No Aoth Type problem again

Jelle Langbroek jml at orkz.net
Fri Jun 20 15:32:27 CEST 2008


Hi,
I know it's plain English but I still can't figure out where the warning is
comming from and what I have to change. It finds the password, but still
gives the auth(failure):

 auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
 auth: Failed to validate the user.

I'm using the default config-files with PEAP auth. Can somebody give me a
hint in the right direction? Where/what config file should I look in and
what to edit? THANKS!

Here are my logs...

Listening on authentication address 172.16.27.103 port 1812
Ready to process requests.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=141
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x02000013016a656c6c656c616e6762726f656b
        Message-Authenticator = 0x933439cddca44559a4ee3c2b327aaac5
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 0 length 19
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
        expand: %{User-Name} -> userX
rlm_sql (sql): sql_set_user escaped user --> 'userX'
rlm_sql (sql): Reserving sql socket id: 4
        expand: SELECT ownerid as id, username, 'Cleartext-Password' as
attribute, passwd as value, ':=' as op           FROM nodes           WHERE
username = '%{SQL-User-Name}'           ORDER BY id -> SELECT ownerid as id,
username, 'Cleartext-Password' as attribute, passwd as value, ':=' as
op           FROM nodes           WHERE username = 'userX'           ORDER
BY id
rlm_sql (sql): User found in radcheck table
        expand: SELECT ownerid as id, username, 'Cleartext-Password' as
attribute, passwd as value, ':=' as op           FROM nodes           WHERE
username = '%{SQL-User-Name}'           ORDER BY id -> SELECT ownerid as id,
username, 'Cleartext-Password' as attribute, passwd as value, ':=' as
op           FROM nodes           WHERE username = 'userX'           ORDER
BY id
        expand: SELECT 'dynamic' as groupname           FROM
customers           WHERE name = '%{SQL-User-Name}'           ORDER BY id ->
SELECT 'dynamic' as groupname           FROM customers           WHERE name
= 'userX'           ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message = 0x010100061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d299bab34161e655ea3ece36f0c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=233
Cleaning up request 0 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d299bab34161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0201005d190016030100520100004e0301485baf3e8e15e57593e3e1819134ab3ad55c2a65dbdd6278dadce70ffee5409a00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
        Message-Authenticator = 0xda28b5bb86c975ef4fd3c5bf45e4bba5
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 1 length 93
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
    TLS_accept: SSLv3 write key exchange A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x0102040019c000000acd160301004a020000460301485bafe7c5b0d88a48309c43edcd95ad1a7074078f255e9ae50b996f1652ccb920a16607e93eaa7110ee032225ce8e42a2f268a83d10b15c608aaa906a0983b761003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
        EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133315a170d3039303631383134323133315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e51de7b82469cbac2af9f14199eb4c8ebc3f2c3102c669d669d474b3c8a9
        EAP-Message =
0x10af6d0ed5e1d33fdca7a6fd55b046f135a4d7fce70cce39f1e2378ef0e137638ba9fa1dc376347d313f64f63d5955437faad9f0898028cd6386e91cc7305583103b82f4614092c960a0a0bced39a7cbdfc2267da2ffc5e29b607d9f47169ca043d4aa054efccb590ee0f0eb0c3825d5d72595f3afc15a59b39c3eaebee214108bbfdd4a5f3787b9d434219b11a62e59fdbeb53e2d962333c53483821af4d69d282dabeb36117b5b99cedb3800652d4901f44ae12e9eedd6e5d77513831376822f2fd03ff4f0236abbc6eaf831d4838909a263a0673f7ac176673eff4506db30bf950203010001a317301530130603551d25040c300a06082b06010505
        EAP-Message =
0x070301300d06092a864886f70d01010405000382010100996af82a8524e81fa2070413fa3bc07ef4d1acc88e96ee8f90b412dcd1564de0280bd3bc8eb8f024c7753ee0fb3a1d9c9e7e1fc60e87aa7309ba76e44ac083788079b800f28c46bf4cdbc8423c40b6c897ec4a2ccaa95c4b59d0c035a00725cc5e943ec10dac7cf1669995ec20a26ffaedf7c0e7bdc2acc11882ecb3e9f9e06e8597dfc4c30a9d69210cdf2872ed848af5e1c89e2ed34a6db012129685b12f56d4bec3f6e13e7b43b6e00a81545a38f28090f1ff3ceca37a107ea01898d2269f7156ca7c74c8b20ead294a6a7d1d32eb70065bda7bcfe009a070c6f01a9b0b9674fa3cff08a1
        EAP-Message = 0xd8bf0854f4d5920b817066b8
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d299aa834161e655ea3ece36f0c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=146
