Mac OXS Server version of FreeRadius Problems
DavidS
fifeeliz1 at hotmail.com
Mon Aug 29 10:52:56 CEST 2011
Thanks Alan
Stopped the other Server instance and of course as you not message resolved
to
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
However I still cant get the damn setup to Authenticate. The output during a
failed attempt to authenticate a user, to my eyes did not reveal the issue
that i need to address in eap (as you propose) or elsewhere
Here is the output during a user attempt to authenticate - any thoughts?
(Thanks David)
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=1,
length=136
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0x562f50d7ee215e2703a4aa2ca625ccfd
EAP-Message = 0x0202000c0164736177636572
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
rlm_opendirectory: The host 192.168.0.98 does not have an access group.
rlm_opendirectory: Could not get the user's uuid.
++[opendirectory] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.0.98 port 1645
EAP-Message = 0x010300061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f073a70568fa17f41fc5620938
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=2,
length=306
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0xaa6d7f080c19541eaf62c4dc81581a09
EAP-Message =
0x020300a415800000009a16030100950100009103014e5b4b3e338c0281aac0bcc701f19deaac117d722a79430407804edc3f8cf6f2000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f073a70568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 154
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] (other): before/accept initialization
[ttls] TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0095], ClientHello
[ttls] TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[ttls] TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 0e89], Certificate
[ttls] TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls] TLS_accept: SSLv3 write server done A
[ttls] TLS_accept: SSLv3 flush data
[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.0.98 port 1645
EAP-Message =
0x0104040015c000000ec6160301002a0200002603014e5b4b3e8bc7ac345e1c5381eba044978c8cc9d815e95029e356c66b83d1b62000002f001603010e890b000e85000e820005933082058f30820477a00302010202072b432e88483c5a300d06092a864886f70d01010505003081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504
EAP-Message =
0x031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f060355040513083037393639323837301e170d3131303831333038323831305a170d3134303733313030313030365a30493111300f060355040a1308656f31312e6e65743121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c6964617465643111300f06035504031308656f31312e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100d8a8ebd1991709bf23ed04e56d0d3e20948daed510d217cf642ab2885035a8563f7fc4500fa27834f0b37d52cbdc2769b320cc66
EAP-Message =
0x1991b30d815bf3c2b6e12d2f0e92932210a8f2408c172dcddb05dfb4754ce82a776cf65829058d38cc1738525252759d4eb48e6dcfacc238a48d8b3382dde0f7fcd49a404afaa9ed63e4fd4bd0af702fed8b331841bdeebcc2d50f10fb3de53fc089a5d1b500a53aa6cc7e370b126c00e107c633fba512e5f31117587a6b44c2626cf3a43a97f268a4258c55e5b01343685595b0687253c0916225ca27faed8a30ab3eceb40de2f8a3eef97b61d5dca09bb39e174465e8c8586b8cec54ce634999d12c7c040ef0a3653a81210203010001a38201f8308201f4300f0603551d130101ff04053003010100301d0603551d250416301406082b0601050507
EAP-Message =
0x030106082b06010505070302300e0603551d0f0101ff0404030205a030330603551d1f042c302a3028a026a0248622687474703a2f2f63726c2e676f64616464792e636f6d2f676473312d35342e63726c304d0603551d20044630443042060b6086480186fd6d010717013033303106082b06010505070201162568747470733a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f30818006082b0601050507010104743072302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304a06082b06010505073002863e687474703a2f2f6365727469666963617465732e676f6461
