Re[2]: EAP-PEAP/MSCHAPv2 Proxy

Влад Власов vlasglass at mail.ru
Thu Nov 4 15:50:51 CET 2010


Phil Mayers thanks it works !!!
But after auth radius going down with message Segmentation fault.

AS-IP-Address = 172.100.50.24
        NAS-Port = 1
        Framed-MTU = 1388
        NAS-Port-Type = Wireless-802.11
        Service-Type = Authenticate-Only
        Called-Station-Id = "00-18-25-10-2b-20:SOME"
        Calling-Station-Id = "0c-60-76-7c-af-d0"
        NAS-Port-Id = "0c-60-76-7c-af-d0"
        State = 0xa1759ecfa772878fdc8ea6894bd21bdb
        User-Name = "testuser"
        EAP-Message = 0x0207009019001703010020e2682cb330a2b26327dbdf5b0f75ff4cc88263dc762230422137cf3c31a862831703010060c6fc24cf2bc03974380904eaadcf3ec855144dce86f9f0ab43321d1bd29990f4a0c80d2b5e7acddd7dd14e6350e16d5d8deb92c9c7ea672c934b04325afe61998aa7afec350bdd7cb2d5bcc8e46bd1af866fa8c051662d89a8bcb1fdd3a11dac
        Message-Authenticator = 0x416646a7c9bf61e87f0a523ea2ab38b5
Thu Nov  4 19:42:55 2010 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
Thu Nov  4 19:42:55 2010 : Info: +- entering group authorize {...}
Thu Nov  4 19:42:55 2010 : Info: ++[preprocess] returns ok
Thu Nov  4 19:42:55 2010 : Info: ++[chap] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[mschap] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[digest] returns noop
Thu Nov  4 19:42:55 2010 : Info: [eap] EAP packet type response id 7 length 144
Thu Nov  4 19:42:55 2010 : Info: [eap] Continuing tunnel setup.
Thu Nov  4 19:42:55 2010 : Info: ++[eap] returns ok
Thu Nov  4 19:42:55 2010 : Info: Found Auth-Type = EAP
Thu Nov  4 19:42:55 2010 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/default
Thu Nov  4 19:42:55 2010 : Info: +- entering group authenticate {...}
Thu Nov  4 19:42:55 2010 : Info: [eap] Request found, released from the list
Thu Nov  4 19:42:55 2010 : Info: [eap] EAP/peap
Thu Nov  4 19:42:55 2010 : Info: [eap] processing type peap
Thu Nov  4 19:42:55 2010 : Info: [peap] processing EAP-TLS
Thu Nov  4 19:42:55 2010 : Info: [peap] eaptls_verify returned 7
Thu Nov  4 19:42:55 2010 : Info: [peap] Done initial handshake
Thu Nov  4 19:42:55 2010 : Info: [peap] eaptls_process returned 7
Thu Nov  4 19:42:55 2010 : Info: [peap] EAPTLS_OK
Thu Nov  4 19:42:55 2010 : Info: [peap] Session established.  Decoding tunneled attributes.
Thu Nov  4 19:42:55 2010 : Info: [peap] Peap state phase2
Thu Nov  4 19:42:55 2010 : Info: [peap] EAP type mschapv2
Thu Nov  4 19:42:55 2010 : Info: [peap] Got tunneled request
        EAP-Message = 0x020700421a0207003d319efde001465e794686be86bbd699982f0000000000000000ba5cbf47e1f74caa982438716a3d0b0764c999d747b37b7f006e635f766c6164
server  {
Thu Nov  4 19:42:55 2010 : Debug:   PEAP: Setting User-Name to testuser
Sending tunneled request
        EAP-Message = 0x020700421a0207003d319efde001465e794686be86bbd699982f0000000000000000ba5cbf47e1f74caa982438716a3d0b0764c999d747b37b7f006e635f766c6164
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "testuser"
        State = 0x6a0cdd0a6a0bc75fe06fe99ae32a7b2d
server inner-tunnel {
Thu Nov  4 19:42:55 2010 : Info: # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
Thu Nov  4 19:42:55 2010 : Info: +- entering group authorize {...}
Thu Nov  4 19:42:55 2010 : Info: ++[chap] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[mschap] returns noop
Thu Nov  4 19:42:55 2010 : Info: [suffix] No '@' in User-Name = "testuser", looking up realm NULL
Thu Nov  4 19:42:55 2010 : Info: [suffix] Found realm "DEFAULT"
Thu Nov  4 19:42:55 2010 : Info: [suffix] Adding Stripped-User-Name = "testuser"
Thu Nov  4 19:42:55 2010 : Info: [suffix] Adding Realm = "DEFAULT"
Thu Nov  4 19:42:55 2010 : Info: [suffix] Proxying request from user testuser to realm DEFAULT
Thu Nov  4 19:42:55 2010 : Info: [suffix] Preparing to proxy authentication request to realm "DEFAULT"
Thu Nov  4 19:42:55 2010 : Info: ++[suffix] returns updated
Thu Nov  4 19:42:55 2010 : Info: [eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing EAP.
Thu Nov  4 19:42:55 2010 : Info: ++[eap] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[files] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[expiration] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[logintime] returns noop
