FreeRadius 2.1.6 + EAP-PEAP issue
Anatoly Oreshkin
Anatoly.Oreshkin at pnpi.spb.ru
Mon Jul 13 12:15:05 CEST 2009
I've configured realm DEFAULT in proxy.conf again:
realm DEFAULT {
type = radius
authhost = LOCAL
accthost = LOCAL
}
and deleted realm csd-notebook because csd-notebook is notebook name
rather than domain name.
Also I 've disabled suffix in sites-available/inner-tunnel
However the authorization failed.
Users file is as follows:
oreshkin Cleartext-Password := "some_password"
The output of /usr/local/sbin/radiusd -fX see below
----------------------------------------------
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=0, length=235
Message-Authenticator = 0xc7b72f8f44b9019d1e6596594bee47ce
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.14.240 port 4644
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=1, length=359
Message-Authenticator = 0x4291c54604eda73b733a699e7063b775
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b22bd585bc9fb874faddead5575b817db8addcd1c81e00b2c281afb9c1000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.14.240 port 4644
EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b0451d55d4a1629bfbae5b8a3ed01eaf71a929de6299ea93781a8bce6f9b700002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51
EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29
EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204
EAP-Message = 0x973082037fa0030201020201
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=2, length=233
Message-Authenticator = 0x9eb9f47a1942a94307aff7182503f53e
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.14.240 port 4644
EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577
EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1
EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975
EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa
EAP-Message = 0xde231ca42761b9ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=3, length=233
Message-Authenticator = 0xd5ba7ca4e10b42c6e58c221070724350
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.14.240 port 4644
EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=4, length=565
Message-Authenticator = 0xa2a61477a53b60b658354bcf5a5dd1d2
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0204015019800000014616030101061000010201006dc028926cb1603933da4f210b3255d7a12d0ae72ee0811c273846a08724f231a18f3234e3a0dc4ec9b97a5baeef3b94e574590d44c9d06362bd891a4971ee8a6882588dc9f20864932bc353adfe3593775356e1606cd69d4dc645a4209ea24ab9ea0fc1d6d3b5f5ba9f26b0f9cda2769cf5f2c7b5ecac183e4c12d94a3faf17193ba155c5f04e9180674473120fc12baca8a23d23f5f5207aee91dabba4848ad63c6097e91a75d253e656e3a1cd798caeff7ec76c936cc032a2e6db5efb79fb16f6577323039643289ccd091cfccdd2a48f55fe4fc4b779c85c597de1244af6e8062792374383f8
EAP-Message = 0xee13454f13c06f49eca30911f9ed0d48533b39011022aee714030100010116030100301b63e8378975cda4e824697202ab6aa211661792844f1b666230910a68d6b56770e93c18625038edec24b5e6e64d1961
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.14.240 port 4644
EAP-Message = 0x010500411900140301000101160301003018a79818d8a3a008ef8e73a60a5d08280ba0ea795698935644d2fb8596e06b974a3f645bb4dc20a023403bc2dc50bd34
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=5, length=233
Message-Authenticator = 0xad23b6d52887e419b59bf9786ae1c5a7
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020500061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.14.240 port 4644
EAP-Message = 0x0106002b19001703010020bdd18c77fc0f277e30704f01adb57a6b05d27093451ea712885b3b88a4ebf50b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=6, length=286
Message-Authenticator = 0xc85239940218f11c33907f886e24d8a4
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206003b19001703010030f1d0da27fcb26de2e167c397e95a6d85e67407f10a14d668ff1e99b2412e5755d3cede615b2248e760e3735a49ac2cbc
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - csd-notebook\oreshkin
[peap] Got tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
server {
PEAP: Got tunneled identity of csd-notebook\oreshkin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 6 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25d25b2625d541006018ba988c44b193
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25d25b2625d541006018ba988c44b193
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.14.240 port 4644
EAP-Message = 0x0107004b19001703010040fbe95e817667101c89d2412ecd203190dac86403936911f6272afdd47ba71bd6c25e35d72c87d2fad10875f9be2cc13e0624b276bcdad6957fd87178a7360bf7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=7, length=334
Message-Authenticator = 0x2d76e9d19d4ac72f118f8ca7901ed8ef
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0207006b190017030100607c2da2c02f50b65226c6daf7da0b7319fb3cc73466aaf89c4f7d2f64f2af18bfe61540b809390fbf8b2f803aa6e39d7c0ceac7b04f9c12a420fd41f49b344d3801d16774aa3712feec81441cec6bb69ecf1029e4a98e077cd2cb4e191efd5cf8
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e
server {