EAP-Message = 0x6464792e636f6d2f7265706f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f072a00568fa17f41fc5620938
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=3,
length=148
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0x2db3b6c8db5fe348e4b1bd10b20c258f
EAP-Message = 0x020400061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f072a00568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.0.98 port 1645
EAP-Message =
0x0105040015c000000ec67369746f72792f67645f696e7465726d6564696174652e637274301f0603551d23041830168014fdac6132936c45d6e2ee855f9abae7769968cce7306b0603551d11046430628208656f31312e6e6574820c7777772e656f31312e6e65748210736c726e6173302e656f31312e6e65748212736c727377697463682e656f31312e6e6574821173657276657231302e656f31312e6e6574820f736c723837372e656f31312e6e6574301d0603551d0e0416041484060b7bc0cfea495c2307cc9f9e49060817e12c300d06092a864886f70d010105050003820101007cb821a8dcf078841ddde21e6d43bf6d5093b22229cfe913
EAP-Message =
0xd7c27d3ca7efa523743cd8f88e8c2b240558eaef9cfa3ee4c19e678399f4e3daa1952e230c39a9078fb8ad65314ee2e57aab07972822b163f92f6d9ab4ffabf27436a8a4ddec30901fa16a6ed0e7901f16c5d8b6b166f483a55a2e4159c38b80e4537e0b3a56c57195c501d0791276e298670e92b70143f045e3c83f0a4a7ad433e45d4c7e5636a1f2269c7d18587111ae7a07032a934838abd0fcb31f18b97a99fc7594f29874e0ad07b0e68061fbfce4d3b072c45baae778338c7f692c69f7412630972438266946d29e312811ddbad2219713978f459a816c6782954003a2c06231f8d08b8d190004e2308204de308203c6a0030201020202030130
EAP-Message =
0x0d06092a864886f70d01010505003063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3036313131363031353433375a170d3236313131363031353433375a3081ca310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e31333031060355040b132a687474703a2f2f6365727469
EAP-Message =
0x666963617465732e676f64616464792e636f6d2f7265706f7369746f72793130302e06035504031327476f204461646479205365637572652043657274696669636174696f6e20417574686f726974793111300f06035504051308303739363932383730820122300d06092a864886f70d01010105000382010f003082010a0282010100c42dd5158c9c264cec3235eb5fb859015aa66181593b7063abe3dc3dc72ab8c933d379e43aed3c3023848eb33014b6b287c33d9554049edf99dd0b251e21de65297e35a8a954ebf6f73239d4265595adeffbfe5886d79ef4008d8c2a0cbd4204cea73f04f6ee80f2aaef52a16966dabe1aad5dda2c66ea1a6b
EAP-Message = 0xbbe51a514a002f48c79875d8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f071a10568fa17f41fc5620938
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=4,
length=148
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0xb4df3ea96b26ccc933e07c8daf238f8c
EAP-Message = 0x020500061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f071a10568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.0.98 port 1645
EAP-Message =
0x0106040015c000000ec6b929c8eef8666d0a9cb3f3fc787ca2f8a3f2b5c3f3b97a91c1a7e6252e9ca8ed12656e6af6124453703095c39c2b582b3d08744af2be51b0bf87d04c27586bb535c59daf1731f80b8feead813605890898cf3aaf2587c049eaa7fd67f7458e97cc1439e23685b57e1a37fd16f671119a743016fe1394a33f840d4f0203010001a38201323082012e301d0603551d0e04160414fdac6132936c45d6e2ee855f9abae7769968cce7301f0603551d23041830168014d2c4b0d291d44c1171b361cb3da1fedda86ad4e330120603551d130101ff040830060101ff020100303306082b0601050507010104273025302306082b0601
EAP-Message =
0x05050730018617687474703a2f2f6f6373702e676f64616464792e636f6d30460603551d1f043f303d303ba039a0378635687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f6764726f6f742e63726c304b0603551d200444304230400604551d20003038303606082b06010505070201162a687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f7279300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100d286c0ecbdf9a1b667ee660ba2063a04508e1572ac4a749553cb37cb4449ef07906b33d996f0
EAP-Message =
