User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2 error
Gokhan Gunyol
gokhan.gunyol at gmail.com
Thu Nov 1 12:22:54 CET 2012
Hi;
We upgraded our radius to Freeradius 2.1.10 version on Ubuntu 32bit from
an old version
Our problem is windows xp clients cant login to wireless and radius has
"User-Name (machine\user) is not the same as MS-CHAP Name (user) from
EAP-MSCHAPv2" error mesages
At the old version freeradius at exactly same configuration clients had not
any problem
realm ntdomain {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
authtype = MS-CHAP
with_ntdomain_hack =yes
You can find debug log export at below
What we need to do ?
BR
Gokhan
� � User-Name = "testuser"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "001644EF420B"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x0201001101676f6b68616e67756e796f6c
Aruba-Essid-Name = "sunet-staff-wpa2"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0x50f0ec9d540b9d5e24090ea7de41963a
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
[yenimac] expand: - -> -
yenimac: Does not match: Calling-Station-Id = 001644EF420B
yenimac: Could not find value pair for attribute Calling-Station-Id
++[yenimac] returns ok
[eap] EAP packet type response id 1 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[mschap] returns noop
[ldap] performing user authorization for testuser
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)
[ldap] expand: o=univ.edu -> o=univ.edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=univ.edu, with filter (uid=testuser)
[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"
[ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843
[ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737
[ldap] radiusAuthType -> Auth-Type == EAP
[ldap] looking for reply items in directory...
[ldap] user testuser authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 154 to 10.200.0.2 port 32795
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1007cea51005d77e23351c7d723e9be1
Finished request 272.
Going to the next request
rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=137,
length=297
User-Name = "testuser"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "001644EF420B"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message =
0x0202005719800000004d160301004801000044030150923dd861119125fc2259c6b0bc6056
daa0fbf2c9a746654b172f25019442cd00001600040005000a00090064006200030006001300
12006301000005ff01000100
State = 0x1007cea51005d77e23351c7d723e9be1
Aruba-Essid-Name = "sunet-staff-wpa2"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0x711e835734fabd4577390bed80cf0722
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
[yenimac] expand: - -> -
yenimac: Does not match: Calling-Station-Id = 001644EF420B
yenimac: Could not find value pair for attribute Calling-Station-Id
++[yenimac] returns ok
[eap] EAP packet type response id 2 length 87
[eap] Continuing tunnel setup.
++[eap] returns ok
++[mschap] returns noop
[ldap] performing user authorization for testuser
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)
[ldap] expand: o=univ.edu -> o=univ.edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=univ.edu, with filter (uid=testuser)
[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"
[ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843
[ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737
[ldap] radiusAuthType -> Auth-Type == EAP
[ldap] looking for reply items in directory...
[ldap] user testuser authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 77
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 07af], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 137 to 10.200.0.2 port 32795
EAP-Message =
0x0103040019c0000007f316030100310200002d030150923de9c2b9bb8cd34ef049ee8297b8
d2c2431864dd9f472838bcbf6c1279cf000004000005ff0100010016030107af0b0007ab0007
a80003e8308203e43082034da003020102020200b9300d06092a864886f70d01010505003081
9f310b30090603550406130254523111300f06035504071308497374616e62756c311b301906
0355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e66
6f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e697665
72736974793127302506092a864886f70d010901161873797361
EAP-Message =
0x646d696e40736162616e6369756e69762e656475301e170d3132303531303130333233355a
170d3135303531303130333233355a30819f310b30090603550406130254523111300f060355
04071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273
697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b3019060355
040313125261646975732041757468205365727665723127302506092a864886f70d01090116
1873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d
010101050003818d0030818902818100a868d32fea2097c26fc7
EAP-Message =
