Authorization?? pb Authentication against AD
Reveal MAP
revealmapp at yahoo.fr
Fri Jun 27 16:26:47 CEST 2008
Thanx Ivan for your answer!
this is what i did:
- chmod -R 777 winbindd_privileged/
to correct the authorization problem. but now i stil can't connect with my AD account!
i think the point error in the log is (see below), and i wonder (if i understood well) how to fix that :
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
part of log:
************************
+[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=PLUTON\glouglou
mschap2: dd
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8a4a4b83990e4987
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=e7fa2ba6a80c3513d1fa84f8e9e82812a614da53389bd4e1
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
************************
here is the full Radiusd -X log:
--------------------------------------------
**********************************
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=89, length=168
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001401504c55544f4e5c676c6f75676c6f75
Message-Authenticator = 0x9ebfe1a5041bdfc82326c9206a93abd5
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 0 length 20
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 89 to 10.10.44.246 port 1027
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e79354a7f60270e99037df0484ac9
Finished request 8.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=90, length=246
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201005019800000004616030100410100003d0301486503e681a67eed063268830121a79a24e45bda7665664681dba7d7eba4bea500001600040005000a000900640062000300060013001200630100
State = 0x4a7e79354a7f60270e99037df0484ac9
Message-Authenticator = 0x223f490c057b41f7858dda23683c7eb0
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 1 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0641], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 90 to 10.10.44.246 port 1027
EAP-Message = 0x0102040019c00000069e160301004a020000460301486502c1e8b6ddf3525b9c3d598d0753171dd5f6d41c120e1b62759ed985c431206398c6d6b7b7dc9d220eafd7c7243f37186e3212258e213979b1e6909268997e00040016030106410b00063d00063a0002a6308202a23082020ba003020102020101300d06092a864886f70d010105050030818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f7
EAP-Message = 0x0d01090116126d62615f6f796f6e65407961686f6f2e6672301e170d3038303530363134323832385a170d3039303530363134323832385a308188310b3009060355040613024d41310e300c060355040813055261626174310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f311c301a06035504031413454e534941535f5365727665725261646975733124302206092a864886f70d01090116156d62616f796f6e6540636172616d61696c2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100bb95115e0a9b09647fcc2cc822240624842ae80bd3b8d5fd51bb9b9d0e
EAP-Message = 0xfc65f768a58d0fd976268b8cb576905b2ae47089e70356e3b6a539f8debc381b98ae9b242ca42e3d7d85b08a66dcc5b7268c10911676e6a4517dc3e2130ce9eaee01388f6fe3696ea193320635c4c677009c17e4f0c40e00c8fc2f969e8e20a53112b90203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181005b553acadf73c7b78ba5f4a1700cb2326eb6e26c93b948d763705b44812933f1df17131e87744577c1c01a6d4ade88fe6ce1133fac1dedcf14f2490070301fa3e9ddd96ff4fa143f0aa853e5e15a055c45f34c7e18b8c3fc135e3e7f22e49d6007287911a4806494e4
EAP-Message = 0xf548d12f4a8fcfbc11d49ec1a035f4013de94243c014b600038e3082038a308202f3a003020102020900bed8f7f713ad2741300d06092a864886f70d010105050030818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e6672301e170d3038303530363134313134375a170d3138303530343134313134375a30818b310b300906035504061302
EAP-Message = 0x4d41310e300c060355040813
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e79354b7c60270e99037df0484ac9
Finished request 9.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=91, length=172
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
State = 0x4a7e79354b7c60270e99037df0484ac9
Message-Authenticator = 0x21139e5efd5f286d64627bfa24887316
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 91 to 10.10.44.246 port 1027
EAP-Message = 0x010302ae1900055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e667230819f300d06092a864886f70d010101050003818d0030818902818100bf61b0669592b605195963d5382583d0e5115ccbdfe0f1c4ff9fcad9171f017d41eb27cf1d1a7a52db1c88665ce519c4f4bbb4ead5426825149fef16c52418fbdb933af73a051ebdd28373fa4879977d441d473f3dfd3ccd17874a1572cc1d4287290161798b
