Upgrade to latest freeradius release
pcsd at canoemail.com
pcsd at canoemail.com
Mon May 11 16:42:33 CEST 2009
Freeradius Server v2.1.4. All clients are authenticating properly,
except for clients that pass a ntdomain\userid. I have configured
proxy.conf, realm and inner-tunnel in the past (i.e. v2.0.5) to handle
these requests without issue. As of v2.0.6 and greater, clients are no
longer authenticating. The debug logs seem to indicate login success.
WinXP SP3 wireless client using latest IBM Thinkvantage software.
--- debug log ---
rad_recv: Access-Request packet from host 10.5.251.2 port 1645, id=191,
length=248
User-Name = "SMBDOM\\userid"
Framed-MTU = 1400
Called-Station-Id = "0017.0fdd.e701"
Calling-Station-Id = "0005.4e41.ec86"
Service-Type = Login-User
Message-Authenticator = 0xacbf72d2001dfb409e9924fcdc973b1f
EAP-Message =
0x02090050190017030100203438196b413d6f8f767ff2592331e9f6327862d45efe5ed8
084bb77a96c2987c1703010020182885154796afcf433e43f64e253e3960dd238a412d6f
a974474d9da1a75899
NAS-Port-Type = Wireless-802.11
NAS-Port = 1674
NAS-Port-Id = "1674"
State = 0xb2e30b4db5ea124aad52ba89ddbd4668
NAS-IP-Address = 10.5.251.2
NAS-Identifier = "head_office_wireless_2"
- entering group authorize {...}
[preprocess] returns ok
[chap] returns noop
[mschap] returns noop
[suffix] No '@' in User-Name = "SMBDOM\userid", looking up realm NULL
[suffix] No such realm "NULL"
[suffix] returns noop
[SMBDOM] Looking up realm "SMBDOM" for User-Name = "SMBDOM\userid"
[SMBDOM] Found realm "SMBDOM"
[SMBDOM] Adding Stripped-User-Name = "userid"
[SMBDOM] Adding Realm = "SMBDOM"
[SMBDOM] Authentication realm is LOCAL.
[SMBDOM] returns ok
[eap] EAP packet type response id 9 length 80
[eap] Continuing tunnel setup.
[eap] returns ok
Found Auth-Type = EAP
- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server {
PEAP: Setting User-Name to SMBDOM\userid
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "SMBDOM\\userid"
State = 0xa2f7c944a3fed33462945b4e374f79ce
server inner-tunnel {
- entering group authorize {...}
[chap] returns noop
[mschap] returns noop
[unix] returns notfound
[suffix] No '@' in User-Name = "SMBDOM\userid", looking up realm NULL
[suffix] No such realm "NULL"
[suffix] returns noop
[SMBDOM] Looking up realm "SMBDOM" for User-Name = "SMBDOM\userid"
[SMBDOM] Found realm "SMBDOM"
[SMBDOM] Adding Stripped-User-Name = "userid"
[SMBDOM] Adding Realm = "SMBDOM"
[SMBDOM] Authentication realm is LOCAL.
[SMBDOM] returns ok
[control] returns ok
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
[eap] returns updated
[files] users: Matched entry userid at line 1385
[files] returns ok
[expiration] returns noop
[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
[pap] returns noop
Found Auth-Type = EAP
- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
[eap] returns ok
Login OK: [SMBDOM\\userid] (from client private-network-5 port 0 via TLS
tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 2
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "userid"
[peap] Got tunneled reply RADIUS code 2
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "userid"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[eap] returns handled
Sending Access-Challenge of id 191 to 10.5.251.2 port 1645
EAP-Message =
0x010a002b19001703010020b5c3cd4e27abb67bc4536c0829ed6f45c07edbfb2f42c758
649472d7b8857cb2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2e30b4dbae9124aad52ba89ddbd4668
Finished request 8.
--- end debug log ---
Thanks for any assisantance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090511/36fd407a/attachment.html>
More information about the Freeradius-Users
mailing list