radtest works, connection via wlan fails

Thorsten Bresges (web) thorsten.bresges at web.de
Sat Mar 1 18:06:20 CET 2014


Hello,

I am new to freeradius. I try to set up freeradius for an high school.

I am using FreeRADIUS Version 2.1.12 for host x86_64-pc-linux-gnu on an
debian system.

Freeradius is working with the users file and clear text password. Now I
would like to put the users in a myslq database. I insert two test
accounts: One with an cleartext password and one with an MD5 password
(test account "ilka"). I did the "guide/SQL HOWTO" - except I just
entered the neccesary entries for "fredf" in the howto.

When I try "radtest" everything works fine: The account in the users
file and the twe accounts in mysql are accepted.

Afterwards I tried to connect from my Mac over WLAN and an accesspoint
to the freeradius server. It worked fine with the account in the users
file. But when I tried it with the accounts that are stored in the mysql
database: Neither the cleartext password nor the md5 password account
works - even though this accounts worked with radtest.

What do I wrong? Do I have the wrong idea?

Here is a part of the freeradius debug log. First you see my test
account is working with radtest. The second try it is not working via
wlan and the access point.

Thank you for your help.

Thorsten

--- SCHNIPP ---

Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 51600, id=236,
length=74
	User-Name = "ilka"
	User-Password = "1234"
	NAS-IP-Address = 127.0.1.1
	NAS-Port = 1812
	Message-Authenticator = 0xa68a5393568d346369bcef886a06435c
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:11 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql] 	expand: %{User-Name} -> ilka
[sql] sql_set_user escaped user --> 'ilka'
rlm_sql (sql): Reserving sql socket id: 2
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'ilka'           ORDER BY id
[sql] User found in radcheck table
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'ilka'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'ilka'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1234"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 236 to 127.0.0.1 port 51600
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 236 with timestamp +83
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.178.245 port 3072,
id=0, length=121
	User-Name = "ilka"
	NAS-IP-Address = 192.168.178.245
	Called-Station-Id = "00259cade830"
	Calling-Station-Id = "109adda5aa6c"
	NAS-Identifier = "00259cade830"
	NAS-Port = 35
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0200000901696c6b61
	Message-Authenticator = 0xd4c70ee0de14396c7387dd2ec67a2145
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:50 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[sql] 	expand: %{User-Name} -> ilka
[sql] sql_set_user escaped user --> 'ilka'
rlm_sql (sql): Reserving sql socket id: 1
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = 'ilka'           ORDER BY id
[sql] User found in radcheck table
[sql] 	expand: SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM
radreply           WHERE username = 'ilka'           ORDER BY id
[sql] 	expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority ->
SELECT groupname           FROM radusergroup           WHERE username =
'ilka'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.178.245 port 3072
	EAP-Message = 0x010100061520
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x187e94c4187f81dcecdcfc091efa734e
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.245 port 3072,
id=0, length=282
Cleaning up request 3 ID 0 with timestamp +122