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
State = 0x25d25b2625d541006018ba988c44b193
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 7 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.14.240 port 4644
EAP-Message = 0x0108002b19001703010020e115ecd70a889350618f29e8f4a572cd7c64594ae44e91e6055f135741eaecaa
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e2dee4a1475d0e8cf897c815
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=8, length=270
Message-Authenticator = 0xecdae1b55152a8a2ef087d9bd8a66196
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e2dee4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002b1900170301002052aa1efefa6381f26fd8b080dbca42aec420f9ecdd25202ae99be921f5c87946
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 8 to 192.168.14.240 port 4644
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=0, length=235
Message-Authenticator = 0x82ce06670e9708994657db6e99797f0f
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.14.240 port 4645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d4d40aa04898feef3a314aec
Finished request 9.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=1, length=359
Message-Authenticator = 0xdfc6e3ae05b7b29a3804a7ceb87aa21a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d4d40aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b7104b1f57bc93e28b85523b677cdf26bdc4b525bf8d2dbd576305c308000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.14.240 port 4645
EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b045614a6324f3c131733e1656d36c7cdc05d3e7efc26f0dafe308a3e167100002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51
EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29
EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204
EAP-Message = 0x973082037fa0030201020201
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d5d70aa04898feef3a314aec
Finished request 10.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=2, length=233
Message-Authenticator = 0xe9705077e183f8e0b2606d2a3c3c459a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d5d70aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.14.240 port 4645
EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577
EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1
EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975
EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa
EAP-Message = 0xde231ca42761b9ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d6d60aa04898feef3a314aec
Finished request 11.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=3, length=233
Message-Authenticator = 0x1e2ff4b489a4de159827aab639bd6890
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d6d60aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.14.240 port 4645
EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d7d10aa04898feef3a314aec
Finished request 12.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=4, length=565
Message-Authenticator = 0xe0f7604deb4ffea48fad72630295746a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d7d10aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02040150198000000146160301010610000102010040a0bbd21114460374ea847a8cfb452d4a76957a8bbe24215e8c7ef45558e784673cd14ffa782c9ec28d2396dfe1d68527fafa1488398c2659a3871717572c755762577cf4735a574e09bd839f3ef640d659fa63d343c3af3ddb936f044d553d748586a6ec3bc3e40567b7adfecb3d66f3c5f35d0adbf167dfa59c6aa80eee03d77a28027b2c79f6b3fa8726f1560af0662ba3cf48887af153a0a8b02b9a884ebd8e0d9ed03891b8aa38c80ca82130cad1bceffc26c009c8efc4afe6ccfbc02b8c046c5ae4148c808239cb717bdcddfa31b2fe53ba02663131314f14b2a165722f687aa151f71473
EAP-Message = 0xd666cd73db54137a1615b073781cb99cbc1eda54a289a91d1403010001011603010030dbec19a1707dbc6463870f29c6814ace6d586965b688ce398c1fd5f4e5d3ce007c9344b2b8d0099f13f6904b33a753e3
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.14.240 port 4645
EAP-Message = 0x0105004119001403010001011603010030c7541f4c6b1d38fe80f877cee878439df3d490a4efc2633091bc615343fc3839d5c7642f6591cc2f9879d62a1705f080
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d0d00aa04898feef3a314aec
Finished request 13.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=5, length=233
Message-Authenticator = 0x11eebe0d6cdaf85b60ca227fe26f9e84
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d0d00aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020500061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.14.240 port 4645
EAP-Message = 0x0106002b19001703010020eb441efea0fb1cfba98cf447d294850f6713eb7802f73c7c9509cf3225be6520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d1d30aa04898feef3a314aec
Finished request 14.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=6, length=286
Message-Authenticator = 0xc9779862b2bb4b963b789b4f1caff461
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d1d30aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206003b19001703010030ee00f29c7e81a1b74d61b660b055be4853409b7d94398107e66e0077c86a9ef97c0cdcd6017a2742364a38cb761ae602