Thu Nov  4 19:42:55 2010 : Info: ++[pap] returns noop
} # server inner-tunnel
Thu Nov  4 19:42:55 2010 : Info: [peap] Got tunneled reply code 0
Thu Nov  4 19:42:55 2010 : Debug:   PEAP: Calling authenticate in order to initiate tunneled EAP session.
Thu Nov  4 19:42:55 2010 : Info: # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
Thu Nov  4 19:42:55 2010 : Info: +- entering group authenticate {...}
Thu Nov  4 19:42:55 2010 : Info:   modsingle[authenticate]: calling eap (rlm_eap) for request 7
Thu Nov  4 19:42:55 2010 : Info: [eap] Request found, released from the list
Thu Nov  4 19:42:55 2010 : Info: [eap] EAP/mschapv2
Thu Nov  4 19:42:55 2010 : Info: [eap] processing type mschapv2
Thu Nov  4 19:42:55 2010 : Info: [eap]   Not-EAP proxy set.  Not composing EAP
Thu Nov  4 19:42:55 2010 : Info:   modsingle[authenticate]: returned from eap (rlm_eap) for request 7
Thu Nov  4 19:42:55 2010 : Info: ++[eap] returns handled
Thu Nov  4 19:42:55 2010 : Debug:   PEAP: Tunneled authentication will be proxied to DEFAULT
Thu Nov  4 19:42:55 2010 : Debug:   PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
Thu Nov  4 19:42:55 2010 : Info: [eap]   Tunneled session will be proxied.  Not doing EAP.
Thu Nov  4 19:42:55 2010 : Info: ++[eap] returns handled
Thu Nov  4 19:42:55 2010 : Info:   WARNING: Empty pre-proxy section.  Using default return values.
Sending Access-Request of id 7 to 172.10.10.1 port 1812
        User-Name = "testuser"
        MS-CHAP-Challenge = 0x49b10b08bf688efd213da2dfe2c0ee37
        MS-CHAP2-Response = 0x07639efde001465e794686be86bbd699982f0000000000000000ba5cbf47e1f74caa982438716a3d0b0764c999d747b37b7f
        Proxy-State = 0x30
Thu Nov  4 19:42:55 2010 : Info: Proxying request 7 to home server 172.10.10.1 port 1812
Sending Access-Request of id 7 to 172.10.10.1 port 1812
        User-Name = "testuser"
        MS-CHAP-Challenge = 0x49b10b08bf688efd213da2dfe2c0ee37
        MS-CHAP2-Response = 0x07639efde001465e794686be86bbd699982f0000000000000000ba5cbf47e1f74caa982438716a3d0b0764c999d747b37b7f
        Proxy-State = 0x30
Thu Nov  4 19:42:55 2010 : Debug: Going to the next request
Thu Nov  4 19:42:55 2010 : Debug: Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 172.10.10.1 port 1812, id=7, length=203
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 864000
        Acct-Interim-Interval = 180
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Send-Key = 0x15cd1e3f591a3cea38108b5deacae079
        MS-MPPE-Recv-Key = 0x2f8000c9000217f94bba2673f2c3b711
        MS-CHAP2-Success = 0x81533d32444636394345313934363538303844323846303231363431333043364536373737444137394535
Thu Nov  4 19:42:55 2010 : Info: # Executing section post-proxy from file /usr/local/etc/raddb/sites-enabled/default
Thu Nov  4 19:42:55 2010 : Info: +- entering group post-proxy {...}
Thu Nov  4 19:42:55 2010 : Info: [eap] Doing post-proxy callback
Thu Nov  4 19:42:55 2010 : Info: [eap] Passing reply from proxy back into the tunnel.
server inner-tunnel {
Thu Nov  4 19:42:55 2010 : Info: [eap] Passing reply back for EAP-MS-CHAP-V2
Thu Nov  4 19:42:55 2010 : Info: # Executing section post-proxy from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
Thu Nov  4 19:42:55 2010 : Info: +- entering group post-proxy {...}
Thu Nov  4 19:42:55 2010 : Info: ++[eap] returns noop
Thu Nov  4 19:42:55 2010 : Info:   WARNING: Empty post-auth section.  Using default return values.
Thu Nov  4 19:42:55 2010 : Info: # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
} # server inner-tunnel
Thu Nov  4 19:42:55 2010 : Info: [eap] Final reply from tunneled session code 2
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Session-Timeout = 864000
        Acct-Interim-Interval = 180
        MS-MPPE-Encryption-Policy = 0x00000001
        MS-MPPE-Encryption-Types = 0x00000006
        MS-MPPE-Send-Key = 0x15cd1e3f591a3cea38108b5deacae079
        MS-MPPE-Recv-Key = 0x2f8000c9000217f94bba2673f2c3b711
        MS-CHAP2-Success = 0x81533d32444636394345313934363538303844323846303231363431333043364536373737444137394535
Thu Nov  4 19:42:55 2010 : Info: [eap] Got reply 2
Segmentation fault: 11





More information about the Freeradius-Users mailing list