0x9456a51330053c8532217bc9c70aa824a490de46d32523140367c210d66f0f5d7b7acc9fc5582ac1c49e21a85af3aca446f39ee463cb2f90a4292901d9722c29df370127bc4fee68d3218fc0b3e4f509edd210aa53b4bef0cc590bd63b961c952449dfceecfda7489114450e3a366fda45b345a241c9d4d7444e3eb97476d5a213552cc687a3b599ac0684877f7506fcbf144c0ecc6ec4df3db71271f4e8f15140222849e01d4b87a834cc06a2dd125ad186366403356f6f776eebf28550985eab0353ad9123631f169ccdb9b205633ae1f4681b1705359553ee00040430820400308202e8a003020102020100300d06092a864886f70d010105050030
EAP-Message =
0x63310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137303632305a170d3334303632393137303632305a3063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d010101050003
EAP-Message = 0x82010d003082010802820101
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f070a20568fa17f41fc5620938
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=5,
length=148
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0xa82b2ec6c5b16aac04984c38b383fa96
EAP-Message = 0x020600061500
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f070a20568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.0.98 port 1645
EAP-Message =
0x010702ee158000000ec600de9dd7ea571849a15bebd75f4886eabeddffe4ef671cf46568b35771a05e77bbed9b49e970803d561863086fdaf2ccd03f7f0254225410d8b281d4c0753d4b7fc777c33e78ab1a03b5206b2f6a2bb1c5887ec4bb1eb0c1d845276faa3758f78726d7d82df6a917b71f72364ea6173f659892db2a6e5da2fe88e00bde7fe58d15e1ebcb3ad5e212a2132dd88eaf5f123da0080508b65ca565380445991ea3606074c541a572621b62c51f6f5f1a42be025165a8ae23186afc7803a94d7f80c3faab5afca140a4ca1916feb2c8ef5e730dee77bd9af67998bcb10767a2150ddda058c6447b0a3e62285fba41075358cf117e38
EAP-Message =
0x74c5f8ffb569908f8474ea971baf020103a381c03081bd301d0603551d0e04160414d2c4b0d291d44c1171b361cb3da1fedda86ad4e330818d0603551d230481853081828014d2c4b0d291d44c1171b361cb3da1fedda86ad4e3a167a4653063310b30090603550406130255533121301f060355040a131854686520476f2044616464792047726f75702c20496e632e3131302f060355040b1328476f20446164647920436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100324bf3b2ca3e91fc12c6a1078c8e77a03306145c90
EAP-Message =
0x1e18f708a63d0a19f98780116e69e4961730ff3491637238eecc1c01a31d9428a431f67ac454d7f6e5315803a2ccce62db944573b5bf45c924b5d58202ad2379698db8b64dcecf4cca3323e81c88aa9d8b416e16c920e5899ecd3bda70f77e992620145425ab6e7385e69b219d0a6c820ea8f8c20cfa101e6c96ef870dc40f618badee832b95f88e92847239eb20ea83ed83cd976e08bceb4e26b6732be4d3f64cfe2671e26111744aff571a870f75482ecf516917a002126195d5d140b2104ceec4ac1043a6a59e0ad595629a0dcf8882c5320ce42b9f45e60d9f289cb1b92a5a57ad370faf1d7fdbbd9f16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f077a30568fa17f41fc5620938
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=6,
length=480
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0x49d07e0783dcd34e743f77688134f6a0
EAP-Message =
0x02070150158000000146160301010610000102010073e8769c50931eb8d7510b6242122789975b90912e9b316de5374da9414b4ce049ad52941117dbc7e35eb6f3870db7f47a8f96fcbdedc32f0702ded1d8760af5931b8e482297f6ac6f51e3c9f8bcfe3bf7bc93c08f51afc4b641973a0e6ef0019c4e4f1ce2209d3cb42012fec054feb0345a57846adcb668f81e044b12b161597d0be12795e554410d329fa92ff71bffa30e103aee646b12bfc68defea0eddf3c98fce85893a9710fbfd6150fb59ff1fa64765e6371bc18eb4f3ea56129ce030f491c4d5c6c5ef7cd8f075468406014089200fb186b85c7933a85d2b07daa2674627f70b18300c04
EAP-Message =
0x7afa967ca838b8fcd5e02794142216fb6f234114eba1bedf14030100010116030100309ccb0a854ba537cb852bba4e829095eecc777a146367523ef7408367aa73527e251f324f277a77fd69bd8275e3fb80cf
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f077a30568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 326
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[ttls] TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls] TLS_accept: SSLv3 write finished A