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - csd-notebook\oreshkin
[peap] Got tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
server {
PEAP: Got tunneled identity of csd-notebook\oreshkin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 6 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafd8dd7aafdfc7b171389911d924f927
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafd8dd7aafdfc7b171389911d924f927
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.14.240 port 4645
EAP-Message = 0x0107004b190017030100407cab0f0bf7be50c85590a26810487d488811ae73028ee037e8f69b61f505d7392fc41fde69904f28d019f676647ef8cf4ea3fbe981cc4c5f107482bb4273fe84
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d2d20aa04898feef3a314aec
Finished request 15.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=7, length=334
Message-Authenticator = 0x84f664bee88394ee0715e23758f1f5fa
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d2d20aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0207006b19001703010060886abf524a168b8fff75dec933bda3fd512fe4c2a9e429daa6fb69ec3aaa701fcdc25254ad1d301a7dd7c8489c5ecc5ca4dee27db7ef7f24a3849c163a9154f02c8361f7d3e6903ac465cc05f0d09d5aaa1441c1fd807508913321e88d6e37bf
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e
server {
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
State = 0xafd8dd7aafdfc7b171389911d924f927
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 7 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.14.240 port 4645
EAP-Message = 0x0108002b19001703010020ab648c0254fc31a1d201e50cec71b9b2ada1e22adbf6d28f3d43a98e1e8cafda
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d3dd0aa04898feef3a314aec
Finished request 16.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=8, length=270
Message-Authenticator = 0xac3aecf22d6a5d03e4f588afbbb5e559
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d3dd0aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002b19001703010020395ac391ddc6dff81a2db59e5d67b7c823bf07a6baaa24e022620012e56e4b22
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 17 for 1 seconds
Going to the next request
Cleaning up request 0 ID 0 with timestamp +11
Cleaning up request 1 ID 1 with timestamp +11
Cleaning up request 2 ID 2 with timestamp +11
Cleaning up request 3 ID 3 with timestamp +11
Cleaning up request 4 ID 4 with timestamp +11
Cleaning up request 5 ID 5 with timestamp +11
Cleaning up request 6 ID 6 with timestamp +11
Cleaning up request 7 ID 7 with timestamp +11
Waking up in 0.8 seconds.
Sending delayed reject for request 17
Sending Access-Reject of id 8 to 192.168.14.240 port 4645
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.1 seconds.
Cleaning up request 8 ID 8 with timestamp +11
Waking up in 3.8 seconds.
---------------------------------------------
What's wrong ? May be you would like to see my radius config files for
checking ?
Thanks.
On Fri, 10 Jul 2009, Ivan Kalik wrote:
> Date: Fri, 10 Jul 2009 18:10:12 +0100 (BST)
> From: Ivan Kalik <tnt at kalik.net>
> To: Anatoly Oreshkin <Anatoly.Oreshkin at pnpi.spb.ru>
> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
>
>> and added domain in proxy.conf
>>
>> realm csd-notebook {
>> type = radius
>> authhost = LOCAL
>> accthost = LOCAL
>> }
>>
>> All the same Vista client could not connect to WiFi network though radius
>> server sent Access-Accept. See output of /usr/local/sbin/radiusd -fX
>> below.
>
> Debug AP and see why Vista failed to connect.
>
>>
>> But csd-notebook is not domain name, it is a computer name which can be
>> random name. Also we do not use NTLM authorisation.
>> What way to choose ?
>
> Enable DEFAULT realm (and dsable suffix in inner-tunnel):
>
> realm DEFAULT {
> }
>
> That should ake care of any notebook name.
>
>>
>>
>> ----------------------------------------------------------------------
>> rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=20,
>> length=235
>> Message-Authenticator = 0x6754868faae917f8ecf1de1b88ffbbff
>> Service-Type = Framed-User
>> User-Name = "csd-notebook\\oreshkin"
>> Framed-MTU = 1488
>> Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
>> Calling-Station-Id = "00-16-EA-8A-DE-38"
>> NAS-Identifier = "3Com Access Point 7760"
>> NAS-Port-Type = Wireless-802.11
>> Connect-Info = "CONNECT 54Mbps 802.11g"
>> EAP-Message = 0x0214001a016373642d6e6f7465626f6f6b5c6f726573686b696e
>> NAS-IP-Address = 192.168.14.240
>> NAS-Port = 1
>> NAS-Port-Id = "STA port # 1"
> ...
>> Sending Access-Accept of id 29 to 192.168.14.240 port 4177
>> MS-MPPE-Recv-Key =
>> 0xc12171c0071fd6f4098e5f68b570202b25bbc5d89f31d63e13645dd645e87a6d
>> MS-MPPE-Send-Key =
>> 0x5b383c69c087a07603a627033e58f4bf17fcf505f534f1c85117f22acf0d1ec3
>> EAP-Message = 0x031d0004
>> Message-Authenticator = 0x00000000000000000000000000000000
>> User-Name = "oreshkin"
>
> Connection problem might have to do with User-Name being altered. EAP
> *really* dislike that.
>
> Ivan Kalik
> Kalik Informatika ISP
>
More information about the Freeradius-Users
mailing list