falling back to local auth and not ads

Morris, Andi amorris at cardiffmet.ac.uk
Tue Apr 24 11:24:42 CEST 2012


My freeradius server seems to be falling back to local authentication rather than piping it out to our ADS server.  If I create a local user on the radius box authentication is successful.  Can anyone please help with this?  All relevant info I can think of is below.

Samba connection works fine, I've joined the linux box (red hat 6.2) to the domain.
Kinit connection runs fine.
Edited Testparm results are:
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
        workgroup = workgroup
        realm = INTERNAL.DOMAIN.CO.UK
        server string = server01
        interfaces = 10.1.3.9/24
        security = ADS
        client NTLMv2 auth = Yes
        log level = 1 winbind:5 auth:3
        load printers = No
        idmap uid = 10000-45000
        idmap gid = 10000-45000
        winbind use default domain = Yes
        cups options = raw

net ads lookup dcs shows a domain controller
chgrp radiusd /var/lib/samba/winbindd_privileged/ has been run
ntlm_auth -username give result: NT_STATUS_OK: Success (0x0)

cropped debug output:

Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=50, length=152
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                EAP-Message = 0x0200000c01736d3138383138
                Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 0 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 00-24-54-42-86-04
rlm_perl: Added pair Called-Station-Id = 00-16-47-F7-32-41
rlm_perl: Added pair Cisco-NAS-Port = FastEthernet0/1
rlm_perl: Added pair Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993
rlm_perl: Added pair User-Name = sm18818
rlm_perl: Added pair EAP-Message = 0x0200000c01736d3138383138
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 10.1.1.22
rlm_perl: Added pair NAS-Port = 50001
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Auth-Type = EAP
++[packetfence] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 50 to 10.1.1.22 port 1812
                EAP-Message = 0x010100061920
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17c7ddd7defb2c24478e29151
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=51, length=263
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a17c7ddd7defb2c24478e29151
                EAP-Message = 0x0201006919800000005f160301005a0100005603014f9017be440f4cbc99f67ffe587f648545f74cc832daa9e43857f7ce7ac48e42000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
                Message-Authenticator = 0xaae583362e9a580324ffe1459a30e524
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 1 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0419], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 51 to 10.1.1.22 port 1812
                EAP-Message = 0x0102040019c00000045d16030100310200002d03014f90179057e896056f57af82c6f54e60041737802441091408cb5086b96cb93500002f000005ff0100010016030104190b00041500041200040f3082040b308202f3a0030201020209008457e87e4346de7f300d06092a864886f70d010105050030819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e20536572766963
                EAP-Message = 0x65733113301106035504030c0a68616c6c736e61633031301e170d3132303431363138303930385a170d3133303431363138303930385a30819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e2053657276696365733113301106035504030c0a68616c6c736e6163303130820122300d06092a864886f70d01010105000382010f003082010a0282010100be9c9265f0fd69
                EAP-Message = 0x36b44a273f0b3bf8aafa36904d3dec8d392bc1bc9d52c73cd83c34fc418e4ae116847ed462411d54e7f78d586e53c05e5a59a08327cdafdebd2d06fe22a08ffabab004fefdde1b2b005a2d17c114b5b262122f8ff5d3ae89b2b3debd83a134a3c504f57c0e46cdc201d51b343a8243167b95478d92c2b2289e6516219bda5daf1b64d2599512f41a35cc1cb749cecc637e905880e7794ae637e1f52bc9d62e8a73444ffe0e164888574d9afdb7ab3ee30c09296a6d299337796d36644d00f6a5725ff2e05381d12ba1fdd37075cd56a6b7e13e51d671aaa3aacf6f0cbf7f0f90e75e22369e426c2a530ab0abb6162582d6b3ec4adeb354e53102030100
                EAP-Message = 0x01a350304e301d0603551d0e041604146cb125f0ea10521b328b7ae014a2680c058ca7bc301f0603551d230418301680146cb125f0ea10521b328b7ae014a2680c058ca7bc300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010084c2453f7ee7c9659c6278e51bdcda9489b9df1721271447e78c69ea94edf9a1c90a83fd14af61ced01dfe7a931363afcd4bf2ad4c563bd5200454356c3973f8233f6ebc5a8e8fec1cdfc7a46b317ec65a5b105c644b81d435480a8386267d9975db81f918a400fe1fea57f82219834c44288970bf3b5ff40ce9089dc99e432d706e765e204fab9cbc7a6dfa88c793788441371df26d
                EAP-Message = 0x1966ce6ceb1e56b79c80e9ab
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17d7edd7defb2c24478e29151
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=52, length=164
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a17d7edd7defb2c24478e29151
                EAP-Message = 0x020200061900
                Message-Authenticator = 0x7e4e96be86285da30bea39583ab60700
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 52 to 10.1.1.22 port 1812
                EAP-Message = 0x0103006d1900ae27f7c48f8dcf1d47327fc08f9f1a9a004fd376c1a4c491331b2e554c6458a40bebde6444da9b525372d9c44920937aa26393222d460bc64bd1d007021531016d5d96796972e15d25eced794837a6d77d98a5d1b7b3c128d3c895de9e9e16030100040e000000
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17e7fdd7defb2c24478e29151
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=53, length=496
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a17e7fdd7defb2c24478e29151
                EAP-Message = 0x0203015019800000014616030101061000010201004c7788a8a2f60c69bf9dd1c9a0a777de1a7b45ffc7efaded554f9ae7daa57bed28006e3af36fb6e48e325bba393c7ed30f62ee242f8bca8584f3982bf43879642f227025425044a0061a487781d4243d9b731719172f21056fba514a7ffe85becb7d4870d2d7b00940113a9a4a47bdbc087223f615f6643f9fee1c07f4c7b8ce849b605cf2d6e945295161f02014a91b90c95ae5419079252793bf3e1578e9d4a9891a73554201221bccfcbbecf2b658344db323b32aed8c7a74057abc15d8aa5edb9c3dd6cfd20de84639ebaa5bb1e78bfbf02d19cd2ca596e0a72bf4612f9a58c681473dbee4f5
