Hi,
I'm trying to run WindowsXP client with PEAP - MSCHAP-V2 auth and the
authentication fails
I got two possible points of error, but I cannot guess where is my problem:
(1)
rlm_eap_peap: Had sent TLV failure, rejecting
(2)
modcall[authenticate]: module "eap" returns reject for request 7
modcall: group authenticate returns reject for request 7
auth: Failed to validate the user.
What is TLV ?
What is doing request 7 and why does it fail ?
Any ideas ?
Details below:
My WindowsXP client settings are :
Connection properties ->
Authentication : Enable IEEE 802.1x ...
EAP type PEAP
Properties ->
Select Auth. Method: EAP-MSCHAP-v2
The users file:
user3 User-Password == "cisco"
the radiusd.conf
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
The complete log:
# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: bind_address = 212.39.64.183 IP address [212.39.64.183]
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
Using deprecated clients file. Support for this will go away soon.
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/root/CA/btc.pem"
tls: certificate_file = "/root/CA/btc.pem"
tls: CA_file = "/root/CA/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/root/CA/DH"
tls: random_file = "/root/CA/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = yes
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address 212.39.64.183, ports 1812/udp and 1813/udp, with
proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=5,
length=123
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x476d997ec6d12a17f63c22831e6c86e5
EAP-Message = 0x0202000a017573657233
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_eap: EAP packet type response id 2 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 5 to 192.168.4.5:21647
EAP-Message = 0x010300060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb9d0fb3f7c536f9d415817e67a62936e
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=6,
length=137
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0xb621f4d66da55f4f3c08a8355ae4146c
EAP-Message = 0x020300060319
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0xb9d0fb3f7c536f9d415817e67a62936e
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 1
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 6 to 192.168.4.5:21647
EAP-Message = 0x010400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x082bdaff439a8d1f6862bba00dd34e80
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=7,
length=243
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x2194c19c6e1b4dc3495b6478f1628005
EAP-Message =
0x0204007019800000006616030100610100005d0301403f4b477fa7603792a860fd7c3a821f
020dd8870591d771f105ae33430573112082eb980a98e6b54cdff5d9f9623e70dc86897694ba
7c4085b8caa93623517609001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0x082bdaff439a8d1f6862bba00dd34e80
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 2
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_eap: EAP packet type response id 4 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0528], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 7 to 192.168.4.5:21647
EAP-Message =
0x0105040a19c000000585160301004a020000460301403ecc93fe4f48ffc8c6bfb63bdc6ce4
7b1ceabadf4b1c73f6f45bf413aea03320a1976531920e7e6f5398637fc229c454ef92ad92fc
1c2a79a52f27dead545f1300040016030105280b000524000521000237308202333082019ca0
03020102020101300d06092a864886f70d0101040500305a310b300906035504061302424731
11300f0603550408130842756c6761726961310e300c06035504071305536f66696131143012
060355040a130b4254432d4e6574204c746431123010060355040313095465737420726f6f74
301e170d3034303232363036323331385a170d30353032323530
EAP-Message =
0x36323331385a304c310b30090603550406130242473111300f0603550408130842756c6761
72696131143012060355040a130b4254432d4e6574204c7464311430120603550403130b5465
73742073657276657230819f300d06092a864886f70d010101050003818d0030818902818100
a0f9305354e743efd80a1690617a7649a1bb867ea2b9c8e6cb51ae64f174942027448a07d516
0af62effc9a851b56df1500a84c74411e81c770ff7470c0577cfea49d72d3b64bec40f4df1ca
996263981ceb93e89f50888acfdfd5e14d4e36a0f764e1e38656cdce6f53e31482554d83345e
ad28793d605e8e28bb165d8c06ab0203010001a3173015301306
EAP-Message =
0x03551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100
81ae6e37a9a1ecfcfd01588ee9759bc7ba5e54c80e18e389161e0f833fc04010d65b7a7a0d0d
07955c033f82e097612e982e31e6959bb2ece0a892956d0ee433fb1664078b5e44a9c4b4520c
9c24eb42ee02312f7566c5f654033fc34159e1da01d51cab41fac164aabea262400f3f997363
89b496b5c87a898650f26cdab0c10002e4308202e030820249a003020102020100300d06092a
864886f70d0101040500305a310b30090603550406130242473111300f060355040813084275
6c6761726961310e300c06035504071305536f66696131143012
EAP-Message =
0x060355040a130b4254432d4e6574204c746431123010060355040313095465737420726f6f
74301e170d3034303232363036323235345a170d3034303332373036323235345a305a310b30
090603550406130242473111300f0603550408130842756c6761726961310e300c0603550407
1305536f66696131143012060355040a130b4254432d4e6574204c7464311230100603550403
13095465737420726f6f7430819f300d06092a864886f70d010101050003818d003081890281
8100c24b998c32de45e65c843fba5319f9d5a2dc0c9a67aaa9f88d9e7875f852b8c137fa202e
de9f433da6fc553a186e5b76a224ece88c0b97853b2a49abff06
EAP-Message = 0x8916f06daba8545c3c6bc258beaa186f60282c005ca3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8596d69d94c7e24b2fc92cdc45d48512
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=8,
length=137
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x9991413e793cb6b2f9fe5210f3aedf80
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0x8596d69d94c7e24b2fc92cdc45d48512
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 3
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 8 to 192.168.4.5:21647
EAP-Message =
0x0106018b19008ee3bf3e228fe71ac9dbf321233ab3d7509ff08dcf780ba584da369ee432a7
278145754b9c103b5f6bda45e50203010001a381b53081b2301d0603551d0e0416041464fffc
e3d6ed4cd1133b21583cedb43124db389a3081820603551d23047b3079801464fffce3d6ed4c
d1133b21583cedb43124db389aa15ea45c305a310b30090603550406130242473111300f0603
550408130842756c6761726961310e300c06035504071305536f66696131143012060355040a
130b4254432d4e6574204c746431123010060355040313095465737420726f6f74820100300c
