e5
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737751030e26109302528641e5
EAP-Message = 0x020400061900
Message-Authenticator = 0xf9351f3ef43c261e4525ac5fcc925cf4
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6
EAP-Message =
0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0
EAP-Message =
0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1
EAP-Message = 0x2f31d1264b04c5b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737650030e26109302528641e5
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737650030e26109302528641e5
EAP-Message = 0x020500061900
Message-Authenticator = 0x24d837d72e911f142726c4409b12fed7
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737153030e26109302528641e5
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737153030e26109302528641e5
EAP-Message =
0x02060140198000000136160301010610000102010002d08c548b39f5a1650d584bf14ac1e518356e120c783922bcf9df9a933daed8b0e907f51b68c726e0646fa1853881fefc8513fc965040a5c88b7c6721c2a5d922d17c13125f3bb2c773055f6ecb8b4ba2f6e6a9485c793403202f9c6fe4c1eae61f4d1cb18e72b7f79bdb6ce4a4dce106f9bccc5f2bcb5370f94352d9ebd3d6400501a6c34a5cf9f65347d8811931a3c4602f5a6e5567f23d0f52e6e9a762168522cd9f1fe2cad532d277931983b0467a0950e423435ddb2ea0d7d6871de475af79c0c0b6c92eef7c542270e2bbea150b24fff20a686678dad7982d6da8795013dae056f0f274ea
EAP-Message =
0xd1bd6be8816c7e382ba7cb137963610e798319f717ef9f1d14030100010116030100205363f8669f0c24dae14fd4032f51f4cddf8de12776f47fd36d4c912257ae743e
Message-Authenticator = 0x83aa0ed31684637820569d91822e4bad
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0107003119001403010001011603010020d2f96596f1dfeb4b5ae7f057995607cd56c714c9f3af6bdfaa2435ddcdfdab78
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737052030e26109302528641e5
Finished request 15.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737052030e26109302528641e5
EAP-Message = 0x020700061900
Message-Authenticator = 0x5cbbec25f9dbe7886341794f3576ac57
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x01080020190017030100156d77402b9a9913d65c34c0c79536a4de03a7df1329
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a73735d030e26109302528641e5
Finished request 16.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a73735d030e26109302528641e5
EAP-Message =
0x0208002319001703010018003d538073577b201151fcd903dc99247ce29173a24429f8
Message-Authenticator = 0x6393c4c01c39e8983c7fdd43a30beb37
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 35
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testing
PEAP: Got tunneled identity of testing
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 31800
++[logintime] returns ok
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010900381900170301002dd7a5a8ab029369cbd1ecf737adfc7a4b5daa00f6b7d7a4fcf01735dfbd3e97d4d5190063ef62a13161d21c55a9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a73725c030e26109302528641e5
Finished request 17.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a73725c030e26109302528641e5
EAP-Message =
0x020900591900170301004efa95838288851040a38ab3cae8e1f63f3de78d4dfaca64200b7cc044c9f20834365ddacbba8de1a04bf2845841de0616ffbc4af1d8efa184d3e82bf74a763c007af32d4798d15eb721709526db37
Message-Authenticator = 0x7a29bad23e8ceed045dcc246a81ebad0
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 89
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 66
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "WK0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e673130
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e4"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance10] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'WK0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 31800
++[logintime] returns ok
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: Invalid LM-Password
rlm_mschap: Invalid NT-Password
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010a00261900170301001b8e6e9b2da2b0242bdec84613a3729556bf12c346e1b06abad199ce
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x75551a737d5f030e26109302528641e5
Finished request 18.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x75551a737d5f030e26109302528641e5
EAP-Message =
0x020a00261900170301001b4a5a2ad7687a0a23d75b1068550cf25a9f1406cf7602a4404724ce
Message-Authenticator = 0x227edf666d3499a59a8b1aca9a727953
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port
1 cli 00-16-36-5a-f1-e4)
} # server nispdot1x
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 19 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 19
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 10 ID 154 with timestamp +882
Cleaning up request 11 ID 155 with timestamp +882
Cleaning up request 12 ID 156 with timestamp +882
Cleaning up request 13 ID 157 with timestamp +882
Cleaning up request 14 ID 158 with timestamp +882
Cleaning up request 15 ID 159 with timestamp +882
Cleaning up request 16 ID 160 with timestamp +882
Cleaning up request 17 ID 161 with timestamp +882
Cleaning up request 18 ID 162 with timestamp +882
Waking up in 1.0 seconds.
Cleaning up request 19 ID 163 with timestamp +882
Ready to process requests.
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
More information about the Freeradius-Users
mailing list