Windows Server 2008 R2 (was already working...)

mr typo euroregistrar at gmail.com
Thu Apr 8 15:11:07 CEST 2010


hello,

we did install a new freeradius server and default configuration. then we
did your tutorial step by step. no more lines, nothing left out.

it works up to "configuring freeradius to use ntml_auth for ms-chap"

password is double checked, everything else should be find. wbinfo works,
ntlm_auth works, plain_ntlm works, certificates creates with makefile (so
with xpextensions).

it is really strange..

-euro

rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=205,
length=137
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0xdde7d44ba64198a77fe4911087b2a442
EAP-Message = 0x0202000d0161736172746f7269
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 205 to 10.80.10.150 port 1645
EAP-Message = 0x01030016041020f6c8632f50cb7bc445d921e8c7e355
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b86dead6cb4af2a8bdb01132e
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=206,
length=148
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x6145259b02547df93d0552b7414f0fb5
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b86dead6cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 206 to 10.80.10.150 port 1645
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b87d9b06cb4af2a8bdb01132e
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=207,
length=306
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x6373d1c83ed630d072424e4571b5c427
EAP-Message =
0x020400a419800000009a16030100950100009103014bbdd4e87af6f0d31b28590f069d4838a0fd4a7b44519d4b20b553e8b0a38540000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b87d9b06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 154
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0095], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07d3], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 207 to 10.80.10.150 port 1645
EAP-Message =
0x0105040019c000000810160301002a0200002603014bbdd55952cf35d69ba60e1ebfa404231554215dd7630613d874ef2de8b12a5800002f0016030107d30b0007cf0007cc000368308203643082024ca003020102020101300d06092a864886f70d0101040500307b310b30090603550406130241543111300f0603550408130853616c7a62757267310d300b0603550407130450756368310c300a060355040a1303464853311c301a06092a864886f70d010901160d61646d696e406668732e636f6d311e301c06035504031315464853204578616d706c6520417574686f72697479301e170d3130303430383131353035385a170d313130343038
EAP-Message =
0x3131353035385a3057310b30090603550406130241543111300f0603550408130853616c7a62757267310c300a060355040a1303464853312730250603550403131e726164697573612e636f72652e66682d73616c7a627572672e61632e617430820122300d06092a864886f70d01010105000382010f003082010a0282010100c39b6c9e63a914640d8d8a7c1541bd93830de1c9e2cfe9884561c881bf9e24fe0c7a527b9e1b506cf5b3e7d91096f19262938134ec231685c0621f5cbc1c2b89cf0613672e5ae4512824541bb1e25a3e5f312e401c6d55f2f71a7ae6aedd0a2b61322c313ec13c142df0226a2f0f33186a2a79d8a0f4080f75002059
EAP-Message =
0x167cac17436aea8917fea74bf6f3d13e6f1b418bef900a14e412c1be0bf81b73a057b55cc9a8e0716e260a5eb233aae763dd2f8dcffdf00efec148cc3b8a031c91c0afe9e6cbdd4ae309666a8422bf65865f4f25a48cf4a2e6522bc562addf30df7ba7fd91acbac6895d4fcd749165e4c14d401be8f590c88eadf1282576e7d4137a36ed0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101008e95b04b25e446f50b2f051d095242b369ad2a25f21f8a4cca4debec31e3b73adace1f6bee620a4e639392171b73aed8b26df169fe4ab62c52069e4ab6124d5dc9aafaaf6e68ec
EAP-Message =
0xbbc076ca92538a95cdbf0661a29c02b103f9bfecbed8eaaaf3a1b6c49b31ef111e3abaa6ebe7a283186f3c3d0e9f07ff3c1cc91eb36547d4cd51bf18b37ca033859df3543283a91e9323b5845c254d600c923ae22fcfbd0c7f90e76d5b3904d84c4cd2c4398f9f430deeabe3e3b7118533e78da3c3512da2caadacdddccd09e2bd939ba7ba591fe9dd2aa43e3a9ce93720e627d5acf6c6bd0f4df106b3356e18ae0be95a63c0c7051f7e296edb76ec57bec3b9b7a47442dee500045e3082045a30820342a003020102020900a85c3b04575e9007300d06092a864886f70d0101050500307b310b30090603550406130241543111300f06035504081308
EAP-Message = 0x53616c7a62757267310d300b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b84d8b06cb4af2a8bdb01132e
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=208,
length=148
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x67049f9481a63497a1ad63f7dc535106
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b84d8b06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 208 to 10.80.10.150 port 1645
EAP-Message =
0x010603fc19400603550407130450756368310c300a060355040a1303464853311c301a06092a864886f70d010901160d61646d696e406668732e636f6d311e301c06035504031315464853204578616d706c6520417574686f72697479301e170d3130303430383131353035385a170d3131303430383131353035385a307b310b30090603550406130241543111300f0603550408130853616c7a62757267310d300b0603550407130450756368310c300a060355040a1303464853311c301a06092a864886f70d010901160d61646d696e406668732e636f6d311e301c06035504031315464853204578616d706c6520417574686f72697479308201
