mschap No Cleartext-Password configured

alois blasbichler alois.blasbichler at sb-brixen.it
Wed Oct 8 10:57:27 CEST 2008


  Hello

  Thank you for the replay.

I maked another test with user test and password test with radtest and  
then from a windowsxp-client (should be pap)

with radtest test test  127.0.0.1  12  password  -
all works fine - i see in the log :
--------------------------------------------------------------------
rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
rlm_ldap: sambaNtPassword -> NT-Password ==  
0x3043423639343838303546373937424632413832383037393733423839353337
rlm_ldap: sambaLmPassword -> LM-Password ==  
0x3031464335413642453742433639323941414433423433354235313430344545
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = LDAP
+- entering group LDAP {...}
[ldap] login attempt by "test" with password "test"
[ldap] user DN: uid=test,ou=users,dc=sb-brixen,dc=it
rlm_ldap: (re)connect to mir:389, authentication 1
rlm_ldap: bind as uid=test,ou=users,dc=sb-brixen,dc=it/test to mir:389
rlm_ldap: Bind was successful
[ldap] user test authenticated succesfully
++[ldap] returns ok
Login OK: [test] (from client localhost port 12)
------------------------------------------------

and here the full log for my windows-client accessing via a cisco  
wireless switch (maybe he gives me the problems) :

