can't connect to network with md5-password on windows 10

Hamid Rahman hamidrahman at live.com
Fri Jan 26 09:28:21 CET 2018


why my computer can't connect to network with md5-password ?
even though if i use cleartext-password it's can connected. but if i use smartphone or linux it's work.

can you help me ?

there is freeradius debug :

# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "hamid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql]   expand: %{User-Name} -> hamid
[sql] sql_set_user escaped user --> 'hamid'
rlm_sql (sql): Reserving sql socket id: 0
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'hamid'           ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'hamid'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'hamid'           ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: hamid
[mschap] Told to do MS-CHAPv2 for hamid with NT-Password
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
        MS-CHAP-Error = "\tE=691 R=1"
        EAP-Message = 0x04090004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
        MS-CHAP-Error = "\tE=691 R=1"
        EAP-Message = 0x04090004
        Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 158 to ***.***.***.*** port 32772
        EAP-Message = 0x010a002b190017030100200586e482dcc33b2c9280f10597c6fa8734e6afc7046f9a2e08f41cf18a749f4f
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0xcc3ab30bcb30aa566d0010d0e8ca6221
Finished request 7.
Going to the next request
Waking up in 3.8 seconds.
rad_recv: Access-Request packet from host ***.***.***.*** port 32772, id=159, length=331
        User-Name = "hamid"
        Chargeable-User-Identity = ""
        Location-Capable = Civix-Location
        Calling-Station-Id = "94-0c-6d-e1-f1-b4"
        Called-Station-Id = "58-0a-20-7e-2c-00:annaba4"
        NAS-Port = 3
        Cisco-AVPair = "audit-session-id=c0a81a19000071a65a6ae803"
        Acct-Session-Id = "5a6ae803/94:0c:6d:e1:f1:b4/34470"
        Cisco-AVPair = "mDNS=true"
        NAS-IP-Address = 192.168.35.254
        NAS-Identifier = "WLC_2504"
        Airespace-Wlan-Id = 7
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "35"
        EAP-Message = 0x020a002b19001703010020b251340da3d5ad94add86f70d3e1b882d6770280ac5d5ab14aa4ab95ec8b91df
        State = 0xcc3ab30bcb30aa566d0010d0e8ca6221
        Message-Authenticator = 0x323eda2ece20e5a64deebab3d52ddb4c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "hamid", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> hamid
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 159 to 10.237.15.1 port 32772
        EAP-Message = 0x040a0004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.8 seconds.
Cleaning up request 0 ID 151 with timestamp +204
Cleaning up request 1 ID 152 with timestamp +204
Cleaning up request 2 ID 153 with timestamp +204
Cleaning up request 3 ID 154 with timestamp +204
Cleaning up request 4 ID 155 with timestamp +204
Waking up in 1.1 seconds.
Cleaning up request 5 ID 156 with timestamp +205
Cleaning up request 6 ID 157 with timestamp +205
Cleaning up request 7 ID 158 with timestamp +205
Waking up in 1.0 seconds.
Cleaning up request 8 ID 159 with timestamp +205
Ready to process requests.

thanks


More information about the Freeradius-Users mailing list