EAP-Message =
0x22300d06092a864886f70d01010105000382010f003082010a0282010100b38f72d456714063ebf429ab9d7d7611b055d1c8fd97baf555ae442f724484771f7603e32bb1a589ceded13e81867c1a582def69bc191e01d70b6cf21f20f3cdc0a0f706193c6a4beec6a1296192d033f22f7f44ae711f13e523b3fb2ade9459821d25409aed45f4bf058ed465622ac5e7634aaa4522bd388595787df04e04571591124fc8ab145bee8d84c08ca017ae0ee6b1785dbf04dcc257edb447817ef8f6b4a30a7565aa6e909b0baa8a5f1c07d8ef1adc4530a798b46f049ad3f00dea37559fa9cf6a5cd61912f18c8385b50215e38345f6f8b9fb7472d929ffe0d6
EAP-Message =
0x345de234cdf7d8130238a9cfeb0bf2b707297924715caa2b5649f9e26784d61dab0203010001a381e03081dd301d0603551d0e041604145908a6f5bb25e0bbd145dff7b843faebe6cc320c3081ad0603551d230481a53081a280145908a6f5bb25e0bbd145dff7b843faebe6cc320ca17fa47d307b310b30090603550406130241543111300f0603550408130853616c7a62757267310d300b0603550407130450756368310c300a060355040a1303464853311c301a06092a864886f70d010901160d61646d696e406668732e636f6d311e301c06035504031315464853204578616d706c6520417574686f72697479820900a85c3b04575e9007300c
EAP-Message =
0x0603551d13040530030101ff300d06092a864886f70d010105050003820101001ac5ce19a6d2ffac80d6d2f4128e9f10d4ba702680306bf4e4e7e3c7e45840e13cbd09e025bad22c7a0c74b03fdacdfcf81c61047acfa10d6338471f5a511a9f8ff316ea110719c709a8a95b63587d72648ba47072101a7a49b9ea3cd4b47f073739a0bbac5f520c309fba8bcd0db79a54f57ad6a3ad38e3112443c9a9fd1293a990a745dec88ef20c509aa6631e09aa0596cecb0d72088a44b8d0e89a7c730a0f165497b61ceb98285b9aad131d86bb73bc2514b387d4dad5a281dab3caa22d2d99b9722babc49058f91a438c4e82b3796c03c7b685b81587893675ff
EAP-Message = 0x5c06f7a83b954177
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b85dbb06cb4af2a8bdb01132e
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=209,
length=148
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0xfa6f8dca0f9adcba437686053c92c7df
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b85dbb06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 209 to 10.80.10.150 port 1645
EAP-Message =
0x0107002a1900f4905796e9fc4532e77ad4389d9a690206e471189f26d41b82512116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b82dab06cb4af2a8bdb01132e
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=210,
length=480
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x0f678c6346e200b30e4eb192c234cfa5
EAP-Message =
0x020701501980000001461603010106100001020100b50408ec4644c60fcd4ef40d2ecbab1baeb98f024f5533545bf9f838d30a9231704176dc37a4e202c2666ae66f50a841f8217ddc0f3dd611c4c4e0f266f0e864fccf3072d065341e9b1ef0ddb0e740b02bcc76a3a699d30b3fc2d57b50251a8888604437ab94f5a2f3339166a59dfa02e2f01db8c93c22ca7b977cf04887f9a77f1d9832fb991888224344c77ccd82cc6ee36f853f8b3ecc659914bf2e7d5d70d001d623ff302826540564ab3e8a047b84d0820d178adacea88b5514b26caca2d0a0c5ef4ef1d37ca9e57bd38308bafa8d898d123fd297ea2682161d5d0d8f5a1225e101347b37ad
EAP-Message =
0x169980a7d425eff0390e9aca9a190e112a8cc25f449cb802140301000101160301003085391c105bd0ffcc46770ade2bd77ce23d8a064dad7423b83c7925ccd0cf9b1537c383c4d5551c2582ff37e3e304ba01
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b82dab06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 210 to 10.80.10.150 port 1645
EAP-Message =
0x01080041190014030100010116030100303ab52cb7421fe368739c6fb0ebcedfbe1829be5c8f2f519f42c5414eac35d4b2dcb900321e194dfd1cad32a515ab5645
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b83d5b06cb4af2a8bdb01132e
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=211,
length=148
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x6f2d93f260692f000e61dd774cebe08b
EAP-Message = 0x020800061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b83d5b06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 211 to 10.80.10.150 port 1645
EAP-Message =
0x0109002b1900170301002076466e1135c056a6527a2a708b4251813d1f38271fd843d3cde43f6baa6e14e6
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b80d4b06cb4af2a8bdb01132e
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=212,
length=185
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x59d7bbb9d55c9f5bb299c085bc74c031
EAP-Message =
0x0209002b19001703010020c1c0917073c12dced76254e218501258277be220391dc99ad0d529323ff6121e
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b80d4b06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - asartori
[peap] Got tunneled request
EAP-Message = 0x0209000d0161736172746f7269
server  {
  PEAP: Got tunneled identity of asartori
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to asartori
Sending tunneled request
EAP-Message = 0x0209000d0161736172746f7269
