Calling-Station-Id Check Erroring
Eric Geier
me at egeier.com
Wed Jan 28 21:45:43 CET 2009
When I try to do MAC auth, it shows No User, though it works fine when I
remove the Calling-Station-Id check item from MySQL. Debug shows quotes
around MAC.I put MAC in database with and without quotes and still errors.
Any ideas?
Thanks!
Eric
SQL DATABASE:
DEFAULT Fall-Through = Yes
eric1328 Cleartext-Password := PASSWORD
eric1328 Calling-Station-Id == 00-1C-B3-B1-3E-07
DEBUG:
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 164 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 98 to 192.168.0.1 port 21693
EAP-Message =
0x01a503fc194000f5762e66fa9d8422300d06092a864886f70d0101050500308193310b3009
060355040613024652310f300d06035504081306526164697573311230100603550407130953
6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a
864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d
4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303131
313139303133315a170d3130303131313139303133315a308193310b30090603550406130246
52310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120
301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603
550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122
300d06092a864886f70d01010105000382010f003082010a0282010100f1cbee04f9676e1c96
ebbe8d583605ad2deaf236abc16a11249f38d1677d43ea83dcceace1271e165fa2c7371e02c0
94dfdd082f17cfee16d6fb6a75e828d4e46437e8850eea413de14cc89d420c8fd641bec5b836
f93376071d6fc38250efcc850cfdf79e26a92c3909faa42cc2ef
EAP-Message =
0x3b6535fd406d7a979ac98783eb6945a286d076aa1408b0c7de16e0ae23c70711049e7727c1
ff4a6c8f4854a6a278308de17d3175d2a4ba9d2f96278f84b96e8446bba5947820790093a125
a06bcc8f958f75027aa07da3463fadbd8c94b9c005a95a8308fda13544df89c4a00b9c762837
16be460a0d2ccf10bbd253047e0517a3be0598567f7828a42a2f49c22d4b8fcb0203010001a3
81fb3081f8301d0603551d0e04160414f95bfae9eee917ed848faa188aea05423fc10a2d3081
c80603551d230481c03081bd8014f95bfae9eee917ed848faa188aea05423fc10a2da18199a4
8196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d6577686572653115301306035504
0a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40
6578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963
61746520417574686f72697479820900f5762e66fa9d8422300c0603551d13040530030101ff
300d06092a864886f70d01010505000382010100514f7f2cb414fdba2fdf77e4f29fe5d7697f
933a0b6e5dd85355df5d1979147096260545f3dc2faf8e127292456eca6accb00a2a855ba96b
9a31fdd1fec998ac5028ad5bfb02ce0cc69d5a39ce28a8d3ae92
EAP-Message = 0xd12dca84626e1183
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af390993fea28ebd7065f57cfd5e2
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=99,
length=105
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af390993fea28ebd7065f57cfd5e2
EAP-Message = 0x02a500061900
Message-Authenticator = 0x6b08abda82ea369fb42a1c300666c8a9
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 165 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 99 to 192.168.0.1 port 21693
EAP-Message =
0x01a600b519003c63087fd1ffa76eaead2ddca3501c2b0ad762482215581804242c0e3fa523
9347513a5fecb4860e64aa93af7b78509316c260bee87d3d9c71d5ff981dddbdee561dd35a9d
863bbb97ea2bcc7bf5be923833eba09620f3055eb4977d217781f01b5777e4dd4f0a3e8fad4b
98ac4f35519c4400deb13a663737e330dcc81852b807c34b8f287727394e8873b08059bebd25
26fc9af290c4b50f460db89aeb2ef70709904d86db16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af3909e3cea28ebd7065f57cfd5e2
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=100,
length=437
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af3909e3cea28ebd7065f57cfd5e2
EAP-Message =
0x02a60150198000000146160301010610000102010015e07115bcb9fbbc93abce7a91dd7369
ef22d52495326fa65147364304dbd31e06605bb2bf682c0d3504ec792f6eab09a924a2435e7a
ae281d151de03c5fcc0e1d99cdcaa52e7fcc6e99228f299f974c0f3d769177a06d742493c06d
310bdf90212c49fedf90bd4d32156b5e1a64810144509c3cf29348dbe46888e4f349b486c6cc
545d8772004ef7299fb826e344364df4af4c06310581e58a96593935c8f3f13ef760497af2d6
a6467772f3eb116034298138b99bfd2cac344f5b70f094cf8c29c0c4d53e4d233be0688a20c4
4063f32857a137435819cb143926bf536a649fee46875dc8e428
EAP-Message =
0x1a91222d5ca7bf781c16628bf635acfbf1f5846c199745b61403010001011603010030be3c
f7249124fb25b03a11b76b5fc07a589275055940a5d801209c599ae0de7b7e6bd7e15fb5d245
1ac2cd632ac23179
Message-Authenticator = 0xee555d72422495de2fbb5c975552cc09
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 166 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 100 to 192.168.0.1 port 21693
EAP-Message =
0x01a7004119001403010001011603010030c9a77ba3f2ef8689c1c1f357506c8ed32a474d47
36624bf52da7ad3e4d1025c601676fba45daafde076e8baf1ecbbb8a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af3909f3dea28ebd7065f57cfd5e2
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=101,
length=105
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af3909f3dea28ebd7065f57cfd5e2
EAP-Message = 0x02a700061900
