autthentication error

shirkavand shirkavand at gmail.com
Tue May 11 07:47:04 CEST 2010


Hi,

I have configurated a freeradius server using MySql authentication. When i
run "radtest" i get a succefull response:

rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209,
length=59
 User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
 NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op           FROM radcheck
        WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT
id, username, attribute, value, op           FROM radcheck           WHERE
username = 'sqltest'           ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op           FROM radreply
        WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT
id, username, attribute, value, op           FROM radreply           WHERE
username = 'sqltest'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'sqltest'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "testpwd"
[pap] Using clear text password "testpwd"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 209 to 127.0.0.1 port 45562
Finished request 20.
Going to the next request

Now i have configurated a windows supplicant, when i enter the credentials
for login from the suplicant pc, the radius server always sends a rejected
response in the servers terminal(i have freeradius over debug mode to se all
the messages), this is what i get:

Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0,
length=139
Cleaning up request 18 ID 0 with timestamp +502
User-Name = "sqltest"
 NAS-IP-Address = 192.168.1.4
Called-Station-Id = "00226b81bae1"
 Calling-Station-Id = "002369764cef"
NAS-Identifier = "00226b81bae1"
 NAS-Port = 21
Framed-MTU = 1400
State = 0x5589d8c55588dc92d29bccd07151cb7c
 NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op           FROM radcheck
        WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT
id, username, attribute, value, op           FROM radcheck           WHERE
username = 'sqltest'           ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op           FROM radreply
        WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT
id, username, attribute, value, op           FROM radreply           WHERE
username = 'sqltest'           ORDER BY id
 expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'sqltest'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> sqltest
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 19 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 19
Sending Access-Reject of id 0 to 192.168.1.4 port 3666
EAP-Message = 0x04010004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 19 ID 0 with timestamp +502
Ready to process requests.

As i can see the error is located here:

Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select

when the windows suppllicant tryes to access the server found an EAP
authentication..that from some reason fails, when i do a "radtest" the the
server tells:

Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "testpwd"
[pap] Using clear text password "testpwd"
[pap] User authenticated successfully

I have configurated the windows client as recomended over in wiki.
freeradius.org site

Any idea?

Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100510/d0e66d01/attachment.html>


More information about the Freeradius-Users mailing list