it works fine with xp client but not with odyssey client
it seems to be an mschap problem
if someone has time to look at the logs and confirm this
thanks
basile
.
rad_recv: Access-Request packet from host 195.220.107.12:1814, id=5,
length=203
User-Name = "[EMAIL PROTECTED]"
Framed-MTU = 1400
Called-Station-Id = "000e.38f7.6600"
Calling-Station-Id = "0c0c.0c0c.0c01"
Message-Authenticator = 0xd54d34ea122b853f8850cfaaaf114c8a
EAP-Message =
0x0207003319001703010028e35ea991b308588f350aaf673fdf8532eead6153c0d12e480ea8ee4b9cbfd8459a39109feabc7841
NAS-Port-Type = Wireless-802.11
NAS-Port = 295
State = 0x2b687c866ce905cca57d9764f2142535
Service-Type = Framed-User
NAS-IP-Address = 195.220.107.99
NAS-Identifier = "test_siris"
Proxy-State = 0x313131
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:
'/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026
modcall[authorize]: module "auth_log" returns ok for request 5
rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 5
rlm_realm: Looking up realm "test" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test"
rlm_realm: Adding Stripped-User-Name = "bmathieu"
rlm_realm: Proxying request from user bmathieu to realm test
rlm_realm: Adding Realm = "test"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched bmathieu at 4
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - [EMAIL PROTECTED]
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of [EMAIL PROTECTED]
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to [EMAIL PROTECTED]
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041026'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041026
modcall[authorize]: module "auth_log" returns ok for request 5
rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 5
rlm_realm: Looking up realm "test" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test"
rlm_realm: Adding Stripped-User-Name = "bmathieu"
rlm_realm: Proxying request from user bmathieu to realm test
rlm_realm: Adding Realm = "test"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
users: Matched bmathieu at 4
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns ok for request 5
rad_check_password: Found Auth-Type eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 5 to 195.220.107.12:1814
Session-Timeout = 360
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
EAP-Message =
0x01080060190017030100180a16efb98c394d72fbe95269bb63e16addc61f86c44bca4917030100383a1efde1b8e472fce0dc0e18379f0008899394988150c25bb5ed409188072cd6380f8981cdc01f472e6e5156c10872763f5702d26ace44db
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1c6653de5c6978ac2d868e29b5b55597
Proxy-State = 0x313131
Finished request 5
Going to the next request
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 417e2ba8
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 1 with timestamp 417e2ba9
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 2 with timestamp 417e2baa
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 3 with timestamp 417e2bab
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 4 with timestamp 417e2bac
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 5 with timestamp 417e2bae
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 195.220.107.12:1814, id=6,
length=251
User-Name = "[EMAIL PROTECTED]"
Framed-MTU = 1400
Called-Station-Id = "000e.38f7.6600"
Calling-Station-Id = "0c0c.0c0c.0c01"
Message-Authenticator = 0x32e63908e34361faab08a7dd39330a78
EAP-Message =
0x0208006319001703010058d01a153d29c4ee1dd75703f04e4100730f8593413cff93846396c742b5da16c2a9376d33354aa1c6a4b4155faaa40abc58a7a31dca3c4ea0620f68db59adfedec98617d78e705ec04b79bce34fd31908ec00c183ab205ce3
NAS-Port-Type = Wireless-802.11
NAS-Port = 295
State = 0x1c6653de5c6978ac2d868e29b5b55597
Service-Type = Framed-User
NAS-IP-Address = 195.220.107.99
NAS-Identifier = "test_siris"
Proxy-State = 0x313132
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:
'/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026
modcall[authorize]: module "auth_log" returns ok for request 6
rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 6
rlm_realm: Looking up realm "test" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test"
rlm_realm: Adding Stripped-User-Name = "bmathieu"
rlm_realm: Proxying request from user bmathieu to realm test
rlm_realm: Adding Realm = "test"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched bmathieu at 4
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to [EMAIL PROTECTED]
PEAP: Adding old state with 27 34
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041026'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20041026
modcall[authorize]: module "auth_log" returns ok for request 6
rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 6
rlm_realm: Looking up realm "test" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test"
rlm_realm: Adding Stripped-User-Name = "bmathieu"
rlm_realm: Proxying request from user bmathieu to realm test
rlm_realm: Adding Realm = "test"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
users: Matched bmathieu at 4
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns ok for request 6
rad_check_password: Found Auth-Type eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Told to do MS-CHAPv2 for [EMAIL PROTECTED] with NT-Password
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 6 to 195.220.107.12:1814
Session-Timeout = 360
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "3"
EAP-Message =
0x01090048190017030100181a0bad885c6afa7ce48d7661d179411fe78bc4362209c9831703010020a01c4005c41070e8a199a4f0866c4e313a027578d0abd0922b548864b185dd51
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd65648554427981094b1382bc71a1f7f
Proxy-State = 0x313132
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 195.220.107.12:1814, id=7,
length=195
User-Name = "[EMAIL PROTECTED]"
Framed-MTU = 1400
Called-Station-Id = "000e.38f7.6600"
Calling-Station-Id = "0c0c.0c0c.0c01"
Message-Authenticator = 0x3ae071fc433b5126f13cdef560307f30
EAP-Message =
0x0209002b19001703010020bddf87a216f323d410c7d1fdd0ec6fa994a569d93c956c3d159674e91dae1a69
NAS-Port-Type = Wireless-802.11
NAS-Port = 295
State = 0xd65648554427981094b1382bc71a1f7f
Service-Type = Framed-User
NAS-IP-Address = 195.220.107.99
NAS-Identifier = "test_siris"
Proxy-State = 0x313133
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat:
'/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/195.220.107.12/auth-detail-20041026
modcall[authorize]: module "auth_log" returns ok for request 7
rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm
NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 7
rlm_realm: Looking up realm "test" for User-Name = "[EMAIL PROTECTED]"
rlm_realm: Found realm "test"
rlm_realm: Adding Stripped-User-Name = "bmathieu"
rlm_realm: Proxying request from user bmathieu to realm test
rlm_realm: Adding Realm = "test"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
users: Matched bmathieu at 4
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns ok for request 7
rad_check_password: Found Auth-Type eap
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 7 to 195.220.107.12:1814
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x313133
Waking up in 3 seconds...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