0x06c909e04dffea3289404adeca30535091e4e2b65a36ee9adfe02002bde974063907877737
74e2ef394cef6e918710c7010ce82e41bc97211b8ab3b109377bcee92e67133965afb7e48c4b
2dc1a0e224c721b63b2584c6d16b5a64c4a8f183062baac5d87fdb2250372a4b3fc75f2c3a42
0ec29a5cb90203010001a382012b3082012730090603551d1304023000302c06096086480186
f842010d041f161d4f70656e53534c2047656e65726174656420436572746966696361746530
1d0603551d0e04160414a34c94bbb730604678cc372d518bbbbbe1c43e3a3081cc0603551d23
0481c43081c18014c6c1f74047266b05e67daee7263acf804303
EAP-Message =
0xbd0aa181a5a481a230819f310b30090603550406130254523111300f060355040713084973
74616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a30
18060355040b1311496e666f726d6174696f6e20546563682e311b3019060355040313125361
62616e636920556e69766572736974793127302506092a864886f70d01090116187379736164
6d696e40736162616e6369756e69762e656475820100300d06092a864886f70d010105050003
8181003b55627e878b84bbfc142e852404b1f5c0d0866cb76d1cd12ce1c45bcc36c2492f4f4b
fe4af1b175e79ab4f3eb915085c9e50afd756a44dc758d4d56f4
EAP-Message = 0xff14f1d23ad3d94011923725
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1007cea51104d77e23351c7d723e9be1
Finished request 273.
Going to the next request
Cleaning up request 258 ID 63 with timestamp +759
rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=222,
length=216
User-Name = "testuser"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "001644EF420B"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020300061900
State = 0x1007cea51104d77e23351c7d723e9be1
Aruba-Essid-Name = "sunet-staff-wpa2"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0xaedcfb0ad4ddd446ffbad960996ff1fe
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
[yenimac] expand: - -> -
yenimac: Does not match: Calling-Station-Id = 001644EF420B
yenimac: Could not find value pair for attribute Calling-Station-Id
++[yenimac] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[mschap] returns noop
[ldap] performing user authorization for testuser
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)
[ldap] expand: o=univ.edu -> o=univ.edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=univ.edu, with filter (uid=testuser)
[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"
[ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843
[ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737
[ldap] radiusAuthType -> Auth-Type == EAP
[ldap] looking for reply items in directory...
[ldap] user testuser authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 222 to 10.200.0.2 port 32795
EAP-Message =
0x010403fc1940aa154b4beb99b0651d518b10cde973766e445b091bfdb89d709d3d36d3efcf
a451eafe08fa690edc4b432017567af20d482218484a45bf0003ba308203b63082031fa00302
0102020100300d06092a864886f70d010104050030819f310b30090603550406130254523111
300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e
6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b
301906035504031312536162616e636920556e69766572736974793127302506092a864886f7
0d010901161873797361646d696e40736162616e6369756e6976
EAP-Message =
0x2e656475301e170d3033303331393038343032305a170d3133303331363038343032305a30
819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019
060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e
666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e6976
6572736974793127302506092a864886f70d010901161873797361646d696e40736162616e63
69756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100
b4d46775b459661c4ba537e81197a67c18ab969ba96fb2ad2a7e
EAP-Message =
0x0f5a8de0ae0d8b564b1269b32de256c8a526139934887adf8c5d1886da51c3d92ecbb91c01
b07ca4cbae2d4d5edf5962133790fc813ad092478d304e4b5344d63bf2af0607bb3d8de02522
dadb62b8972928232ba581d7a047a1c9187eb4c5549a56f3780b6d0203010001a381ff3081fc
301d0603551d0e04160414c6c1f74047266b05e67daee7263acf804303bd0a3081cc0603551d
230481c43081c18014c6c1f74047266b05e67daee7263acf804303bd0aa181a5a481a230819f
310b30090603550406130254523111300f06035504071308497374616e62756c311b30190603
55040a1312536162616e636920556e6976657273697479311a30
EAP-Message =
0x18060355040b1311496e666f726d6174696f6e20546563682e311b30190603550403131253
6162616e636920556e69766572736974793127302506092a864886f70d010901161873797361
646d696e40736162616e6369756e69762e656475820100300c0603551d13040530030101ff30
0d06092a864886f70d010104050003818100146ceba80178d651a8a31c3e9c0cc9a00f0a4ff1
885f2513befb08f252b0cfcda3db78b749e97c2b81293febd5327166c40d9a1fc660e006b041
be67976381b6610dd938cd1c4dd57bbec9a3f0cf95fce609392ea17400c24acc4dd9c8c1b962
818d9d2ee0081f868984a5b472d757746af53244cffc6c46f741
EAP-Message = 0x939a3cb53a961603
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1007cea51203d77e23351c7d723e9be1
Finished request 274.
