FR setup with AD | TLS issue

Vishesh kumar linuxtovishesh at gmail.com
Thu Aug 27 13:28:26 CEST 2015 

Hi Members,

I am trying to setup FR with Windows Active Directory. I guess my setup is
working as I am able to do mschap authentication using radtest command, but
getting below logs with unsuccessful login when trying to authenticate via
peapv0 via Windows 7 machine.

I am using AD CA signed certificate for TLS, but seems that some
certificate problem is appearing in TLS connection.

Please let me know if I am missing anything here,

+++++++++++++++++++++++++++++++++++++++++

rad_recv: Access-Request packet from host 192.168.32.99 port 20001, id=68,
length=170
        NAS-Port-Id = "AP12/2"
        Calling-Station-Id = "xxxxxxxxxxx"
        Called-Station-Id = "xxxxxxxxxxxx"
        Service-Type = Framed-User
        User-Name = "test\\user1"
        NAS-Port = 62279
        State = 0xe13e110ce53808ac11ae5d07bbfe47cd
        EAP-Message = 0x020600061900
        NAS-Port-Type = Wireless-802.11
        NAS-IP-Address = 192.168.32.99
        NAS-Identifier = "Juniper"
        Message-Authenticator = 0x118db9c6453dc9c952b65157e6d1a70b
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "test\user1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 68 to 192.168.32.99 port 20001
        EAP-Message = 0x010700061900
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xe13e110ce43908ac11ae5d07bbfe47cd
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 24 ID 63 with timestamp +153
Cleaning up request 25 ID 64 with timestamp +153
Cleaning up request 26 ID 65 with timestamp +153
Cleaning up request 27 ID 66 with timestamp +153
Cleaning up request 28 ID 67 with timestamp +153
Cleaning up request 29 ID 68 with timestamp +153
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xe13e110ce43908ac did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
++++++++++++++++++++++++++++++++++++++++++++++++++++
-- 
Regards,
Vishesh Kumar

More information about the Freeradius-Users mailing list