Freeradius + AD + WiFi + EAP
Kleber Larroyd
larroyd at hotmail.com
Mon Sep 13 16:35:32 CEST 2010
FreeRADIUS Version 2.1.9, for host x86_64-redhat-linux-gnu
Active Directory - Windows Server 2008
Windows Vista (WPA-TKIP / Protected EAP (PEAP))
Wireless Access Point - CISCO WAP4410N
File /etc/raddb/eap.conf
eap {
....
default_eap_type = peap
...
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
}
File /etc/raddb/users
DEFAULT Auth-Type = ntlm_auth
....
File /etc/raddb/modules/mschap
mschap {
...
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
...
}
File /etc/raddb/modules/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAINTEST --username=%{mschap:User-Name} --password=%{User-Password}"
}
Files /etc/raddb/sites-enable/inner-tunnel and /etc/raddb/sites-enable/default
authenticate {
....
ntlm_auth
...
}
[root at radiusserver etc]# ntlm_auth --request-nt-key
--domain=MYDOMAINTEST --username=testuser01 --password=test
NT_STATUS_OK: Success (0x0)
[root at radiusserver etc]# net join -U Administrator
Enter Administrator's password:
Using short domain name -- MYDOMAINTEST
Joined 'RADIUSSERVER' to realm 'mydomaintest.com'
[root at radiusserver /]# radtest testuser01 test localhost 0 teste123
Sending Access-Request of id 51 to 127.0.0.1 port 1812
User-Name = "testuser01"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812,
id=51, length=20
Have any idea ? Where can i find the solution ?
When i trying connect (windows vista) freeradius server with wireless over
access point i get this error:
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=189, length=189
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201001401414e47454c4f4e495c63626f6c616e
State = 0x6506f8af6507e17f97933c212e541ba3
Message-Authenticator = 0xbd99142be48ec558c3cbe5102cebc556
Mon Sep 13 10:34:21 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:21 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:21 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:21 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:21 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:21 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:21 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP packet type response id 1 length 20
Mon Sep 13 10:34:21 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns updated
Mon Sep 13 10:34:21 2010 : Info: ++[unix] returns notfound
Mon Sep 13 10:34:21 2010 : Info: ++[files] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[expiration] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[logintime] returns noop
Mon Sep 13 10:34:21 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Sep 13 10:34:21 2010 : Info: ++[pap] returns noop
Mon Sep 13 10:34:21 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:21 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP Identity
Mon Sep 13 10:34:21 2010 : Info: [eap] processing type tls
Mon Sep 13 10:34:21 2010 : Info: [tls] Initiate
Mon Sep 13 10:34:21 2010 : Info: [tls] Start returned 1
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 189 to 192.168.155.194 port 2050
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd76dd84ed76fc17a0790fefec05add19
Mon Sep 13 10:34:21 2010 : Info: Finished request 1.
Mon Sep 13 10:34:21 2010 : Debug: Going to the next request
Mon Sep 13 10:34:21 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=190, length=300
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0202008319800000007916030100740100007003014c8e2884af2dbe79e59a780b7c801b6a6f024ab05ed1164311f8e2c438576298000018002f00350005000ac009c00ac013c01400320038001300040100002f00000014001200000f616e67656c6f6e695c63626f6c616e000a00080006001700180019000b00020100ff01000100
State = 0xd76dd84ed76fc17a0790fefec05add19
Message-Authenticator = 0x93bc32a345dce54fc50f7bbb50ca7e3f
Mon Sep 13 10:34:21 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:21 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:21 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:21 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:21 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:21 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:21 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP packet type response id 2 length 131
Mon Sep 13 10:34:21 2010 : Info: [eap] Continuing tunnel setup.
