help debugging EAP authentication problem

Mon, 22 Dec 2003 13:31:56 -0800

Problem Description:

Unable to correctly authenticate a WinXP supplicant using PEAP/ MS-CHAP v2.

i don't know if i have FreeRADIUS misconfigured, if I'm missing an entry in the database ... or what ....

I've tried using eap_tls and eap_md5 ...


snippets of radius -xxyz -l stdout

-- part one --
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 1 length 16
rlm_eap: EAP Start not found
rlm_eap: Configured EAP_TYPE is not supported
rlm_eap: EAP Identity
rlm_eap: Unsupported EAP_TYPE 1
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [fakeAcctTwo/<no User-Password attribute>] (from client satan port 1 cli 00022d18efec)

-- part 2 --
rlm_sql (sql): No matching entry in the database for request from user [fakeAcctTwo]
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns notfound for request 1
modcall[authorize]: module "mschap" returns noop for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 1 length 16
rlm_eap: EAP Start not found
rlm_eap: Configured EAP_TYPE is not supported
rlm_eap: EAP Identity
rlm_eap: Unsupported EAP_TYPE 1
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Login incorrect: [fakeAcctTwo/<no User-Password attribute>] (from client satan port 1 cli 00022d18efec)
Delaying request 1 for 1 seconds
Finished request 1

-- end logs --


i don't understand the "no entry found ... " errors. here are the results of the queries that are run:

mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'fakeAcctTwo' ORDER BY id
-> ;
+----+-------------+---------------+----------------+----+
| id | UserName | Attribute | Value | op |
+----+-------------+---------------+----------------+----+
| 6 | fakeAcctTwo | CHAP-Password | anotherBadPass | == |
+----+-------------+---------------+----------------+----+
1 row in set (0.00 sec)

mysql> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'fakeAcctTwo' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id;
+----+-----------+-----------+-------+----+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------+-------+----+
| 3 | paidUsers | Auth-Type | Local | := |
+----+-----------+-----------+-------+----+
1 row in set (0.00 sec)

mysql> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'fakeAcctTwo' ORDER BY id;
+----+-------------+-------------------+-----------------+----+
| id | UserName | Attribute | Value | op |
+----+-------------+-------------------+-----------------+----+
| 2 | fakeAcctTwo | Framed-IP-Address | 255.255.255.254 | == |
+----+-------------+-------------------+-----------------+----+
1 row in set (0.00 sec)

mysql> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'fakeAcctTwo' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id;
+----+-----------+-----------------+-------+------+
| id | GroupName | Attribute | Value | op |
+----+-----------+-----------------+-------+------+
| 36 | paidUsers | Framed-Protocol | PPP | := |
+----+-----------+-----------------+-------+------+
1 row in set (0.00 sec)


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to