mschap No Cleartext-Password configured
tnt at kalik.net
tnt at kalik.net
Wed Oct 8 11:31:14 CEST 2008
Enable ldap in inner-tunnel virtual server. Radtest works because this is
enabled in default virtual server.
It looks like auto headers are not enabled in pap module. It defaults to
crypt instead of detecting md5 header.
Ivan Kalik
Kalik Informatike ISP
Dana 8/10/2008, "alois blasbichler" <alois.blasbichler at sb-brixen.it>
piše:
> Hello
>
> Thank you for the replay.
>
>I maked another test with user test and password test with radtest and
>then from a windowsxp-client (should be pap)
>
>with radtest test test 127.0.0.1 12 password -
>all works fine - i see in the log :
>--------------------------------------------------------------------
>rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
>rlm_ldap: sambaNtPassword -> NT-Password ==
>0x3043423639343838303546373937424632413832383037393733423839353337
>rlm_ldap: sambaLmPassword -> LM-Password ==
>0x3031464335413642453742433639323941414433423433354235313430344545
>[pap] Found existing Auth-Type, not changing it.
>++[pap] returns noop
>Found Auth-Type = LDAP
>+- entering group LDAP {...}
>[ldap] login attempt by "test" with password "test"
>[ldap] user DN: uid=test,ou=users,dc=sb-brixen,dc=it
>rlm_ldap: (re)connect to mir:389, authentication 1
>rlm_ldap: bind as uid=test,ou=users,dc=sb-brixen,dc=it/test to mir:389
>rlm_ldap: Bind was successful
>[ldap] user test authenticated succesfully
>++[ldap] returns ok
>Login OK: [test] (from client localhost port 12)
>------------------------------------------------
>
>and here the full log for my windows-client accessing via a cisco
>wireless switch (maybe he gives me the problems) :
>
>Maybe sombody see where i have the problems
>
>By
>luis
>---------------------------------------------
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=77, length=170
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x020f00090174657374
> Message-Authenticator = 0xf69a987d74a723bbc2981decb8c871a0
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:11 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 15 length 9
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>++[unix] returns updated
>[files] users: Matched entry test at line 7
>++[files] returns ok
>[ldap] performing user authorization for test
>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=test)
> expand: ou=users,dc=sb-brixen,dc=it -> ou=users,dc=sb-brixen,dc=it
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: attempting LDAP reconnection
>rlm_ldap: (re)connect to mir:389, authentication 0
>rlm_ldap: bind as uid=cyrus,dc=sb-brixen,dc=it/niko2006 to mir:389
>rlm_ldap: waiting for bind result ...
>request done: ld 0x81a9290 msgid 1
>rlm_ldap: Bind was successful
>rlm_ldap: performing search in ou=users,dc=sb-brixen,dc=it, with
>filter (uid=test)
>request done: ld 0x81a9290 msgid 2
>[ldap] looking for check items in directory...
>rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
>rlm_ldap: sambaNtPassword -> NT-Password ==
>0x3043423639343838303546373937424632413832383037393733423839353337
>rlm_ldap: sambaLmPassword -> LM-Password ==
>0x3031464335413642453742433639323941414433423433354235313430344545
>[ldap] looking for reply items in directory...
>[ldap] user test authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>++[ldap] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>[pap] Normalizing NT-Password from hex encoding
>[pap] Normalizing LM-Password from hex encoding
>[pap] Normalizing MD5-Password from base64 encoding
>[pap] Found existing Auth-Type, not changing it.