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns ok
Mon Sep 13 10:34:21 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:21 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:21 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP/peap
Mon Sep 13 10:34:21 2010 : Info: [eap] processing type peap
Mon Sep 13 10:34:21 2010 : Info: [peap] processing EAP-TLS
Mon Sep 13 10:34:21 2010 : Debug: TLS Length 121
Mon Sep 13 10:34:21 2010 : Info: [peap] Length Included
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_verify returned 11
Mon Sep 13 10:34:21 2010 : Info: [peap] (other): before/accept initialization
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: before/accept initialization
Mon Sep 13 10:34:21 2010 : Info: [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: SSLv3 read client hello A
Mon Sep 13 10:34:21 2010 : Info: [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: SSLv3 write server hello A
Mon Sep 13 10:34:21 2010 : Info: [peap] >>> TLS 1.0 Handshake [length 085e], Certificate
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: SSLv3 write certificate A
Mon Sep 13 10:34:21 2010 : Info: [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: SSLv3 write server done A
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: SSLv3 flush data
Mon Sep 13 10:34:21 2010 : Info: [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
Mon Sep 13 10:34:21 2010 : Debug: In SSL Handshake Phase
Mon Sep 13 10:34:21 2010 : Debug: In SSL Accept mode
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_process returned 13
Mon Sep 13 10:34:21 2010 : Info: [peap] EAPTLS_HANDLED
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 190 to 192.168.155.194 port 2050
EAP-Message = 0x0103040019c0000008a216030100310200002d03014c8e285d2beeb4138d9eee394a996f4f9eca58f023b887efdda363a09db4bff300002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message = 0x74686f72697479301e170d3130303931333132343233355a170d3130313131323132343233355a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ee3a32108e4f3cbfaa7a92d4bd978ca40fc64b2a47661645c8b68d65044435a66076682fd05fa16778a5af94206ffc638de3ca5a2a99a7
EAP-Message = 0xc92a2cf32a0ee4b8318b2f6b48eed7145b30afb76af66a5ceb89811ae04a70d71efd284ddfacd426825d71a59a319b37da2bba0e088bb66183f25f6522af18a4fbd7104c308440dfd10444b93c8548363aa973a8a926a5dd2cdee98ab4334e76941732723504db3bc0d7f7ecbac57fe09389ef3472ad7b952baf531120d84c6e661360774007a6661c46e00344cec67a5626e1cb85d0a20d037aabb885560b01e2fbef6447971424dafda7b2b47a19a8ea30fa59cb5dfce23c3f2a52f1060bcb84f596fc54f37d8f970203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038201010011f6
EAP-Message = 0x5fe6dfff7362f46ed7015696230b784919f57eb0598b8cc5bc5aaafc91fb345324f2d8c409d3f4e89d7e16da467c611f98599c7e33ac6e6bea988f9dc1daad9102b4a4054f0cc9c6b1621088b3e2cc9d31f14adaea05d494919259f69778be393aab6efb9ddbb8d6a5949ae4c0231ff28820d4984cf5b319c9262a1fffc897ed56371008a993b0353d108a68b022384eb79b6b594d27f55fabc4215d96dde86b0e609bef9c04a2306c7c6b396ae07e9039815f0caec47148b6c5a8d5a353449e9d2b61a7f9c88dc86b90b94cfb3e98b1634da1923ba30d55e652d40c11c93eb5f6f1ee7827e134acbd4cc0f07d0b4d206e8df2fa9ecd78881348c1b157
EAP-Message = 0x2b0004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd76dd84ed66ec17a0790fefec05add19
Mon Sep 13 10:34:21 2010 : Info: Finished request 2.
Mon Sep 13 10:34:21 2010 : Debug: Going to the next request
Mon Sep 13 10:34:21 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=191, length=175
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020300061900
State = 0xd76dd84ed66ec17a0790fefec05add19
Message-Authenticator = 0x149802ee2e900a377b4953192fd43319
Mon Sep 13 10:34:21 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:21 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:21 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:21 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:21 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:21 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:21 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP packet type response id 3 length 6
Mon Sep 13 10:34:21 2010 : Info: [eap] Continuing tunnel setup.
