MAC auth won't work with SQL
Eric Geier
me at egeier.com
Tue Mar 31 22:10:25 CEST 2009
Hi, I've setup two different Linux machines with FR and still can't get MAC
authentication working with Calling-Station-Id in the radchk table. I've
checked FAQ and have googled for hours. I've tried a hosted and local mySQL
server.
Right now I'm using FR 2.1.1 on openSUSE. I didn't install freeradius-mysql
on this new Linux machine, because I can't find it. However, I can still do
802.1X/PEAP authentication against my MySQL DB if I don't have the
Calling-Station-Id entry in the radchk table.
I can't get SQL xlat to work in the Clients file either.
I appreciate your help! Thanks!
Associated entries in the radchk table:
DEFAULT Fall-Through = yes
egeier at skynets Cleartext-Password := XXXX
egeier at skynets Calling-Station-Id ==
00-1C-B3-B1-3E-07 (if I remove this entry, I can get authenticated)
Here's most of the debug:
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} -> egeier at skynets
[sql] sql_set_user escaped user --> 'egeier at skynets'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'egeier at skynets' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = 'egeier at skynets' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'egeier at skynets' ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 190 to 192.168.0.1 port 41576
EAP-Message = 0x016600061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b0881019123d77eed9ad3cef65
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=191,
length=230
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b0881019123d77eed9ad3cef65
EAP-Message =
0x0266007d198000000073160301006e0100006a030149d245f8cc2cbd4fe33cdb07dc35b6c8
7acfcc21da980a70fa466c6e819bf491000018002f00350005000ac009c00ac013c014003200
38001300040100002900000013001101000e65676569657240736b796e657473000a00080006
001700180019000b00020100
Message-Authenticator = 0x15b99d469f497dd1de41e19b04d463d9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 102 length 125
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 115
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 006e], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 191 to 192.168.0.1 port 41576
EAP-Message =
0x0167040019c00000089b160301002a02000026030149d245fcb6267b990aa260afc7ea5b36
69e5ee697512f85665761dad0e9b077600002f00160301085e0b00085a0008570003a6308203
a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355
040613024652310f300d060355040813065261646975733112301006035504071309536f6d65
776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886
f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861
6d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3039303332393034333235325a170d3130303332393034333235325a307c310b30
09060355040613024652310f300d0603550408130652616469757331153013060355040a130c
4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220
43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201
0100afd25d67da8ccffe4763fb564786b51a38065630484af7bdfabce1d2c494a9178693a0d3
7c5d8bb0f184839f8700e87e464a3fd3664d6c82da999d3a6fd4
EAP-Message =
0x03feced789fe0bc58ac735ea394fff75c1e3723d9badf8045fea760ba15017ca23cd28c633
e2ff2c55f19fe853ccee89390c60abe5c8b5be7cce9fd2e1efe34086fc578e9cd3dca650e261
2444f21a4f7c80eb794132fad70261a3da7c63ccf56dcd931ffc1e0912c82313121e4197edad
3ed70eef62995f2b051615c0a6de7e1168c58814bdff90876a6bbe2f55a41646fed7b11f207f
ee2afc6978da691d65c8b11a4cfef4d7e0e095aba4a8a1262c4021bc738930d2fae12d48353e
f49abbe6a30203010001a317301530130603551d25040c300a06082b06010505070301300d06
092a864886f70d010104050003820101006f3167466476eee8e8
EAP-Message =
0x1d9bc9ff6179df282ac7c7ae44de229478cd5ff080afc57bae410b221f2f63cb5d55a2132e
76ba5e5ec0e020a0cb789746cf6af20a26bfca7f4c46dfeedb0db3800fdf3daae1ac08590294
64cb8bea159c1a7803a6a1f048eb694a038d7185a020b995a4c41034221925550e1b59ab8426
4f300de6287dabe959c111739cb6c0857b9229a2556880b70ff453d6eb68e17fdee42c7daa43
d531d49796ee7c824bad36e71a56a23e697f734db8f5196d53cade8e8c58f086e37c343efa9f
544bd5182c285c2eb1f14316c3a0c7ecce1440131b7345dbb21c5b50fbdf1f7fbb919a8c5ebb
c7b8306ed89ddf179b89734df0983f59ab3078370004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b0891119123d77eed9ad3cef65
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=192,
length=111
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b0891119123d77eed9ad3cef65
EAP-Message = 0x026700061900
Message-Authenticator = 0x8eba19bccc5e69b9f216eb1aa5d622ec
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 103 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 192 to 192.168.0.1 port 41576
EAP-Message =
0x016803fc194000a663d4bcfa59435a300d06092a864886f70d0101050500308193310b3009
060355040613024652310f300d06035504081306526164697573311230100603550407130953
