EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP revealmapp at yahoo.fr
Thu Jul 17 19:10:13 CEST 2008


i am not sure, but it might be: the fact that peap needs user/password and i just sent username... 

or that realm is null... 

i read the entire output and am still no sure. anyway, i'll check it as soon as i will be in front of the machine again!

thank you


----- Message d'origine ----
De : Reveal MAP <revealmapp at yahoo.fr>
À : Freeradius Mailing-List <freeradius-users at lists.freeradius.org>
Envoyé le : Jeudi, 17 Juillet 2008, 12h35mn 15s
Objet : EAP-TLS OK - EAP-PEAP KO!! why that?

Why could EAP-TLS run OK and not EAP-PEAP, giving a message like that: 
"rlm_eap_peap: Received EAP-TLV response."

below is the entire output.

Thanx for the response!!


rad_recv: Access-Request packet from host port 1027, id=99, length=194
        User-Name = "maman"
        NAS-IP-Address =
        NAS-Port = 1
        Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
        Calling-Station-Id = "00-12-F0-0C-97-61"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x020800261900170301001b97054012345511dfddf34251f30af4349bfda0f83797d643a3cea1
        State = 0x766398ac716b81afdd1454abb61d46ce
        Message-Authenticator = 0xf76a88f5654802fac4faed08e055d5fb
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "maman", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 8 length 38
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap:  Had sent TLV failure.  User was rejected earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> maman
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 99 to port 1027
        EAP-Message = 0x04080004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 91 with timestamp +139
Cleaning up request 1 ID 92 with timestamp +139
Cleaning up request 2 ID 93 with timestamp +139
Cleaning up request 3 ID 94 with timestamp +139
Cleaning up request 4 ID 95 with timestamp +139
Cleaning up request 5 ID 96 with timestamp +140
Cleaning up request 6 ID 97 with timestamp +140
Cleaning up request 7 ID 98 with timestamp +140
Cleaning up request 8 ID 99 with timestamp +140
Ready to process requests.

 Envoyé avec Yahoo! Mail.
Une boite mail plus intelligente. 

Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080717/2ab55dbc/attachment.html>

More information about the Freeradius-Users mailing list