Problems to do an SSID based authentication
Peter Carlstedt
pc_007 at hotmail.com
Mon Nov 16 12:12:07 CET 2009
> ------------------------------
>
> Message: 3
> Date: Mon, 16 Nov 2009 10:03:22 +0000
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Subject: Re: Problems to do an SSID based authentication
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20091116100322.GB5662 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> > I am trying to do an SSID based authentication per user.
> > What I mean is that i try in the users.conf file to check for which SSID the users is trying to use to login and if it is wrong it shall do an reject for that user.
> >
> > The problem is that i dont succeed with this so I thought it does not hurt to ask the ones who knows.
> > My users.conf file looks like this:
>
> > Peter Cleartext-Password := "kaffe" , Called-Station-Id == "04-0B-6B-33-62-35:raket"
> > Jens Cleartext-Password := "kaffe" , Called-Station-Id == "02-0B-6B-33-62-35:3"
>
> so Peter can only connect from 04-0B-6B-33-62-35:raket and
> Jens can only get on from 02-0B-6B-33-62-35:3 ?
>
> okay - where is your log from 'radiusd -X' ?
>
> alan
>
>
Hi Alan!
The logs from my radius -X is following:
rad_recv: Access-Request packet from host 192.168.118.10 port 42531, id=97, length=194
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x02020009014a656e73
Message-Authenticator = 0x12ec684d2cb511be9cf431ceeae1a5c8
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry Jens at line 92
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 97 to 192.168.118.10 port 42531
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b5e336db4711a92c3e7dc829
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 46429, id=98, length=316
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b5e336db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x0203007119800000006716030100620100005e03014b01325d9b7522753ffde3bdcb960b88f167535ca9ec96ffa88e3f5577fc7b4c000018002f00350005000ac013c014c009c00a00320038001300040100001d0000000900070000046a656e73000a0006000400170018000b00020100
Message-Authenticator = 0xbb5e04e25bd1a69911623d1fa6fc555e
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 113
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 103
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0062], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 98 to 192.168.118.10 port 46429
EAP-Message = 0x0104040019c00000089b160301002a0200002603014b013261232f65081c0647ecdd136d4ba6d37a900ca54c63b1b42d0f9f08ec7a00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039313131313133323535335a170d3130313131313133323535335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5187e7bc255b26ddc283d48c5dcada8d45ed681856a7f9964de908c976390f87aae337b8f13cb67c519e95fbc0236cb71ce6cf1a0053a679a2fae47334b
EAP-Message = 0xea63f5d29523c2f790377a0f7cb808d1074d9dfd6eb6edb07b4244089b2c50ffb516d69ad94a252aa72af8fa371165337209dd7a5bc0701ca910f54d0de7e8cf202bae28ebdf3b68682b2f1de412b1b59152b1b747187c9a2d97fcea02d853f59e0c311bc87629914ce11a408218ff0cf921a48bc972da546c99ebf0a566e3604700c2315631113c160eb770f7632f47ccec74feefeede6352656ad5c918b7ea13eb6f6e11fbe331be19d787a2f5e9b2a1cea1a353190c6b3736a45051e2be8bb0910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010029d7cb5c38650e56d0
EAP-Message = 0xe1db3d87bb0b9a1a034fd23fdc928795988fae1c3b2d262a84fa06284b4a506ba315d584b6a6eed742d6e3e92f2df7194fa8b1c5f53a5d2f18f595eab97e219a024b5753a6ea48eabe8106c5c28ffb2b124c02bd19f56771f35014de4569e7f720951ded3033591943c853049bb4a245cef1270593e844e6e0a4d442023fa1cb17874b4f734963a6eece8ca51d5d253e539027eb5ef96eecb0c4d6163045767728dac1a444712e50bdba71ab058c09b35fbade6d3d30c779acfccca0e260cde86d2d15c4bffe47584863ad94965d3584805bce24d9228198b5c78b761fd3d6b89b25a2430c731ee485840ecbac95171a03f2b0d77346c40004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b4e436db4711a92c3e7dc829
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41440, id=99, length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b4e436db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020400061900
Message-Authenticator = 0xc16a7984a9f721ee6d94d31f7659a249
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 99 to 192.168.118.10 port 41440
EAP-Message = 0x010503fc194000a95ceefb4e6190af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131313133323535335a170d3130313131313133323535335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a5e320972e46e5b85513eac3a27f6505180668b395d4ffdebbe5458f615bb40d7ee9ae7c614be07ef57a43ec1127f128b45d58221b60d1838612c614bb26c99fdbb8c08c2cc4ecaae11df4f657241eb6b8e7a8d0317d7e00f45f2f5bc50ce9e835d3b61101a0fbe8c989d012bf8d7b
EAP-Message = 0x8cf31f35ca2bdc11512934f57fb4a9eb7e95b35e47b609b98a818fdeb8df415bd2574b9a907497521a446fd14969b20de542ae7abc809b56cf0e927b54b2a5519708125a38067897ffa35428799384416cb9028c0e777c6268009f696e67f2c747f9a7c09ef0cb3873ce6e22b148d43f0ad28018311d625f85820115d75358d0c7f79c534fff1552d8cde0e514b9b7554b0203010001a381fb3081f8301d0603551d0e041604148a192d95e8fb6f6ba1f6554ccf4e2bd534ff14143081c80603551d230481c03081bd80148a192d95e8fb6f6ba1f6554ccf4e2bd534ff1414a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a95ceefb4e6190af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a3ccd6974415ace1b6b6cce8b3c02dde0d00a6aee049f97c5a5e460849a40ef10e697d8a27e1b7c4bbe6122d145c9a7202d059a831c1563e973e76edb22c927d276199b16bba81a5a8301119debfc3957d9d
EAP-Message = 0xba5e475db5bc4553
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b7e536db4711a92c3e7dc829
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 40388, id=100, length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b7e536db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020500061900
