vocera(with Peap)+AP+freeRADIUS

Hangjun He elmerhe at yahoo.com.cn
Mon Feb 18 10:46:12 CET 2008


Hi,
       I am using freeRADIUS 1.1.7.  Notebook with odyssey client (peap mschap-v2) can talk to freeRADUS well. But when I use Vocera client, which can support peap + mschap-v2, It does not work.  
  
 
  debug message (see more debug message in attachment):
  ...
  rad_recv: Access-Request packet from host 10.50.1.38:1034, id=55, length=233
        User-Name = "lwang"
        NAS-IP-Address = 10.50.1.38
        NAS-Identifier = "QA-AP1-21f0"
        NAS-Port = 0
        Called-Station-Id = "00-19-77-00-21-F5:vocera_test"
        Calling-Station-Id = "00-16-41-F7-F7-75"
        Framed-MTU = 1500
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        EAP-Message = 0x020a003919800000002f14030100010116030100248393f1d6391a86ab0605df998e0336f7c651a560328bf621b1ddebbfad332d8ea8796c49
        State = 0xfd6f3b2761e20233acdc5d29ec63d11f
        Message-Authenticator = 0xc4ee170f5d47ee55bead80b4a36580cb
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 40
  modcall[authorize]: module "preprocess" returns ok for request 40
radius_xlat:  '/usr/local/var/log/radius/radacct/auth-detail-20080212'
rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/auth-detail-20080212
  modcall[authorize]: module "auth_log" returns ok for request 40
  modcall[authorize]: module "chap" returns noop for request 40
  modcall[authorize]: module "mschap" returns noop for request 40
    rlm_realm: No '@' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 40
    rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "ntdomain" returns noop for request 40
  rlm_eap: EAP packet type response id 10 length 57
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 40
    users: Matched entry lwang at line 95
  modcall[authorize]: module "files" returns ok for request 40
modcall: leaving group authorize (returns updated) for request 40
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 40
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A 
    (other): SSL negotiation finished successfully 
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 40
modcall: leaving group authenticate (returns reject) for request 40
auth: Failed to validate the user.
Delaying request 40 for 1 seconds
Finished request 40
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.50.1.38:1034, id=56, length=156
        User-Name = "lwang"
        NAS-IP-Address = 10.50.1.38
        NAS-Identifier = "QA-AP1-21f0"
        NAS-Port = 0
        Called-Station-Id = "00-19-77-00-21-F5:vocera_test"
        Calling-Station-Id = "00-16-41-F7-F7-75"
        Framed-MTU = 1500
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        Message-Authenticator = 0x834864649ecf9fba4cbd71673b5bb042
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 41
  modcall[authorize]: module "preprocess" returns ok for request 41
radius_xlat:  '/usr/local/var/log/radius/radacct/auth-detail-20080212'
rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/auth-detail-20080212
  modcall[authorize]: module "auth_log" returns ok for request 41
  modcall[authorize]: module "chap" returns noop for request 41
  modcall[authorize]: module "mschap" returns noop for request 41
    rlm_realm: No '@' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 41
    rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "ntdomain" returns noop for request 41
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 41
    users: Matched entry lwang at line 95
  modcall[authorize]: module "files" returns ok for request 41
modcall: leaving group authorize (returns ok) for request 41
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 41 for 1 seconds
Finished request 41
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.50.1.38:1034, id=57, length=156
        User-Name = "lwang"
        NAS-IP-Address = 10.50.1.38
        NAS-Identifier = "QA-AP1-21f0"
        NAS-Port = 0
        Called-Station-Id = "00-19-77-00-21-F5:vocera_test"
        Calling-Station-Id = "00-16-41-F7-F7-75"
        Framed-MTU = 1500
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 11Mbps 802.11b"
        Message-Authenticator = 0xfe7dea9b1f1eb6e620980f6f09a97012
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 42
  modcall[authorize]: module "preprocess" returns ok for request 42
radius_xlat:  '/usr/local/var/log/radius/radacct/auth-detail-20080212'
rlm_detail: /usr/local/var/log/radius/radacct/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/auth-detail-20080212
  modcall[authorize]: module "auth_log" returns ok for request 42
  modcall[authorize]: module "chap" returns noop for request 42
  modcall[authorize]: module "mschap" returns noop for request 42
    rlm_realm: No '@' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 42
    rlm_realm: No '\' in User-Name = "lwang", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "ntdomain" returns noop for request 42
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 42
    users: Matched entry lwang at line 95
  modcall[authorize]: module "files" returns ok for request 42
modcall: leaving group authorize (returns ok) for request 42
auth: type Local
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
Delaying request 42 for 1 seconds
Finished request 42
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 51 to 10.50.1.38 port 1034
Sending Access-Reject of id 55 to 10.50.1.38 port 1034
        EAP-Message = 0x040a0004
        Message-Authenticator = 0x00000000000000000000000000000000
Sending Access-Reject of id 56 to 10.50.1.38 port 1034
   
   
   

       
---------------------------------
雅虎邮箱传递新年祝福,个性贺卡送亲朋! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080218/5bee76d9/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug_message
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080218/5bee76d9/attachment.ksh>


More information about the Freeradius-Users mailing list