Problems wpa2-tls eap mschapv2 ldap

Roberto Ortega Ramiro roberto.ortega at esj.es
Mon Jun 3 18:24:09 CEST 2013


Hello, here request 46, i don`t know where is the problem.

Is it possible the problem were on the access point?

Thank you



Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.202.252 port 46850,
id=223, length=182
        User-Name = "clemente.blanch"
        NAS-IP-Address = 192.168.202.252
        NAS-Port = 2049
        Called-Station-Id = "00-90-0B-23-2E-BF:Escuelas-Radius"
        Calling-Station-Id = "4C-ED-DE-2C-9C-B2"
        Framed-MTU = 1250
        NAS-Port-Type = Wireless-802.11
        Framed-Compression = None
        Connect-Info = "CONNECT 802.11g"
        EAP-Message = 0x020500061500
        State = 0x4e024d7b4d0758f10683e8b8e5ce125e
        Message-Authenticator = 0x5adf1c83c912ef741d7687fe7de9b226
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 223 to 192.168.202.252 port 46850
        EAP-Message =
0x010602c9158000000aaba5cbca72cee849c5a0b651c56765579abd9a986a5fcb01c4a687c6f907c21d5dc3e15fbcbb39ba86df9e391818ae4d274726e71a30fe43ce96eb23dbd6dd8d651b21e3ceee6ce738c0facef28c11698b5ebd2c46ce4e5e045f3299319205bcba10c47aef515d36ead0b9e5c588327bd2b4f6bfbd93792feb770daddb8d218581b804ba8584031c5ffdd7cc7f45c615b2b00f8a98a4547bb83ba741979e45a767d21a53ff160301020d0c0002090080f988aa6110dbdcf8f712b596003c281ad1eb20d3de4b781d0d4a886f77cb532083cbaa12852faea6eb40b05ca55539d59e9666f0ad01e6021ff68a7fce928b09119f1336
        EAP-Message =
0x46c6abbb9815f5bf03ad5a34549689eee38f0f8749b669788158ed02c99bddc031a069aa78ad6ef473f1cc2e5dc016c2f9538ae1e24f83badf9e788b0001020080b560679c6fc4418267e58e17becc0f688a586adc71902f17c206a8065c780e2fe36e220da345feb93855c4f2a6d600c73745ea7e69075b8285945a001cf174f8da462a39a504428e9077e72c8d65b43c45f7d8ba6c8ce4b5938ba58be88496cc0d6e078e17fb53e039ae538da3b6a89ef4e9f0cc0a8837d83d35961911de34fb0100d3bfd22703553e937e1e38d0f3fe1e67b78be4d1324561938bb05242ba3733a267cef6fd3b3db42fc29f030e17419eadb95b9411fda589cfcbc4
        EAP-Message =
0x3b33f495f8363f05f8ed10fc5d826838c45f846c5e7145dfb8753840c2489a6f12a2b71e00d94849a9743304595ac5a586384f0b0342e7fea8e83f2bf738c5e2ce76c213e7fd879f0c85e551e45f48381f22e48b935436a4600e7024caf024dde1b89e9c5c83f6420a755b01a6a9ac0df1b458f8e89da242d6abaf734eaa6d5fc7d62597f45fa88eef3cd20c402f162d5cf36068f7c3660669dc871a39f675661ce01232becc1af56f1076b6fcb4bbd9fddc60e284e1359b9102eb41bb63d67d313ca6a6fa6016030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x4e024d7b4a0458f10683e8b8e5ce125e
Finished request 46.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.202.252 port 46850,
id=224, length=380
        User-Name = "clemente.blanch"
        NAS-IP-Address = 192.168.202.252
        NAS-Port = 2049
        Called-Station-Id = "00-90-0B-23-2E-BF:Escuelas-Radius"
        Calling-Station-Id = "4C-ED-DE-2C-9C-B2"
        Framed-MTU = 1250
        NAS-Port-Type = Wireless-802.11
        Framed-Compression = None
        Connect-Info = "CONNECT 802.11g"
        EAP-Message =
0x020600cc15001603010086100000820080ef5a474eba5c6b6611cebaf4ba980236d5b7e38ddc6ac3cad1dfeeef9fca0149e7d04c559eae7a8ffd5774074661824a8daa5dc80e7139926ca32017223a67eb374bdacac5f215b47a1c410712e795751ecf35ebef68bc203079928490d2c4f7880d39e7a50be95b0784f405b031376584d8f6ce571b7d5ee7d6b66af90584611403010001011603010030109250d45ec686c1201d06799ab9a2545a16714723963f3f1978ea17ac0f6ebf000bf4961cb1e86765a1a347b2ab2147
        State = 0x4e024d7b4a0458f10683e8b8e5ce125e
        Message-Authenticator = 0x8c6e9a915c23118f9b3fa95af7c596f9
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 192
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] eaptls_verify returned 7
[ttls] Done initial handshake
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
        User-Name = "clemente.blanch"
        MS-CHAP-Challenge = 0xb3c40922186ffd0242e48ab5e4236d74
        MS-CHAP2-Response =
0xf5006784de2648c7ba1f7605053cd7d6bc6d0000000000000000d4e98791848669280eeffe69a579e683618ca0dcf0e4e87e
        FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
        User-Name = "clemente.blanch"
        MS-CHAP-Challenge = 0xb3c40922186ffd0242e48ab5e4236d74
        MS-CHAP2-Response =
0xf5006784de2648c7ba1f7605053cd7d6bc6d0000000000000000d4e98791848669280eeffe69a579e683618ca0dcf0e4e87e
        FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: clemente.blanch
[mschap] Told to do MS-CHAPv2 for clemente.blanch with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
        MS-CHAP-Error = "\365E=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> clemente.blanch
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 48 for 1 seconds
Going to the next request
Waking up in 0.4 seconds.