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns ok
Mon Sep 13 10:34:21 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:21 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:21 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP/peap
Mon Sep 13 10:34:21 2010 : Info: [eap] processing type peap
Mon Sep 13 10:34:21 2010 : Info: [peap] processing EAP-TLS
Mon Sep 13 10:34:21 2010 : Info: [peap] Received TLS ACK
Mon Sep 13 10:34:21 2010 : Info: [peap] ACK handshake fragment handler
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_verify returned 1
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_process returned 13
Mon Sep 13 10:34:21 2010 : Info: [peap] EAPTLS_HANDLED
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 191 to 192.168.155.194 port 2050
EAP-Message = 0x010403fc1940a003020102020900fd77376b6dad365e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303931333132343233355a170d3130313131323132343233355a308193310b3009060355040613024652310f300d0603550408130652616469757331
EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d154c97876aafffd6e2c38d8d030b168f8dce7c480ee5e1f2e70f69b644f539598e82c35141f1fc6df2202d717a8d212224f57bd0a0e5e4f6ad9f86ba16f00651842cbf6a8ab15fd2e788309304f5dc5abd95811697d400a611cb69d60e8957024bd0a4fc7ff1267
EAP-Message = 0xb00fc2f26e74c5858497e66019676175f2cf11049781681ba950f2f9e0fc51045f12655aab1cfc4001e7de1bf7ad11cd4ce5a56cfc64f479d1c3fa84ef41275203b542cf17a0c7ea5d00ebdee20c53a432e0568669d036073870a155f3fac928212cdd0e071c5ae65784c83b6ac840dc198d51c6a59c6b1f6273a8c6c8906e0011842b96391df406225ca95c01649e518e235865d44d4d4d0203010001a381fb3081f8301d0603551d0e04160414e3bc4886052780b7f5e868e9f8c2e8188ee3f8b23081c80603551d230481c03081bd8014e3bc4886052780b7f5e868e9f8c2e8188ee3f8b2a18199a48196308193310b300906035504061302465231
EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900fd77376b6dad365e300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100886a41b64009cfdda5cbf1a1acc3b762ae831896a64568f23615de741e3911de3e1539a9cb018be1f0907182306a6296b2ab29391b905e3376391ab24c830be031aefa5e3ebf9f2bbc4862
EAP-Message = 0xec4672b63eb34dbe
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd76dd84ed569c17a0790fefec05add19
Mon Sep 13 10:34:21 2010 : Info: Finished request 3.
Mon Sep 13 10:34:21 2010 : Debug: Going to the next request
Mon Sep 13 10:34:21 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=192, length=175
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061900
State = 0xd76dd84ed569c17a0790fefec05add19
Message-Authenticator = 0xd66c19cfcb0a9d15888c2f80c474a5de
Mon Sep 13 10:34:21 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:21 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:21 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:21 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:21 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:21 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:21 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP packet type response id 4 length 6
Mon Sep 13 10:34:21 2010 : Info: [eap] Continuing tunnel setup.
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns ok
Mon Sep 13 10:34:21 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:21 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:21 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP/peap
Mon Sep 13 10:34:21 2010 : Info: [eap] processing type peap
Mon Sep 13 10:34:21 2010 : Info: [peap] processing EAP-TLS
Mon Sep 13 10:34:21 2010 : Info: [peap] Received TLS ACK
Mon Sep 13 10:34:21 2010 : Info: [peap] ACK handshake fragment handler
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_verify returned 1
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_process returned 13
Mon Sep 13 10:34:21 2010 : Info: [peap] EAPTLS_HANDLED
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 192 to 192.168.155.194 port 2050
EAP-Message = 0x010500bc1900a8c1e930adad128d2a178d8d7a4c345b4f7ddd981d87e3a364ef65216c0e6485d99f22a335b4c31daf8ff28bac0d0375c0c0d6695cbda1d70898a7e2dfb8ddb5a9df14270422a6820bf42284b766a88d819b3a1f33f4962446a852c8a88469e39707436d52148d4c1277c1dbc2c97b1377dc77dca0cfc3374eb968b54acd07df27089f3c611bfddb24c32dd17da21321da1ff5856723398f2d948e896a051e1cf7ebfd5f5989198f265898af4e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd76dd84ed468c17a0790fefec05add19
Mon Sep 13 10:34:21 2010 : Info: Finished request 4.
Mon Sep 13 10:34:21 2010 : Debug: Going to the next request
Mon Sep 13 10:34:21 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=193, length=175
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020500061900
State = 0xd76dd84ed468c17a0790fefec05add19
Message-Authenticator = 0x25610017540304c1a783aa7777ba392b
Mon Sep 13 10:34:21 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:21 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:21 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:21 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:21 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:21 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:21 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:21 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:21 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP packet type response id 5 length 6
Mon Sep 13 10:34:21 2010 : Info: [eap] Continuing tunnel setup.
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns ok
Mon Sep 13 10:34:21 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:21 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:21 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:21 2010 : Info: [eap] EAP/peap
Mon Sep 13 10:34:21 2010 : Info: [eap] processing type peap
Mon Sep 13 10:34:21 2010 : Info: [peap] processing EAP-TLS
Mon Sep 13 10:34:21 2010 : Info: [peap] Received TLS ACK
Mon Sep 13 10:34:21 2010 : Info: [peap] ACK handshake fragment handler
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_verify returned 1
Mon Sep 13 10:34:21 2010 : Info: [peap] eaptls_process returned 13
Mon Sep 13 10:34:21 2010 : Info: [peap] EAPTLS_HANDLED
Mon Sep 13 10:34:21 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 193 to 192.168.155.194 port 2050
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd76dd84ed36bc17a0790fefec05add19
Mon Sep 13 10:34:21 2010 : Info: Finished request 5.
