peap/eap/mschapv2 + MySQL

Matt Madrid admiralcap at gmail.com
Sat May 29 00:13:30 CEST 2010


Hello list,

First of all: freeradius-2.1.8, Mysql 5.1.41 on Ubuntu 10.04 / Airport
Extreme v7.5

I'm having trouble authenticating users with EAP/mschapv2 against a
mysql database. Users authenticate fine if they are in the users file.
Here's the main problem it seems from the debug output:

Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oogabooga with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject

Now I've read a million posts on the web, including this list where
people have reported the same problem. In most cases the problem was
that the inner-tunnel server wasn't configured for sql. I definitely
have sql on in the inner-tunnel file (which I will post in a sec). The
mysql server IS being queried on the initial request, but not in
inner-tunnel. Can someone please shed some light on this for me
please.

Here is my inner-tunnel file and debug output (long).

Thanks, Matt

/etc/freeradius/sites-enabled/inner-tunnel :
------------------------------------------------------------------------------------------------------------------------
server inner-tunnel {
authorize {
	chap
	mschap
	unix
	suffix
	update control {
	       Proxy-To-Realm := LOCAL
	}
	eap {
		ok = return
	}
	files
	sql
	expiration
	logintime
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type CHAP {
		chap
	}
	Auth-Type MS-CHAP {
		mschap
	}
	unix
	eap
}
session {
	radutmp
}
post-auth {
	Post-Auth-Type REJECT {
		attr_filter.access_reject
	}
}
pre-proxy {
}
post-proxy {
	eap
}
} # inner-tunnel server block
------------------------------------------------------------------------------------------------------------------------