                EAP-Message = 0xd6d80708035534d6f9a4a296d5f67a220426e485c4796430140301000101160301003086ff2b333a990ad6876caba4e9b6f806f8a437681f6db738596d4c80963e7941f7016f3bf845cd94fb15f5f5c5fe452f
                Message-Authenticator = 0x21930395cd5e71160ca4bf8c1125df8e
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 3 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 53 to 10.1.1.22 port 1812
                EAP-Message = 0x01040041190014030100010116030100301a7416c5a68d27374ed4739350a51eae93d8baede52b057347c665cabff9410f7dab4d72795b54891b15e6ed2dd0d780
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17f78dd7defb2c24478e29151
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=54, length=164
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a17f78dd7defb2c24478e29151
                EAP-Message = 0x020400061900
                Message-Authenticator = 0x7f354427c0059d1a5fc0a89e7fac88f1
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 54 to 10.1.1.22 port 1812
                EAP-Message = 0x0105002b190017030100207698c92d6973a15e192ae19cecef7a29e6ccd5f32f64f713e4f5497216d6f371
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17879dd7defb2c24478e29151
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=55, length=201
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a17879dd7defb2c24478e29151
                EAP-Message = 0x0205002b1900170301002095f189b1ea8c30d31387e9a79add21fc2b07b4e7e86205b38772a041b99a6b00
                Message-Authenticator = 0x3fa49fa72ae68063e5edc7c76c1a23c5
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 5 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - sm18818
[peap] Got inner identity 'sm18818'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
                EAP-Message = 0x0205000c01736d3138383138
server packetfence {
[peap] Setting User-Name to sm18818
Sending tunneled request
                EAP-Message = 0x0205000c01736d3138383138
                FreeRADIUS-Proxied-To = 127.0.0.1
                User-Name = "sm18818"
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
server packetfence-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server packetfence-tunnel
[peap] Got tunneled reply code 11
                EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x9920660299267c474e5f7c2e3011a1e5
[peap] Got tunneled reply RADIUS code 11
                EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x9920660299267c474e5f7c2e3011a1e5
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 55 to 10.1.1.22 port 1812
                EAP-Message = 0x0106004b190017030100404ae4ff24a485244baabe8642914ae553c53877050c4ac566f444c764f938c4bbb924e13de5c7f90c50d5d89d5e0322b2f7e54eec93a9b6ef170863282b669f90
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a1797add7defb2c24478e29151
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=56, length=265
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                User-Name = "sm18818"
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
                State = 0x7c7cc4a1797add7defb2c24478e29151
                EAP-Message = 0x0206006b1900170301006024a871b68d472e9b2fb927c48ee8eec1927e26d0c995f1d33b245e2aaedf10d0850fe337c1fbeca10935879e64a3ca65c75159b07b567d9bca49128ad5d4abe9c7069dcb9c32575274cd9e383e7c4b93dd49018d352297f3253b5831d997b660
                Message-Authenticator = 0x19cf5c1dc655bdbc50918cb01e71cfd0
server packetfence {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[preprocess] returns ok
[eap] EAP packet type response id 6 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
                EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138
server packetfence {
[peap] Setting User-Name to sm18818
Sending tunneled request
                EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138
                FreeRADIUS-Proxied-To = 127.0.0.1
                User-Name = "sm18818"
                State = 0x9920660299267c474e5f7c2e3011a1e5
                NAS-IP-Address = 10.1.1.22
                NAS-Port = 50001
                Cisco-NAS-Port = "FastEthernet0/1"
                NAS-Port-Type = Ethernet
                Called-Station-Id = "00-16-47-F7-32-41"
                Calling-Station-Id = "00-24-54-42-86-04"
                Service-Type = Framed-User
                Framed-MTU = 1500
server packetfence-tunnel {
# Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel
+- entering group authorize {...}
[suffix] No '@' in User-Name = "sm18818", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: sm18818
[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [sm18818] (from client 10.1.1.22 port 50001 cli 00-24-54-42-86-04 via TLS tunnel)
} # server packetfence-tunnel
[peap] Got tunneled reply code 3
                MS-CHAP-Error = "\006E=691 R=1"
                EAP-Message = 0x04060004
                Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
                MS-CHAP-Error = "\006E=691 R=1"
                EAP-Message = 0x04060004
                Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
} # server packetfence
Sending Access-Challenge of id 56 to 10.1.1.22 port 1812
                EAP-Message = 0x0107002b1900170301002083d13929a4b17d457d0978cbdf96feaf9b3d0291f181a38ab1d60377f0333d2a
                Message-Authenticator = 0x00000000000000000000000000000000
                State = 0x7c7cc4a17a7bdd7defb2c24478e29151
Finished request 6.
Going to the next request

Cheers,
Andi
________________________________

>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120424/48261237/attachment-0001.html>


More information about the Freeradius-Users mailing list