Maybe sombody see where i have the problems

By
luis
---------------------------------------------
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=77, length=170
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message = 0x020f00090174657374
         Message-Authenticator = 0xf69a987d74a723bbc2981decb8c871a0
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 15 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns updated
[files] users: Matched entry test at line 7
++[files] returns ok
[ldap] performing user authorization for test
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
         expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=test)
         expand: ou=users,dc=sb-brixen,dc=it -> ou=users,dc=sb-brixen,dc=it
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to mir:389, authentication 0
rlm_ldap: bind as uid=cyrus,dc=sb-brixen,dc=it/niko2006 to mir:389
rlm_ldap: waiting for bind result ...
request done: ld 0x81a9290 msgid 1
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=users,dc=sb-brixen,dc=it, with  
filter (uid=test)
request done: ld 0x81a9290 msgid 2
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
rlm_ldap: sambaNtPassword -> NT-Password ==  
0x3043423639343838303546373937424632413832383037393733423839353337
rlm_ldap: sambaLmPassword -> LM-Password ==  
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Normalizing MD5-Password from base64 encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 77 to 10.53.240.10 port 32769
         EAP-Message = 0x011000160410741fcd7da1e640ba9f4390917645a3ad
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298d70aca02ffd6ac34c7adfdb
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=78, length=185
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message = 0x021000060315
         State = 0x8d60a8298d70aca02ffd6ac34c7adfdb
         Message-Authenticator = 0x3685ed0ea3c294147b81919044eb0a64
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 16 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
request done: ld 0x81a0bf8 msgid 3
++[unix] returns updated
[files] users: Matched entry test at line 7
++[files] returns ok
[ldap] performing user authorization for test
WARNING: Deprecated conditional expansion ":-".  See "man unlang" for details
         expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=test)
         expand: ou=users,dc=sb-brixen,dc=it -> ou=users,dc=sb-brixen,dc=it
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,dc=sb-brixen,dc=it, with  
filter (uid=test)
request done: ld 0x81a9290 msgid 3
[ldap] looking for check items in directory...
rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
rlm_ldap: sambaNtPassword -> NT-Password ==  
0x3043423639343838303546373937424632413832383037393733423839353337
rlm_ldap: sambaLmPassword -> LM-Password ==  
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Normalizing MD5-Password from base64 encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/ttls
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 78 to 10.53.240.10 port 32769
         EAP-Message = 0x011100061520
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298c71bda02ffd6ac34c7adfdb
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=79, length=239
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message =  
0x0211003c158000000032160301002d010000290301647180947385016afade07e1c1aee4025498d5914d18863a7986f27daeb480ed000002000a0100
         State = 0x8d60a8298c71bda02ffd6ac34c7adfdb
         Message-Authenticator = 0xc3b4f30b08d8182f2f8e96bb9d1c3481
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 17 length 60
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
   TLS Length 50
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 002d], ClientHello
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 084e], Certificate
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 79 to 10.53.240.10 port 32769
         EAP-Message =  
0x0112040015c00000088b160301002a02000026030148ec7047e41faf0bd701480470907705dfc6ae3ab32978b9341476c460de398a00000a00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
         EAP-Message =  
0x301e170d3038313030373036303033345a170d3039313030373036303033345a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d0c235d2108f4fdfc41f3e33ca571c24bf08d42565b74d9f4c4b5288dec81daacc4861417676b11a1c15ca654557d37870a4b1deab4c7110a56d8dcfd655
         EAP-Message =  
0x67910846259d83b55ae79ae7b6e9b3957abf420662abc13c2e27fcf5bc6d6280d94e9032e5e2ada4692ec7780611ae108e2244f0f1e0d31ba4480be0e1bb7cfae51f36216bf6dc2c1c3583597e7add4d96f7d649f5357350db07a98e75ea3623849d6b8e4932458a35e9d2b9f174f75fc9273523c7c719460a33fba0aa07848ec167ba9ebdfdb4657bba38a013810d3cc9707d116ee20129a141d9350984ab5f07989f400602ce01d747197f6bb8cb716b8c8361215a7e14d6d8185358e4d831a53b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101007224e3dafb01754f74
         EAP-Message =  
0x17687e3cbfc9aae1fd81cef616ed7cdef40e347979775e32610fd34c40d53dc3bed22ee8a21973f0cfe96c0d4dd9ad2aded48ce6cd8f458ac5fb7ecac58acd7327458f706ae8dae101999c6a0e2ce8e8e5057f1994acd5e23aeedf818c65ad0ad3b82340540fd1782b89fb1c7104795f3a45f883609c383ca7290c2259e9ba1324e95733def13dd773ca0c599e7387dfd05fd9c29d204da8421a85d874bc6856cfa5e16bc4df298e1983b454ff461aa66308d427a859c79ef65075506390122cc4b062ddb0839ddad8fe2f439efc581deb4c2886106665ba3fb2bb26cd51dc339b3ec7a2e5fa069a6b6219e4cf560ffc35ac1f2eeb6ec800049b308204
         EAP-Message = 0x973082037fa0030201020201
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298f72bda02ffd6ac34c7adfdb
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=80, length=185
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message = 0x021200061500
         State = 0x8d60a8298f72bda02ffd6ac34c7adfdb
         Message-Authenticator = 0x648a50991483b7be0640ef5cd06a5b31
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 18 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 80 to 10.53.240.10 port 32769
         EAP-Message =  
0x0113040015c00000088b00300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038313030373036303033335a170d3038313130363036303033335a308193310b3009060355040613024652310f300d06035504081306526164697573311230100603550407130953
         EAP-Message =  
0x6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b800fce416ece3a7add843bb04c2b40edc73f80788896ad2c56ec4d7e8fb68d48d9b17403ad387f62f4224fd397d0c5d873c62c17844bab1fcd212a19e0957f8fc01576753a15d663b35881d9c8b7f599d4ea7dfe2716e3b200965f400bfb62226a5d956cc3b723b90dc2651c41c95d62b37a5