debug output:
------------------------------------------------------------------------------------------------------------------------
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=181, length=153
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = 0x028d000e016f6f6761626f6f6761
        Message-Authenticator = 0x9388a95b4d72cd941931671109245b66
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 141 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
[sql]   expand: %{Stripped-User-Name} ->
[sql]   ... expanding second conditional
[sql]   expand: %{User-Name} -> oogabooga
[sql]   expand: %{%{User-Name}:-DEFAULT} -> oogabooga
[sql]   expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> oogabooga
[sql] sql_set_user escaped user --> 'oogabooga'
rlm_sql (sql): Reserving sql socket id: 3
[sql]   expand: SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = 'oogabooga'           ORDER
BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
    FROM radcheck           WHERE username = 'oogabooga'
ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op
FROM radreply           WHERE username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value, op
FROM radreply           WHERE username = 'oogabooga'           ORDER
BY id
rlm_sql_mysql: query:  SELECT id, username, attribute, value, op
    FROM radreply           WHERE username = 'oogabooga'
ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username
= 'oogabooga'           ORDER BY priority
rlm_sql_mysql: query:  SELECT groupname           FROM radusergroup
       WHERE username = 'oogabooga'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 181 to 10.20.20.254 port 65023
        EAP-Message = 0x018e00061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a385bd2236abc452f8306cad0
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=182, length=321
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x028e00a419800000009a16030100950100009103014c003b641f6f7f2118662c35e08463255495bbfed1d9fe136d852ec7dbdb4082000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
        State = 0x38d5cb6a385bd2236abc452f8306cad0
        Message-Authenticator = 0x968e8650d27c8223dbd04cf324fc8257
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 142 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 154
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0095], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 02f5], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 182 to 10.20.20.254 port 65023
        EAP-Message =
0x018f03381900160301002a0200002603014c003b6472ff82bbee3871d32531c8f2c3a3b44e52f700638686f9ea11d4b83400002f0016030102f50b0002f10002ee0002eb308202e730820250a003020102020900b56636c836797a81300d06092a864886f70d01010505003077310b3009060355040613025553311330110603550408130a43616c69666f726e6961310b3009060355040a13025244310b3009060355040b13024d46310d300b060355040313046d617474312a302806092a864886f70d010901161b6d6174744072657075746174696f6e646566656e6465722e636f6d301e170d3130303532383036313931375a170d313130353238
        EAP-Message =
0x3036313931375a3077310b3009060355040613025553311330110603550408130a43616c69666f726e6961310b3009060355040a13025244310b3009060355040b13024d46310d300b060355040313046d617474312a302806092a864886f70d010901161b6d6174744072657075746174696f6e646566656e6465722e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ab763a40e980384ddbb4260532c78892ab952341d55a426a570b53ae9fe65ba451290621509f02d10d8d6eae83288501845f58060021dcc5a9a706f08a68f2e9c2f93e9cdb37ca03c7946393a001e0d93bb17566ad50cc973c484a3592ce7625
        EAP-Message =
0x72010d2da6edb23548162efc4ed24f9d46cdcf0e6bcf51fc628bd6337260c54f0203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604148b65f5271d9f8c34ecae0e645f6e08fc8734daf6301f0603551d230418301680142c94ae4302408ac4fef21fbb54805d7e1284debc300d06092a864886f70d0101050500038181009d0d147da8613b618dd31d47b906be2c3630fc880285388aff423c78a2e65858588bbd66207187bb311e983bb42155fc0e76a0145567ff423ba865384498dd89b2d036218bfd96ab
        EAP-Message =
0x954333569960576d12ab362bac80123e5a5acfad12b608a04971fdd28153ed5bb1aca14636e75d75f27233fc16b05196c075763bfc2156b116030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a395ad2236abc452f8306cad0
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=183, length=365
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x028f00d01980000000c6160301008610000082008004bdd3b7b0a852356a1ac6e3b689f0052c720bfd0b953cc999a0864190470e58611196f4fb24605d35f758a8503ed50bf3e17a6156d0b2a7fe39bac81b8899cf6d0098413e8224d3d65ec4933169f090d5472f5ebb73627562a91c7c42f4df18de851c8ec8e72f32555ac19efd6cc20993dfb1c011e5e8cb4199b784fd0394a314030100010116030100300bb9f30d41b604fc645341a03d7cada5cc0bfbfd6e801632d95038ce42d4cc59c63245182f4a727eae303a4b90efbfce
        State = 0x38d5cb6a395ad2236abc452f8306cad0
        Message-Authenticator = 0x830e541d08e25241fb1dfc4a51315de3
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 143 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 183 to 10.20.20.254 port 65023
        EAP-Message =
0x01900041190014030100010116030100302d5b73a41a5fbd772604817295b40babc67ae810bf9cbcee437e7132285ab51930479abb317f2d94e42d5ea6b0cc5dc4
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a3a45d2236abc452f8306cad0
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=184, length=163
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message = 0x029000061900
        State = 0x38d5cb6a3a45d2236abc452f8306cad0
        Message-Authenticator = 0xce08080eb592323fb851c85a19f465c5
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 144 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 184 to 10.20.20.254 port 65023
        EAP-Message =
0x0191002b19001703010020460a34a8baf463cc09a1320e3652ff078e4690eb993b711727b2f74b0a7a1775
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a3b44d2236abc452f8306cad0
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=185, length=200
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x0291002b19001703010020acd51704f89f5cc2f583d85fb67d12c86680b9db361dec43517e988ca4d637ec
        State = 0x38d5cb6a3b44d2236abc452f8306cad0
        Message-Authenticator = 0xaf1b3159314beff66b426a1a00402670
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 145 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - oogabooga
[peap] Got tunneled request
        EAP-Message = 0x0291000e016f6f6761626f6f6761
server  {
  PEAP: Got tunneled identity of oogabooga
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to oogabooga
Sending tunneled request
        EAP-Message = 0x0291000e016f6f6761626f6f6761
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "oogabooga"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 145 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message =
0x019200231a0192001e101b0835effa80083b985e84044997630e6f6f6761626f6f6761
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x126780d012f59a3245837272e42ef114
[peap] Got tunneled reply RADIUS code 11
        EAP-Message =
0x019200231a0192001e101b0835effa80083b985e84044997630e6f6f6761626f6f6761
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x126780d012f59a3245837272e42ef114
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 185 to 10.20.20.254 port 65023
        EAP-Message =
0x0192004b19001703010040aaa6c0a208f282582fce08e5608816ae7754e20c97e6892b43c82945613a824c54d463b35633e720283256337388bea291f65677344493c4455fb9680af96f3f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a3c47d2236abc452f8306cad0
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=186, length=264
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x0292006b190017030100601935f319960578d36124d2b8fb1a7a0b7eb1d9c17f8f9690e3c43f242cac0e50c37fc6ac63c88626b045c4408000e0804dcdd57b9f3aafb03ab69ba6418b8992bd8ee41dc0fd40fc08c73e3898606c89b6fae6d27fe1ba685486b9db8f0e9608
        State = 0x38d5cb6a3c47d2236abc452f8306cad0
        Message-Authenticator = 0x378af067a4b9b94ce8fee36e2d97802a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 146 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
        EAP-Message =
0x029200441a0292003f3167b2b7ad4188023c4886e6989b9a4004000000000000000057a7eb9b0536b2a56075aa2351abbf780081fd44b66a16f1006f6f6761626f6f6761
server  {
  PEAP: Setting User-Name to oogabooga
Sending tunneled request
        EAP-Message =
0x029200441a0292003f3167b2b7ad4188023c4886e6989b9a4004000000000000000057a7eb9b0536b2a56075aa2351abbf780081fd44b66a16f1006f6f6761626f6f6761
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "oogabooga"
        State = 0x126780d012f59a3245837272e42ef114
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 146 length 68
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oogabooga with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
        MS-CHAP-Error = "\222E=691 R=1"
        EAP-Message = 0x04920004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\222E=691 R=1"
        EAP-Message = 0x04920004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 186 to 10.20.20.254 port 65023
        EAP-Message =
0x0193002b190017030100201afe77cd1d02697e61c2bbcd462649cb5245412353ad060d1c786f76308c8295
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x38d5cb6a3d46d2236abc452f8306cad0
Finished request 10.
Going to the next request
Waking up in 0.7 seconds.
rad_recv: Access-Request packet from host 10.20.20.254 port 65023,
id=187, length=200
        User-Name = "oogabooga"
        NAS-IP-Address = 10.20.20.254
        NAS-Port = 0
        Called-Station-Id = "F8-1E-DF-FC-8C-82:xyz"
        Calling-Station-Id = "00-17-F2-45-F7-CF"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x0293002b19001703010020fd0090fac6f01439ffc066319ab8e8f0d3e832307599fd747a3b8fe696104009
        State = 0x38d5cb6a3d46d2236abc452f8306cad0
        Message-Authenticator = 0xe4f5e5b68c5e815de63c20ed81863e09
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oogabooga", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 147 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap]  Had sent TLV failure.  User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> oogabooga
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 11 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Cleaning up request 5 ID 181 with timestamp +328
Cleaning up request 6 ID 182 with timestamp +328
Cleaning up request 7 ID 183 with timestamp +328
Waking up in 0.1 seconds.
Cleaning up request 8 ID 184 with timestamp +328
Cleaning up request 9 ID 185 with timestamp +328
Waking up in 0.1 seconds.
Sending delayed reject for request 11
Sending Access-Reject of id 187 to 10.20.20.254 port 65023
        EAP-Message = 0x04930004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 10 ID 186 with timestamp +332
Waking up in 1.0 seconds.
Cleaning up request 11 ID 187 with timestamp +332
Ready to process requests.
------------------------------------------------------------------------------------------------------------------------




More information about the Freeradius-Users mailing list