6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a
864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d
4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303332
393034333235325a170d3039303432383034333235325a308193310b30090603550406130246
52310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120
301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603
550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122
300d06092a864886f70d01010105000382010f003082010a0282010100a07b3f7d03db9d9063
8bb2fe00a7bee1499ce3357164fcca2ae55636c68b591031c54a32b71db07a0fc4648f64ac0f
3e42fb6e1eb213d1a857ecc05855716d79e27df2253e3200d2edae7859d688ed4ee1bf9b187f
0eafa0f9f938caea97793b222d0f48fb61d261bc7c0d951d958b
EAP-Message =
0x919afcca2e94aa848668316e70519c9a02150d8108761a132572fb411b6a9ee027b60f528e
8225c76eb4a961a27207042995695d6fe7c4f46357ca7157ca753aa662a643fc56bb211be0c5
913cdc4db159a4ed1cde0c57bbdbf36a6fe4c41cf2049e652697dc5e7c25cbee83191c8498fd
bdc7c920750dff86943ffbaa91391b3aa2cf4a7d9b47bcd5a3d66f64f26c02bf0203010001a3
81fb3081f8301d0603551d0e04160414190087aa851c8abf07d58793670b07dc0f281afb3081
c80603551d230481c03081bd8014190087aa851c8abf07d58793670b07dc0f281afba18199a4
8196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d6577686572653115301306035504
0a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40
6578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963
61746520417574686f72697479820900a663d4bcfa59435a300c0603551d13040530030101ff
300d06092a864886f70d01010505000382010100873e551255bc752b4c131e4a95863d8b6a80
cb2d7586d71fb4e2e6c5495e054570666e6ac56c1c696bd6b836fc9f091472be94cc2eb4d0f7
e5361541d47e0f6cef294c6c371b3cba08216b3b23d4eecd1a43
EAP-Message = 0xbf0e3675fb3f585c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08a1e19123d77eed9ad3cef65
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=193,
length=111
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08a1e19123d77eed9ad3cef65
EAP-Message = 0x026800061900
Message-Authenticator = 0x4a18ffde3fd54458709082acc41f3d7f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 104 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 193 to 192.168.0.1 port 41576
EAP-Message =
0x016900b519000ac1781ba6b83678764615af96a16b9e8de4d9b113c26bb2c31ade4edb2b68
22bbb18d7f91bc56bb4488583f3d505689b6679adc328619eb21a7daf1af07872aac89e203b2
7a66d85397274bc951dc0046c7fb8c7c295405b50ddf9a215e56983d429c6b3880a926b90bd7
068106ee1acc4bb6338265a98d87358fe9150ee5c23194a513e978793898b6e635d3fd5e055d
7af2cde4f8e0eedf75aa077bcb6f304894f85b4c2f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08b1f19123d77eed9ad3cef65
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=194,
length=443
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08b1f19123d77eed9ad3cef65
EAP-Message =
0x02690150198000000146160301010610000102010023b2893885fd70080592f9f1436edd78
1ef99c8de7e15d281fc9e0cb48e5bc031012f493c8c0ec5db3f86b6d30af49d9802cabd8b2c6
bfc33aacf0bdbc772d6ec72fa854774550353bd846ffb9c343e6cabb3ddb76f9ee01b9a7521c
860bef148d1d4eb1b8b899333c0969bdda4a9696b3ba755e681a8605ece35cb2f45c79206a48
10c1e9ace4a13174888ead4afc6072c4bb7dc181b8901660fe2b7a1efe22976f5002e38c86a8
add81006330cfd3f2cbdd5c2e76bb81c4846ea52f4aef3af45cce2a86b849237500eb9d1c6d6
7bdbfc9836e26fbda7ae864fde76b74984d59aedb730cba46565
EAP-Message =
0xa20dc51aeb625c90ed25b9e40eba2e117eb2997a2d04bbec1403010001011603010030b651
eef1062359b260318bb1dd249762365351efbf979e7ef0c70337855c0be3525be8a1d9f2de75
96e29aeb12db9ea0
Message-Authenticator = 0x23d1e19846a4ea99d34d9f1a1bf02ad3
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 105 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 194 to 192.168.0.1 port 41576
EAP-Message =
0x016a004119001403010001011603010030265d5beb57a7f13839215fa229455a84bed0bfc5
f273c5c0535713ccf5aa89e1df349a61abbbfe8f1b76f83d2644755d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08c1c19123d77eed9ad3cef65
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=195,
length=111
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08c1c19123d77eed9ad3cef65
EAP-Message = 0x026a00061900
Message-Authenticator = 0xf532a3f5a4dcdd4ed4cd71b5cce532e4
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 106 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 195 to 192.168.0.1 port 41576
EAP-Message =
0x016b002b19001703010020b112cf49ce3a72e40dc7e9d2e94fef07b74cfac248dd3f4e6e30
9db3b1b05606
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08d1d19123d77eed9ad3cef65
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=196,
length=164
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08d1d19123d77eed9ad3cef65
EAP-Message =
0x026b003b19001703010030aee967824d4e7846b6a3c5c2c6b17ab847f7b1fbcdb0fef31637
10a16b7bc351909a7bfbce7b8d60894766b4b01ab6d2