         EAP-Message =  
0xc7e3ad95673716d18cf1f843d72391a95ab0208fe0dc76c05b198a2095e3830c5dae1721e3720b0ccdb9547f0b69b6cacdfd9188726b47a52923c055d4e636b87f3cd00bfc454f9118b3eec168db32792d1a3e336189ccc9e0a014a83ca48362ed467ad449d0237448e241616e057cd92cf0c0f8a9e34e3e48d001ce6594068b0081365799a1e7be78198ed0870203010001a381f33081f0301d0603551d0e041604148cc4eb7eea1f20a3d8789e038e8e8304b095a1d03081c00603551d230481b83081b580148cc4eb7eea1f20a3d8789e038e8e8304b095a1d0a18199a48196308193310b3009060355040613024652310f300d0603550408130652
         EAP-Message =  
0x61646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010090b34a955dea80cb5e531f57f20e4ce19c7eda9989ca4b9f77016d632bc0787956ff2874084c907df5ccc3871e3c78375c9ca6778ff5aa72b1aaeb2304c9553ee3fdc7f0dbe0932d6356536704353ce7a8f681caef5cd2c85aa5d3c5a9c4
         EAP-Message = 0xb9b5d21e94fda70e48d37a63
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298e73bda02ffd6ac34c7adfdb
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=81, length=185
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message = 0x021300061500
         State = 0x8d60a8298e73bda02ffd6ac34c7adfdb
         Message-Authenticator = 0x04c7c433cde93f5907549411693be5a0
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:11 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 19 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 81 to 10.53.240.10 port 32769
         EAP-Message =  
0x011400a915800000088bbfc7693750c4129758a5306294f4463759b16f7bae93c2731e05abeaeab06fdad57189c07a6ef75b3433076e2d165ed9557e2914dcaa70e04f450b72739246120f5b130ecc138cd6668d0998fbd9e41474a7212981b276d535e29cc76ae5f3065512d3093ac1fece71dc9838641d13969a7ad543768d855c344af83312a85a6fce6b004b9d9442db3975081a0e6f575b826bcbec811916030100040e000000
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298974bda02ffd6ac34c7adfdb
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=82, length=509
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message =  
0x0214014815800000013e1603010106100001020100186af5eadf773c69da0fb6252f6723fe51cad32b5d9254cef43d20a56985b465203d58645ffb504b899127f37cce6891e3b0eab53bb85400505597999b959fcf422b9b051eedb30faea2a88ec2dddc81bab5f6fda1fe676acc140aeddec921f912ca405dbfb67f9ba8c5050658efa031afa855f3ebbccf22692c6ed3df9ec1c0f153150d96202d2ac4eb8d3e5d8bef436cd9839924fd6f0bde64439b2c63e95431e1f84ce1aea42fb6e170cd1f09a5a157cc5fc9e9b8141feb304de77807d3886745b979b8ef9dc7bbbf77c4c9175f4cffca780f4016427a2e151309aed4ccfa822175f8b8121b7d
         EAP-Message =  
0x4636ce00734021c727568b0b121abd80db2d43786737ebb014030100010116030100287be243965ffa1e3388fda7d72ef09595602e801d906ca2b8adaf5031174d7d0e4ea112fa8262d12d
         State = 0x8d60a8298974bda02ffd6ac34c7adfdb
         Message-Authenticator = 0x47bfef45ee4572e17f2bbd52e3dcca49
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:12 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 20 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
   TLS Length 318
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 82 to 10.53.240.10 port 32769
         EAP-Message =  
0x0115003d1580000000331403010001011603010028b3f16a3201dd66a8d32b026ee5919178a05011a7df4888d38c2f49ad7a07a3d25ed4a36f3da49695
         Message-Authenticator = 0x00000000000000000000000000000000
         State = 0x8d60a8298875bda02ffd6ac34c7adfdb
Finished request 5.
Going to the next request
Waking up in 4.0 seconds.
rad_recv: Access-Request packet from host 10.53.240.10 port 32769,  
id=83, length=242
         User-Name = "test"
         Calling-Station-Id = "00-40-96-B4-5B-0F"
         Called-Station-Id = "00-0B-85-95-70-80:prova"
         NAS-Port = 29
         NAS-IP-Address = 10.53.240.10
         NAS-Identifier = "WS4404_Pri"
         Airespace-Wlan-Id = 4
         Service-Type = Framed-User
         Framed-MTU = 1300
         NAS-Port-Type = Wireless-802.11
         Tunnel-Type:0 = VLAN
         Tunnel-Medium-Type:0 = IEEE-802
         Tunnel-Private-Group-Id:0 = "156"
         EAP-Message =  
0x0215003f1580000000351703010030c9a8dc64815c9dd7f626ba6c6692826ad4cbf8dea0f267d6825fb59b80d67290060d7ce1b062da06c4a255cbc2c26652
         State = 0x8d60a8298875bda02ffd6ac34c7adfdb
         Message-Authenticator = 0xdf9441685dd3878652094fdb63819741
+- entering group authorize {...}
++[preprocess] returns ok
         expand:  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
[auth_log]  
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d  
expands to  
/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
         expand: %t -> Wed Oct  8 10:33:12 2008
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 21 length 63
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
   TLS Length 53
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
         User-Name = "test"
         User-Password = "test"
         FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
         User-Name = "test"
         User-Password = "test"
         FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
request done: ld 0x81a0bf8 msgid 4
++[unix] returns updated
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry test at line 7
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "test"
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: CRYPT password check failed): [test] (from  
client ciscosw port 0 via TLS tunnel)
} # server inner-tunnel
[ttls] Got tunneled reply code 3
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [test] (from client ciscosw port 29 cli 00-40-96-B4-5B-0F)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
         expand: %{User-Name} -> test
  attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 83 to 10.53.240.10 port 32769
         EAP-Message = 0x04150004
         Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.0 seconds.
Cleaning up request 0 ID 77 with timestamp +24
Cleaning up request 1 ID 78 with timestamp +24
Cleaning up request 2 ID 79 with timestamp +24
Cleaning up request 3 ID 80 with timestamp +24
Cleaning up request 4 ID 81 with timestamp +24
Waking up in 0.8 seconds.
Cleaning up request 5 ID 82 with timestamp +25
Waking up in 1.0 seconds.
Cleaning up request 6 ID 83 with timestamp +25
Ready to process requests.
---------------------------------------------




More information about the Freeradius-Users mailing list