Mon Sep 13 10:34:21 2010 : Debug: Going to the next request
Mon Sep 13 10:34:21 2010 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=194, length=171
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001401414e47454c4f4e495c63626f6c616e
Message-Authenticator = 0x7fb8c0c166efca06b16e7f0b2c11acc4
Mon Sep 13 10:34:23 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:23 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:23 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:23 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:23 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:23 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:23 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP packet type response id 0 length 20
Mon Sep 13 10:34:23 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns updated
Mon Sep 13 10:34:23 2010 : Info: ++[unix] returns notfound
Mon Sep 13 10:34:23 2010 : Info: ++[files] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[expiration] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[logintime] returns noop
Mon Sep 13 10:34:23 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Sep 13 10:34:23 2010 : Info: ++[pap] returns noop
Mon Sep 13 10:34:23 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:23 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP Identity
Mon Sep 13 10:34:23 2010 : Info: [eap] processing type tls
Mon Sep 13 10:34:23 2010 : Info: [tls] Initiate
Mon Sep 13 10:34:23 2010 : Info: [tls] Start returned 1
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 194 to 192.168.155.194 port 2050
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x08a4aa3d08a5b341b6a6388fbdc863a8
Mon Sep 13 10:34:23 2010 : Info: Finished request 6.
Mon Sep 13 10:34:23 2010 : Debug: Going to the next request
Mon Sep 13 10:34:23 2010 : Debug: Waking up in 3.3 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=195, length=189
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0201001401414e47454c4f4e495c63626f6c616e
State = 0x08a4aa3d08a5b341b6a6388fbdc863a8
Message-Authenticator = 0xdf84203e0b11202af2cae40b8121d33f
Mon Sep 13 10:34:23 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:23 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:23 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:23 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:23 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:23 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:23 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP packet type response id 1 length 20
Mon Sep 13 10:34:23 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns updated
Mon Sep 13 10:34:23 2010 : Info: ++[unix] returns notfound
Mon Sep 13 10:34:23 2010 : Info: ++[files] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[expiration] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[logintime] returns noop
Mon Sep 13 10:34:23 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Sep 13 10:34:23 2010 : Info: ++[pap] returns noop
Mon Sep 13 10:34:23 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:23 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP Identity
Mon Sep 13 10:34:23 2010 : Info: [eap] processing type tls
Mon Sep 13 10:34:23 2010 : Info: [tls] Initiate
Mon Sep 13 10:34:23 2010 : Info: [tls] Start returned 1
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 195 to 192.168.155.194 port 2050
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa14ba8cfa149b12d443c6d1514b556f1
Mon Sep 13 10:34:23 2010 : Info: Finished request 7.
Mon Sep 13 10:34:23 2010 : Debug: Going to the next request
Mon Sep 13 10:34:23 2010 : Debug: Waking up in 3.2 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=196, length=175
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200060311
State = 0xa14ba8cfa149b12d443c6d1514b556f1
Message-Authenticator = 0x59b31ae92c6fc003dd396d83f1ae2595
Mon Sep 13 10:34:23 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:23 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:23 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:23 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:23 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:23 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:23 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP packet type response id 2 length 6
Mon Sep 13 10:34:23 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns updated
Mon Sep 13 10:34:23 2010 : Info: ++[unix] returns notfound
Mon Sep 13 10:34:23 2010 : Info: ++[files] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[expiration] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[logintime] returns noop
Mon Sep 13 10:34:23 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Sep 13 10:34:23 2010 : Info: ++[pap] returns noop
Mon Sep 13 10:34:23 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:23 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:23 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP NAK
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP-NAK asked for EAP-Type/leap
Mon Sep 13 10:34:23 2010 : Info: [eap] processing type leap
Mon Sep 13 10:34:23 2010 : Debug: rlm_eap_leap: Stage 2
Mon Sep 13 10:34:23 2010 : Debug: rlm_eap_leap: Issuing AP Challenge
Mon Sep 13 10:34:23 2010 : Debug: rlm_eap_leap: Successfully initiated
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns handled
Sending Access-Challenge of id 196 to 192.168.155.194 port 2050
EAP-Message = 0x0103001f11010008ee1c3a6722d72f04414e47454c4f4e495c63626f6c616e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa14ba8cfa048b92d443c6d1514b556f1
Mon Sep 13 10:34:23 2010 : Info: Finished request 8.