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] EAP Identity
>[eap] processing type md5
>rlm_eap_md5: Issuing Challenge
>++[eap] returns handled
>Sending Access-Challenge of id 77 to 10.53.240.10 port 32769
> EAP-Message = 0x011000160410741fcd7da1e640ba9f4390917645a3ad
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298d70aca02ffd6ac34c7adfdb
>Finished request 0.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=78, length=185
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x021000060315
> State = 0x8d60a8298d70aca02ffd6ac34c7adfdb
> Message-Authenticator = 0x3685ed0ea3c294147b81919044eb0a64
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:11 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 16 length 6
>[eap] No EAP Start, assuming it's an on-going EAP conversation
>++[eap] returns updated
>request done: ld 0x81a0bf8 msgid 3
>++[unix] returns updated
>[files] users: Matched entry test at line 7
>++[files] returns ok
>[ldap] performing user authorization for test
>WARNING: Deprecated conditional expansion ":-". See "man unlang" for details
> expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=test)
> expand: ou=users,dc=sb-brixen,dc=it -> ou=users,dc=sb-brixen,dc=it
>rlm_ldap: ldap_get_conn: Checking Id: 0
>rlm_ldap: ldap_get_conn: Got Id: 0
>rlm_ldap: performing search in ou=users,dc=sb-brixen,dc=it, with
>filter (uid=test)
>request done: ld 0x81a9290 msgid 3
>[ldap] looking for check items in directory...
>rlm_ldap: userPassword -> User-Password == "{md5}CY9rzUYh03PK3k6DJie09g=="
>rlm_ldap: sambaNtPassword -> NT-Password ==
>0x3043423639343838303546373937424632413832383037393733423839353337
>rlm_ldap: sambaLmPassword -> LM-Password ==
>0x3031464335413642453742433639323941414433423433354235313430344545
>[ldap] looking for reply items in directory...
>[ldap] user test authorized to use remote access
>rlm_ldap: ldap_release_conn: Release Id: 0
>++[ldap] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>[pap] Normalizing NT-Password from hex encoding
>[pap] Normalizing LM-Password from hex encoding
>[pap] Normalizing MD5-Password from base64 encoding
>[pap] Found existing Auth-Type, not changing it.
>++[pap] returns noop
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP NAK
>[eap] EAP-NAK asked for EAP-Type/ttls
>[eap] processing type tls
>[tls] Initiate
>[tls] Start returned 1
>++[eap] returns handled
>Sending Access-Challenge of id 78 to 10.53.240.10 port 32769
> EAP-Message = 0x011100061520
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298c71bda02ffd6ac34c7adfdb
>Finished request 1.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=79, length=239
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message =
>0x0211003c158000000032160301002d010000290301647180947385016afade07e1c1aee4025498d5914d18863a7986f27daeb480ed000002000a0100
> State = 0x8d60a8298c71bda02ffd6ac34c7adfdb
> Message-Authenticator = 0xc3b4f30b08d8182f2f8e96bb9d1c3481
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:11 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 17 length 60
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/ttls
>[eap] processing type ttls
>[ttls] Authenticate
>[ttls] processing EAP-TLS
> TLS Length 50
>[ttls] Length Included
>[ttls] eaptls_verify returned 11
>[ttls] (other): before/accept initialization
>[ttls] TLS_accept: before/accept initialization
>[ttls] <<< TLS 1.0 Handshake [length 002d], ClientHello
>[ttls] TLS_accept: SSLv3 read client hello A
>[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
>[ttls] TLS_accept: SSLv3 write server hello A
>[ttls] >>> TLS 1.0 Handshake [length 084e], Certificate
>[ttls] TLS_accept: SSLv3 write certificate A
>[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
>[ttls] TLS_accept: SSLv3 write server done A