EAP-Message = 0xc364ee28de1c671daa5f172ccdabb34b3d03f5da76857ff454950203010001a381f33081f0301d0603551d0e041604147526799856863b751619010ffc74602c7ab7565d3081c00603551d230481b83081b580147526799856863b751619010ffc74602c7ab7565da18191a4818e30818b310b3009060355040613024d41310e300c060355040813055261626174310e300c06035504071305416764616c310f300d060355040a1306454e5349415331143012060355040b130b43656e74726520496e666f3112301006035504031409454e534941535f43413121301f06092a864886f70d01090116126d62615f6f796f6e65407961686f6f2e667282
EAP-Message = 0x0900bed8f7f713ad2741300c0603551d13040530030101ff300d06092a864886f70d010105050003818100ab43dca4037042bca22b306a18b60eb9c28743208bc80727147bc80283ebe81cf182aaab8a9ffe8def8d30713c87d1135689ad72660efb61b0fcb8971dc37c36eb18ed6d32544026fe57b34bcbe819193341e0cebaa9b9c6d58d99a5af37557d1e9cb093a27658e7430cdc39fb2a3f331404807e4969fdc4f30a9963a997af1616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e7935487d60270e99037df0484ac9
Finished request 10.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=92, length=358
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300c01980000000b61603010086100000820080684c8b818181e1c78ca3ae7cdc36af46e1ac47643273813a062f8195897bb98fa8e4c52a9b19a0bc65fd1a13ca88e4cddc1372db088ef2677f8f80c0a3a88beb8e58fdb69c023ecb0fadf2b48e3cf38bac69646a64b32bebb9ad023269b75f5ae1214b1a702ddbc9e1468e72c0b3985ef89595ace37aef296d7c6925b9199bc81403010001011603010020d1a91b4572cf7aefe2fbb4aea214ca889fb94ad60f7a3dc589d85e8b2301fd45
State = 0x4a7e7935487d60270e99037df0484ac9
Message-Authenticator = 0x7b41ee869bc6f8e72fb31a08ae28b46b
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 3 length 192
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 182
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 92 to 10.10.44.246 port 1027
EAP-Message = 0x0104003119001403010001011603010020c137a7067dbbb4836bc2df50b50ddc8a7d67883f4d82822e3fcbaac6b1e11cf6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e7935497a60270e99037df0484ac9
Finished request 11.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=93, length=172
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400061900
State = 0x4a7e7935497a60270e99037df0484ac9
Message-Authenticator = 0x7fd4dc60b7911222609b9dbed4dbb80c
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 93 to 10.10.44.246 port 1027
EAP-Message = 0x010500201900170301001514e1f32add9b0fc2423696f7bee7e8c3ef39f7e6b6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e79354e7b60270e99037df0484ac9
Finished request 12.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=94, length=209
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0205002b19001703010020b08154710e7e190514cf420c9f9baa28ae3ee7401976ba321bbf6f0bacf3a1b9
State = 0x4a7e79354e7b60270e99037df0484ac9
Message-Authenticator = 0x3029405858d0caaee49d5b508193416f
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 5 length 43
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - PLUTON\glouglou
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0205001401504c55544f4e5c676c6f75676c6f75
PEAP: Got tunneled identity of PLUTON\glouglou
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to PLUTON\glouglou
PEAP: Sending tunneled request
EAP-Message = 0x0205001401504c55544f4e5c676c6f75676c6f75
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
server (null) {
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 5 length 20
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server (null)
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010600291a0106002410ddcb2820e3a0b40c20a2f16430f47a8d504c55544f4e5c676c6f75676c6f75
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x72782974727e330259647bcf732d666c
PEAP: Processing from tunneled session code 0x81a3f88 11
EAP-Message = 0x010600291a0106002410ddcb2820e3a0b40c20a2f16430f47a8d504c55544f4e5c676c6f75676c6f75
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x72782974727e330259647bcf732d666c
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 94 to 10.10.44.246 port 1027
EAP-Message = 0x010600401900170301003505357406d973df73adc02bb4b8d8650c7a453230b5ace988d5d48d699dcb8ec2fe3dd3b328c7a79987a93a7fe95621d4a0c39fd90f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e79354f7860270e99037df0484ac9
Finished request 13.
