Hi,
I'm trying to set a PEAP Authentication with the rlm_mschap.c /
cli_netlogon.c hacks provided by M. Griego.
The user auth still working (as before), but the computer still not...
(a copy of the debug log. is in attachement)
According to the log, the rlm_mschap seems to be effective, but is there
any way to check that the samba patch is effective too ?
I use a "patched" FR 1.0.5 and a "patched" samba-3.0.20b,1 under FreeBSD
5.3-RELEASE
Regards,
Jeremy
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key
--username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:-DEFAULTDOMAIN}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Thread spawned new child 1. Total threads in pool: 1
Thread spawned new child 2. Total threads in pool: 2
Thread spawned new child 3. Total threads in pool: 3
Thread spawned new child 4. Total threads in pool: 4
Thread spawned new child 5. Total threads in pool: 5
Thread pool initialized
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Thread 1 waiting to be assigned a request
Thread 2 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread 4 waiting to be assigned a request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=78, length=183
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0x63444a5a8824a6668f0c4039b3fa9564
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020900261900170301001bbd4f0d6e5bb61569a12d5f373e1a1b958fda7a867f0e888ecf9134
Message-Authenticator = 0x56fb29e69b4914d39ba20bf387f680a8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=80, length=148
--- Walking the entire request list ---
Sending Access-Reject of id 78 to 192.168.0.241:6001
Waking up in 3 seconds...
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202001501686f73742f6a632d706f727461626c65
Message-Authenticator = 0xdcb1aa29004ed8c0024d87e5ae730392
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
rlm_eap: EAP packet type response id 2 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 80 to 192.168.0.241:6001
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb1370512c2134397d46167c90c436dfc
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=82, length=148
Waking up in 3 seconds...
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0204001501686f73742f6a632d706f727461626c65
Message-Authenticator = 0x86b9014b85796c9dad0ee194a308342f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
rlm_eap: EAP packet type response id 4 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 82 to 192.168.0.241:6001
EAP-Message = 0x010500061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb2415a16262a21ddc793ddd7df3e6b56
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=83, length=225
Waking up in 3 seconds...
Thread 4 got semaphore
Thread 4 handling request 3, (1 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0xb2415a16262a21ddc793ddd7df3e6b56
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0205005019800000004616030100410100003d03014378cfdf419830adfee6d61196470d31ef4e27c9898752991ac8d739c98c90dd00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x7e1132c1cf086ce6fd6699bd8d559d4a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
rlm_eap: EAP packet type response id 5 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0673], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 83 to 192.168.0.241:6001
EAP-Message =
0x0106040a19c0000006d0160301004a0200004603014378cdc09fd9d6bf139a736e9f28b1ee378a37c033684e5329bfccace641f47720633e88e73cf68f278ff6b4036ba430bb6646bcead57546ca1c7d1320bd6c4a4200040016030106730b00066f00066c0002bd308202b930820222a003020102020900be3106f507d71918300d06092a864886f70d0101040500308194310b3009060355040613024652310e300c060355040814055268f46e65310d300b060355040713044c796f6e3111300f060355040a13086169726d6564697331133011060355040b130a42656c6c652d49736c6531193017060355040313106169726d6564697320526f6f
EAP-Message =
0x742043413123302106092a864886f70d01090116146a636c757a656c406169726d656469732e636f6d301e170d3035313032303132313831315a170d3135313031393132313831315a30818e310b3009060355040613024652310e300c060355040814055268f46e65310d300b060355040713044c796f6e3111300f060355040a13086169726d6564697331133011060355040b130a42656c6c652d49736c65311330110603550403130a62656c6c652d69736c653123302106092a864886f70d01090116146a636c757a656c406169726d656469732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100e96c634b36c0
EAP-Message =
0xb0321b71e7442429893b4f9fe4fbd898bb02b4b835e08d2817a1034b660fdc78b2791378a0a1f9fa02b2bed298ad533d42d1b3126d78d4dcd5a6d107d47f0bc22aef392058f031bac8b4edb37c39e69a015265dd1455ce837daab1ab7cc81de8e02326445f4acf588d96cb84645e6189a2a94011527c757dbc450203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181006c3f5d76916ad642dcca36faf2738ffcad7677dc7966034adfcacaf4c4a44b9dc3bb784e290a02cc4c053fcedc1c2cf4f52f47ea0b033c6b31707538ad26173050d708ca7e0f04702307a5940d5169115c54
EAP-Message =
0x3de460d50b5cc424668ce8fbad1264b18579ae6c6903747d260e42d4e377f936df8b6a3c89e24e21d26bbb0e53520003a9308203a53082030ea003020102020900be3106f507d71917300d06092a864886f70d0101040500308194310b3009060355040613024652310e300c060355040814055268f46e65310d300b060355040713044c796f6e3111300f060355040a13086169726d6564697331133011060355040b130a42656c6c652d49736c6531193017060355040313106169726d6564697320526f6f742043413123302106092a864886f70d01090116146a636c757a656c406169726d656469732e636f6d301e170d30353130323031323138
EAP-Message = 0x31305a170d3135313031393132313831305a30819431
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x727295dacda7c4f03237c3e2890645bb
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=84, length=151
Waking up in 3 seconds...
