LDAP authentication failed

Sallee, Stephen (Jake) Jake.Sallee at umhb.edu
Fri Oct 22 20:22:17 CEST 2010


2 things:

1) near the bottom of the debug output there is a line that's says you
are passing the username as domain\user, and it asks if you have enabled
the with NT domain hack option?    Check your mschap module config to
see if this is enabled, it is commented out by default.   You can check
the complete debug output that includes the server initializing and you
can see it there IF it is enabled.

2) I gave up on PEAP/MSCHAPv2 on linux, EAP/TTLS works great for me with
no other config tweaks after I got the windows clients working!  If
there is not a super important requirement to use the same authorization
on both platforms you could do the same, just an idea.



Jake Sallee
Godfather Of Bandwidth
Network Engineer

Fone: 254-295-4658
Phax: 254-295-4221


-----Original Message-----
From: freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.org
[mailto:freeradius-users-bounces+jake.sallee=umhb.edu at lists.freeradius.o
rg] On Behalf Of snowman5840
Sent: Friday, October 22, 2010 11:58 AM
To: freeradius-users at lists.freeradius.org
Subject: Re: LDAP authentication failed


ok I  found my problem. I have forgotten to add my domain in the
proxy.conf, after I have done this ldap search works fine.

but know I have one more problem with authentification. I want to use
peap with mschap to support both windows und linux systems. But
authentification fails. I don't know what i have to configure or where
is the problem. I would be very happy about some hints. 

I'm sorry about the very long debug output....

rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=86,
length=149
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554175bfc9edc831547521be2ad
	EAP-Message = 0x020300061900
	Message-Authenticator = 0xfb650903c72222207e001d0385d8a036
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK
[peap] ACK handshake fragment handler [peap] eaptls_verify returned 1
[peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 86 to 192.168.0.2 port 1812
	EAP-Message =
0x0104003619000f0b409c6f7dd2e83b8a1ad34c1b43c61b5cfa499e7822f081073040ea
4c9280acd2686fd194f216030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554165cfc9edc831547521be2ad
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=87,
length=465
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554165cfc9edc831547521be2ad
	EAP-Message =
0x020401401980000001361603010106100001020100626313e9c274f169e9ed94821e91
d59e61578ab381c0e35788422b88b6e12b77d9551a970514289baaaf9c2ec3edb8ae126c
1c5b5f29d7883997fee2eee9f55a635005cb534cf7c708f0a0ec98dbda376e88b67de461
6926d9aa586737b2536998fad9c4648c8ce1e3b704415c4031063fc103bf0ddd1159d8b8
ef2c5c41332aca99428569333c19f8d539b1a01f232cdf9023030176aef9c9bcea758844
7853febc8b340da21d9b5af78d2d8b5b3acc0779e9f8d970f93471273749a0653a7e6611
ee11bfcabb019b34e3f54f5e1b693d89fe471eab29d8027641dfed05bfeeeca249fd3561
371c
	EAP-Message =
0xa736d666ebba66d8c0a368d306e0af12f71b43504cad85a61403010001011603010020
4c903a9993c942b403d46902c7564ea7f66787ca59a02e46fc08946a84aa509d
	Message-Authenticator = 0x67bf63ab1ed1abebb8161ae463114461
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A 
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0
Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A 
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A 
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A 
[peap]     TLS_accept: SSLv3 flush data 
[peap]     (other): SSL negotiation finished successfully 
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 87 to 192.168.0.2 port 1812
	EAP-Message =
0x0105003119001403010001011603010020f8490ec428507eb9225fb4fb3682dd9e465b
8988e2ad4c39c0e66520252de24e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554115dfc9edc831547521be2ad
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=88,
length=149
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554115dfc9edc831547521be2ad
	EAP-Message = 0x020500061900
	Message-Authenticator = 0x6c4b11714b857cd0281b682e13c4d900
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:40 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK
[peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap]
eaptls_process returned 3 [peap] EAPTLS_SUCCESS

++[eap] returns handled
Sending Access-Challenge of id 88 to 192.168.0.2 port 1812
	EAP-Message =
0x0106002019001703010015f5a3ae52506203eb77289c53fadddc8aced654bcc9
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554105efc9edc831547521be2ad
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=89,
length=186
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554105efc9edc831547521be2ad
	EAP-Message =
0x0206002b19001703010020a6ad92351444936d3c1868fea4cce44c06a598df0d5fa027
e4123c6c3daf8f5b
	Message-Authenticator = 0x66c1321b7a94107cc7e7d22f05c2fbf3
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 43 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS [peap] eaptls_verify
returned 7 [peap] Done initial handshake [peap] eaptls_process returned
7 [peap] EAPTLS_OK [peap] Session established.  Decoding tunneled
attributes.
[peap] Identity - FIRMA1\usera
[peap] Got tunneled request
	EAP-Message = 0x02060014014649524d41315c626c657273636861
server  {
  PEAP: Got tunneled identity of FIRMA1\usera
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to FIRMA1\usera Sending tunneled request
	EAP-Message = 0x02060014014649524d41315c626c657273636861
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "FIRMA1\\usera"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 6 length 20 [eap] No EAP Start,
assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for usera
[ldap] 	expand: %{Stripped-User-Name} -> usera
[ldap] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=usera)
[ldap] 	expand: dc=firma1,dc=de -> dc=firma1,dc=de
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera)
[ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in
check items [ldap] No default NMAS login sequence [ldap] looking for
check items in directory...
  [ldap] sambaNtPassword -> NT-Password ==
0x3043423639343838303546373937424632413832383037393733423839353337
  [ldap] sambaLmPassword -> LM-Password ==
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user usera authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.

