windows7 machine authentication
rrperez
rrperez at apc.edu.ph
Thu Aug 26 07:04:56 CEST 2010
You need to import two certificate, first is the root certificate (ca.der)
and second is the client certificate (client.pem). Once you have already
imported the certificates, define what authentication protocol you wish to
use.
If your users have a cleartext password or nt-hash password, then choose
peap for the default_eap_type in you eap.conf and your server will perform
MS-CHAPv2 authentication that windows support.
If your users doesn't have this type of password format, then it is
advisable to install a supplicant that support EAP-TTLS / EAP-GTC as a
workaround.
alois blasbichler wrote:
>
> Hello list
>
> Thank you for all the hints.
> I have created a new certificate and installed the ca.der on my laptop.
> I alos upgraded my freeradius to the latest version 2.1.9
> But no luck i get allways the same error.
>
> Wath can i do ?
> Maybe its a configuration problem ?
>
>
> Below my full log
>
> By luis
>
>
>
>
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=50, length=189
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x0202001301686f73742f6c61702d6d65643232
> Message-Authenticator = 0x4d6e3ece3717885ed203938b4b177a2c
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 2 length 19
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++? if (NAS-IP-Address == 10.53.240.10 && !Service-Type)
> ? Evaluating (NAS-IP-Address == 10.53.240.10 ) -> TRUE
> ? Evaluating !(Service-Type) -> FALSE
> ++? if (NAS-IP-Address == 10.53.240.10 && !Service-Type) -> FALSE
> ++? if (NAS-IP-Address == 10.53.240.12 && !Service-Type)
> ? Evaluating (NAS-IP-Address == 10.53.240.12 ) -> FALSE
> ? Skipping (Service-Type)
> ++? if (NAS-IP-Address == 10.53.240.12 && !Service-Type) -> FALSE
> ++? if (NAS-IP-Address != 10.53.240.1)
> ? Evaluating (NAS-IP-Address != 10.53.240.1) -> TRUE
> ++? if (NAS-IP-Address != 10.53.240.1) -> TRUE
> ++- entering if (NAS-IP-Address != 10.53.240.1) {...}
> [ldap-switch] performing user authorization for host/lap-med22
> [ldap-switch] WARNING: Deprecated conditional expansion ":-". See
> "man unlang" for details
> [ldap-switch] ... expanding second conditional
> [ldap-switch] expand: %{User-Name} -> host/lap-med22
> [ldap-switch] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
> (uid=host/lap-med22)
> [ldap-switch] expand: ou=users,dc=sb-brixen,dc=it ->
> ou=users,dc=sb-brixen,dc=it
> [ldap-switch] ldap_get_conn: Checking Id: 0
> [ldap-switch] ldap_get_conn: Got Id: 0
> [ldap-switch] attempting LDAP reconnection
> [ldap-switch] (re)connect to titan:389, authentication 0
> [ldap-switch] bind as uid=cyrus,dc=sb-brixen,dc=it/niko2006 to
> titan:389
> [ldap-switch] waiting for bind result ...