Cleaning up request 1 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d299aa834161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020200061900
        Message-Authenticator = 0x6ae87b9fa610cc290341c3c8721eab9c
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 2 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x010303fc19401cd7c4c2a6889ffa64eb3b48b32b0004ab308204a73082038fa003020102020900d0b321af3f5e6edb300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631383134323133305a170d3038303731383134323133305a308193310b30090603
        EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c61affd9b5606d309f732b738a593c3adc04fc3cd9d9b4b974c83e330b98f92eb01c54c4a73ba87e32181239a999468e387accc8edac79fe1d61b7331b3a4d5d658858ecdaa0e0119b6d2a958f7bf3
        EAP-Message =
0x6c05b684d836361612e031a7c863de56c0c2eecea221506078f4f991d6f7f1b40882d1981e6be282cc6ca1e5555309375397dfc7b6a379cf23f9780841d540d83ac4a89847ec588c84073f1d8e4be9c2fc955cc79d12fc8e4e51a0bc388854a5fd8d19f7bf36495cdeade9dc373fdde84b6b4e452109c95785f65e663bdce3543241b34c49b8d41b1fe44362998a782bc18398a00b8261b303f9a6b025cb8165e6a107967a5f823a135c83611b99f5c0c30203010001a381fb3081f8301d0603551d0e0416041442ba48fa03771a044de938b92a0ac80bd48b46c83081c80603551d230481c03081bd801442ba48fa03771a044de938b92a0ac80bd48b
        EAP-Message =
0x46c8a18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900d0b321af3f5e6edb300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009271c64430e33a20e02c5c3ea887afbda2e892a25f633961c5b13d6df2461f7675b2d3ef317087b1eeeef20c6855c4208c7d
        EAP-Message = 0x22dbf87ea84011c3
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d2999a934161e655ea3ece36f0c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=146
Cleaning up request 2 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d2999a934161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020300061900
        Message-Authenticator = 0x55eb06fdd249f58d4b098d211ef699db
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 3 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x010402e71900589c274af17f1a494850cb1028aea864d133e063ba83420b4e3c091030cb4a0c5e5913181a57a0ef4e965b1a1490eb20c705bfc44603e0e52aa98d2f47831b1e88e8cb4149a777c58356b40fcb237ad48b79a1e61a5a02e245b071293b2b25d6b3bbc2e1eb5e26db78735d8172015a39ae2ab6d93382ef0be94f0419a5a7101b93f3f91c7a124f75d5884e225990d032bb21374f62ebdca5a3add90be36aa926a41695835c2eb3f7e88337da950eb5394a9ffb5f63412909f5e387762b4bc9607be7d5871e1c160301020d0c0002090080d98dfb21f227dd0de0112a4e02b14ba70211061c5b376bb17b336613f8dc7867bf69d166fa9a
        EAP-Message =
0x06947948dc5a2a0bb67aece8a2eb6ec595b94459607661010ebd873c133571818cf379124cde39be0e869e24c60c3ecaf1faaf1d96b46cb542c1a8207a4a2c8114788241b433bbe70a1c9ba7e56a3e27932254db2290c295e28300010200801e2c86c4785eeb02a0bb6dd6aa890202b7e118a106a5c230c576d7030939045bb009c2ac440005c74fe3659e3fd5b15f4554226f7dcd0131dc636b3d8b2152b63efc1cb23b6e8b0b3bd2960488c73b9bf499434d44629b813ff423fcf0580858aa6473354cce503e27925a2b5493fad07897a8f9ee105c4b949d6277b0ffa75d010034c14143a28ad289e2d0a39f498063167f73fcbf4000caa9c70a3905
        EAP-Message =
0x71a008d47f3651cca5a115167ccf4c3990bbaf3507e2b958546eb5e323c7fe857e8394a68251ad5404da26810c662052e242961cb37eafcab475f322a740a0abd48178f31bed95df9004fb37f667282bdbaa9db8402640ffad48ecb15a49ea5db0ace40026026cd5ab50949ade5c903144779999672f88dd7885fcf946ed5c01779571173271d8503a0c3e43791e06a2c4400ff0553c76e15bf7624cf432dd2d44643827b4d29a8763738b073e09b1bbb3c6f2d411391976badabf00cd6ccbb57627e315142009a49e948f5911cf3873557dc60adfebd10a8892d1ac71109fb9cf9a3e6416030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d2998ae34161e655ea3ece36f0c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=344
Cleaning up request 3 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d2998ae34161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020400cc190016030100861000008200804316d20c6a7c178058561a988cd4c857a1818bca9d6381d259ad888eb8590fb37aa41737e0465ed1c8645c4b84abd506a7d30c4bb7a7a10f909b9feb1f8a51b8430d748d87f03c7df6a01a3bb99c178da207b3a19c540469709f2845ba90768f8ec804175b2e9afaa80dccc2107919f7580b1953431922cdeda4f877c91e174f14030100010116030100300f7ef3899514ebb34daa12ac552eb8f9eb8841016f046ea3a63e53aadfb3e3397a93e73456cc41e1135861707733b220
        Message-Authenticator = 0xdea135864ef03eb8674379a35331fd5f
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 4 length 204
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
    TLS_accept: SSLv3 read client key exchange A
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 read finished A
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