0603551d13040530030101ff300d06092a864886f70d01010405
EAP-Message =
0x00038181000b093984feb4be3b27683827711965b6a3d6e425d14ea6efc12c23400adf1904
5aa13d08140a46f5087d4116cd455f9d0a456e2b57d498b0bc22dc22870b49ab6a2543a2250e
d5fa2aaae83f0d7e840f24d529b1a55afb7367ada04669a36598d2852de51dc15afad9cef097
d8c6f8e4020a62bda55eca32afa4497cd4439d0a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2b85a6fcee6e40ea90165f32fe705a5d
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=9,
length=323
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x1f841bfb9660c1154bdd94eee082a87e
EAP-Message =
0x020600c01980000000b616030100861000008200801edd88d1fb051b322a35e96b50ea25ce
ed8e3d11f61a549850da0c4275732bede8f908658574f73a65a6091e08e5add32e035773adca
cfa80d3655ef60d1bc74a7cf69c7a94c4b86713e98e57a946f3d9f7ba3dbf42a6c0deb8a22d0
55f17859a1febdea3dfb83a25cb90b4e7cf4117df7bc429e8f0f8350e3e86b15b9d664dc1403
0100010116030100204300ae031e59680aad6e7a9d7240ecda84544bb147320a6a2144151543
e79bd5
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0x2b85a6fcee6e40ea90165f32fe705a5d
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 4
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_eap: EAP packet type response id 6 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 9 to 192.168.4.5:21647
EAP-Message =
0x0107003119001403010001011603010020e4a75b500c121be98e25342464df74a5564ede9c
876a4844e2efeba9a45598a4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc5f3cb24601f8eb64b30edc4d37d055b
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=10,
length=137
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x7a98aed2ed291285ddaf542a68de1c1e
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0xc5f3cb24601f8eb64b30edc4d37d055b
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 5
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 10 to 192.168.4.5:21647
EAP-Message =
0x0108002019001703010015c7e4157b2dd95d0246089a89b1d6270a387575b9fa
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xefa14a22269ac85fa30c8fe55fa3fd0e
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=11,
length=164
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0xc19232910ad58be599fc4952433a0974
EAP-Message =
0x020800211900170301001629da56ad4847737620d405365d634098198164eaed71
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0xefa14a22269ac85fa30c8fe55fa3fd0e
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 6
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_eap: EAP packet type response id 8 length 33
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - user3
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0208000a017573657233
PEAP: Got tunneled identity of user3
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Sending tunneled request
EAP-Message = 0x0208000a017573657233
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user3"
modcall: entering group authorize for request 6
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_eap: EAP packet type response id 8 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 6
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x0109001f1a0109001a10125301c5c5749728c3bb01b857b84dc17573657233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x002a0de0cc1fe7889e42d4b17f1000a6
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 11 to 192.168.4.5:21647
EAP-Message =
0x010900361900170301002bc996fc763affc5f6f644acb4431f2fcb049f9895a4569d3e6a16
fc6e8ddbabef02d505533fad1f72508dc9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4c3a94695e2875dbbf38c02f26977748
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=12,
length=218
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x5e9788adcbacbee007ace6e74ccb1601
EAP-Message =
0x020900571900170301004ca0b3f59472d9053e677cde46993501e43856b78a4d41970677e0
edc289bc59cdfe302c6e0b11f32620102687a866750ac5a598fd0a71f2c2293bd286ba67087b
636f5c0693dd64fc6e97d332
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0x4c3a94695e2875dbbf38c02f26977748
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 7
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 7
rlm_eap: EAP packet type response id 9 length 87
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020900401a0209003b31e45891dcf8d1b7f285ca3ee6d209cfd30000000000000000c2ce74
37fdf0be00dfb9a108766513e48c77943f5373eeba007573657233
PEAP: Adding old state with 00 2a
PEAP: Sending tunneled request
EAP-Message =
0x020900401a0209003b31e45891dcf8d1b7f285ca3ee6d209cfd30000000000000000c2ce74
37fdf0be00dfb9a108766513e48c77943f5373eeba007573657233
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "user3"
State = 0x002a0de0cc1fe7889e42d4b17f1000a6
modcall: entering group authorize for request 7
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 7
rlm_eap: EAP packet type response id 9 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 7
modcall: group authenticate returns reject for request 7
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 12 to 192.168.4.5:21647
EAP-Message =
0x010a00261900170301001bc89d5a5287583d6c7c548514d20f8d60f4b1086bc821712701d7
c0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4fe42031a4a55b47bc1e4ff6cf7f0c3b
Finished request 7
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.4.5:21647, id=13,
length=169
User-Name = "user3"
Framed-MTU = 1400
Called-Station-Id = "0002.8a0e.33c0"
Calling-Station-Id = "0090.9660.5c87"
Message-Authenticator = 0x96f6eb4d0898401e43ff45941ba5af47
EAP-Message =
0x020a00261900170301001bbec0ec30a316dd43281ea9bfd85024b422af7d01ef74ba93a6e9
2d
NAS-Port-Type = Wireless-802.11
NAS-Port = 376
State = 0x4fe42031a4a55b47bc1e4ff6cf7f0c3b
Service-Type = Framed-User
NAS-IP-Address = 192.168.4.5
NAS-Identifier = "ap"
modcall: entering group authorize for request 8
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
modcall[authorize]: module "preprocess" returns ok for request 8
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
rlm_realm: No '@' in User-Name = "user3", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
users: Matched user3 at 93
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 8
modcall: group authenticate returns invalid for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