!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
!!! Please update your configuration so that the "known good"

!!!
!!! clear text password is in Cleartext-Password, and not in
User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
	EAP-Message =
0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c
657273636861
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb5046181b5037b4806fda72c76d930a8
[peap] Got tunneled reply RADIUS code 11
	EAP-Message =
0x010700291a0107002410c823f451f29e4818ccd3f0be9f3650634649524d41315c626c
657273636861
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xb5046181b5037b4806fda72c76d930a8
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 89 to 192.168.0.2 port 1812
	EAP-Message =
0x0107004019001703010035c52325a3ae3a7f6bd4de688fbfef456c0fc3bd0b986af49a
bfb022fb9ba5a7b92058dc051da50ecf7b3ef7c4eaad3cbd6e99f65e78
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e554135ffc9edc831547521be2ad
Finished request 12.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=90,
length=240
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e554135ffc9edc831547521be2ad
	EAP-Message =
0x0207006119001703010056c97cf317a157bd52798bc228692340b159bf37c206e5a659
f93993bfcff9077f69ae0747ad07c868de4fb65a6a1ab6a0212c883f47be656fca32ee3b
02a4e6d0c197f4ed72c68d497e8872ad262de7fb1b7737c21234
	Message-Authenticator = 0x0aacaddadb8a501835ed2f2cd9df836c
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 97 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS [peap] eaptls_verify
returned 7 [peap] Done initial handshake [peap] eaptls_process returned
7 [peap] EAPTLS_OK [peap] Session established.  Decoding tunneled
attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
	EAP-Message =
0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c
75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273
636861
server  {
  PEAP: Setting User-Name to FIRMA1\usera Sending tunneled request
	EAP-Message =
0x0207004a1a0207004531465311ebc4ad0d394e81e0d169961d1100000000000000001c
75cd6fd76bac69737473ecbe0df750a88714f72a4bc71a004649524d41315c626c657273
636861
	FreeRADIUS-Proxied-To = 127.0.0.1
	User-Name = "FIRMA1\\usera"
	State = 0xb5046181b5037b4806fda72c76d930a8
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 74 [eap] No EAP Start,
assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for usera
[ldap] 	expand: %{Stripped-User-Name} -> usera
[ldap] 	expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=usera)
[ldap] 	expand: dc=firma1,dc=de -> dc=firma1,dc=de
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=firma1,dc=de, with filter (uid=usera)
[ldap] Added User-Password = {SSHA}WNtfzJKztV/VYNqJAew//EpfaqFTTmRY in
check items [ldap] No default NMAS login sequence [ldap] looking for
check items in directory...
  [ldap] sambaNtPassword -> NT-Password ==
0x3043423639343838303546373937424632413832383037393733423839353337
  [ldap] sambaLmPassword -> LM-Password ==
0x3031464335413642453742433639323941414433423433354235313430344545
[ldap] looking for reply items in directory...
[ldap] user usera authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.

!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
!!! Please update your configuration so that the "known good"

!!!
!!! clear text password is in Cleartext-Password, and not in
User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/mschapv2 [eap]
processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...}
[mschap] Found LM-Password [mschap] Found NT-Password
[mschap]   NT Domain delimeter found, should we have enabled
with_ntdomain_hack?
[mschap] Told to do MS-CHAPv2 for FIRMA1\usera with NT-Password [mschap]
FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01
port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply
code 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
	MS-CHAP-Error = "\007E=691 R=1"
	EAP-Message = 0x04070004
	Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 90 to 192.168.0.2 port 1812
	EAP-Message =
0x010800261900170301001be755b066be3f16eb4a1f8d7d3f54bf6333dc8a1865a7ef9d
c1d31c
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x1558e5541250fc9edc831547521be2ad
Finished request 13.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1812, id=91,
length=181
	NAS-IP-Address = 192.168.0.2
	NAS-Port = 50006
	NAS-Port-Type = Ethernet
	User-Name = "FIRMA1\\usera"
	Called-Station-Id = "00-15-F9-D8-7C-C6"
	Calling-Station-Id = "00-1A-4B-63-69-0B"
	Service-Type = Framed-User
	Framed-MTU = 1500
	State = 0x1558e5541250fc9edc831547521be2ad
	EAP-Message =
0x020800261900170301001bd0e5d1e8905737296a8cc3e900996439f0cf0a79a1254ecc
7514a1
	Message-Authenticator = 0xac386bf0ee6044841d403e1ac7a8dea3
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.0.2/auth-detail-20101022
[auth_log] 	expand: %t -> Fri Oct 22 18:32:41 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[ntdomain] Looking up realm "FIRMA1" for User-Name = "FIRMA1\usera"
[ntdomain] Found realm "FIRMA1"
[ntdomain] Adding Stripped-User-Name = "usera"
[ntdomain] Adding Realm = "FIRMA1"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 38 [eap] Continuing tunnel
setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list [eap] EAP/peap [eap]
processing type peap [peap] processing EAP-TLS [peap] eaptls_verify
returned 7 [peap] Done initial handshake [peap] eaptls_process returned
7 [peap] EAPTLS_OK [peap] Session established.  Decoding tunneled
attributes.
[peap] Received EAP-TLV response.
[peap]  Had sent TLV failure.  User was rejected earlier in this
session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [usera/<via Auth-Type = EAP>] (from client TESTSW01
port
50006 cli 00-1A-4B-63-69-0B)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> FIRMA1\usera
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 14 for 1 seconds Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 14
Sending Access-Reject of id 91 to 192.168.0.2 port 1812
	EAP-Message = 0x04080004
	Message-Authenticator = 0x00000000000000000000000000000000




--
View this message in context:
http://freeradius.1045715.n5.nabble.com/LDAP-authentication-failed-tp321
7861p3232594.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list