Freeradius2.1.3 + Fedora9 + PEAP + AD = problem

lucky79 lukas.hofrichtr at interoute.com
Tue Feb 15 12:53:01 CET 2011


here's the output of radius -X: (hope its long enough:))

[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 245 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - host/W400210.interoute.com
[peap] Got inner identity 'host/W400210.interoute.com'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
        EAP-Message =
0x02f5001f01686f73742f573430303231302e696e7465726f7574652e636f6d
server  {
  PEAP: Setting User-Name to host/W400210.interoute.com
Sending tunneled request
        EAP-Message =
0x02f5001f01686f73742f573430303231302e696e7465726f7574652e636f6d
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "host/W400210.interoute.com"
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 245 length 31
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message =
0x01f600341a01f6002f10d576c25ad42b277594f37dbd0b1284a1686f73742f573430303231302e696e7465726f7574652e636f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69
[peap] Got tunneled reply RADIUS code 11
        EAP-Message =
0x01f600341a01f6002f10d576c25ad42b277594f37dbd0b1284a1686f73742f573430303231302e696e7465726f7574652e636f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 121 to 172.31.183.1 port 2048
        EAP-Message =
0x01f6005b19001703010050a99c434c2e7686d5c708631a745b9e1982e54f18e4dfab6a20a90729cc9464e6f8d585f1866fadc0e7e525f2a5940b1b2de54e6e353c60626f2f3fbe5d1ae5fc81667651806079097e04173bb57b71c5
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2e4eb3ac28b8aa99635005e47464e6cc
Finished request 11.
Going to the next request
Waking up in 1.4 seconds.
rad_recv: Access-Request packet from host 172.31.183.1 port 2048, id=122,
length=292
        User-Name = "host/W400210.interoute.com"
        NAS-Port = 0
        Called-Station-Id = "00-15-6D-E4-20-94:ubnt"
        Calling-Station-Id = "00-21-6B-2C-7B-60"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11"
        EAP-Message =
0x02f6007b19001703010070bc9400c25ae1409e8e6edfc302aa1453d9f1b79fa4987803574a67e7b3d9afb5e1840df879867c8fb327c2c2a34c33891b5544069c789c36f0458efacfb4c0ed51c84a882afc1c92b0c8654ec6142a108a66abcfe4ca6e4511b9657465e88872612bff4edde5ced368931fc78925ce3d
        State = 0x2e4eb3ac28b8aa99635005e47464e6cc
        Message-Authenticator = 0x73d26de7784b67dc7b93fefb4b637fa2
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 246 length 123
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
        EAP-Message =
0x02f600551a02f6005031725e21a5376765a7fd43620480eb763b00000000000000006a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a1400686f73742f573430303231302e696e7465726f7574652e636f6d
server  {
  PEAP: Setting User-Name to host/W400210.interoute.com
Sending tunneled request
        EAP-Message =
0x02f600551a02f6005031725e21a5376765a7fd43620480eb763b00000000000000006a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a1400686f73742f573430303231302e696e7465726f7574652e636f6d
        FreeRADIUS-Proxied-To = 127.0.0.1
        User-Name = "host/W400210.interoute.com"
        State = 0x2f3b45522fcd5ffaf0daaa4d5068ce69
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "host/W400210.interoute.com", looking up
realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 246 length 85
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: host/W400210.interoute.com
[mschap] Told to do MS-CHAPv2 for host/W400210.interoute.com with
NT-Password
[mschap]        expand: %{mschap:NT-Domain} -> interoute
[mschap]        expand: --domain=%{%{mschap:NT-Domain}:-INTEROUTE} ->
--domain=interoute
[mschap]        expand: --username=%{mschap:User-Name:-None} ->
--username=W400210$
[mschap]  mschap2: d5
[mschap] Creating challenge hash with username: host/W400210.interoute.com
[mschap]        expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=e0f779583568ced2
[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=6a5b56a2f5eab6d72234ec6efdf4c164d03e9ea01cd22a14
Exec-Program output: NT_KEY: 7AABD556DB5C9B2B59B26FDDBEF05A7E
Exec-Program-Wait: plaintext: NT_KEY: 7AABD556DB5C9B2B59B26FDDBEF05A7E
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
        EAP-Message =
0x01f700331a03f6002e533d36334643413845364131374144323831464430364342343130373237353139413233364537433744
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f3b45522ecc5ffaf0daaa4d5068ce69
[peap] Got tunneled reply RADIUS code 11
        EAP-Message =
0x01f700331a03f6002e533d36334643413845364131374144323831464430364342343130373237353139413233364537433744
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2f3b45522ecc5ffaf0daaa4d5068ce69
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 122 to 172.31.183.1 port 2048
        EAP-Message =
0x01f7005b190017030100509b7087b2a112825ea5aa08f802b90731b5f46e59349a2cdedc81a89f4103967283ba2f8990331ecb9ec7535a4f77b110e189f58f6162dbdc9a713a14d562f0f4fa52f6838fccc6a9be5003515e0b1263
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x2e4eb3ac29b9aa99635005e47464e6cc
Finished request 12.
Going to the next request
Waking up in 1.4 seconds.
Cleaning up request 0 ID 110 with timestamp +9
Cleaning up request 1 ID 111 with timestamp +9
Cleaning up request 2 ID 112 with timestamp +9
Cleaning up request 3 ID 113 with timestamp +9
Cleaning up request 4 ID 114 with timestamp +9
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xbed60aebbaf213e9 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

-- 
View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius2-1-3-Fedora9-PEAP-AD-problem-tp2780544p3385843.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.



More information about the Freeradius-Users mailing list