Going to the next request
Waking up in 0.8 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=95, length=263
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206006119001703010056a9d45263e8153a09870ca02962350323de2d324811ff319eb7f1b58f7025c9793c3a3c18d74c0ef1ee1e2b886182e051a19e5f75750d77bd2b4e065a7526ebb99a58327299077c3d1232548ab2550bea9fef33e917f9
State = 0x4a7e79354f7860270e99037df0484ac9
Message-Authenticator = 0xb86e59f303d0eec59279405ce1264d51
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 6 length 97
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0206004a1a02060045312e63457a35d1a5fea716396a5a0a4a910000000000000000e7fa2ba6a80c3513d1fa84f8e9e82812a614da53389bd4e100504c55544f4e5c676c6f75676c6f75
PEAP: Setting User-Name to PLUTON\glouglou
PEAP: Sending tunneled request
EAP-Message = 0x0206004a1a02060045312e63457a35d1a5fea716396a5a0a4a910000000000000000e7fa2ba6a80c3513d1fa84f8e9e82812a614da53389bd4e100504c55544f4e5c676c6f75676c6f75
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "PLUTON\\glouglou"
State = 0x72782974727e330259647bcf732d666c
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
server (null) {
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 6 length 74
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for glouglou with NT-Password
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=PLUTON\glouglou
mschap2: dd
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=8a4a4b83990e4987
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=e7fa2ba6a80c3513d1fa84f8e9e82812a614da53389bd4e1
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [PLUTON\\glouglou/<via Auth-Type = EAP>] (from client Access_Point_DWL-8500AP+_A1_L1 port 1 cli 00-12-F0-0C-97-61)
} # server (null)
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x8192dc8 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 95 to 10.10.44.246 port 1027
EAP-Message = 0x010700261900170301001baaabb4abfb1a055187edff9419e6ab6e1d08f660a50dc5aa64e726
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4a7e79354c7960270e99037df0484ac9
Finished request 14.
Going to the next request
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 10.10.44.246 port 1027, id=96, length=204
User-Name = "PLUTON\\glouglou"
NAS-IP-Address = 10.10.44.246
NAS-Port = 1
Called-Station-Id = "00-1C-F0-08-FB-F8:MoJo"
Calling-Station-Id = "00-12-F0-0C-97-61"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020700261900170301001bd5c7266b8b5196ccf36ee4164d39e4756e9afb04a82a055515fb04
State = 0x4a7e79354c7960270e99037df0484ac9
Message-Authenticator = 0xb3f59854b9685827e1e7da1f2356b8d7
+- entering group authorize
++[preprocess] returns ok
++[mschap] returns noop
rlm_eap: EAP packet type response id 7 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [PLUTON\\glouglou/<via Auth-Type = EAP>] (from client Access_Point_DWL-8500AP+_A1_L1 port 1 cli 00-12-F0-0C-97-61)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> PLUTON\glouglou
++[attr_filter.access_reject] returns noop
Delaying reject of request 15 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Waking up in 0.2 seconds.
Sending delayed reject for request 15
Sending Access-Reject of id 96 to 10.10.44.246 port 1027
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.6 seconds.
Cleaning up request 8 ID 89 with timestamp +407
Cleaning up request 9 ID 90 with timestamp +407
Cleaning up request 10 ID 91 with timestamp +407
Cleaning up request 11 ID 92 with timestamp +407
Cleaning up request 12 ID 93 with timestamp +407
Cleaning up request 13 ID 94 with timestamp +407
Waking up in 0.1 seconds.
Cleaning up request 14 ID 95 with timestamp +407
Waking up in 1.0 seconds.
Cleaning up request 15 ID 96 with timestamp +407
Ready to process requests.
**********************************
_____________________________________________________________________________
Envoyez avec Yahoo! Mail. Une boite mail plus intelligente http://mail.yahoo.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080627/015d28cb/attachment.html>
More information about the Freeradius-Users
mailing list