Peap (inner eap-popt) issue
Hangjun He
elmerhe at yahoo.com.cn
Fri Feb 1 04:32:41 CET 2008
hi,
I am using Odyssey Client Manager and freeRADIUS 1.1.6.
When I set peap with inner eap-mschap-v2, It works well.When I change inner eap type to eap-popt, seems can not work.
eap.conf:
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/server_keycert.pem
certificate_file = ${raddbdir}/certs/server_keycert.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
cipher_list = "DEFAULT"
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
}
debug message:
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=97, length=310
User-Name = "hhe123"
NAS-IP-Address = 10.155.20.84
NAS-Identifier = "AH-000030"
NAS-Port = 0
Called-Station-Id = "00-19-77-00-00-31:hhe"
Calling-Station-Id = "00-19-E0-80-A5-5A"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0204008f198000000085160301004510000041003f90e19f0e9099ace6ec05fb17123a18280ef2aaabf14d2a6c632e502133afefc99bf3c3e8216dd91489e6c3e58622bacd148a5c4cd3dfecff8fe172ac0d0a19140301000101160301003095d558aeea1c6a30113c21922745a4584a82f81ed2aec13d206481d23805d67e8760d4b1cdca811a54e5ed9819fefc52
State = 0xe364c386672736607a0f8f7ce0f2896a
Message-Authenticator = 0x0743c8bc02356a840f048e55b5b87143
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 143
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0045], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 97 to 10.155.20.84 port 1028
Reply-Message = "Hello"
EAP-Message = 0x0105004119001403010001011603010030972d13c7c42d04d1e4749ae66d2232830dd90327e820cab5cd8d2733712e71315b05c41c9c6b934cae84a1b7f75804e1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x218ad259b8a94329f3d37b7ee6d7afad
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=98, length=173
User-Name = "hhe123"
NAS-IP-Address = 10.155.20.84
NAS-Identifier = "AH-000030"
NAS-Port = 0
Called-Station-Id = "00-19-77-00-00-31:hhe"
Calling-Station-Id = "00-19-E0-80-A5-5A"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0x218ad259b8a94329f3d37b7ee6d7afad
Message-Authenticator = 0x95efe7dde77c253e487f9cfd6065f838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 98 to 10.155.20.84 port 1028
Reply-Message = "Hello"
EAP-Message = 0x0106002b190017030100207f66e440788e3e4a186296309a4f1b5ebf1038927fa99eb61b7e63dfc7317b84
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x22cd9bd446d12f902e0ad6df5d148f89
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=99, length=210
User-Name = "hhe123"
NAS-IP-Address = 10.155.20.84
NAS-Identifier = "AH-000030"
NAS-Port = 0
Called-Station-Id = "00-19-77-00-00-31:hhe"
Calling-Station-Id = "00-19-E0-80-A5-5A"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0206002b1900170301002062571e196c27b9966b1382edddbf0274e942305aff8893fc3cd152c500f726ea
State = 0x22cd9bd446d12f902e0ad6df5d148f89
Message-Authenticator = 0x82ae47e2cb4faa273ac7b648e4ec8383
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - hhe123
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206000b01686865313233
PEAP: Got tunneled identity of hhe123
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to hhe123
PEAP: Sending tunneled request
EAP-Message = 0x0206000b01686865313233
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "hhe123"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
PEAP: Got tunneled reply RADIUS code 11
Reply-Message = "Hello"
EAP-Message = 0x010700201a0107001b10b91afa7dcc132d9d9a98ec6a4c1bdc97686865313233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a
PEAP: Processing from tunneled session code 0x81745d8 11
Reply-Message = "Hello"
EAP-Message = 0x010700201a0107001b10b91afa7dcc132d9d9a98ec6a4c1bdc97686865313233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 99 to 10.155.20.84 port 1028
Reply-Message = "Hello"
EAP-Message = 0x0107004b190017030100409b40ceb2c423ae86e9f356b82858738088fead594577936681b8946ca687752bc90e31c2a093d94c7dfcd476e209191266ed9a8704f39b60e60a9892329909ad
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf80de75dd97216787da75df59dc75cd1
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=100, length=210
User-Name = "hhe123"
NAS-IP-Address = 10.155.20.84
NAS-Identifier = "AH-000030"
NAS-Port = 0
Called-Station-Id = "00-19-77-00-00-31:hhe"
Calling-Station-Id = "00-19-E0-80-A5-5A"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0207002b190017030100209775c3b3d2ccbe5e26098b568eecd9b52fbf38942c670989a3a473825f6088c7
State = 0xf80de75dd97216787da75df59dc75cd1
Message-Authenticator = 0xe8a7a3a8a613f72f9ae0b72243b3626a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_eap: EAP packet type response id 7 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type nak
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020700060320
PEAP: Setting User-Name to hhe123
PEAP: Adding old state with fd b9
PEAP: Sending tunneled request
EAP-Message = 0x020700060320
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "hhe123"
State = 0xfdb9dcb8c4a516dcb41f8ad450b8600a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: NAK asked for bad type 32
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: leaving group authenticate (returns invalid) for request 7
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
Reply-Message = "Hello"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x8163440 3
Reply-Message = "Hello"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 100 to 10.155.20.84 port 1028
Reply-Message = "Hello"
EAP-Message = 0x0108002b190017030100201de3831a7f2125c2ec88dedc5dbee21a24e23e625e1371f27bdab38d63f4568e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe001231019ae6ca94a0f00f7fc2da77b
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.155.20.84:1028, id=101, length=210
User-Name = "hhe123"
NAS-IP-Address = 10.155.20.84
NAS-Identifier = "AH-000030"
NAS-Port = 0
Called-Station-Id = "00-19-77-00-00-31:hhe"
Calling-Station-Id = "00-19-E0-80-A5-5A"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208002b19001703010020ca0014dd22e8f82e4820bb23d6b91f570d81a30691975f99827e71e2596d4145
State = 0xe001231019ae6ca94a0f00f7fc2da77b
Message-Authenticator = 0x3fab705ee35081dfacb8bd2bc1cf65c2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_eap: EAP packet type response id 8 length 43
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry hhe123 at line 95
modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 8
modcall: leaving group authenticate (returns invalid) for request 8
auth: Failed to validate the user.
Sending Access-Reject of id 101 to 10.155.20.84 port 1028
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Reply-Message = "Hello"
Finished request 8
-John
---------------------------------
雅虎邮箱传递新年祝福,个性贺卡送亲朋!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080201/27062b42/attachment.html>
More information about the Freeradius-Users
mailing list