rlm_eap: Handler failed in EAP/peap

Javier Richard Quinto Ancieta richardqa at gmail.com
Mon Aug 16 23:50:24 CEST 2010


Hello, I have problems with my FreeRADIUS (Installed )Version 1.1.3. The
problem is when I use EAP-PEAP, msCHAPv2 for clients Windows and a Server
LDAP in Debian.
I have Installed freeradius using EAP-PEAP and in the radius.conf is of the
next form:

ldap {
                server = "direcc_IP_LDAP"
                #identity = "cn=admin,dc=inictel,dc=raap,dc=pe"
                identity = "uid=user6,cn=admin,dc=inictel,dc=raap,dc=pe"
                password = inictel
                basedn = "dc=inictel,dc=raap,dc=pe"
                #filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
        #       filter = "(uid=%u)"
                groupname_attribute = radiusGriupName
                groupmembership_attribute = radiusGroupName
                base_filter = "(objectclass=radiusprofile)"
  access_attr = "radiusFilterId"
                # Mapping of RADIUS dictionary attributes to LDAP
                # directory attributes.
                dictionary_mapping = ${raddbdir}/ldap.attrmap
                authtype=ldap
                ldap_connections_number = 5

... }
And in the file slapd.conf is of the next form:

database        hdb

# The base of your directory in database #1
suffix          "dc=inictel,dc=raap,dc=pe"

# rootdn directive for specifying a superuser on the database. This is
needed
# for syncrepl.
rootdn          "cn=admin,dc=inictel,dc=raap,dc=pe"
rootpw          inictel
# Where the database file are physically stored for database #1
directory       "/var/lib/ldap"

---------------------
In vim /etc/raddb/users is the next form:

#DEFAULT Auth-Type = System
#     Fall-Through = 1
DEFAULT Auth-Type = LDAP
     Fall-Through = 1
#userX User-Password == passX
#      Auth-Type := LOCAL

The clients.conf is Ok, and when I do radiusd -X is OK, and I tested of the
next form:

[root at localhost raddb]# radtest user6 inictel 127.0.0.1 10 testing123
Sending Access-Request of id 247 to 127.0.0.1 port 1812
    User-Name = "user6"
    User-Password = "inictel"
    NAS-IP-Address = 255.255.255.255
    NAS-Port = 10
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=247, length=64
    Filter-Id = "Enterasys:version=1:policy=Enterprise User"

So everything is ok there but when I want authenticate a supplicant since my
laptop, I have problems:


rlm_ldap: - authorize
rlm_ldap: performing user authorization for user6
radius_xlat:  '(uid=user6)'
radius_xlat:  'dc=inictel,dc=raap,dc=pe'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=inictel,dc=raap,dc=pe, with filter
(uid=user6)
rlm_ldap: checking if remote access for user6 is allowed by radiusFilterId
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusFilterId as Filter-Id, value
Enterasys:version=1:policy=Enterprise User & op=11
rlm_ldap: user user6 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 274
modcall: leaving group authorize (returns updated) for request 274
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 274
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7
  rlm_eap_peap: EAPTLS_OK
*  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in
this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 274
modcall: leaving group authenticate (returns invalid) for request 274
auth: Failed to validate the user.
Delaying request 274 for 1 seconds
Finished request 274*
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 200.37.45.97:1645, id=65,
length=216
Sending Access-Reject of id 65 to 200.37.45.97 port 1645
    EAP-Message = 0x04080004
    Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 267 ID 58 with timestamp 4c696b6c
Cleaning up request 268 ID 59 with timestamp 4c696b6c
Cleaning up request 269 ID 60 with timestamp 4c696b6c
Cleaning up request 270 ID 61 with timestamp 4c696b6c

I can't authenticate my supplicant, Could you help me please

Thank You!.

-- 
Quinto Ancieta Javier Richard
jquinto at inictel-uni.edu.pe, richardqa at gmail.com
telf: 9931-78569-5213902-3461808-533

Remember:
Nothing is impossible, because the dreams of yesterday are the hopes of
today and tomorrow can become a reality.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100816/bced550d/attachment.html>


More information about the Freeradius-Users mailing list