FR 3.0.5 Expected Debug
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Nov 10 10:18:57 CET 2014
Hi,
> First time using FR 3, after configuring to authenticate with AD the debug
> that gets spat out appears quite long. I am just making sure this is
> normal, expected behaviour and if not what I have done wrong..
>
> I've attached the radiusd -X output of one client (iPad) connecting.
> Config items should all be default except things like
> mods-available/mschap, mods-available/eap, as per
> http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO
> ..
whats the problem? the RADIUS server sent back Access-Accept - the client should be
allowed to go online.
the debug is the corretc length...you are using PEAP and therefore you get this
hello : hello, send your ID
heres my ID : okay heres my ID (cert sent)
(after validating cert) okay lets do EAP : lets do PEAP
okay... (EAP sessions establishes) , heres my inner ID : okay.. lets do MSCHAPv2
(MSCHAPv2 challenge response proceeds)
the expected values are found : okay Access-Accept and heres some MPPE stuff for your NAS
some steps require multiple pakcets - each one is logged in debug mode in total..you
can actually read what thr server is doing step by step in full debug mode - that is
the return code of every module that the packet goes through (and the complete packet contents
for each step) . PEAP takes around 12 packets in round trip... if you have a single client
you can look for the 'ready to receive' lines to see each start/stop point...and if you
use Wireshark you can see the whole conversation in simple packet swap mode. once you get
used to skimming through/reading them it takes less effort (and you can start to remove
non required modules to clear things up - and sometimes speed things up)
alan
More information about the Freeradius-Users
mailing list