autthentication error
shirkavand
shirkavand at gmail.com
Tue May 11 07:47:04 CEST 2010
Hi,
I have configurated a freeradius server using MySql authentication. When i
run "radtest" i get a succefull response:
rad_recv: Access-Request packet from host 127.0.0.1 port 45562, id=209,
length=59
User-Name = "sqltest"
User-Password = "testpwd"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'sqltest' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'sqltest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "testpwd"
[pap] Using clear text password "testpwd"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 209 to 127.0.0.1 port 45562
Finished request 20.
Going to the next request
Now i have configurated a windows supplicant, when i enter the credentials
for login from the suplicant pc, the radius server always sends a rejected
response in the servers terminal(i have freeradius over debug mode to se all
the messages), this is what i get:
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.4 port 3666, id=0,
length=139
Cleaning up request 18 ID 0 with timestamp +502
User-Name = "sqltest"
NAS-IP-Address = 192.168.1.4
Called-Station-Id = "00226b81bae1"
Calling-Station-Id = "002369764cef"
NAS-Identifier = "00226b81bae1"
NAS-Port = 21
Framed-MTU = 1400
State = 0x5589d8c55588dc92d29bccd07151cb7c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020100060319
Message-Authenticator = 0xb35d1b6482700c1122714ca033d1e480
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "sqltest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} -> sqltest
[sql] sql_set_user escaped user --> 'sqltest'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radcheck WHERE
username = 'sqltest' ORDER BY id
[sql] User found in radcheck table
expand: SELECT id, username, attribute, value, op FROM radreply
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op FROM radreply WHERE
username = 'sqltest' ORDER BY id
expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = 'sqltest'
ORDER BY priority
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
expand: %{User-Name} -> sqltest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 19 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 19
Sending Access-Reject of id 0 to 192.168.1.4 port 3666
EAP-Message = 0x04010004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 19 ID 0 with timestamp +502
Ready to process requests.
As i can see the error is located here:
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] NAK asked for unsupported type 25
[eap] No common EAP types found.
[eap] Failed in EAP select
when the windows suppllicant tryes to access the server found an EAP
authentication..that from some reason fails, when i do a "radtest" the the
server tells:
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "testpwd"
[pap] Using clear text password "testpwd"
[pap] User authenticated successfully
I have configurated the windows client as recomended over in wiki.
freeradius.org site
Any idea?
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100510/d0e66d01/attachment.html>
More information about the Freeradius-Users
mailing list