User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2 error

Gokhan Gunyol gokhan.gunyol at gmail.com
Thu Nov 1 12:22:54 CET 2012


 

Hi;

 

We  upgraded our radius to  Freeradius 2.1.10 version on Ubuntu 32bit from
an old version

Our problem is windows xp clients cant login to wireless and radius has
"User-Name (machine\user) is not the same as MS-CHAP Name (user) from
EAP-MSCHAPv2" error mesages

At the old version freeradius at exactly same configuration clients had not
any problem

 

        realm ntdomain { 

                format = prefix

                delimiter = "\\" 

                ignore_default = no

                ignore_null = no

        }

 

 

        authtype = MS-CHAP

 

                with_ntdomain_hack =yes

 

You can find debug log export at below

 

What we need to do ?

 

 

BR

Gokhan

 

 

 

          User-Name = "testuser"

                NAS-IP-Address = 10.200.0.2

                NAS-Port = 0

                NAS-Identifier = "10.200.0.2"

                NAS-Port-Type = Wireless-802.11

                Calling-Station-Id = "001644EF420B"

                Called-Station-Id = "000B8661DFC4"

                Service-Type = Login-User

                Framed-MTU = 1100

                EAP-Message = 0x0201001101676f6b68616e67756e796f6c

                Aruba-Essid-Name = "sunet-staff-wpa2"

                Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"

                Aruba-Attr-10 = 0x424d5f62696e617369

                Message-Authenticator = 0x50f0ec9d540b9d5e24090ea7de41963a

# Executing section authorize from file /etc/freeradius/radiusd.conf

+- entering group authorize {...}

[yenimac]           expand: - -> -

yenimac: Does not match: Calling-Station-Id = 001644EF420B

yenimac: Could not find value pair for attribute Calling-Station-Id

++[yenimac] returns ok

[eap] EAP packet type response id 1 length 17

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[mschap] returns noop

[ldap] performing user authorization for testuser

[ldap]    expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)

[ldap]    expand: o=univ.edu -> o=univ.edu

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in o=univ.edu, with filter (uid=testuser)

[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items

[ldap] No default NMAS login sequence

[ldap] looking for check items in directory...

  [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"

  [ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843

  [ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737

  [ldap] radiusAuthType -> Auth-Type == EAP

[ldap] looking for reply items in directory...

[ldap] user testuser authorized to use remote access

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns ok

Found Auth-Type = EAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!!    Replacing User-Password in config items with Cleartext-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!! Please update your configuration so that the "known good"
!!!

!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

# Executing group from file /etc/freeradius/radiusd.conf

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1

++[eap] returns handled

Sending Access-Challenge of id 154 to 10.200.0.2 port 32795

                EAP-Message = 0x010200061920

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1007cea51005d77e23351c7d723e9be1

Finished request 272.

Going to the next request

rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=137,
length=297

                User-Name = "testuser"

                NAS-IP-Address = 10.200.0.2

                NAS-Port = 0

                NAS-Identifier = "10.200.0.2"

                NAS-Port-Type = Wireless-802.11

                Calling-Station-Id = "001644EF420B"

                Called-Station-Id = "000B8661DFC4"

                Service-Type = Login-User

                Framed-MTU = 1100

                EAP-Message =
0x0202005719800000004d160301004801000044030150923dd861119125fc2259c6b0bc6056
daa0fbf2c9a746654b172f25019442cd00001600040005000a00090064006200030006001300
12006301000005ff01000100

                State = 0x1007cea51005d77e23351c7d723e9be1

                Aruba-Essid-Name = "sunet-staff-wpa2"

                Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"

                Aruba-Attr-10 = 0x424d5f62696e617369

                Message-Authenticator = 0x711e835734fabd4577390bed80cf0722

# Executing section authorize from file /etc/freeradius/radiusd.conf

+- entering group authorize {...}

[yenimac]           expand: - -> -

yenimac: Does not match: Calling-Station-Id = 001644EF420B

yenimac: Could not find value pair for attribute Calling-Station-Id

++[yenimac] returns ok

[eap] EAP packet type response id 2 length 87

[eap] Continuing tunnel setup.

++[eap] returns ok

++[mschap] returns noop

[ldap] performing user authorization for testuser

[ldap]    expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)

[ldap]    expand: o=univ.edu -> o=univ.edu

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in o=univ.edu, with filter (uid=testuser)

[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items

[ldap] No default NMAS login sequence

[ldap] looking for check items in directory...

  [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"

  [ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843

  [ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737

  [ldap] radiusAuthType -> Auth-Type == EAP

[ldap] looking for reply items in directory...