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "asartori"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010a00221a010a001d100c689ea9809fa0838234c966c821e9bb61736172746f7269
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb24fee6fb245f433fdbba9329dca04b3
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010a00221a010a001d100c689ea9809fa0838234c966c821e9bb61736172746f7269
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb24fee6fb245f433fdbba9329dca04b3
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 212 to 10.80.10.150 port 1645
EAP-Message =
0x010a004b19001703010040cdc6317e2ff6c9d3c89ab6117470329dd73fa12bf1908cde2bca4d90a9cf3f80fd6ea002994ea13db3b9e77e0c0e6239532f294f142143440694facf692a6628
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b81d7b06cb4af2a8bdb01132e
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.80.10.150 port 1645, id=213,
length=249
User-Name = "asartori"
Framed-MTU = 1400
Called-Station-Id = "0021.d792.3040"
Calling-Station-Id = "0023.121b.f71b"
Service-Type = Login-User
Message-Authenticator = 0x8711a7593adce970637511cdfb6fdf93
EAP-Message =
0x020a006b19001703010060e26d5b3e614ba6d3033b4c830626fa0fe19c112648fa68b6fe5e0be1377918efb7640489515fa9285dffc3f9acd9d58fdf4f214a94e4d0f80797bf953a8f7533978bc6f4dc86271728a72369d5e478dae6c06a37893a8db46d8a8af29af965b5
NAS-Port-Type = Wireless-802.11
NAS-Port = 1461
NAS-Port-Id = "1461"
State = 0x86dda94b81d7b06cb4af2a8bdb01132e
NAS-IP-Address = 10.80.10.150
NAS-Identifier = "AP50"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020a00431a020a003e317cfba43e0f5c2bbaa5f9ea2f7ecab36300000000000000009e634fd362803e8b674b270cea334172de0831f9ae2e13a70061736172746f7269
server  {
  PEAP: Setting User-Name to asartori
Sending tunneled request
EAP-Message =
0x020a00431a020a003e317cfba43e0f5c2bbaa5f9ea2f7ecab36300000000000000009e634fd362803e8b674b270cea334172de0831f9ae2e13a70061736172746f7269
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "asartori"
State = 0xb24fee6fb245f433fdbba9329dca04b3
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "asartori", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for asartori with NT-Password
[mschap] expand: --username=%{mschap:User-Name:-None} -> --username=asartori
[mschap] No NT-Domain was found in the User-Name.
[mschap] expand: %{mschap:NT-Domain} ->
[mschap] ... expanding second conditional
[mschap] expand: --domain=%{%{mschap:NT-Domain}:-FHS} -> --domain=FHS
[mschap]  mschap2: 0c
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=1c7d952acd9082a2
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=9e634fd362803e8b674b270cea334172de0831f9ae2e13a7
Exec-Program output: NT_KEY: 34B23A4A9A7D33D7F95F179B116492ED
Exec-Program-Wait: plaintext: NT_KEY: 34B23A4A9A7D33D7F95F179B116492ED
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010b00331a030a002e533d31414445413043344632373745353141393134464234323839304246394246454430393642333543
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb24fee6fb344f433fdbba9329dca04b3
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010b00331a030a002e533d31414445413043344632373745353141393134464234323839304246394246454430393642333543
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb24fee6fb344f433fdbba9329dca04b3
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 213 to 10.80.10.150 port 1645
EAP-Message =
0x010b005b190017030100500bbb95462d8c42ed4affecd3c7a13a31f6a78c2061c64accf1f54660b9cadfb560b141370ba12cca3b97c261c41559d43c77d5fc9bbe09b2e21c171638666eafafbe82f51e4783bf2b13fec525aea889
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86dda94b8ed6b06cb4af2a8bdb01132e
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 205 with timestamp +13
Cleaning up request 1 ID 206 with timestamp +13
Cleaning up request 2 ID 207 with timestamp +13
Cleaning up request 3 ID 208 with timestamp +14
Cleaning up request 4 ID 209 with timestamp +14
Cleaning up request 5 ID 210 with timestamp +14
Cleaning up request 6 ID 211 with timestamp +14
Cleaning up request 7 ID 212 with timestamp +14
Cleaning up request 8 ID 213 with timestamp +14
Ready to process requests.

[root at radiusa raddb]#




On Thu, Apr 8, 2010 at 9:45 AM, Alan DeKok <aland at deployingradius.com>wrote:

> mr typo wrote:
> > humm, even when its not working with a mac or other devices?
>
>   As I said... the client sends requests.  If it doesn't, the client is
> choosing to stop.
>
>  Work through my EAP deployment howto:  http://deployingradius.com.
> Then the Active Directory Howto.  At some point, it will stop working.
> That's the thing that needs fixing.
>
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100408/c62faf87/attachment.html>


More information about the Freeradius-Users mailing list