2013/6/3 Alan DeKok <aland at deployingradius.com>

> Roberto Ortega Ramiro wrote:
> > Hi, the changes i have done in FreeRadius configuration:
> >
> > I have read than client and user files are not necesary, the others
> > files are:
>
>   Which aren't necessary.  We ask for the debug output because we need
> it.  We *don't* ask for other files.  We don't need them.
>
> ...
> >     Sending Access-Challenge of id 180 to 192.168.202.252 port 46850
> >     EAP-Message =
> >
> 0x0105040015c000000aab0102020900efd0613949b1baab300d06092a864886f70d0101050500308191310b3009060355040613024553310f300d060355040813065261646975733111300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303533303038313533385a170d3133303732393038313533385a308191310b3009060355040613024553310f300d060355040813065261646975733111
> >     EAP-Message =
> >
> 0x300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b4038637d9aaab4bc725afe37405268509a155c83ff93ce77ea1009cc5fd8870c1a9da1d80bfdc7425f6a7487822c3cd67b2ce25def5ea1eb92cb9426151aa1af3545aa0ee144e4e8fecfcad2375da868eb97b0c891b53a7b93fb75599171dded6a8103df106aeb3b8d2ba
> >     EAP-Message =
> >
> 0x2378c42fb79dfe3ea604f8685af42d3061b26a28f6a3d5ddd5cc5791a11841f93fc94f722cecd6e149fc22df5578b708f1ca2fdfa542ff88ffc9d9ada134dcc995537e8ac728352a769db3183d5a2f4201840a3c374674e50433e6a2354c3b9128777cd6d87607972077d2f018672438515b4ee44238e07f53cc2b1864b245bdaded300c59081e93096d6fa48ef6a53ffc85f59cdb0203010001a381f93081f6301d0603551d0e041604142abebda37fff69e3d2e86331827670f67d284ced3081c60603551d230481be3081bb80142abebda37fff69e3d2e86331827670f67d284ceda18197a48194308191310b3009060355040613024553310f300d
> >     EAP-Message =
> >
> 0x060355040813065261646975733111300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900efd0613949b1baab300c0603551d13040530030101ff300d06092a864886f70d010105050003820101001f2f907fe03918e01039a2ada650daf223dcacd123e17b1a605c91c390c944b9a71096ba93917d5c7e61274394af291b4933b4e12071c826a5daf0654a67f48108f9bc7f2751a59ae54ce9d788a8b719
> >     EAP-Message = 0x83f82d312c7744ab946edc5e
> >     Message-Authenticator = 0x00000000000000000000000000000000
> >     State = 0x4300b9324005ac785bc66cf0b8940050
> >     Finished request 3.
>
>   Fix the client PC.  It is receiving the EAP message, and doing nothing
> more with it.
>
>   If you wait for a few more seconds, the server will print out a
> WARNING message.  That message tells you what the problem is, and how to
> fix it.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



-- 
-- 
Un saludo.
____________________

Roberto Ortega
Profesor de Informática.
http://www.proyectoret.es

Escuelas San José Valencia
Avd.Cortes Valencianas nº1
46015 Valencia
R4600489A
Tf:963499011 ext. 262
Fax:963488835
http://www.escuelassj.com

No imprimas este correo si no es necesario. Protejamos el medio ambiente.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130603/e10e5d7c/attachment-0001.html>


More information about the Freeradius-Users mailing list