[ldap] user testuser authorized to use remote access

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns ok

Found Auth-Type = EAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!!    Replacing User-Password in config items with Cleartext-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!! Please update your configuration so that the "known good"
!!!

!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

# Executing group from file /etc/freeradius/radiusd.conf

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 77

[peap] Length Included

[peap] eaptls_verify returned 11 

[peap]     (other): before/accept initialization

[peap]     TLS_accept: before/accept initialization

[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello  

[peap]     TLS_accept: SSLv3 read client hello A

[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello  

[peap]     TLS_accept: SSLv3 write server hello A

[peap] >>> TLS 1.0 Handshake [length 07af], Certificate  

[peap]     TLS_accept: SSLv3 write certificate A

[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  

[peap]     TLS_accept: SSLv3 write server done A

[peap]     TLS_accept: SSLv3 flush data

[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate
A

In SSL Handshake Phase 

In SSL Accept mode  

[peap] eaptls_process returned 13 

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 137 to 10.200.0.2 port 32795

                EAP-Message =
0x0103040019c0000007f316030100310200002d030150923de9c2b9bb8cd34ef049ee8297b8
d2c2431864dd9f472838bcbf6c1279cf000004000005ff0100010016030107af0b0007ab0007
a80003e8308203e43082034da003020102020200b9300d06092a864886f70d01010505003081
9f310b30090603550406130254523111300f06035504071308497374616e62756c311b301906
0355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e66
6f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e697665
72736974793127302506092a864886f70d010901161873797361

                EAP-Message =
0x646d696e40736162616e6369756e69762e656475301e170d3132303531303130333233355a
170d3135303531303130333233355a30819f310b30090603550406130254523111300f060355
04071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273
697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b3019060355
040313125261646975732041757468205365727665723127302506092a864886f70d01090116
1873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d
010101050003818d0030818902818100a868d32fea2097c26fc7

                EAP-Message =
0x06c909e04dffea3289404adeca30535091e4e2b65a36ee9adfe02002bde974063907877737
74e2ef394cef6e918710c7010ce82e41bc97211b8ab3b109377bcee92e67133965afb7e48c4b
2dc1a0e224c721b63b2584c6d16b5a64c4a8f183062baac5d87fdb2250372a4b3fc75f2c3a42
0ec29a5cb90203010001a382012b3082012730090603551d1304023000302c06096086480186
f842010d041f161d4f70656e53534c2047656e65726174656420436572746966696361746530
1d0603551d0e04160414a34c94bbb730604678cc372d518bbbbbe1c43e3a3081cc0603551d23
0481c43081c18014c6c1f74047266b05e67daee7263acf804303

                EAP-Message =
0xbd0aa181a5a481a230819f310b30090603550406130254523111300f060355040713084973
74616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a30
18060355040b1311496e666f726d6174696f6e20546563682e311b3019060355040313125361
62616e636920556e69766572736974793127302506092a864886f70d01090116187379736164
6d696e40736162616e6369756e69762e656475820100300d06092a864886f70d010105050003
8181003b55627e878b84bbfc142e852404b1f5c0d0866cb76d1cd12ce1c45bcc36c2492f4f4b
fe4af1b175e79ab4f3eb915085c9e50afd756a44dc758d4d56f4

                EAP-Message = 0xff14f1d23ad3d94011923725

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1007cea51104d77e23351c7d723e9be1

Finished request 273.

Going to the next request

Cleaning up request 258 ID 63 with timestamp +759

rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=222,
length=216

                User-Name = "testuser"

                NAS-IP-Address = 10.200.0.2

                NAS-Port = 0

                NAS-Identifier = "10.200.0.2"

                NAS-Port-Type = Wireless-802.11

                Calling-Station-Id = "001644EF420B"

                Called-Station-Id = "000B8661DFC4"

                Service-Type = Login-User

                Framed-MTU = 1100

                EAP-Message = 0x020300061900

                State = 0x1007cea51104d77e23351c7d723e9be1

                Aruba-Essid-Name = "sunet-staff-wpa2"

                Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"

                Aruba-Attr-10 = 0x424d5f62696e617369

                Message-Authenticator = 0xaedcfb0ad4ddd446ffbad960996ff1fe

# Executing section authorize from file /etc/freeradius/radiusd.conf

+- entering group authorize {...}

[yenimac]           expand: - -> -

yenimac: Does not match: Calling-Station-Id = 001644EF420B

yenimac: Could not find value pair for attribute Calling-Station-Id

++[yenimac] returns ok

[eap] EAP packet type response id 3 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

++[mschap] returns noop

[ldap] performing user authorization for testuser

[ldap]    expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)

[ldap]    expand: o=univ.edu -> o=univ.edu

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in o=univ.edu, with filter (uid=testuser)

[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items

[ldap] No default NMAS login sequence

[ldap] looking for check items in directory...

