Freeradius + PEAP.. stuck on validating identity..
Bruno Kremel
bruno.kremel at gmail.com
Thu Apr 1 17:11:13 CEST 2010
2010/4/1 Alan DeKok <aland at deployingradius.com>:
> Bruno Kremel wrote:
>> Sending Access-Challenge of id 0 to 192.168.3.1 port 1320
>> EAP-Message = 0x010c00061900
>> Message-Authenticator = 0x00000000000000000000000000000000
>> State = 0x53b1704557bd694fbe3359243d2a2638
>> Finished request 40.
>> Going to the next request
>> Waking up in 4.9 seconds.
>> Cleaning up request 40 ID 0 with timestamp +589
>> Ready to process requests.
>
> This is documented in the FAQ, in the comments in raddb/eap.conf, and
> on my web site (http://deployingradius.com/).
>
> Please read the existing documentation,
>
>> That Access-Challenge should authenticate my client if I am not wrong,
>
> No.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
Thank you for that links... I have read that FAQ and so I copyed over
default eap.conf and tryed it with uses file.. it is working OK i can
connect to AP with username/password, but when I tryed to use SQL (I
have corret format in SQL now) again it ends up this with
Accept-Reject:
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [pokus2/<via Auth-Type = EAP>] (from client
ciscorouter port 44 cli 001e650ece6c)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> pokus2
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 23 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 23
Sending Access-Reject of id 0 to 192.168.3.1 port 1327
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 23 ID 0 with timestamp +735
Ready to process requests.
Bud radtest gives me:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 54224,
id=218, length=57
User-Name = "test2"
User-Password = "pokus2"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "test2", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> test2
rlm_sql (sql): sql_set_user escaped user --> 'test2'
rlm_sql (sql): Reserving sql socket id: 2
expand: SELECT id, username, attribute, value, op
FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck WHERE username = 'test2' ORDER BY id
rlm_sql (sql): User found in radcheck table
expand: SELECT id, username, attribute, value, op
FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply WHERE username = 'test2' ORDER BY id
expand: SELECT groupname FROM radusergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority ->
SELECT groupname FROM radusergroup WHERE username
= 'test2' ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "pokus2"
rlm_pap: Using clear text password "pokus2"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [test2/pokus2] (from client localhost port 1812)
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 218 to 127.0.0.1 port 54224
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 10 ID 218 with timestamp +263
Ready to process requests.
So is it sql problem or something with eap?
More information about the Freeradius-Users
mailing list