EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP
revealmapp at yahoo.fr
Sat Jul 19 19:31:31 CEST 2008
OK
radtest maman maman localhost 1812 testing123
Sending Access-Request of id 48 to 127.0.0.1 port 1812
User-Name = "maman"
User-Password = "maman"
NAS-IP-Address = 127.0.0.2
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=48, length=20
Log
------------------------------------------------------------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32769, id=48, length=57
User-Name = "maman"
User-Password = "maman"
NAS-IP-Address = 127.0.0.2
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "maman", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> maman
rlm_sql (sql): sql_set_user escaped user --> 'maman'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'maman' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'maman' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'maman' ORDER BY priority
expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'Professeurs' ORDER BY id
rlm_sql (sql): User found in group Professeurs
expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'Professeurs' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "maman"
rlm_pap: Using clear text password "maman"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [maman/maman] (from client localhost port 1812)
+- entering group post-auth
rlm_sql (sql): Processing sql_postauth
expand: %{User-Name} -> maman
rlm_sql (sql): sql_set_user escaped user --> 'maman'
expand: %{User-Password} -> maman
expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'maman', 'maman', 'Access-Accept', '2008-07-19 18:38:59')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'maman', 'maman', 'Access-Accept', '2008-07-19 18:38:59')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 48 to 127.0.0.1 port 32769
Finished request 359.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 359 ID 48 with timestamp +81320
Ready to process requests.
rad_recv: Accounting-Request packet from host 10.10.44.246 port 1035, id=53, length=153
Acct-Session-Id = "00000000-00000007"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
User-Name = "testuser01"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F9:TLS"
Calling-Station-Id = "00-12-F0-0C-97-61"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
Acct-Session-Time = 85
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 10.10.44.246,NAS-IP-Address = 10.10.44.246,Acct-Session-Id = "00000000-00000007",User-Name = "testuser01"'
rlm_acct_unique: Acct-Unique-Session-ID = "73713cdd1b906342".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "testuser01", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/10.10.44.246/detail-20080719
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/10.10.44.246/detail-20080719
expand: %t -> Sat Jul 19 18:39:41 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> testuser01
++[radutmp] returns ok
expand: %{User-Name} -> testuser01
rlm_sql (sql): sql_set_user escaped user --> 'testuser01'
expand: %{Acct-Input-Gigawords} ->
expand: %{Acct-Input-Octets} ->
expand: %{Acct-Output-Gigawords} ->
expand: %{Acct-Output-Octets} ->
expand: %{Acct-Delay-Time} ->
expand: UPDATE radacct SET acctstoptime = '%S', acctsessiontime = '%{Acct-Session-Time}', acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstoptime = '2008-07-19 18:39:41', acctsessiontime = '85', acctinputoctets = '0' << 32 |
'0', acctoutputoctets = '0' << 32 | '0', acctterminatecause = '', acctstopdelay = '0', connectinfo_stop = 'CONNECT 54Mbps 802.11g' WHERE acctsessionid = '00000000-00000007' AND username = 'testuser01' AND nasipaddress = '10.10.44.246'
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
expand: %{User-Name} -> testuser01
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 53 to 10.10.44.246 port 1035
Finished request 360.
Cleaning up request 360 ID 53 with timestamp +81362
Going to the next request
Ready to process requests.
----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Samedi, 19 Juillet 2008, 17h19mn 58s
Objet : Re: Re : Re : EAP-TLS OK - EAP-PEAP KO!! why that?
Reveal MAP wrote:
> Now i am trying to authenticate via PEAP a user existing onmy sql database:
The debug log doesn't show that.
> the output is too long, mailing list parameters won't accept it. i post
> part of the output that seem to give the point of misconfiguration. if
> it is not sufficient, please let me know, and i will find a way to put
> somewher the whole output of RADIUD -X. thank you.
...
> Exec-Program output: Logon failure (0xc000006d)
> Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
> Exec-Program: returned: 1
> rlm_mschap: External script failed.
> rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
What's the problem? You're using Samba to authenticate to Active
Directory, and the password is wrong.
Check that the passwords are correct.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080719/6a86b664/attachment.html>
More information about the Freeradius-Users
mailing list