Windows XP client not connecting

Angelica Delgado angelicadel230 at gmail.com
Wed Jan 4 19:08:43 CET 2012 

Freeradius is configured to use peap/mschapv2 with Active Directory.  We
created the certificate with the required extensions.  Windows 7 is working
but Windows XP with service pack 3 is only working when using its Intel
Proset Wireless utility (with and without certicate validation).  It does
not work with its native client not even when disabling validation of the
server certificate.  We noticed that it authenticates successfully but then
it disconnects.

FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Dec 30
2009 at 13:47:58


Sending Access-Challenge of id 56 to 10.2.2.2 port 1645

 EAP-Message = 0x010300061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xc8798165c87a987dbec3195d12e082e4
Finished request 22.

Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=57,
length=233

 User-Name = "testuser"
 Framed-MTU = 1400
 Called-Station-Id = "00-19-56-B0-90-18"
 Calling-Station-Id = "00-1B-77-89-0E-6D"
 Service-Type = Login-User
 Message-Authenticator = 0x9dd7590ca977a2f03cb76f4b5edbde07
 EAP-Message =
0x0203005719800000004d16030100480100004403014f03a34ae5fe3cfedf9316ea7e560abfb58e89c2dae7ae6c6283bffea9acf53c00001600040005000a0009006400620003000600130012006301000005ff01000100

 NAS-Port-Type = Wireless-802.11
 NAS-Port = 19655928
 NAS-Port-Id = "19655928"
 State = 0xc8798165c87a987dbec3195d12e082e4

 NAS-IP-Address = 10.2.2.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]  expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
- Show quoted text -
Sending Access-Challenge of id 57 to 10.2.2.2 port 1645
 EAP-Message =
0x0104040019c000000ed816030100310200002d03014f03a28702df642ca5039e264f0b999dc0f70726483fd1c8f098fa7054fb4f4b000004000005ff010001001603010e940b000e90000e8d0005833082057f30820467a00302010202105ed6e6fd6f3ad08e152a3b071ff3a04c300d06092a864886f70d01010505003051310b300906035504061302555331123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311b301906035504031312496e436f6d6d6f6e20536572766572204341301e170d3131313231363030303030305a170d3134313231353233353935395a3081d3310b3009060355040613

 EAP-Message =
0x025553310e300c060355041113053738353230310b3009060355040813025458311430120603550407130b42726f776e7376696c6c65311630140603550409130d383020466f72742042726f776e312f302d060355040a132654686520556e6976657273697479206f662054657861732061742042726f776e7376696c6c65312f302d060355040b132654686520556e6976657273697479206f662054657861732061742042726f776e7376696c6c65311730150603550403130e6f73707265792e7574622e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100b3efbe37fee5602fbecf516c5aebcba16b22ae
 EAP-Message =
0x87a73ec0f244cc8f51126b32dcf84352246a6edd26ffbf788f1b4d9560cffdd6c3cb1ddb54fdbd3dedfbbf84eba95fb6fff22b6cfaf1edb3c9e80017cfceb0938e0391cd5906fc252c8530608f09c70f289d9227e13a0b797aba45098d992fa7d1e64a24d475523c3541b9fa37f003a917bb407a866172640fdd93545da43c0ad333dd2c2d12acf80351ff022cbfe6b6954de284a7d041a6305bc9064fcbe2151cb2ad90d66004815358423731936a0ece44113921c314d9005d1403aeb9625671669df6bc2514cb88ccece09cc007d1041473662f836ce777873ab58551b5c2a6a9bb4e692fe23fcac4e94b0b0203010001a38201ce308201ca301f06
 EAP-Message =
0x03551d23041830168014484f5afa2f4a9a5ee050f36b7b55a5def5be345d301d0603551d0e04160414684f11af8f1e2d124370e48bc48fc76a823b7563300e0603551d0f0101ff0404030205a0300c0603551d130101ff04023000301d0603551d250416301406082b0601050507030106082b06010505070302305d0603551d20045630543052060c2b06010401ae2301040301013042304006082b06010505070201163468747470733a2f2f7777772e696e636f6d6d6f6e2e6f72672f636572742f7265706f7369746f72792f6370735f73736c2e706466303d0603551d1f043630343032a030a02e862c687474703a2f2f63726c2e696e636f6d6d
 EAP-Message = 0x6f6e2e6f72672f496e436f6d
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xc8798165c97d987dbec3195d12e082e4
Finished request 23.

Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=58,
length=152

 User-Name = "testuser"
 Framed-MTU = 1400
 Called-Station-Id = "00-19-56-B0-90-18"
 Calling-Station-Id = "00-1B-77-89-0E-6D"
 Service-Type = Login-User
 Message-Authenticator = 0x1ca2ef2141258b5b61880ea68486371e

 EAP-Message = 0x020400061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 19655928
 NAS-Port-Id = "19655928"
 State = 0xc8798165c97d987dbec3195d12e082e4

 NAS-IP-Address = 10.2.2.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]  expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 58 to 10.2.2.2 port 1645

 EAP-Message =
0x010503fc19406d6f6e53657276657243412e63726c306f06082b0601050507010104633061303906082b06010505073002862d687474703a2f2f636572742e696e636f6d6d6f6e2e6f72672f496e436f6d6d6f6e53657276657243412e637274302406082b060105050730018618687474703a2f2f6f6373702e696e636f6d6d6f6e2e6f7267303c0603551d1104353033820e6f73707265792e7574622e656475820f77616c6c6163652e7574622e656475821077616c6c616365322e7574622e656475300d06092a864886f70d01010505000382010100580d1947654343a850bb6f6fcf396d7896e1cbf3984f9647720c04be79901faf6eefd776d9
 EAP-Message =
0x54d61a7b5c1c085c89d86b0b9e3a6249973fc43164deb7cb68f28c27f2fb98a7eb051f102016a904b436245ec3a3acc3a9702238aec914c680bf5df6779002909fb571ba5fa188cc1f0ae8faee1381731e04fb48983fb1771e196471f923f13fd100700bd6ba40f3a622db305b2a78a13b2bd8dc758e341b8fd0e3436e01b656c19a18dcf489aea2e187645a7895f7b31c78ef1cb14afe07bb3328e08a1052b8c2c77416d46085b309a7a0465856f04a4e75b8fdce88ee593d19d62fd6eab34875b0ccd35b3cab55ddb456994e8d78b5af35cf3f80bf630f5c971c0004c7308204c3308203aba00302010202107f71c1d3a226b0d2b113f3e68167643e
 EAP-Message =
0x300d06092a864886f70d0101050500306f310b300906035504061302534531143012060355040a130b416464547275737420414231263024060355040b131d41646454727573742045787465726e616c20545450204e6574776f726b312230200603550403131941646454727573742045787465726e616c20434120526f6f74301e170d3130313230373030303030305a170d3230303533303130343833385a3051310b300906035504061302555331123010060355040a1309496e7465726e6574323111300f060355040b1308496e436f6d6d6f6e311b301906035504031312496e436f6d6d6f6e2053657276657220434130820122300d06092a86
 EAP-Message =
0x4886f70d01010105000382010f003082010a0282010100977cc7c8feb3e9206aa3a44f8e8e345606b37a6caa109b48612b369069e3340a47a7bb7bdeaa6afbeb82958fca1d7faf75a6a84cda2067611a0d86c1cac187afac4ee4de621b2f9db198afc601fb1770dbac1459ec6f3f337fa6980be4e238aff57f856d0e74049df62786c79b8fe7712a08f403024063247d40578f54e0547eb6134861f1dece0ebdb6fa4d98b2d90d8d79a6e0aacd0c919aa5dfab73bbca14785c4729a1cac5ba9fc7da60f7ffe77ff2d9daa12d0f4916a7d30092cf8a47d94df8d59566d374f98063004f4c84161fb3f5241fa14edee895d6b20b098b2c6bc75c2f8c63c9
 EAP-Message = 0x99cb52b1627b7301
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xc8798165ca7c987dbec3195d12e082e4
Finished request 24.

Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.2.2.2 port 1645, id=59,
length=152

 User-Name = "testuser"
 Framed-MTU = 1400
 Called-Station-Id = "00-19-56-B0-90-18"
 Calling-Station-Id = "00-1B-77-89-0E-6D"
 Service-Type = Login-User
 Message-Authenticator = 0x279a6dd0a68ef53a4e4cbafdd3b8fd55

 EAP-Message = 0x020500061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 19655928
 NAS-Port-Id = "19655928"
 State = 0xc8798165ca7c987dbec3195d12e082e4
 NAS-IP-Address = 10.2.2.2
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log]  expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.2.2.2/auth-detail-20120103
[auth_log]  expand: %t -> Tue Jan  3 18:51:19 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 59 to 10.2.2.2 port 1645
 EAP-Message = 0x010603fc1940627f636cd868a0ee6aa88d1f29f3d018acad02030100


Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120104/a9c17d58/attachment.html>

More information about the Freeradius-Users mailing list