[ttls] TLS_accept: SSLv3 flush data
[ttls] (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.0.98 port 1645
EAP-Message =
0x0108004515800000003b140301000101160301003008670b7dfe3518a23af339575826eb71df43b6f75c4aa3a31a63da1f37fdd335f033ed4d3abed24011738f87683cd142
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73a410f076ac0568fa17f41fc5620938
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 1 with timestamp +2511
Cleaning up request 1 ID 2 with timestamp +2511
Cleaning up request 2 ID 3 with timestamp +2511
Cleaning up request 3 ID 4 with timestamp +2511
Cleaning up request 4 ID 5 with timestamp +2511
Cleaning up request 5 ID 6 with timestamp +2511
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.98 port 1645, id=7,
length=285
User-Name = "dsawcer"
Framed-MTU = 1400
Called-Station-Id = "0023.331c.9680"
Calling-Station-Id = "9027.e4f9.25b0"
Service-Type = Login-User
Message-Authenticator = 0x97a15db1918171fe49d55d82bda7cba4
EAP-Message =
0x0208008f1580000000851703010080e2d9295b14cae59129b605c441aec00a3187009bb0ed4acc791fd1db3e46a58e9523480b479075cceb0b4af41e536d8005125b4bd7c326fbb382a43ec84f0684a5370e8971afde67d795ece00c588642a7892fcf41526cc4b1e724df9aec0bf4df5cad51ac25ae1489416a68ffac146347ee2cb35435ec593275ea486d85885c
NAS-Port-Type = Wireless-802.11
NAS-Port = 257
NAS-Port-Id = "257"
State = 0x73a410f076ac0568fa17f41fc5620938
NAS-IP-Address = 192.168.0.98
NAS-Identifier = "ap1250"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "dsawcer", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 143
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
TLS Length 133
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established. Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
User-Name = "dsaw"
MS-CHAP-Challenge = 0x123df4ae238e051b426c24389c668556
MS-CHAP2-Response =
0x6000312af67f4db149fc6001912cb04a532f0000000000000000b1e7d8a8884d8902ff74532fb08057f83298f346bab1896d
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "dsaw"
MS-CHAP-Challenge = 0x123df4ae238e051b426c24389c668556
MS-CHAP2-Response =
0x6000312af67f4db149fc6001912cb04a532f0000000000000000b1e7d8a8884d8902ff74532fb08057f83298f346bab1896d
FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
++[unix] returns notfound
[suffix] No '@' in User-Name = "dsaw", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry dsaw at line 236
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for dsaw with NT-Password
[mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[mschap] expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} ->
--username=dsaw
[mschap] mschap2: 12
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=236c06ebf1d2d1cf
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=b1e7d8a8884d8902ff74532fb08057f83298f346bab1896d
[2011/08/29 01:18:16, 0, pid=2301]
/SourceCache/samba/samba-235.7/samba/source/utils/ntlm_auth.c:get_winbind_domain(146)
could not obtain winbind domain name!
Exec-Program output: Reading winbind reply failed! (0xc0000001)
Exec-Program-Wait: plaintext: Reading winbind reply failed! (0xc0000001)
Exec-Program: returned: 1
[mschap] External script failed.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
MS-CHAP-Error = "`E=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> dsawcer
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 6 for 1 seconds
Going to the next request
Waking up in 0.6 seconds.
Sending delayed reject for request 6
Sending Access-Reject of id 7 to 192.168.0.98 port 1645
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 6 ID 7 with timestamp +2521
Ready to process requests.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Mac-OXS-Server-version-of-FreeRadius-Error-tp4744750p4745526.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list