> [ldap-switch] Bind was successful
> [ldap-switch] performing search in ou=users,dc=sb-brixen,dc=it,
> with filter (uid=host/lap-med22)
> [ldap-switch] object not found
> [ldap-switch] search failed
> [ldap-switch] ldap_release_conn: Release Id: 0
> +++[ldap-switch] returns notfound
> ++- if (NAS-IP-Address != 10.53.240.1) returns notfound
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 50 to 10.53.240.10 port 32769
> EAP-Message = 0x0103001604109802abd36e067bc4f583f77e64d7fd78
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa4b56f0aa4b66ba726c3f3167b686aac
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=51, length=194
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x020300060319
> State = 0xa4b56f0aa4b66ba726c3f3167b686aac
> Message-Authenticator = 0x235cc52e5b1a1f50911c8fa4f061e070
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 3 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> ++[unix] returns notfound
> ++[files] returns noop
> ++? if (NAS-IP-Address == 10.53.240.10 && !Service-Type)
> ? Evaluating (NAS-IP-Address == 10.53.240.10 ) -> TRUE
> ? Evaluating !(Service-Type) -> FALSE
> ++? if (NAS-IP-Address == 10.53.240.10 && !Service-Type) -> FALSE
> ++? if (NAS-IP-Address == 10.53.240.12 && !Service-Type)
> ? Evaluating (NAS-IP-Address == 10.53.240.12 ) -> FALSE
> ? Skipping (Service-Type)
> ++? if (NAS-IP-Address == 10.53.240.12 && !Service-Type) -> FALSE
> ++? if (NAS-IP-Address != 10.53.240.1)
> ? Evaluating (NAS-IP-Address != 10.53.240.1) -> TRUE
> ++? if (NAS-IP-Address != 10.53.240.1) -> TRUE
> ++- entering if (NAS-IP-Address != 10.53.240.1) {...}
> [ldap-switch] performing user authorization for host/lap-med22
> [ldap-switch] WARNING: Deprecated conditional expansion ":-". See
> "man unlang" for details
> [ldap-switch] ... expanding second conditional
> [ldap-switch] expand: %{User-Name} -> host/lap-med22
> [ldap-switch] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) ->
> (uid=host/lap-med22)
> [ldap-switch] expand: ou=users,dc=sb-brixen,dc=it ->
> ou=users,dc=sb-brixen,dc=it
> [ldap-switch] ldap_get_conn: Checking Id: 0
> [ldap-switch] ldap_get_conn: Got Id: 0
> [ldap-switch] performing search in ou=users,dc=sb-brixen,dc=it,
> with filter (uid=host/lap-med22)
> [ldap-switch] object not found
> [ldap-switch] search failed
> [ldap-switch] ldap_release_conn: Release Id: 0
> +++[ldap-switch] returns notfound
> ++- if (NAS-IP-Address != 10.53.240.1) returns notfound
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 51 to 10.53.240.10 port 32769
> EAP-Message = 0x010400061920
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa4b56f0aa5b176a726c3f3167b686aac
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=52, length=311
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message =
> 0x0204007b198000000071160301006c0100006803014c75110436e3af283bc4a944b96fcefb76c5acce50932a0229b8348d9a5ec2e7000018002f00350005000ac013c014c009c00a003200380013000401000027ff010001000000000e000c0000096c61702d6d65643232000a0006000400170018000b00020100
> State = 0xa4b56f0aa5b176a726c3f3167b686aac
> Message-Authenticator = 0x7551f3a129c2ecbc72b403e8daef8139
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 4 length 123
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 113
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] (other): before/accept initialization
> [peap] TLS_accept: before/accept initialization
> [peap] <<< TLS 1.0 Handshake [length 006c], ClientHello
> [peap] TLS_accept: SSLv3 read client hello A
> [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
> [peap] TLS_accept: SSLv3 write server hello A
> [peap] >>> TLS 1.0 Handshake [length 0868], Certificate
> [peap] TLS_accept: SSLv3 write certificate A
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap] TLS_accept: SSLv3 write server done A