Message-Authenticator = 0xfa8e5924d5d9b80b3b1eb528d3513560
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 107 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - egeier at skynets
[peap] Got tunnled request
EAP-Message = 0x026b00130165676569657240736b796e657473
server (null) {
PEAP: Got tunneled identity of egeier at skynets
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to egeier at skynets
Sending tunneled request
EAP-Message = 0x026b00130165676569657240736b796e657473
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "egeier at skynets"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 107 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> egeier at skynets
[sql] sql_set_user escaped user --> 'egeier at skynets'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'egeier at skynets' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'egeier at skynets' ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
[sql] User egeier at skynets not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x016c00281a016c0023106185c5d30b26df47aaac5835af87854b65676569657240736b796e
657473
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8433f2b7845fe8463016d60fe5b8c67e
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x016c00281a016c0023106185c5d30b26df47aaac5835af87854b65676569657240736b796e
657473
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8433f2b7845fe8463016d60fe5b8c67e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 196 to 192.168.0.1 port 41576
EAP-Message =
0x016c004b1900170301004067569516e09b50992249a0bac4306d551611bcdb09de427286d5
1a142ec500855f624a955aca6ce7ae6c5a4c306e7b00579d350b7066fc9b799899f54327558c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08e1a19123d77eed9ad3cef65
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=197,
length=212
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08e1a19123d77eed9ad3cef65
EAP-Message =
0x026c006b19001703010060d41722535ff45cf717b4f40c141ecfcdad9962074ea118036098
59c2ea68c930bce1856c23eb1bc5c0625068f4ebcaba06ff1b3558ec28f435bcec2cdb75d736
3a9a77334da514d01e43e12bf757ff038bb0f37084a82213a93a6303c2ac4539
Message-Authenticator = 0x620d57d70597d1e4d0364a17ab00182f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 108 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunnled request
EAP-Message =
0x026c00491a026c00443177f318d460fc36f9cc77a41c0a4b3656000000000000000010538d
55c2badfcc4a85b41f875a5521f978d255be29a7d20065676569657240736b796e657473
server (null) {
PEAP: Setting User-Name to egeier at skynets
Sending tunneled request
EAP-Message =
0x026c00491a026c00443177f318d460fc36f9cc77a41c0a4b3656000000000000000010538d
55c2badfcc4a85b41f875a5521f978d255be29a7d20065676569657240736b796e657473
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "egeier at skynets"
State = 0x8433f2b7845fe8463016d60fe5b8c67e
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 108 length 73
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} -> egeier at skynets
[sql] sql_set_user escaped user --> 'egeier at skynets'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = 'egeier at skynets' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username =
'egeier at skynets' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User egeier at skynets not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for egeier at skynets with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "lE=691 R=1"
EAP-Message = 0x046c0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "lE=691 R=1"
EAP-Message = 0x046c0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 197 to 192.168.0.1 port 41576
EAP-Message =
0x016d002b1900170301002050851be7730cf2433442d5288ae299103964d96aca2e00a9a20a
8172328618ee
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x887600b08f1b19123d77eed9ad3cef65
Finished request 7.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=198,
length=148
User-Name = "egeier at skynets"
NAS-IP-Address = 192.168.0.1
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "00-1C-B3-B1-3E-07"
State = 0x887600b08f1b19123d77eed9ad3cef65
EAP-Message =
0x026d002b190017030100202fe95f0a379156a0d8b5c8e2ce3aac1e190037397df3a685ea59
cb4fd6e0e6f2
Message-Authenticator = 0xf374de61a4af8301e8ca7954dd356a7f
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "skynets" for User-Name = "egeier at skynets"
[suffix] No such realm "skynets"
++[suffix] returns noop
[eap] EAP packet type response id 109 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> egeier at skynets
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 198 to 192.168.0.1 port 41576
EAP-Message = 0x046d0004
Message-Authenticator = 0x00000000000000000000000000000000
More information about the Freeradius-Users
mailing list