Message-Authenticator = 0x65fe256227f65fdf404f4543848b95af
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 167 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 101 to 192.168.0.1 port 21693
EAP-Message =
0x01a8002b19001703010020bf063ab4620738f9eedd92219d0bece9fbeb543f33752c0e7f44
8525350354f0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af3909c32ea28ebd7065f57cfd5e2
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=102,
length=142
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af3909c32ea28ebd7065f57cfd5e2
EAP-Message =
0x02a8002b19001703010020eccc437b43dd6a7c42d2de8276631dc72127ab1f9e42ff311be2
f1374d595f2a
Message-Authenticator = 0xb1dd21f5d4c56f8e9deeea2a74b188c2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 168 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - eric1328
[peap] Got tunneled request
EAP-Message = 0x02a8000d016572696331333238
server {
PEAP: Got tunneled identity of eric1328
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to eric1328
Sending tunneled request
EAP-Message = 0x02a8000d016572696331333238
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "eric1328"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 168 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> eric1328
[sql] sql_set_user escaped user --> 'eric1328'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'eric1328' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'eric1328'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
[sql] User eric1328 not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbae8d73eba41cd116372880e81164985
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbae8d73eba41cd116372880e81164985
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 102 to 192.168.0.1 port 21693
EAP-Message =
0x01a9004b19001703010040d087142a3fe21435656348569a3b0e0c5ea4bff508b77bec644a
0d94edc3c0e0e70e5000b9d27d965b670cd1894dd78f8b0609441c64bb5804bc092ee9b5cda5
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af3909d33ea28ebd7065f57cfd5e2
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=103,
length=206
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af3909d33ea28ebd7065f57cfd5e2
EAP-Message =
0x02a9006b190017030100603aee6bf19ded97d3b37a40a5de93b752ddc952a08cd203826107
234fe48d6c3f06259ab839dc022c651d85faeba18ea1a372f7beb5b7e0879ab851a19a349418
2cc1af62c02a209d4c5fd21be0f2631b5aa8197cf039805b8660b038a1366dd6
Message-Authenticator = 0x892144a42db4aad9a9a8376fcf99ee31
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 169 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331
ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238
server {
PEAP: Setting User-Name to eric1328
Sending tunneled request
EAP-Message =
0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331
ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "eric1328"
State = 0xbae8d73eba41cd116372880e81164985
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 169 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> eric1328
[sql] sql_set_user escaped user --> 'eric1328'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'eric1328' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'eric1328'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User eric1328 not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for eric1328 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [eric1328] (from client private-network-1 port 0 via TLS
tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\251E=691 R=1"
EAP-Message = 0x04a90004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\251E=691 R=1"
EAP-Message = 0x04a90004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 103 to 192.168.0.1 port 21693
EAP-Message =
0x01aa002b1900170301002048fa64ef04156959ee63b45c4fcc4e12accaaab2a60a2394ca2a
760f2e507884
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a9af3909230ea28ebd7065f57cfd5e2
Finished request 8.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 21693, id=104,
length=142
User-Name = "eric1328"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x9a9af3909230ea28ebd7065f57cfd5e2
EAP-Message =
0x02aa002b190017030100202916f6564d6d9ba431acbff58f2f080c7400122e76e082424a7e
e58e8e031db5
Message-Authenticator = 0xa714f18d12ee34c613cf1ca4610a715a
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log] expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "eric1328", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 170 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [eric1328] (from client private-network-1 port 0 cli
00-1C-B3-B1-3E-07)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> eric1328
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 104 to 192.168.0.1 port 21693
EAP-Message = 0x04aa0004
Message-Authenticator = 0x00000000000000000000000000000000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090128/d108b884/attachment.html>
More information about the Freeradius-Users
mailing list