Freeradius + OpenLdap + WindowsXP(Wifi)
Kleber Larroyd
larroyd at hotmail.com
Wed Oct 14 13:18:33 CEST 2009
Previous round trip ......
User-Name = "kleberl"
NAS-IP-Address = 192.168.155.123
NAS-Port-Type = Wireless-802.11
State = 0x3cce0b1706ad36054f63eeb5f99e1a66
EAP-Message =
0x029500591900170301004e6b2cc736e1b009a8b6f35c85b0f9ea9b4543a3be11f7586ffe81fb98b3eb4f61d9112c6a9a28be20ab9de173401926f7b9ee653f80ce1549b8790c6efff5a57e3d4226d46c6a6cdedcc247557cde
Message-Authenticator = 0x1270811c8796ab07c98678904e5d93c8
Tue Oct 13 12:00:45 2009 : Debug: Processing the authorize section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authorize for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "preprocess" returns ok for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "chap" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "mschap" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No '@' in User-Name = "kleberl", looking up realm NULL
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No such realm "NULL"
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "suffix" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: - authorize
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing user authorization for kleberl
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: '(uid=kleberl)'
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: 'ou=People,dc=angeloni,dc=net'
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing search in ou=People,dc=angeloni,dc=net, with filter (uid=kleberl)
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for check items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for reply items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: user kleberl authorized to use remote access
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "ldap" returns ok for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP packet type response id 149 length 89
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "eap" returns updated for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authorize (returns updated) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rad_check_password: Found Auth-Type EAP
Tue Oct 13 12:00:45 2009 : Debug: auth: type "EAP"
Tue Oct 13 12:00:45 2009 : Debug: Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authenticate for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Request found, released from the list
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP/peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: processing type peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Authenticate
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: processing TLS
Tue Oct 13 12:00:45 2009 : Debug: eaptls_verify returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: Done initial handshake
Tue Oct 13 12:00:45 2009 : Debug: eaptls_process returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: EAPTLS_OK
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: EAP type mschapv2
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Tunneled data is valid.
Tue Oct 13 12:00:45 2009 : Debug: PEAP: Setting User-Name to kleberl
Tue Oct 13 12:00:45 2009 : Debug: PEAP: Adding old state with e5 08
Tue Oct 13 12:00:45 2009 : Debug: Processing the authorize section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authorize for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "preprocess" returns ok for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "chap" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "mschap" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No '@' in User-Name = "kleberl", looking up realm NULL
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No such realm "NULL"
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "suffix" returns noop for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: - authorize
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing user authorization for kleberl
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: '(uid=kleberl)'
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: 'ou=People,dc=angeloni,dc=net'
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing search in ou=People,dc=angeloni,dc=net, with filter (uid=kleberl)
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for check items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for reply items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: user kleberl authorized to use remote access
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "ldap" returns ok for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP packet type response id 149 length 66
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "eap" returns updated for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authorize (returns updated) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rad_check_password: Found Auth-Type EAP
Tue Oct 13 12:00:45 2009 : Debug: auth: type "EAP"
Tue Oct 13 12:00:45 2009 : Debug: Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authenticate for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Request found, released from the list
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP/mschapv2
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: processing type mschapv2
Tue Oct 13 12:00:45 2009 : Debug: Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group MS-CHAP for request 7
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password.
Tue Oct 13 12:00:45 2009 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password.
Tue Oct 13 12:00:45 2009 : Debug: rlm_mschap: Told to do MS-CHAPv2 for kleberl with NT-Password
Tue Oct 13 12:00:45 2009 : Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
Tue Oct 13 12:00:45 2009 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authenticate]: module "mschap" returns reject for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group MS-CHAP (returns reject) for request 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Freeing handler
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authenticate]: module "eap" returns reject for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authenticate (returns reject) for request 7
Tue Oct 13 12:00:45 2009 : Debug: auth: Failed to validate the user.
