fr 3.0.0 - peap problem
Polish
pavel.polacek at ujep.cz
Fri Nov 8 09:13:26 CET 2013
Hello all,
I want to test new features of freeradius 3.0.0 from tarball, but I
don't be able run successfull PEAP - MS-CHAPv2 authentization.
Testing environment:
freeradius 3.0.0
local user in users file (cleartext password:
ferda Cleartext-Password := "hello")
testing certificates generated by bootstrap
Result in debug log:
(12) eap_peap : Tunneled authentication was successful.
(12) eap_peap : SUCCESS
(12) eap : New EAP session, adding 'State' attribute to reply
0xbb50c041b359d9c3
(12) [eap] = handled
(12) } # authenticate = handled
...
13) # Executing group from file /etc/freeradius/sites-enabled/default
(13) authenticate {
(13) eap : Expiring EAP session with state 0xbb50c041b359d9c3
(13) eap : Finished EAP session with state 0xbb50c041b359d9c3
(13) eap : Previous EAP request found for state 0xbb50c041b359d9c3,
released from the list
(13) eap : Peer sent PEAP (25)
(13) eap : EAP PEAP (25)
(13) eap : Calling eap_peap to process EAP data
(13) eap_peap : processing EAP-TLS
(13) eap_peap : eaptls_verify returned 7
(13) eap_peap : Done initial handshake
(13) eap_peap : eaptls_process returned 7
(13) eap_peap : FR_TLS_OK
(13) eap_peap : Session established. Decoding tunneled attributes.
(13) eap_peap : Peap state send tlv success
(13) eap_peap : EAP type NAK (3)
(13) eap_peap : We sent a success, but received something weird in return.
SSL: Removing session
370322346fc943fdb1aad36f4480d755e0cbe3cea31c375242d599bc8f16ad4e from the
cache
(13) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module
failed
(13) eap : Failed in EAP select
(13) [eap] = invalid
(13) } # authenticate = invalid
(13) Failed to authenticate the user.
radtest results:
# test of inner-tunnel
root at ferda:/etc/freeradius# radtest ferda hello localhost:18120 0
testing123
Sending Access-Request of id 124 from 0.0.0.0 port 51463 to 127.0.0.1 port
18120
User-Name = 'ferda'
User-Password = 'hello'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=124,
length=20
root at ferda:/etc/freeradius# radtest -t mschap ferda hello localhost:18120
0 testing123
Sending Access-Request of id 207 from 0.0.0.0 port 56629 to 127.0.0.1 port
18120
User-Name = 'ferda'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
MS-CHAP-Challenge = 0xcf018e925195d3d9
MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000c1dbccbde8a3f351c6abf211ec362574a0791cbeb4d5e93a
rad_recv: Access-Accept packet from host 127.0.0.1 port 18120, id=207,
length=84
MS-CHAP-MPPE-Keys =
0xfda95fbeca288d44ac0782e2de2337dee40e54ee732c1af5
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
# test on default port
root at ferda:/etc/freeradius# radtest ferda hello localhost 0 testing123
Sending Access-Request of id 34 from 0.0.0.0 port 58221 to 127.0.0.1 port
1812
User-Name = 'ferda'
User-Password = 'hello'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=34,
length=20
root at ferda:/etc/freeradius# radtest -t mschap ferda hello localhost 0
testing123
Sending Access-Request of id 58 from 0.0.0.0 port 50981 to 127.0.0.1 port
1812
User-Name = 'ferda'
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x00
MS-CHAP-Challenge = 0x3391672449586edb
MS-CHAP-Response =
0x0001000000000000000000000000000000000000000000000000cd40eb3770183e9a6ee3cc67da194680f1abb095c7561f41
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=58,
length=84
MS-CHAP-MPPE-Keys =
0xfda95fbeca288d44ac0782e2de2337dee40e54ee732c1af5
MS-MPPE-Encryption-Policy = Encryption-Allowed
MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
I don't know where is problem. Thanks for tips and advises.
Best regards Pavel Polacek
More information about the Freeradius-Users
mailing list