> [peap] TLS_accept: SSLv3 flush data
> [peap] TLS_accept: Need to read more data: SSLv3 read client
> certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 52 to 10.53.240.10 port 32769
> EAP-Message =
> 0x0105040019c0000008a5160301002a0200002603014c7511040a1f47ebac9cdd8a749bb2432b217afe0f633a8be9daa03a576d98da00002f0016030108680b0008640008610003aa308203a63082028ea003020102020103300d06092a864886f70d0101040500308195310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312830260603550403131f4578616d706c6520436572746966696361746520417574686f72697479
> EAP-Message =
> 0x2031301e170d3130303832353131353331395a170d3131303832353131353331395a307e310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312530230603550403131c4578616d706c652053657276657220436572746966696361746520313120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b99b74ac48b6560e18a28400df7b6ab44d17c44b925cd3f717d09c4b2fffe153d098ac590428fa0b7573265b0a6b246ff6c58a3ee2246deb030c
> EAP-Message =
> 0xe1e8e89f4fbcc6f323e51cd8fd33c4d4479d7626f3b52dab8f1ae0a4df078438964def0780392356fff2d1e2e4f51bfb9ac7543550733c4cba8ae863aead42e07ec78c6adc414d2a60d5928447fb9995e687d4c2dfa0a3867232f615d5685d0e5b15c6130002bf9bcb5582af0096565f37d97989ce3d14d480dcdb2fa3f7185c935b44baaa76c9e8f5e418f10c6051db265fbf2b6645520ee8df360b2a3ecf4d33134e2132161dd510b48257f774e18cd889913d0bd33ec535b9bbb42ba76cbba5f97ae066a70203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009b7b9fb3df
> EAP-Message =
> 0x4157731ba38f645ef8c75197fb9ab855c315823d945ad4975a8d237c33d8736113b3f79845b1836f8882b7ab428782d378634093f67eca885a2d92543f2d25048e20ed3f447c8e4f401ef61f1fe2f5320c285f3c8fdc827a61f80c8c8544c24b6285d2e54b58c803108bb8e0849d93785b2a3d975d0c1f36f9fb96e9f7ae0543480758eb8144822637dc9e0ad00ad5ecb6c5d99ec8c355b83a61ef1aa62a3259248c495e84b3bf3d80ead7132eab7ab651709dec7d4ec58b41aa76bdbdc87a82f82446aa04212451e17f97d30d4f9c39dd2b922016e0abafb71d05c7101726a2270428e630375eabd07db5ef401af920deeae169871816e551da0a0004
> EAP-Message = 0xb1308204ad30820395a00302
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa4b56f0aa6b076a726c3f3167b686aac
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=53, length=194
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x020500061900
> State = 0xa4b56f0aa6b076a726c3f3167b686aac
> Message-Authenticator = 0x0f2cdc5ec561a12e183bf717069dd073
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 5 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 53 to 10.53.240.10 port 32769
> EAP-Message =
> 0x010603fc19400102020900eeaafc003e703fe4300d06092a864886f70d0101050500308195310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312830260603550403131f4578616d706c6520436572746966696361746520417574686f726974792031301e170d3130303832353131353331395a170d3130303932343131353331395a308195310b3009060355040613024652310f300d060355040813065261646975733112
> EAP-Message =
> 0x301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312830260603550403131f4578616d706c6520436572746966696361746520417574686f72697479203130820122300d06092a864886f70d01010105000382010f003082010a0282010100bb14fb8db7103d66f1b3980347b9d0c210d3a71e3936f66e162ce185c9baf3a6a6a3f31fa5655d2615266bd552b40fdf6f28d1f3a4bf5d24994c633b4bc3a3e662cba09170cb30e2ce10fa92142b35a115877a8b463cb95c2c623b17cf5cf53d88d976eaad0ef2
> EAP-Message =
> 0x23c91253f1e74668de02cebbb996a2bf50ef4a309d19fd928d62a66d786c9c728056d9aa354299dcf03f787ba5b2a25d61a05b8b4662bf87805e98f73555acb96d96e422a0828db4d22009fb020948354f7b5d339c9f5ccd8932504ee0ddb572fa3a999fb6c155af648070321172c6927587e6112a73bec0d6673825a572076b8511b5ff06a2a9ba30368753612e2b27570d7a10097e76db610203010001a381fd3081fa301d0603551d0e04160414bc8ad8d21a2eaa6c110055055989038dbcdd6b0e3081ca0603551d230481c23081bf8014bc8ad8d21a2eaa6c110055055989038dbcdd6b0ea1819ba48198308195310b3009060355040613024652
> EAP-Message =