  [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"

  [ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843

  [ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737

  [ldap] radiusAuthType -> Auth-Type == EAP

[ldap] looking for reply items in directory...

[ldap] user testuser authorized to use remote access

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns ok

Found Auth-Type = EAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!!    Replacing User-Password in config items with Cleartext-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!! Please update your configuration so that the "known good"
!!!

!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

# Executing group from file /etc/freeradius/radiusd.conf

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1 

[peap] eaptls_process returned 13 

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 222 to 10.200.0.2 port 32795

                EAP-Message =
0x010403fc1940aa154b4beb99b0651d518b10cde973766e445b091bfdb89d709d3d36d3efcf
a451eafe08fa690edc4b432017567af20d482218484a45bf0003ba308203b63082031fa00302
0102020100300d06092a864886f70d010104050030819f310b30090603550406130254523111
300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e
6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b
301906035504031312536162616e636920556e69766572736974793127302506092a864886f7
0d010901161873797361646d696e40736162616e6369756e6976

                EAP-Message =
0x2e656475301e170d3033303331393038343032305a170d3133303331363038343032305a30
819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019
060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e
666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e6976
6572736974793127302506092a864886f70d010901161873797361646d696e40736162616e63
69756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100
b4d46775b459661c4ba537e81197a67c18ab969ba96fb2ad2a7e

                EAP-Message =
0x0f5a8de0ae0d8b564b1269b32de256c8a526139934887adf8c5d1886da51c3d92ecbb91c01
b07ca4cbae2d4d5edf5962133790fc813ad092478d304e4b5344d63bf2af0607bb3d8de02522
dadb62b8972928232ba581d7a047a1c9187eb4c5549a56f3780b6d0203010001a381ff3081fc
301d0603551d0e04160414c6c1f74047266b05e67daee7263acf804303bd0a3081cc0603551d
230481c43081c18014c6c1f74047266b05e67daee7263acf804303bd0aa181a5a481a230819f
310b30090603550406130254523111300f06035504071308497374616e62756c311b30190603
55040a1312536162616e636920556e6976657273697479311a30

                EAP-Message =
0x18060355040b1311496e666f726d6174696f6e20546563682e311b30190603550403131253
6162616e636920556e69766572736974793127302506092a864886f70d010901161873797361
646d696e40736162616e6369756e69762e656475820100300c0603551d13040530030101ff30
0d06092a864886f70d010104050003818100146ceba80178d651a8a31c3e9c0cc9a00f0a4ff1
885f2513befb08f252b0cfcda3db78b749e97c2b81293febd5327166c40d9a1fc660e006b041
be67976381b6610dd938cd1c4dd57bbec9a3f0cf95fce609392ea17400c24acc4dd9c8c1b962
818d9d2ee0081f868984a5b472d757746af53244cffc6c46f741

                EAP-Message = 0x939a3cb53a961603

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1007cea51203d77e23351c7d723e9be1

Finished request 274.

Going to the next request

Cleaning up request 259 ID 58 with timestamp +759

rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=4,
length=216

                User-Name = "testuser"

                NAS-IP-Address = 10.200.0.2

                NAS-Port = 0

                NAS-Identifier = "10.200.0.2"

                NAS-Port-Type = Wireless-802.11

                Calling-Station-Id = "001644EF420B"

                Called-Station-Id = "000B8661DFC4"

                Service-Type = Login-User

                Framed-MTU = 1100

                EAP-Message = 0x020400061900

                State = 0x1007cea51203d77e23351c7d723e9be1

                Aruba-Essid-Name = "sunet-staff-wpa2"

                Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"

                Aruba-Attr-10 = 0x424d5f62696e617369

                Message-Authenticator = 0x66ee7c8a6e9f1922ad84549e4bd66bb6

# Executing section authorize from file /etc/freeradius/radiusd.conf

+- entering group authorize {...}

[yenimac]           expand: - -> -

yenimac: Does not match: Calling-Station-Id = 001644EF420B

yenimac: Could not find value pair for attribute Calling-Station-Id

++[yenimac] returns ok

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

++[mschap] returns noop

[ldap] performing user authorization for testuser

[ldap]    expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)

[ldap]    expand: o=univ.edu -> o=univ.edu

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in o=univ.edu, with filter (uid=testuser)

[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items

[ldap] No default NMAS login sequence

[ldap] looking for check items in directory...