    TLS_accept: SSLv3 write change cipher spec A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
    TLS_accept: SSLv3 write finished A
    TLS_accept: SSLv3 flush data
    (other): SSL negotiation finished successfully
SSL Connection Established
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x0105004119001403010001011603010030e6a2e4f9f396f695728dfc74be50459b34dea2ec026e3b041e64ad32a19bfc01ce00a4f39422c30e86d83059c040853f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d299faf34161e655ea3ece36f0c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=146
Cleaning up request 4 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d299faf34161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message = 0x020500061900
        Message-Authenticator = 0xaa2e2ed89ffe2379528536376d6b3678
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3
  eaptls_process returned 3
  rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x0106002b190017030100203d19543fef6a354b15802fa24ac6be930472a2bb2963b2cd40acb8569178208b
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d299eac34161e655ea3ece36f0c
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=236
Cleaning up request 5 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d299eac34161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x020600601900170301002006f9c4c30ed6970d17049ecab64a52b6bd0147e5e8aa1632efba5d9bc17ad65517030100307342716fd8fa732607a62a93a4ea9d0be8cd1c9717af27bb67b840bc0a308060563c313805c8b9810e19ba7a0485738a
        Message-Authenticator = 0x8aa405f4d2a413e1dfdf4f6019925a83
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 6 length 96
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - userX
  PEAP: Got tunneled identity of userX
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to userX
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.16.27.37 port 3072
        EAP-Message =
0x0107003b1900170301003083a87eb6970e9d00f7463517385ede5e1301a3788b857b995947b8b8ab618a56ac5422ade8ea7d08e6be181deb19075e
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x9baa2d299dad34161e655ea3ece36f0c
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.27.37 port 3072, id=0,
length=236
Cleaning up request 6 ID 0 with timestamp +41
        User-Name = "userX"
        NAS-IP-Address = 172.16.27.37
        Called-Station-Id = "001c1066a106"
        Calling-Station-Id = "001cdf77bb4d"
        NAS-Identifier = "001c1066a106"
        NAS-Port = 1
        Framed-MTU = 1400
        State = 0x9baa2d299dad34161e655ea3ece36f0c
        NAS-Port-Type = Wireless-802.11
        EAP-Message =
0x0207006019001703010020e1e6a5669a6e1f2fad8b18557490b2a36580caac37130035ec533f519aa058651703010030ea09edd1a98107005cbbefece6de1029da93fab2b2f14456b2a2728ff91532a35d075fb23197f925da6206a6e1ee5db1
        Message-Authenticator = 0xd2a2e7d67cd0ea7f1d069d4ebf3731cc
+- entering group authorize
++[preprocess] returns ok
        expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/172.16.27.37/auth-detail-20080620
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/
172.16.27.37/auth-detail-20080620
        expand: %t -> Fri Jun 20 15:25:59 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
    rlm_realm: No '@' in User-Name = "userX", looking up realm NULL
    rlm_realm: No such realm "NULL"
++[suffix] returns noop
  rlm_eap: EAP packet type response id 7 length 96
  rlm_eap: Continuing tunnel setup.
++[eap] returns ok
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap:  Had sent TLV failure.  User was rejected earlier in this
session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
  Found Post-Auth-Type Reject
+- entering group REJECT
        expand: %{User-Name} -> userX
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Sending Access-Reject of id 0 to 172.16.27.37 port 3072
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 7 ID 0 with timestamp +41
Ready to process requests.





2008/6/20 Alan DeKok <aland at deployingradius.com>:

> Andy An wrote:
> > Hi Ivan:
> > The password is in the ldap server as one of attributes binded to the
> > user (userPassword: {CRYPT}something).
> ...
> > rlm_ldap: performing search in ou=People,dc=eciad,dc=ca, with filter
> > (uid=andyan)
> ...
> > WARNING: No "known good" password was found in LDAP.  Are you sure that
> > the user is configured correctly?
>
>   The debug output disagrees with you.
>
>  There is no known good password available.
>
>  Again, it helps to READ the debug output yourself.  The warning
> messages are clear, and are written in simple English.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080620/35373b79/attachment.html>


More information about the Freeradius-Users mailing list