>[ttls] TLS_accept: SSLv3 flush data
>[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A
>In SSL Handshake Phase
>In SSL Accept mode
>[ttls] eaptls_process returned 13
>++[eap] returns handled
>Sending Access-Challenge of id 79 to 10.53.240.10 port 32769
> EAP-Message =
>0x0112040015c00000088b160301002a02000026030148ec7047e41faf0bd701480470907705dfc6ae3ab32978b9341476c460de398a00000a00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
> EAP-Message =
>0x301e170d3038313030373036303033345a170d3039313030373036303033345a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d0c235d2108f4fdfc41f3e33ca571c24bf08d42565b74d9f4c4b5288dec81daacc4861417676b11a1c15ca654557d37870a4b1deab4c7110a56d8dcfd655
> EAP-Message =
>0x67910846259d83b55ae79ae7b6e9b3957abf420662abc13c2e27fcf5bc6d6280d94e9032e5e2ada4692ec7780611ae108e2244f0f1e0d31ba4480be0e1bb7cfae51f36216bf6dc2c1c3583597e7add4d96f7d649f5357350db07a98e75ea3623849d6b8e4932458a35e9d2b9f174f75fc9273523c7c719460a33fba0aa07848ec167ba9ebdfdb4657bba38a013810d3cc9707d116ee20129a141d9350984ab5f07989f400602ce01d747197f6bb8cb716b8c8361215a7e14d6d8185358e4d831a53b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101007224e3dafb01754f74
> EAP-Message =
>0x17687e3cbfc9aae1fd81cef616ed7cdef40e347979775e32610fd34c40d53dc3bed22ee8a21973f0cfe96c0d4dd9ad2aded48ce6cd8f458ac5fb7ecac58acd7327458f706ae8dae101999c6a0e2ce8e8e5057f1994acd5e23aeedf818c65ad0ad3b82340540fd1782b89fb1c7104795f3a45f883609c383ca7290c2259e9ba1324e95733def13dd773ca0c599e7387dfd05fd9c29d204da8421a85d874bc6856cfa5e16bc4df298e1983b454ff461aa66308d427a859c79ef65075506390122cc4b062ddb0839ddad8fe2f439efc581deb4c2886106665ba3fb2bb26cd51dc339b3ec7a2e5fa069a6b6219e4cf560ffc35ac1f2eeb6ec800049b308204
> EAP-Message = 0x973082037fa0030201020201
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298f72bda02ffd6ac34c7adfdb
>Finished request 2.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=80, length=185
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x021200061500
> State = 0x8d60a8298f72bda02ffd6ac34c7adfdb
> Message-Authenticator = 0x648a50991483b7be0640ef5cd06a5b31
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:11 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 18 length 6
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/ttls
>[eap] processing type ttls
>[ttls] Authenticate
>[ttls] processing EAP-TLS
>[ttls] Received TLS ACK
>[ttls] ACK handshake fragment handler
>[ttls] eaptls_verify returned 1
>[ttls] eaptls_process returned 13
>++[eap] returns handled
>Sending Access-Challenge of id 80 to 10.53.240.10 port 32769
> EAP-Message =
>0x0113040015c00000088b00300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038313030373036303033335a170d3038313130363036303033335a308193310b3009060355040613024652310f300d06035504081306526164697573311230100603550407130953
> EAP-Message =
>0x6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b800fce416ece3a7add843bb04c2b40edc73f80788896ad2c56ec4d7e8fb68d48d9b17403ad387f62f4224fd397d0c5d873c62c17844bab1fcd212a19e0957f8fc01576753a15d663b35881d9c8b7f599d4ea7dfe2716e3b200965f400bfb62226a5d956cc3b723b90dc2651c41c95d62b37a5
> EAP-Message =
>0xc7e3ad95673716d18cf1f843d72391a95ab0208fe0dc76c05b198a2095e3830c5dae1721e3720b0ccdb9547f0b69b6cacdfd9188726b47a52923c055d4e636b87f3cd00bfc454f9118b3eec168db32792d1a3e336189ccc9e0a014a83ca48362ed467ad449d0237448e241616e057cd92cf0c0f8a9e34e3e48d001ce6594068b0081365799a1e7be78198ed0870203010001a381f33081f0301d0603551d0e041604148cc4eb7eea1f20a3d8789e038e8e8304b095a1d03081c00603551d230481b83081b580148cc4eb7eea1f20a3d8789e038e8e8304b095a1d0a18199a48196308193310b3009060355040613024652310f300d0603550408130652
> EAP-Message =