Thread 5 got semaphore
Thread 5 handling request 4, (1 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0x727295dacda7c4f03237c3e2890645bb
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020600061900
Message-Authenticator = 0x59143a9a0ec6bad4aa8fc684fc8d07d4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 84 to 192.168.0.241:6001
EAP-Message =
0x010702d619000b3009060355040613024652310e300c060355040814055268f46e65310d300b060355040713044c796f6e3111300f060355040a13086169726d6564697331133011060355040b130a42656c6c652d49736c6531193017060355040313106169726d6564697320526f6f742043413123302106092a864886f70d01090116146a636c757a656c406169726d656469732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100de286538dbd149fea2e50c3e5c30c15653cac0230d8355c5b28b44860ff55e2e7619d5d5e993962f4e4ee86e9e372596fe8b14e8c8d1e2b07b3859f727b5e9a04f54b61d2f4491
EAP-Message =
0x9397aecca6b0f3499b45e9bd59df7a8ca2c701b8abd4d0363df7d26e4d957d8119dfaff924400da8e6cc71c983523fae2305fb923d48c927d70203010001a381fc3081f9301d0603551d0e0416041422306b5a55f8204218e5cfdcb6be96997eb143a93081c90603551d230481c13081be801422306b5a55f8204218e5cfdcb6be96997eb143a9a1819aa48197308194310b3009060355040613024652310e300c060355040814055268f46e65310d300b060355040713044c796f6e3111300f060355040a13086169726d6564697331133011060355040b130a42656c6c652d49736c6531193017060355040313106169726d6564697320526f6f7420
EAP-Message =
0x43413123302106092a864886f70d01090116146a636c757a656c406169726d656469732e636f6d820900be3106f507d71917300c0603551d13040530030101ff300d06092a864886f70d010104050003818100764f77d21ba3622c6b4dbf8f8ae3811fa3ca529c9296af0864fead9056512831a52a5d2a433c972c160a1fec8e697afccb3fb0f1a97cc7f66be6a00fd49623c3223c02b43130fdeb8e2cf17a33d7b543ad539993a815ea3306c833e2e2ebb3daae5b7d86a83861e836557fadfe54330b5e5e0ac9ea7c010c4ef63d96eca402ba16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe6854d631d98ad8078f595437b699ed5
Finished request 4
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=85, length=337
Waking up in 3 seconds...
Thread 1 got semaphore
Thread 1 handling request 5, (2 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0xe6854d631d98ad8078f595437b699ed5
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020700c01980000000b616030100861000008200801457e62cff8615490eed4e0665ffb7133c3a2ae72fef6eb6a9d041a692979ec242b93f3fea9f7582479097249260c4c0000e297afeb2aff0cb764e5199ab788354cd8fb9e283eb4b769f8e866c65de9e324401b69024c1621c078ec2733981ad6f3d50d2aa89d4bc1becb7ef481416e0f43279020a2984b36f69e7635d1172bf1403010001011603010020e09b95b93a29e33826fd6e9525dae4b614ae1c03724484b97299e4ac0f57f9bf
Message-Authenticator = 0x91f11375ef42bb822e45e6165f37ac0e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
rlm_eap: EAP packet type response id 7 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 85 to 192.168.0.241:6001
EAP-Message =
0x01080031190014030100010116030100209fc7116835f0ad29133a81d3d568b3aba897607858bba130f077538ea9dac86a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd5cba207907eb608a7ee5fcf484e8efd
Finished request 5
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=86, length=151
Waking up in 3 seconds...
Thread 2 got semaphore
Thread 2 handling request 6, (2 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0xd5cba207907eb608a7ee5fcf484e8efd
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800061900
Message-Authenticator = 0x0c15a09ec13c9eb95faab11fcc7af68e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 86 to 192.168.0.241:6001
EAP-Message =
0x01090020190017030100152a5280ecf8347a21ee80a3b9676dfb0eb75e798bce
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x4202ad4ac8fcc2cd7198fc3716666451
Finished request 6
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=87, length=189
Waking up in 3 seconds...