  [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"

  [ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843

  [ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737

  [ldap] radiusAuthType -> Auth-Type == EAP

[ldap] looking for reply items in directory...

[ldap] user testuser authorized to use remote access

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns ok

Found Auth-Type = EAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!!    Replacing User-Password in config items with Cleartext-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!! Please update your configuration so that the "known good"
!!!

!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

# Executing group from file /etc/freeradius/radiusd.conf

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1 

[peap] eaptls_process returned 13 

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 4 to 10.200.0.2 port 32795

                EAP-Message = 0x0105000d19000100040e000000

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1007cea51302d77e23351c7d723e9be1

Finished request 275.

Going to the next request

rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=23,
length=402

                User-Name = "testuser"

                NAS-IP-Address = 10.200.0.2

                NAS-Port = 0

                NAS-Identifier = "10.200.0.2"

                NAS-Port-Type = Wireless-802.11

                Calling-Station-Id = "001644EF420B"

                Called-Station-Id = "000B8661DFC4"

                Service-Type = Login-User

                Framed-MTU = 1100

                EAP-Message =
0x020500c01980000000b61603010086100000820080700e1be39859332693d138b13d7e28ea
b48a5f87e939eeb5d0978da9efd0957c2df909e3bcc53330e00981b44ca7eea794e28607d996
80c38bfb6886d6d3f689e4b8e2251eb9fed2f9747f905c664b4d39ced29c4e8eaa87c4479ebe
30a0c817b52eb0e1c6ebe80a3c8adc3c51352752803f9f15746bfef8bba5724e5d475f5d1403
01000101160301002067324c95356ea8cec4f757f37caa1e0bad62558c0e9372b33e9ac4f238
1bbcf6

                State = 0x1007cea51302d77e23351c7d723e9be1

                Aruba-Essid-Name = "sunet-staff-wpa2"

                Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"

                Aruba-Attr-10 = 0x424d5f62696e617369

                Message-Authenticator = 0x280d05f5afa8df8132594e3046573b8e

# Executing section authorize from file /etc/freeradius/radiusd.conf

+- entering group authorize {...}

[yenimac]           expand: - -> -

yenimac: Does not match: Calling-Station-Id = 001644EF420B

yenimac: Could not find value pair for attribute Calling-Station-Id

++[yenimac] returns ok

[eap] EAP packet type response id 5 length 192

[eap] Continuing tunnel setup.

++[eap] returns ok

++[mschap] returns noop

[ldap] performing user authorization for testuser

[ldap]    expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)

[ldap]    expand: o=univ.edu -> o=univ.edu

  [ldap] ldap_get_conn: Checking Id: 0

  [ldap] ldap_get_conn: Got Id: 0

  [ldap] performing search in o=univ.edu, with filter (uid=testuser)

[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items

[ldap] No default NMAS login sequence

[ldap] looking for check items in directory...

  [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"

  [ldap] sambaNtPassword -> NT-Password ==
0x3038363542313038343146363433333230304330324234453441394634363843

  [ldap] sambaLmPassword -> LM-Password ==
0x4643463937353144304431313932343636353044374443444545353833383737

  [ldap] radiusAuthType -> Auth-Type == EAP

[ldap] looking for reply items in directory...

[ldap] user testuser authorized to use remote access

  [ldap] ldap_release_conn: Release Id: 0

++[ldap] returns ok

Found Auth-Type = EAP

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!!    Replacing User-Password in config items with Cleartext-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

!!! Please update your configuration so that the "known good"
!!!

!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!

# Executing group from file /etc/freeradius/radiusd.conf

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 182

[peap] Length Included

[peap] eaptls_verify returned 11 

[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  

[peap]     TLS_accept: SSLv3 read client key exchange A

[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  

[peap] <<< TLS 1.0 Handshake [length 0010], Finished  

[peap]     TLS_accept: SSLv3 read finished A

[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  

[peap]     TLS_accept: SSLv3 write change cipher spec A

[peap] >>> TLS 1.0 Handshake [length 0010], Finished  

[peap]     TLS_accept: SSLv3 write finished A

[peap]     TLS_accept: SSLv3 flush data

[peap]     (other): SSL negotiation finished successfully

SSL Connection Established 

[peap] eaptls_process returned 13 

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 23 to 10.200.0.2 port 32795

                EAP-Message =
0x01060031190014030100010116030100201137f7a6559497aeecf8db8a0dafbbc6f6a4014c
362fb22f123f439db04ae04f

                Message-Authenticator = 0x00000000000000000000000000000000

                State = 0x1007cea51401d77e23351c7d723e9be1

Finished request 276.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20121101/55657a59/attachment-0001.html>


More information about the Freeradius-Users mailing list