	User-Name = "ilka"
	NAS-IP-Address = 192.168.178.245
	Called-Station-Id = "00259cade830"
	Calling-Station-Id = "109adda5aa6c"
	NAS-Identifier = "00259cade830"
	NAS-Port = 35
	Framed-MTU = 1400
	State = 0x187e94c4187f81dcecdcfc091efa734e
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x0201009815800000008e16030100890100008503015311e7d1dc8554b6d8115e4697cd1603911bf370128267e25a1674210431126000004a00ffc024c023c00ac009c007c008c028c027c014c013c011c012c026c025c02ac029c005c004c002c003c00fc00ec00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100
	Message-Authenticator = 0xd907ee8f95454e3d9fc6676763f874e4
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:50 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 152
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 142
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls]     (other): before/accept initialization
[ttls]     TLS_accept: before/accept initialization
[ttls] <<< TLS 1.0 Handshake [length 0089], ClientHello
[ttls]     TLS_accept: SSLv3 read client hello A
[ttls] >>> TLS 1.0 Handshake [length 0039], ServerHello
[ttls]     TLS_accept: SSLv3 write server hello A
[ttls] >>> TLS 1.0 Handshake [length 02e6], Certificate
[ttls]     TLS_accept: SSLv3 write certificate A
[ttls] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
[ttls]     TLS_accept: SSLv3 write key exchange A
[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[ttls]     TLS_accept: SSLv3 write server done A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.178.245 port 3072
	EAP-Message =
0x0102040015c00000048216030100390200003503015311e7d6bbba48cb775cb6265846550e61e890d08af06b0e3ed88165d96aec4a00c01400000dff01000100000b00040300010216030102e60b0002e20002df0002dc308202d8308201c0a003020102020900a7531dab918be73c300d06092a864886f70d010105050030243122302006035504031319776c616e636f6e74726f6c6c65722e67796d6f64656e2e6465301e170d3134303232323037333532305a170d3234303232303037333532305a30243122302006035504031319776c616e636f6e74726f6c6c65722e67796d6f64656e2e646530820122300d06092a864886f70d0101010500
	EAP-Message =
0x0382010f003082010a0282010100cafae8f86e62cc377e19b89215293656ebb020e26592c2b6ee596bb9fa7f62067416a0f9ea7410cbeb8f6f13f5925c5c866dcc96a73deebcef47e14e28a2f3b5fb7f47b2fca298ebc26eb538d4363cd957cbdfcb6b76b527c3b06a53311f9170c028ec756f12540cef3ab0ed2dc34b5ad00fc74af18cbd0c955a7d329f3885e96be31980ff4eb15e2ac9284378138572136c64b4776ae9fc58e55d03305b06b382a3269e08612ea2e769c9ae477b4af3fb386272c0771cdd1adef260888056680731440f14f59e4b605e6052438362b1e5c3b5b9bb240426c268269fcdd4513b0ac36739e1430963ce7abc903c1ca1
	EAP-Message =
0xa2808e5a412f7834ddc52ba2799cb618890203010001a30d300b30090603551d1304023000300d06092a864886f70d0101050500038201010052c575ba4a457b31556a3d3f21a567342a14ed91ab3ac489b13fdd481801823ec8903f599caa374b30e4a3e03fbc058e032aca619e77549dcee19a25eaa51e32cdb1c2ee7ebeb73577e4c1c05c88db81fc211f039b66fc055382ee34b9230549b3b42393f4cb2ee92f67f622cad7e3d1842ac2e5bca9117ee33963934d23fab4864bec38dd4de3792a82d3815e3459dbb01f5b1eb18fb408a6203e4be9303413c086f0ba387cfbe227989154000597c3a41955e6a2f9d62e4138c5bb7ba99ab3cadaa580
	EAP-Message =
0x42323a8ca2e72b443c44c6b2c24d3a9f9b04c59698f36bbc0210b03b9313429ded6bbf239b6420b2ba607580d46b636eb24bce3e7ae0196e367d96e7160301014b0c0001470300174104dd9cfc7c693b2973e8bf4e46b3897033c0118e407c81c43a17f1ebdd4426d85a4184e6203f16fd86674810628fa5c118f9d13c0099b756684a8ff4f353a9cfc00100149df419c5b258e5c7eeaf3243c68dd89b0f5240de0427797ec6c85be39e7efe9aa4f462b44507ec1769bcf3f4847ebe445c0c724cc0a1c6bf6a70dac95533b20e0fd8bba1c9f911a9a1b77e072be725c8d4048dc794b5f3d5247f957ad7c4ebda0bfd29ff2b52e2955dbfacc13c69ef5f
	EAP-Message = 0x7d16449ec95a34c0d5e1b3d5
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x187e94c4197c81dcecdcfc091efa734e
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.245 port 3072,
id=0, length=136
Cleaning up request 4 ID 0 with timestamp +122
	User-Name = "ilka"
	NAS-IP-Address = 192.168.178.245
	Called-Station-Id = "00259cade830"
	Calling-Station-Id = "109adda5aa6c"
	NAS-Identifier = "00259cade830"
	NAS-Port = 35
	Framed-MTU = 1400
	State = 0x187e94c4197c81dcecdcfc091efa734e
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020200061500
	Message-Authenticator = 0x9ec402e1c00eab45c115006ac68cdfcf
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:50 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
[ttls] Received TLS ACK
[ttls] ACK handshake fragment handler
[ttls] eaptls_verify returned 1
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.178.245 port 3072
	EAP-Message =
0x010300961580000004823aed29190c7500f30a8f6a790077ef4c34e44c6c245d91f78ff6bc61e52ae6892da296ce203846de62f3169209b21d494220ad013391859c59f4d91c8f0ede4fbd721be3f204db34341bdc0c053187170720660396d81f218e0b07803bdd207b888817303c298db0d39aec20b34e4d5bfc34f099ef6662ba0ab574941218a8d794161016030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x187e94c41a7d81dcecdcfc091efa734e