Thread 3 got semaphore
Thread 3 handling request 7, (2 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0x4202ad4ac8fcc2cd7198fc3716666451
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0209002c190017030100215a4e16cf9683342f73c4850aa16470f58f918fad8b21ca3946157af835e1d7034a
Message-Authenticator = 0x0eb5e8e55449b200cdd28e2a11c52a3a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_eap: EAP packet type response id 9 length 44
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - host/portable
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0209001501686f73742f6a632d706f727461626c65
PEAP: Got tunneled identity of host/portable
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/portable
PEAP: Sending tunneled request
EAP-Message = 0x0209001501686f73742f6a632d706f727461626c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/portable"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_eap: EAP packet type response id 9 length 21
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x010a002a1a010a002510bf42800e91ddf6bfe5155eb643e8bf54686f73742f6a632d706f727461626c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd41587fcd15cf9a726e2e859d35310f1
PEAP: Processing from tunneled session code 0x81951c0 11
EAP-Message =
0x010a002a1a010a002510bf42800e91ddf6bfe5155eb643e8bf54686f73742f6a632d706f727461626c65
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd41587fcd15cf9a726e2e859d35310f1
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 87 to 192.168.0.241:6001
EAP-Message =
0x010a00411900170301003676b1c5b2f7bab5bab11766300da96cccfa4d23076b6812ed6e0eb9938df2274a70569cca9911185283330ae5569bfea386e8cf914978
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7947de392fecc9fcd50a38604fcbefe9
Finished request 7
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=88, length=243
Waking up in 3 seconds...
Thread 4 got semaphore
Thread 4 handling request 8, (2 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0x7947de392fecc9fcd50a38604fcbefe9
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020a0062190017030100571584c7104c035d46872460ac212f4a12a31bd3d29fef43aabdc520f419e98d318932baa71b0ae64ac3e134c01ab2f3fd096f8bbe0becb6f60e778b093391a5fb1b50f9393b59f37731e3da9f3579d40d9f7ba36fe64f0b
Message-Authenticator = 0x19bb8e5ba237a8e9605a55b66b80de62
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
rlm_eap: EAP packet type response id 10 length 98
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020a004b1a020a00463100f954a333e2d02d0ba5ac5e7b2929ec000000000000000015b13ebd33dcf6d1b4c4c22cdf1b2eb9e1db8821c003b26400686f73742f6a632d706f727461626c65
PEAP: Setting User-Name to host/portable
PEAP: Adding old state with d4 15
PEAP: Sending tunneled request
EAP-Message =
0x020a004b1a020a00463100f954a333e2d02d0ba5ac5e7b2929ec000000000000000015b13ebd33dcf6d1b4c4c22cdf1b2eb9e1db8821c003b26400686f73742f6a632d706f727461626c65
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/portable"
State = 0xd41587fcd15cf9a726e2e859d35310f1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
rlm_eap: EAP packet type response id 10 length 75
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 8
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/portable with NT-Password
radius_xlat: Running registered xlat function of module mschap for string
'User-Name'
radius_xlat: Running registered xlat function of module mschap for string
'NT-Domain'
rlm_mschap: setting NT-Domain to same as machine name
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'
mschap2: bf
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=portable$
--domain=portable --challenge=df40e8392de543b7
--nt-response=15b13ebd33dcf6d1b4c4c22cdf1b2eb9e1db8821c003b264'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=portable$
--domain=portable --challenge=df40e8392de543b7
--nt-response=15b13ebd33dcf6d1b4c4c22cdf1b2eb9e1db8821c003b264
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 8
modcall: group Auth-Type returns reject for request 8
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 8
modcall: group authenticate returns reject for request 8
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x8195280 3
MS-CHAP-Error = "\nE=691 R=1"
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 88 to 192.168.0.241:6001
EAP-Message =
0x010b00261900170301001bf03c106f745ae7e8df43eebd86e1be9651f19be2cad5ec89778e98
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3acf7124cf49bb8a96cb38a5b1cbf543
Finished request 8
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.241:6001, id=89, length=183
Waking up in 3 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
User-Name = "host/portable"
NAS-IP-Address = 192.168.0.241
Called-Station-Id = "00-20-a6-56-73-76:TEST"
Calling-Station-Id = "00-20-a6-57-83-f2"
NAS-Identifier = "AP01"
State = 0x3acf7124cf49bb8a96cb38a5b1cbf543
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020b00261900170301001ba0d84d961a8c8810ba0963241386597ec460318e3f2af1d0559b05
Message-Authenticator = 0x9f5299f265c8eb3c68a210a7dc54782e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 9
modcall: group authenticate returns invalid for request 9
auth: Failed to validate the user.
Delaying request 9 for 1 seconds
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