Mon Sep 13 10:34:23 2010 : Debug: Going to the next request
Mon Sep 13 10:34:23 2010 : Debug: Waking up in 3.2 seconds.
rad_recv: Access-Request packet from host 192.168.155.194 port 2050, id=197, length=216
User-Name = "MYDOMAINTEST\\testuser01"
NAS-IP-Address = 192.168.155.194
NAS-Port = 0
Called-Station-Id = "00-15-62-FF-AD-2D:ciscosb"
Calling-Station-Id = "00-1E-65-DB-9D-86"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203002f11010018e3ecbf5161bbb5bd4cac88fff440256581950b19d079df4c414e47454c4f4e495c63626f6c616e
State = 0xa14ba8cfa048b92d443c6d1514b556f1
Message-Authenticator = 0xdff169f98e2fa8a9a0b0b17b022b9733
Mon Sep 13 10:34:23 2010 : Info: +- entering group authorize {...}
Mon Sep 13 10:34:23 2010 : Info: ++[preprocess] returns ok
Mon Sep 13 10:34:23 2010 : Info: ++[chap] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[mschap] returns noop
Mon Sep 13 10:34:23 2010 : Info: [suffix] No '@' in User-Name = "MYDOMAINTEST\testuser01", looking up realm NULL
Mon Sep 13 10:34:23 2010 : Info: [suffix] No such realm "NULL"
Mon Sep 13 10:34:23 2010 : Info: ++[suffix] returns noop
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] Looking up realm "MYDOMAINTEST" for User-Name = "MYDOMAINTEST\testuser01"
Mon Sep 13 10:34:23 2010 : Info: [ntdomain] No such realm "MYDOMAINTEST"
Mon Sep 13 10:34:23 2010 : Info: ++[ntdomain] returns noop
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP packet type response id 3 length 47
Mon Sep 13 10:34:23 2010 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns updated
Mon Sep 13 10:34:23 2010 : Info: ++[unix] returns notfound
Mon Sep 13 10:34:23 2010 : Info: ++[files] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[expiration] returns noop
Mon Sep 13 10:34:23 2010 : Info: ++[logintime] returns noop
Mon Sep 13 10:34:23 2010 : Info: [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
Mon Sep 13 10:34:23 2010 : Info: ++[pap] returns noop
Mon Sep 13 10:34:23 2010 : Info: Found Auth-Type = EAP
Mon Sep 13 10:34:23 2010 : Info: +- entering group authenticate {...}
Mon Sep 13 10:34:23 2010 : Info: [eap] Request found, released from the list
Mon Sep 13 10:34:23 2010 : Info: [eap] EAP/leap
Mon Sep 13 10:34:23 2010 : Info: [eap] processing type leap
Mon Sep 13 10:34:23 2010 : Debug: rlm_eap_leap: No Cleartext-Password or NT-Password configured for this user
Mon Sep 13 10:34:23 2010 : Info: [eap] Handler failed in EAP/leap
Mon Sep 13 10:34:23 2010 : Info: [eap] Failed in EAP select
Mon Sep 13 10:34:23 2010 : Info: ++[eap] returns invalid
Mon Sep 13 10:34:23 2010 : Info: Failed to authenticate the user.
Mon Sep 13 10:34:23 2010 : Info: Using Post-Auth-Type Reject
Mon Sep 13 10:34:23 2010 : Info: +- entering group REJECT {...}
Mon Sep 13 10:34:23 2010 : Info: [attr_filter.access_reject] expand: %{User-Name} -> MYDOMAINTEST\testuser01
Mon Sep 13 10:34:23 2010 : Debug: attr_filter: Matched entry DEFAULT at line 11
Mon Sep 13 10:34:23 2010 : Info: ++[attr_filter.access_reject] returns updated
Mon Sep 13 10:34:23 2010 : Info: Delaying reject of request 9 for 1 seconds
Mon Sep 13 10:34:23 2010 : Debug: Going to the next request
Mon Sep 13 10:34:23 2010 : Debug: Waking up in 0.9 seconds.
Mon Sep 13 10:34:24 2010 : Info: Sending delayed reject for request 9
Sending Access-Reject of id 197 to 192.168.155.194 port 2050
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100913/6c819b8a/attachment.html>
More information about the Freeradius-Users
mailing list