Message-Authenticator = 0xde1528468a95c4082d87b885c07692c0
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 100 to 192.168.118.10 port 40388
EAP-Message = 0x010600b519003ed1cdfb8ce78c8b13e8c9d49553950dba115cafd7a3d3b93b0811bcc48f642f85e57b50ef7e8b45884e991ed7d0c7c69974877b6a931e94e2b1c18241af3f56e898cdb6bf5694cf634aaed5728ab48884f93efe217772425cb71b9be6cf27aaea718f270d33593165e215533f99daf1e5a542c9052a6ecb35ccfcdd4a4c02d7d8d6d2baa96840f6498c506d054bd3023a6c1f719d133364e1eeea225c9724dc6dba0de411f816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b6e636db4711a92c3e7dc829
Finished request 4.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 49250, id=101, length=541
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b6e636db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x02060150198000000146160301010610000102010010da40c2277f97a716be9418364b5d036b2a1a438427372a3179fcb8f45d4f59e8f81cc24e5c03785cdd6e7e33b9472c294099bb429c2c07045b19bbff7ae2743f3ed3fa2a34a011e574d64f397990cc9cb3e308d556f4120545fd635471309e8f45b67549279c41e73bb92e817d67172a6b15b0c8da5118469fa5bcd4539916582b4dd8e678da06deeddf6bcede7de238449c9601f1efce3f23e9534c68e2a897d705e32f388f7ea3412ab5b90e85c6b508d2f04eb257e22b5c39f7fafef009a921184fbf1193c173fcb3c656cc93ee6f668c60f2fedb92897e0d558f49d8d656c76acd0a28a5a9
EAP-Message = 0x7a95a196ccf65f220a7130f1a338a8509b848359491e67d11403010001011603010030c85bc66fdd1fc7aef16588704d5a25cdca879ac3585be0e73d728e1aa18bb4cb2b6a5f030a417088af50b29ab56d3fc5
Message-Authenticator = 0xc3a9938ec998ab0398c5709115ad2bdf
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 101 to 192.168.118.10 port 49250
EAP-Message = 0x0107004119001403010001011603010030f5dceab2b5b355a2312fe20092d891872280be1ba05a477e51657ccadb327d91249380718ec8a006eb278245f449ed2d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b1e736db4711a92c3e7dc829
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41427, id=102, length=209
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b1e736db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x020700061900
Message-Authenticator = 0x77f82d817673e2f1d72bdf70771fe83d
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 102 to 192.168.118.10 port 41427
EAP-Message = 0x0108002b1900170301002006e1b5d62349a17609d76b94114fff9f2c956820f402a63434ebe33c0ab23254
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b0e836db4711a92c3e7dc829
Finished request 6.
Going to the next request
Waking up in 4.2 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 46562, id=103, length=246
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b0e836db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x0208002b19001703010020cbfe496129842adde6abe7771cdf82d089fab1b8692359688c355d1abd7fe18d
Message-Authenticator = 0x51bd0d083ea0991de4ba0666c3bf3f7d
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - Jens
[peap] Got tunneled request
EAP-Message = 0x02080009014a656e73
server {
PEAP: Got tunneled identity of Jens
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to Jens
Sending tunneled request
EAP-Message = 0x02080009014a656e73
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "Jens"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 222
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = Reject
Auth-Type = Reject, rejecting user
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 103 to 192.168.118.10 port 46562
EAP-Message = 0x0109002b19001703010020f22961f4b8fc8ef302e9d02a6ff60318dc7009c8c6b95edda5d0b74179b60ba9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb5e02fd1b3e936db4711a92c3e7dc829
Finished request 7.
Going to the next request
Waking up in 4.1 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "Jens"
State = 0xb5e02fd1b3e936db4711a92c3e7dc829
Acct-Session-Id = "82200128"
Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"
Calling-Station-Id = "00-26-BB-14-50-CF"
Called-Station-Id = "02-0B-6B-33-62-35:3"
EAP-Message = 0x0209002b1900170301002049d78ce8e977e9c3a54ef1cb5206e2f30a857981ca29de1d574ae788718f8397
Message-Authenticator = 0x10d7ce191f17a6482ce049589e279cd0
NAS-Identifier = "MikroTik"
NAS-IP-Address = 192.168.118.10
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "Jens", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> Jens
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246
Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104
Waking up in 0.6 seconds.
rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246
Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104
Waking up in 0.3 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 104 to 192.168.118.10 port 41030
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.0 seconds.
Cleaning up request 1 ID 97 with timestamp +46
Cleaning up request 2 ID 98 with timestamp +46
Waking up in 0.1 seconds.
Cleaning up request 3 ID 99 with timestamp +46
Waking up in 0.2 seconds.
Cleaning up request 4 ID 100 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 5 ID 101 with timestamp +47
Waking up in 0.1 seconds.
Cleaning up request 6 ID 102 with timestamp +47
Cleaning up request 7 ID 103 with timestamp +47
Waking up in 1.0 seconds.
To be able to get the log from start I had to stop the radius server while the windows machine tried to do to a authorization a second time since it does it three times before it accepts the fact it can't authorize.
Best regards/ Peter
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 55, Issue 68
> ************************************************
_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091116/3eccb716/attachment.html>
More information about the Freeradius-Users
mailing list