> 0x310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312830260603550403131f4578616d706c6520436572746966696361746520417574686f726974792031820900eeaafc003e703fe4300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100046580d057157b6af87fd5d796ad99da0e144885fd99dccad5c3fe71be6371f3d95fd529c1fc453044235d565d59bd491613559a4ec29b24e893b3db0b82f835b060b23a9ecb73db
> EAP-Message = 0xcd98b5c404f42061
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa4b56f0aa7b376a726c3f3167b686aac
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=54, length=194
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x020600061900
> State = 0xa4b56f0aa7b376a726c3f3167b686aac
> Message-Authenticator = 0x3a249f23d32b56aa04e052b05bccf654
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 6 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 54 to 10.53.240.10 port 32769
> EAP-Message =
> 0x010700bf19003d27993820693a246572680ce31e26e01560ed876cefb1fb622ad56b2d329c800af4ce229afce81561597ef797cbc618308623af786a5dc8e9594168f283c10464d91b3fb37d9d97f55380fb67c04e759705f3f158d6753467f9f2afc201119071697daea6dc83396f5b41d08c740c7891bc6c8dbbccdd4e7fcf37ab63faac552fe972d3dfed0dd0688f2a2217ad437eb3e45bdd44079a9f954095ab6143353e9398c2b57b1dcc7c1d325d308d38158816030100040e000000
> Message-Authenticator = 0x00000000000000000000000000000000
> State = 0xa4b56f0aa0b276a726c3f3167b686aac
> Finished request 4.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 10.53.240.10 port 32769,
> id=55, length=205
> User-Name = "host/lap-med22"
> Calling-Station-Id = "70-F1-A1-49-50-41"
> Called-Station-Id = "00-0B-85-95-70-80:Info"
> NAS-Port = 29
> NAS-IP-Address = 10.53.240.10
> NAS-Identifier = "WS4404_Pri"
> Airespace-Wlan-Id = 3
> Service-Type = Framed-User
> Framed-MTU = 1300
> NAS-Port-Type = Wireless-802.11
> Tunnel-Type:0 = VLAN
> Tunnel-Medium-Type:0 = IEEE-802
> Tunnel-Private-Group-Id:0 = "156"
> EAP-Message = 0x0207001119800000000715030100020230
> State = 0xa4b56f0aa0b276a726c3f3167b686aac
> Message-Authenticator = 0xf43e6a6a20f23d5df0a151325c5d1711
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "host/lap-med22", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 7 length 17
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> TLS Length 7
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Alert [length 0002], fatal unknown_ca
> TLS Alert read:fatal:unknown CA
> TLS_accept:failed in SSLv3 read client certificate A
> rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
> alert unknown ca
> SSL: SSL_read failed inside of TLS (-1), TLS session fails.
> TLS receive handshake failed during operation
> [peap] eaptls_process returned 4
> [peap] EAPTLS_OTHERS
> [eap] Handler failed in EAP/peap
> [eap] Failed in EAP select
> ++[eap] returns invalid
> Failed to authenticate the user.
> Login incorrect: [host/lap-med22] (from client ciscosw port 29 cli
> 70-F1-A1-49-50-41)
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> host/lap-med22
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 5 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 5
> Sending Access-Reject of id 55 to 10.53.240.10 port 32769
> EAP-Message = 0x04070004
> Message-Authenticator = 0x00000000000000000000000000000000
> Waking up in 3.9 seconds.
> Cleaning up request 0 ID 50 with timestamp +9
> Cleaning up request 1 ID 51 with timestamp +9
> Cleaning up request 2 ID 52 with timestamp +9
> Cleaning up request 3 ID 53 with timestamp +9
> Cleaning up request 4 ID 54 with timestamp +9
> Waking up in 1.0 seconds.
> Cleaning up request 5 ID 55 with timestamp +9
> Ready to process requests.
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
--
View this message in context: http://old.nabble.com/windows7-machine-authentication-tp29522542p29538908.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list