FR2 EAP-PEAP proxy does not saving attributes

Ivan Kalik tnt at kalik.net
Thu Sep 17 13:12:55 CEST 2009 

>> > [peap] Tunneled authentication was successful.
>> > [peap] SUCCESS
>> > [peap] Saving tunneled attributes for later
>>
>> ...
>>
>> > Sending Access-Accept of id 231 to 192.168.145.42 port 45920
>> >         User-Name = "10"
>> >         MS-MPPE-Recv-Key =
>> > 0x95cd48dc452bb7ea093e2a2945d4337a6112847f9ac1dafce280a27713ec34ca
>> >         MS-MPPE-Send-Key =
>> > 0x34066a293d5a0f0f5269014040f41bc79d125807510bc15bf99f75e7e3307977
>> >         EAP-Message = 0x036b0004
>> >         Message-Authenticator = 0x00000000000000000000000000000000
>>
>>   Hmm... that's awkward.  You have "use_tunneled_reply = yes", so it
>> *should* work.
>>
>>   I'd suggest debugging the code in more detail.  There's little else
>> that can be done.

Original Access-Accept:

rad_recv: Access-Accept packet from host 192.168.151.59 port 1812, id=210,
length=190
        Acct-Interim-Interval = 100
        Vendor-14559-Attr-2 = 0x3746bdf7
        WISPr-Bandwidth-Max-Up = 256000
        WISPr-Bandwidth-Max-Down = 1024000
        MS-CHAP2-Success =
0x69533d38364544453342343842363931353546304535343645363831414538304436454232373039384144
        MS-MPPE-Recv-Key = 0xe7f1174e7beff1487910dc87d142d6e6
        MS-MPPE-Send-Key = 0x57c39cbbbdb601ce38ef7909bd7f9e12
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        Proxy-State = 0x323239
...
[eap] Passing reply from proxy back into the tunnel.
...
  rlm_eap_mschapv2: Passing reply from proxy back into the tunnel
0x8178f00 2.
...
[eap] Saving tunneled attributes for later
...
Sending Access-Challenge of id 229 to 192.168.145.42 port 45920
        EAP-Message =
0x016a004a1900170301003fd2ea6e8b90e35bd3dc79e64ecc7ae61cd620a7629fd3abf26723951ef19cfefbc3902e8c6b69247948560d9d5a2ffd957aaccfc6275fbeb408f6b9298c0b63
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07ead3a30080caac02fc8e14eb27c4dd
...
[peap] Got tunneled reply RADIUS code 2
        EAP-Message = 0x036a0004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "10"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later

Perhaps this save wipes them off. There are no attributes in this reply.

...
Sending Access-Challenge of id 230 to 192.168.145.42 port 45920
        EAP-Message =
0x016b00261900170301001b6e683e898fecffe435a9ac6da18b14d763fce8469753e75845e608
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x07ead3a30f81caac02fc8e14eb27c4dd
...
[peap] Using saved attributes from the original Access-Accept

They might not be there because interim save between original
Access-Accept and this wipes them off.

[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 231 to 192.168.145.42 port 45920
        User-Name = "10"
        MS-MPPE-Recv-Key =
0x95cd48dc452bb7ea093e2a2945d4337a6112847f9ac1dafce280a27713ec34ca
        MS-MPPE-Send-Key =
0x34066a293d5a0f0f5269014040f41bc79d125807510bc15bf99f75e7e3307977
        EAP-Message = 0x036b0004
        Message-Authenticator = 0x00000000000000000000000000000000


Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list