Tue Oct 13 12:00:45 2009 : Debug: PEAP: Tunneled authentication was rejected.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: FAILURE
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall[authenticate]: module "eap" returns handled for request 7
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 76 to 192.168.155.123 port 1812
EAP-Message = 0x019600261900170301001b40e4edf04b871dee3ada47c8d0d799c735b3f3171e4a0333137c35
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdb24b80885193f00e1673d06eb7859c
Tue Oct 13 12:00:45 2009 : Debug: Finished request 7
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.155.123:1812, id=77, length=117
User-Name = "kleberl"
NAS-IP-Address = 192.168.155.123
NAS-Port-Type = Wireless-802.11
State = 0xcdb24b80885193f00e1673d06eb7859c
EAP-Message = 0x029600261900170301001b8cfe319046bdc5f99d42805f852d4695a57e722889822c7a01be3f
Message-Authenticator = 0x9d1262ea1db0eca8f5ecaaee93e7ff1d
Tue Oct 13 12:00:45 2009 : Debug: Processing the authorize section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authorize for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "preprocess" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "chap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "mschap" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No '@' in User-Name = "kleberl", looking up realm NULL
Tue Oct 13 12:00:45 2009 : Debug: rlm_realm: No such realm "NULL"
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "suffix" returns noop for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: - authorize
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing user authorization for kleberl
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: '(uid=kleberl)'
Tue Oct 13 12:00:45 2009 : Debug: radius_xlat: 'ou=People,dc=angeloni,dc=net'
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: performing search in ou=People,dc=angeloni,dc=net, with filter (uid=kleberl)
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for check items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: looking for reply items in directory...
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: user kleberl authorized to use remote access
Tue Oct 13 12:00:45 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "ldap" returns ok for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP packet type response id 150 length 38
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authorize]: module "eap" returns updated for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authorize (returns updated) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rad_check_password: Found Auth-Type EAP
Tue Oct 13 12:00:45 2009 : Debug: auth: type "EAP"
Tue Oct 13 12:00:45 2009 : Debug: Processing the authenticate section of radiusd.conf
Tue Oct 13 12:00:45 2009 : Debug: modcall: entering group authenticate for request 8
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Request found, released from the list
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: EAP/peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: processing type peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Authenticate
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: processing TLS
Tue Oct 13 12:00:45 2009 : Debug: eaptls_verify returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_tls: Done initial handshake
Tue Oct 13 12:00:45 2009 : Debug: eaptls_process returned 7
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: EAPTLS_OK
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Received EAP-TLV response.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Tunneled data is valid.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session.
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Handler failed in EAP/peap
Tue Oct 13 12:00:45 2009 : Debug: rlm_eap: Failed in EAP select
Tue Oct 13 12:00:45 2009 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall[authenticate]: module "eap" returns invalid for request 8
Tue Oct 13 12:00:45 2009 : Debug: modcall: leaving group authenticate (returns invalid) for request 8
Tue Oct 13 12:00:45 2009 : Debug: auth: Failed to validate the user.
Tue Oct 13 12:00:45 2009 : Debug: Delaying request 8 for 1 seconds
Tue Oct 13 12:00:45 2009 : Debug: Finished request 8
Tue Oct 13 12:00:45 2009 : Debug: Going to the next request
Tue Oct 13 12:00:45 2009 : Debug: Waking up in 6 seconds...
Tue Oct 13 12:00:51 2009 : Debug: --- Walking the entire request list ---
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 0 ID 69 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 1 ID 70 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 2 ID 71 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 3 ID 72 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 4 ID 73 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 5 ID 74 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 6 ID 75 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 7 ID 76 with timestamp 4ad4961d
Sending Access-Reject of id 77 to 192.168.155.123 port 1812
EAP-Message = 0x04960004
Message-Authenticator = 0x00000000000000000000000000000000
Tue Oct 13 12:00:51 2009 : Debug: Cleaning up request 8 ID 77 with timestamp 4ad4961d
Tue Oct 13 12:00:51 2009 : Debug: Nothing to do. Sleeping until we see a request.
From: Neal.Garber at energyeast.com
To: freeradius-users at lists.freeradius.org
Date: Tue, 13 Oct 2009 13:10:08 -0400
Subject: RE: Freeradius + OpenLdap + WindowsXP(Wifi)
> Have
any idea ? Where can i find the solution ?
> When i trying
connect freeradius server with wireless over
> access point i get
this error:
<snip>
> Tue Oct 13
12:00:45 2009 : Debug: rlm_eap_peap: Had sent TLV
failure. User was rejcted rejected earlier in this session.
The
error you’re looking for is earlier that what you posted. Look at the
previous round trip in the debug output to see why it failed..
_________________________________________________________________
Você sabia que com o Hotmail você tem espaço ilimitado para guardar seus e-mails? Começe a usar já!
http://www.microsoft.com/brasil/windows/windowslive/products/hotmail.aspx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091014/e6753db3/attachment.html>
More information about the Freeradius-Users
mailing list