EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP revealmapp at yahoo.fr
Sat Jul 19 19:31:31 CEST 2008


OK

radtest maman maman localhost 1812 testing123
Sending Access-Request of id 48 to 127.0.0.1 port 1812
        User-Name = "maman"
        User-Password = "maman"
        NAS-IP-Address = 127.0.0.2
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=48, length=20


Log
------------------------------------------------------------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32769, id=48, length=57
        User-Name = "maman"
        User-Password = "maman"
        NAS-IP-Address = 127.0.0.2
        NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "maman", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
        expand: %{User-Name} -> maman
rlm_sql (sql): sql_set_user escaped user --> 'maman'
rlm_sql (sql): Reserving sql socket id: 3
        expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'maman'           ORDER BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'maman'           ORDER BY id
        expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'maman'           ORDER BY priority
        expand: SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           Value, op           FROM radgroupcheck           WHERE groupname = 'Professeurs'           ORDER BY id
rlm_sql (sql): User found in group Professeurs
        expand: SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = '%{Sql-Group}'           ORDER BY id -> SELECT id, groupname, attribute,           value, op           FROM radgroupreply           WHERE groupname = 'Professeurs'           ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
  rad_check_password:  Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "maman"
rlm_pap: Using clear text password "maman"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [maman/maman] (from client localhost port 1812)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
        expand: %{User-Name} -> maman
rlm_sql (sql): sql_set_user escaped user --> 'maman'
        expand: %{User-Password} -> maman
        expand: INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           '%{User-Name}',                           '%{%{User-Password}:-%{Chap-Password}}',                           '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'maman',                           'maman',                           'Access-Accept', '2008-07-19 18:38:59')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth                           (username, pass, reply, authdate)                           VALUES (                           'maman',                           'maman',                           'Access-Accept', '2008-07-19 18:38:59')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 48 to 127.0.0.1 port 32769
Finished request 359.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 359 ID 48 with timestamp +81320
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.10.44.246 port 1035, id=53, length=153
        Acct-Session-Id = "00000000-00000007"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        User-Name = "testuser01"
        NAS-IP-Address = 10.10.44.246
        NAS-Port = 1
        Called-Station-Id = "00-1C-F0-08-FB-F9:TLS"
        Calling-Station-Id = "00-12-F0-0C-97-61"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        Acct-Session-Time = 85
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 10.10.44.246,NAS-IP-Address = 10.10.44.246,Acct-Session-Id = "00000000-00000007",User-Name = "testuser01"'
rlm_acct_unique: Acct-Unique-Session-ID = "73713cdd1b906342".
++[acct_unique] returns ok
    rlm_realm: No '@' in User-Name = "testuser01", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
        expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/10.10.44.246/detail-20080719
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/10.10.44.246/detail-20080719
        expand: %t -> Sat Jul 19 18:39:41 2008
++[detail] returns ok
++[unix] returns ok
        expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
        expand: %{User-Name} -> testuser01
++[radutmp] returns ok
        expand: %{User-Name} -> testuser01
rlm_sql (sql): sql_set_user escaped user --> 'testuser01'
        expand: %{Acct-Input-Gigawords} ->
        expand: %{Acct-Input-Octets} ->
        expand: %{Acct-Output-Gigawords} ->
        expand: %{Acct-Output-Octets} ->
        expand: %{Acct-Delay-Time} ->
        expand:            UPDATE radacct SET              acctstoptime       = '%S',              acctsessiontime    = '%{Acct-Session-Time}',              acctinputoctets    = '%{%{Acct-Input-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   = '%{%{Acct-Output-Gigawords}:-0}' << 32 |                                   '%{%{Acct-Output-Octets}:-0}',              acctterminatecause = '%{Acct-Terminate-Cause}',              acctstopdelay      = '%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   = '%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'           AND username          = '%{SQL-User-Name}'           AND nasipaddress      = '%{NAS-IP-Address}' ->            UPDATE radacct SET              acctstoptime       = '2008-07-19 18:39:41',              acctsessiontime    = '85',              acctinputoctets    = '0' << 32 |                                  
 '0',              acctoutputoctets   = '0' << 32 |                                   '0',              acctterminatecause = '',              acctstopdelay      = '0',              connectinfo_stop   = 'CONNECT 54Mbps 802.11g'           WHERE acctsessionid   = '00000000-00000007'           AND username          = 'testuser01'           AND nasipaddress      = '10.10.44.246'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
        expand: %{User-Name} -> testuser01
 attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 53 to 10.10.44.246 port 1035
Finished request 360.
Cleaning up request 360 ID 53 with timestamp +81362
Going to the next request
Ready to process requests.
                                     




----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re :  EAP-TLS OK - EAP-PEAP KO!! why that?

Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing onmy sql database:

  The debug log doesn't show that.

> the output is too long, mailing list parameters won't accept it. i post
> part of the output that seem to give the point of misconfiguration. if
> it is not sufficient, please let me know, and i will find a way to put
> somewher the whole output of RADIUD -X. thank you.
...
> Exec-Program output: Logon failure (0xc000006d)
> Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
> Exec-Program: returned: 1
>   rlm_mschap: External script failed.
>   rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

  What's the problem?  You're using Samba to authenticate to Active
Directory, and the password is wrong.

  Check that the passwords are correct.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



      _____________________________________________________________________________ 
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080719/6a86b664/attachment.html>


More information about the Freeradius-Users mailing list