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.245 port 3072,
id=0, length=274
Cleaning up request 5 ID 0 with timestamp +122
	User-Name = "ilka"
	NAS-IP-Address = 192.168.178.245
	Called-Station-Id = "00259cade830"
	Calling-Station-Id = "109adda5aa6c"
	NAS-Identifier = "00259cade830"
	NAS-Port = 35
	Framed-MTU = 1400
	State = 0x187e94c41a7d81dcecdcfc091efa734e
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x02030090158000000086160301004610000042410461df8191b4e0ecbe550b73749c112174eec6dde5f5d612d6f09d1a673550656addd650cab4a509c918573ad466098eca4d5613ad60376a289e189248d24f0d6214030100010116030100307dbcb0b88561c84b293091d1839201bb38392127768f3a4b6d19a27fe1960045a4d04511c29d12ed3db70f9bc77d388c
	Message-Authenticator = 0x0672b82c9679eecab518628870e5a173
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:50 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 134
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
[ttls]     TLS_accept: SSLv3 read client key exchange A
[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[ttls] <<< TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 read finished A
[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[ttls]     TLS_accept: SSLv3 write change cipher spec A
[ttls] >>> TLS 1.0 Handshake [length 0010], Finished
[ttls]     TLS_accept: SSLv3 write finished A
[ttls]     TLS_accept: SSLv3 flush data
[ttls]     (other): SSL negotiation finished successfully
SSL Connection Established
[ttls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.178.245 port 3072
	EAP-Message =
0x0104004515800000003b1403010001011603010030910122ab1ddc0682e1fec8b6d60b215b6cfc74841376ce587d315c5d07458c8ef4f6405e73173084fc8261031bd86762
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x187e94c41b7a81dcecdcfc091efa734e
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.178.245 port 3072,
id=0, length=273
Cleaning up request 6 ID 0 with timestamp +122
	User-Name = "ilka"
	NAS-IP-Address = 192.168.178.245
	Called-Station-Id = "00259cade830"
	Calling-Station-Id = "109adda5aa6c"
	NAS-Identifier = "00259cade830"
	NAS-Port = 35
	Framed-MTU = 1400
	State = 0x187e94c41b7a81dcecdcfc091efa734e
	NAS-Port-Type = Wireless-802.11
	EAP-Message =
0x0204008f15800000008517030100801c2b567e75b0dbfee155df74f8ba26ffc37432e78bbc38a99d2e29c58bd8531066cd4ec962a89fd76d2c7396f9782852aca6773ff20797845e08b2098b2c1197a39a1f20b718fcdbb4b6cba945810fc5751029112d17274251546f11410a0d8fded636f7c0b4c3a30044d992bb9891504ace80709104dfb1906028c0ca2ebf49
	Message-Authenticator = 0xba7fbca76f78aa3404ad55cedae488e1
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] 	expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/192.168.178.245/auth-detail-20140301
[auth_log] 	expand: %t -> Sat Mar  1 14:59:50 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 143
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/ttls
[eap] processing type ttls
[ttls] Authenticate
[ttls] processing EAP-TLS
  TLS Length 133
[ttls] Length Included
[ttls] eaptls_verify returned 11
[ttls] eaptls_process returned 7
[ttls] Session established.  Proceeding to decode tunneled attributes.
[ttls] Got tunneled request
	User-Name = "ilka"
	MS-CHAP-Challenge = 0x92199b7bc988486a09233718da7e7ae8
	MS-CHAP2-Response =
0x0c0036e851fc33bb681f9c2d67d1cf57fd3600000000000000002585c00a1ad283dc4e7d5cc8596d0531acbe42da3c8659f0
	FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
	User-Name = "ilka"
	MS-CHAP-Challenge = 0x92199b7bc988486a09233718da7e7ae8
	MS-CHAP2-Response =
0x0c0036e851fc33bb681f9c2d67d1cf57fd3600000000000000002585c00a1ad283dc4e7d5cc8596d0531acbe42da3c8659f0
	FreeRADIUS-Proxied-To = 127.0.0.1
server inner-tunnel {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
[mschap] Found MS-CHAP attributes.  Setting 'Auth-Type  = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "ilka", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = MSCHAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: ilka
[mschap] Told to do MS-CHAPv2 for ilka with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[ttls] Got tunneled reply code 3
	MS-CHAP-Error = "\014E=691 R=1"
[ttls] Got tunneled Access-Reject
[eap] Handler failed in EAP/ttls
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] 	expand: %{User-Name} -> ilka
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 0 to 192.168.178.245 port 3072
	EAP-Message = 0x04040004
	Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4.9 seconds.
Cleaning up request 7 ID 0 with timestamp +122
Ready to process requests.


More information about the Freeradius-Users mailing list