>0x61646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010090b34a955dea80cb5e531f57f20e4ce19c7eda9989ca4b9f77016d632bc0787956ff2874084c907df5ccc3871e3c78375c9ca6778ff5aa72b1aaeb2304c9553ee3fdc7f0dbe0932d6356536704353ce7a8f681caef5cd2c85aa5d3c5a9c4
> EAP-Message = 0xb9b5d21e94fda70e48d37a63
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298e73bda02ffd6ac34c7adfdb
>Finished request 3.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=81, length=185
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x021300061500
> State = 0x8d60a8298e73bda02ffd6ac34c7adfdb
> Message-Authenticator = 0x04c7c433cde93f5907549411693be5a0
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:11 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 19 length 6
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/ttls
>[eap] processing type ttls
>[ttls] Authenticate
>[ttls] processing EAP-TLS
>[ttls] Received TLS ACK
>[ttls] ACK handshake fragment handler
>[ttls] eaptls_verify returned 1
>[ttls] eaptls_process returned 13
>++[eap] returns handled
>Sending Access-Challenge of id 81 to 10.53.240.10 port 32769
> EAP-Message =
>0x011400a915800000088bbfc7693750c4129758a5306294f4463759b16f7bae93c2731e05abeaeab06fdad57189c07a6ef75b3433076e2d165ed9557e2914dcaa70e04f450b72739246120f5b130ecc138cd6668d0998fbd9e41474a7212981b276d535e29cc76ae5f3065512d3093ac1fece71dc9838641d13969a7ad543768d855c344af83312a85a6fce6b004b9d9442db3975081a0e6f575b826bcbec811916030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298974bda02ffd6ac34c7adfdb
>Finished request 4.
>Going to the next request
>Waking up in 4.9 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=82, length=509
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message =
>0x0214014815800000013e1603010106100001020100186af5eadf773c69da0fb6252f6723fe51cad32b5d9254cef43d20a56985b465203d58645ffb504b899127f37cce6891e3b0eab53bb85400505597999b959fcf422b9b051eedb30faea2a88ec2dddc81bab5f6fda1fe676acc140aeddec921f912ca405dbfb67f9ba8c5050658efa031afa855f3ebbccf22692c6ed3df9ec1c0f153150d96202d2ac4eb8d3e5d8bef436cd9839924fd6f0bde64439b2c63e95431e1f84ce1aea42fb6e170cd1f09a5a157cc5fc9e9b8141feb304de77807d3886745b979b8ef9dc7bbbf77c4c9175f4cffca780f4016427a2e151309aed4ccfa822175f8b8121b7d
> EAP-Message =
>0x4636ce00734021c727568b0b121abd80db2d43786737ebb014030100010116030100287be243965ffa1e3388fda7d72ef09595602e801d906ca2b8adaf5031174d7d0e4ea112fa8262d12d
> State = 0x8d60a8298974bda02ffd6ac34c7adfdb
> Message-Authenticator = 0x47bfef45ee4572e17f2bbd52e3dcca49
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:12 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 20 length 253
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/ttls
>[eap] processing type ttls
>[ttls] Authenticate
>[ttls] processing EAP-TLS
> TLS Length 318
>[ttls] Length Included
>[ttls] eaptls_verify returned 11
>[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
>[ttls] TLS_accept: SSLv3 read client key exchange A
>[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
>[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
>[ttls] TLS_accept: SSLv3 read finished A
>[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
>[ttls] TLS_accept: SSLv3 write change cipher spec A
>[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
>[ttls] TLS_accept: SSLv3 write finished A
>[ttls] TLS_accept: SSLv3 flush data
>[ttls] (other): SSL negotiation finished successfully
>SSL Connection Established
>[ttls] eaptls_process returned 13
>++[eap] returns handled
>Sending Access-Challenge of id 82 to 10.53.240.10 port 32769
> EAP-Message =
>0x0115003d1580000000331403010001011603010028b3f16a3201dd66a8d32b026ee5919178a05011a7df4888d38c2f49ad7a07a3d25ed4a36f3da49695
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0x8d60a8298875bda02ffd6ac34c7adfdb
>Finished request 5.
>Going to the next request
>Waking up in 4.0 seconds.
>rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
>id=83, length=242
> User-Name = "test"
> Calling-Station-Id = "00-40-96-B4-5B-0F"
> Called-Station-Id = "00-0B-85-95-70-80:prova"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 4
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message =
>0x0215003f1580000000351703010030c9a8dc64815c9dd7f626ba6c6692826ad4cbf8dea0f267d6825fb59b80d67290060d7ce1b062da06c4a255cbc2c26652
> State = 0x8d60a8298875bda02ffd6ac34c7adfdb
> Message-Authenticator = 0xdf9441685dd3878652094fdb63819741
>+- entering group authorize {...}
>++[preprocess] returns ok
> expand:
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
>[auth_log]
>/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
>expands to
>/usr/local/var/log/radius/radacct/10.53.240.10/auth-detail-20081008
> expand: %t -> Wed Oct 8 10:33:12 2008
>++[auth_log] returns ok
>++[chap] returns noop
>++[mschap] returns noop
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>[eap] EAP packet type response id 21 length 63
>[eap] Continuing tunnel setup.
>++[eap] returns ok
>Found Auth-Type = EAP
>+- entering group authenticate {...}
>[eap] Request found, released from the list
>[eap] EAP/ttls
>[eap] processing type ttls
>[ttls] Authenticate
>[ttls] processing EAP-TLS
> TLS Length 53
>[ttls] Length Included
>[ttls] eaptls_verify returned 11
>[ttls] eaptls_process returned 7
>[ttls] Session established. Proceeding to decode tunneled attributes.
>[ttls] Got tunneled request
> User-Name = "test"
> User-Password = "test"
> FreeRADIUS-Proxied-To = 127.0.0.1
>[ttls] Sending tunneled request
> User-Name = "test"
> User-Password = "test"
> FreeRADIUS-Proxied-To = 127.0.0.1
>server inner-tunnel {
>+- entering group authorize {...}
>++[chap] returns noop
>++[mschap] returns noop
>request done: ld 0x81a0bf8 msgid 4
>++[unix] returns updated
>[suffix] No '@' in User-Name = "test", looking up realm NULL
>[suffix] No such realm "NULL"
>++[suffix] returns noop
>++[control] returns noop
>[eap] No EAP-Message, not doing EAP
>++[eap] returns noop
>[files] users: Matched entry test at line 7
>++[files] returns ok
>++[expiration] returns noop
>++[logintime] returns noop
>++[pap] returns updated
>Found Auth-Type = PAP
>+- entering group PAP {...}
>[pap] login attempt with password "test"
>[pap] Using CRYPT encryption.
>[pap] Passwords don't match
>++[pap] returns reject
>Failed to authenticate the user.
>Login incorrect (rlm_pap: CRYPT password check failed): [test] (from
>client ciscosw port 0 via TLS tunnel)
>} # server inner-tunnel
>[ttls] Got tunneled reply code 3
>[ttls] Got tunneled Access-Reject
>[eap] Handler failed in EAP/ttls
>[eap] Failed in EAP select
>++[eap] returns invalid
>Failed to authenticate the user.
>Login incorrect: [test] (from client ciscosw port 29 cli 00-40-96-B4-5B-0F)
>Using Post-Auth-Type Reject
>+- entering group REJECT {...}
> expand: %{User-Name} -> test
> attr_filter: Matched entry DEFAULT at line 11
>++[attr_filter.access_reject] returns updated
>Delaying reject of request 6 for 1 seconds
>Going to the next request
>Waking up in 0.9 seconds.
>Sending delayed reject for request 6
>Sending Access-Reject of id 83 to 10.53.240.10 port 32769
> EAP-Message = 0x04150004
> Message-Authenticator = 0x00000000000000000000000000000000
>Waking up in 3.0 seconds.
>Cleaning up request 0 ID 77 with timestamp +24
>Cleaning up request 1 ID 78 with timestamp +24
>Cleaning up request 2 ID 79 with timestamp +24
>Cleaning up request 3 ID 80 with timestamp +24
>Cleaning up request 4 ID 81 with timestamp +24
>Waking up in 0.8 seconds.
>Cleaning up request 5 ID 82 with timestamp +25
>Waking up in 1.0 seconds.
>Cleaning up request 6 ID 83 with timestamp +25
>Ready to process requests.
>---------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
More information about the Freeradius-Users
mailing list