Going to the next request
Cleaning up request 259 ID 58 with timestamp +759
rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=4,
length=216
User-Name = "testuser"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "001644EF420B"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message = 0x020400061900
State = 0x1007cea51203d77e23351c7d723e9be1
Aruba-Essid-Name = "sunet-staff-wpa2"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0x66ee7c8a6e9f1922ad84549e4bd66bb6
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
[yenimac] expand: - -> -
yenimac: Does not match: Calling-Station-Id = 001644EF420B
yenimac: Could not find value pair for attribute Calling-Station-Id
++[yenimac] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[mschap] returns noop
[ldap] performing user authorization for testuser
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)
[ldap] expand: o=univ.edu -> o=univ.edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=univ.edu, with filter (uid=testuser)
[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"
[ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843
[ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737
[ldap] radiusAuthType -> Auth-Type == EAP
[ldap] looking for reply items in directory...
[ldap] user testuser authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 10.200.0.2 port 32795
EAP-Message = 0x0105000d19000100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1007cea51302d77e23351c7d723e9be1
Finished request 275.
Going to the next request
rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=23,
length=402
User-Name = "testuser"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "001644EF420B"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message =
0x020500c01980000000b61603010086100000820080700e1be39859332693d138b13d7e28ea
b48a5f87e939eeb5d0978da9efd0957c2df909e3bcc53330e00981b44ca7eea794e28607d996
80c38bfb6886d6d3f689e4b8e2251eb9fed2f9747f905c664b4d39ced29c4e8eaa87c4479ebe
30a0c817b52eb0e1c6ebe80a3c8adc3c51352752803f9f15746bfef8bba5724e5d475f5d1403
01000101160301002067324c95356ea8cec4f757f37caa1e0bad62558c0e9372b33e9ac4f238
1bbcf6
State = 0x1007cea51302d77e23351c7d723e9be1
Aruba-Essid-Name = "sunet-staff-wpa2"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0x280d05f5afa8df8132594e3046573b8e
# Executing section authorize from file /etc/freeradius/radiusd.conf
+- entering group authorize {...}
[yenimac] expand: - -> -
yenimac: Does not match: Calling-Station-Id = 001644EF420B
yenimac: Could not find value pair for attribute Calling-Station-Id
++[yenimac] returns ok
[eap] EAP packet type response id 5 length 192
[eap] Continuing tunnel setup.
++[eap] returns ok
++[mschap] returns noop
[ldap] performing user authorization for testuser
[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)
[ldap] expand: o=univ.edu -> o=univ.edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in o=univ.edu, with filter (uid=testuser)
[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"
[ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843
[ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737
[ldap] radiusAuthType -> Auth-Type == EAP
[ldap] looking for reply items in directory...
[ldap] user testuser authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!
# Executing group from file /etc/freeradius/radiusd.conf
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 182
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 23 to 10.200.0.2 port 32795
EAP-Message =
0x01060031190014030100010116030100201137f7a6559497aeecf8db8a0dafbbc6f6a4014c
362fb22f123f439db04ae04f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1007cea51401d77e23351c7d723e9be1
Finished request 276.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121101/55657a59/attachment-0001.html>
More information about the Freeradius-Users
mailing list