LDAP authentication failed

snowman5840 snowman5840 at t-online.de
Fri Oct 22 18:58:18 CEST 2010


ok I  found my problem. I have forgotten to add my domain in the proxy.conf,
after I have done this ldap search works fine.

but know I have one more problem with authentification. I want to use peap
with mschap to support both windows und linux systems. But authentification
fails. I don't know what i have to configure or where is the problem. I
would be very happy about some hints. 

I'm sorry about the very long debug output....

rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=86,
length=149
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554175bfc9edc831547521be2ad
	EAP-Message = 0x020300061900
	Message-Authenticator = 0xfb650903c72222207e001d0385d8a036
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 86 to 192.168.0.2 port 1812
	EAP-Message =
0x0104003619000f0b409c6f7dd2e83b8a1ad34c1b43c61b5cfa499e7822f081073040ea4c9280acd2686fd194f216030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554165cfc9edc831547521be2ad
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=87,
length=465
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554165cfc9edc831547521be2ad
	EAP-Message =
0x020401401980000001361603010106100001020100626313e9c274f169e9ed94821e91d59e61578ab381c0e35788422b88b6e12b77d9551a970514289baaaf9c2ec3edb8ae126c1c5b5f29d7883997fee2eee9f55a635005cb534cf7c708f0a0ec98dbda376e88b67de4616926d9aa586737b2536998fad9c4648c8ce1e3b704415c4031063fc103bf0ddd1159d8b8ef2c5c41332aca99428569333c19f8d539b1a01f232cdf9023030176aef9c9bcea7588447853febc8b340da21d9b5af78d2d8b5b3acc0779e9f8d970f93471273749a0653a7e6611ee11bfcabb019b34e3f54f5e1b693d89fe471eab29d8027641dfed05bfeeeca249fd3561371c
	EAP-Message =
0xa736d666ebba66d8c0a368d306e0af12f71b43504cad85a614030100010116030100204c903a9993c942b403d46902c7564ea7f66787ca59a02e46fc08946a84aa509d
	Message-Authenticator = 0x67bf63ab1ed1abebb8161ae463114461
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A 
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A 
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A 
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A 
[peap]     TLS_accept: SSLv3 flush data 
[peap]     (other): SSL negotiation finished successfully 
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 87 to 192.168.0.2 port 1812
	EAP-Message =
0x0105003119001403010001011603010020f8490ec428507eb9225fb4fb3682dd9e465b8988e2ad4c39c0e66520252de24e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554115dfc9edc831547521be2ad
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=88,
length=149
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554115dfc9edc831547521be2ad
	EAP-Message = 0x020500061900
	Message-Authenticator = 0x6c4b11714b857cd0281b682e13c4d900
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 88 to 192.168.0.2 port 1812
	EAP-Message =
0x0106002019001703010015f5a3ae52506203eb77289c53fadddc8aced654bcc9
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554105efc9edc831547521be2ad
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=89,
length=186
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554105efc9edc831547521be2ad
	EAP-Message =
0x0206002b19001703010020a6ad92351444936d3c1868fea4cce44c06a598df0d5fa027e4123c6c3daf8f5b
	Message-Authenticator = 0x66c1321b7a94107cc7e7d22f05c2fbf3
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - FIRMA1\usera
[peap] Got tunneled request
	EAP-Message = 0x02060014014649524d41315c626c657273636861
server  {
  PEAP: Got tunneled identity of FIRMA1\usera
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to FIRMA1\usera
Sending tunneled request
	EAP-Message = 0x02060014014649524d41315c626c657273636861
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "FIRMA1\\usera"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 6 length 20
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for usera
[ldap] 	expand: %{Stripped-User-Name} -> usera
[ldap] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usera)
[ldap] 	expand: dc=firma1,dc=de -> dc=firma1,dc=de
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera)
[ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in check
items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] sambaNtPassword -> NT-Password ==
0x3043423639343838303546373937424632413832383037393733423839353337
  [ldap] sambaLmPassword -> LM-Password ==
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user usera authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.    
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"              
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message =
0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c657273636861
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb5046181b5037b4806fda72c76d930a8
[peap] Got tunneled reply RADIUS code 11
	EAP-Message =
0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c657273636861
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb5046181b5037b4806fda72c76d930a8
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 89 to 192.168.0.2 port 1812
	EAP-Message =
0x0107004019001703010035c52325a3ae3a7f6bd4de688fbfef456c0fc3bd0b986af49abfb022fb9ba5a7b92058dc051da50ecf7b3ef7c4eaad3cbd6e99f65e78
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554135ffc9edc831547521be2ad
Finished request 12.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=90,
length=240
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554135ffc9edc831547521be2ad
	EAP-Message =
0x0207006119001703010056c97cf317a157bd52798bc228692340b159bf37c206e5a659f93993bfcff9077f69ae0747ad07c868de4fb65a6a1ab6a0212c883f47be656fca32ee3b02a4e6d0c197f4ed72c68d497e8872ad262de7fb1b7737c21234
	Message-Authenticator = 0x0aacaddadb8a501835ed2f2cd9df836c
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 97
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message =
0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273636861
server  {
  PEAP: Setting User-Name to FIRMA1\usera
Sending tunneled request
	EAP-Message =
0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273636861
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "FIRMA1\\usera"
	State = 0xb5046181b5037b4806fda72c76d930a8
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 74
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for usera
[ldap] 	expand: %{Stripped-User-Name} -> usera
[ldap] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usera)
[ldap] 	expand: dc=firma1,dc=de -> dc=firma1,dc=de
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera)
[ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in check
items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] sambaNtPassword -> NT-Password ==
0x3043423639343838303546373937424632413832383037393733423839353337
  [ldap] sambaLmPassword -> LM-Password ==
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user usera authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.    
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"              
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password
[mschap] Found NT-Password
[mschap]   NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
[mschap] Told to do MS-CHAPv2 for FIRMA1\usera with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01 port 0
via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 90 to 192.168.0.2 port 1812
	EAP-Message =
0x010800261900170301001be755b066be3f16eb4a1f8d7d3f54bf6333dc8a1865a7ef9dc1d31c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e5541250fc9edc831547521be2ad
Finished request 13.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=91,
length=181
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e5541250fc9edc831547521be2ad
	EAP-Message =
0x020800261900170301001bd0e5d1e8905737296a8cc3e900996439f0cf0a79a1254ecc7514a1
	Message-Authenticator = 0xac386bf0ee6044841d403e1ac7a8dea3
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap]  Had sent TLV failure.  User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01 port
50006 cli 00-1A-4B-63-69-0B)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> FIRMA1\usera
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 14 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 14
Sending Access-Reject of id 91 to 192.168.0.2 port 1812
	EAP-Message = 0x04080004
	Message-Authenticator = 0x00000000000000000000000000000000




-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/LDAP-authentication-failed-tp3217861p3232594.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list