Hi There
I have configured the Freeradius on Fedora core 3 as per the
documentation
[EMAIL PROTECTED] raddb]# ntlm_auth --request-nt-key --domain=INDIA
--username=checkad
password:
NT_STATUS_OK: Success (0x0)
[EMAIL PROTECTED] raddb]#
When I start the the Radius Server using Radius -X command Starts fine.
When I give the logon credentials through the wireless laptop the user
doesn't get validated.
Please help me out. If you need the any config files for your reference,
please let me know.Atached is the log file of output generated.
Also guide me, as I have already given allow permissions to users with
Dialin Permissions in AD domain.
Thanks & Regards
Varun Marwah
CONFIDENTIALITY NOTICE
This e-mail transmission and any documents, files, or previous e-mail
messages appended or attached to it, may contain information that is
confidential or legally privileged. If you are not the intended
recipient, or a person responsible for delivering it to the intended
recipient, you are hereby notified that any disclosure, copying,
printing, distribution, or use of the information contained or attached
to this transmission is STRICTLY PROHIBITED. If you have received this
transmission in error, please immediately notify the sender by telephone
(+91-172-2299137) or return e-mail message ([EMAIL PROTECTED]) and
delete the original transmission, its attachments, and any copies
without reading or saving in any manner. Thank you.
-----Original Message-----
From: charles schwartz [mailto:[EMAIL PROTECTED]
Sent: Monday, November 28, 2005 10:51 PM
To: [email protected]
Cc: Varun Marwah
Subject: Re: AD authentication
Hi,
If the wbinfo command does not work, ntlm_auth won't work too.
> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>
> error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
This error indicates that something went wrong with the domain access.
Try to troubleshoot by using wbinfo -g or wbinfo -u.
With these commands you should be able to list the users and groups of
your domain.
There may be a problem with NTLM on your Windows2003 server.
Note thath NTLM was the authentication protocol used by earlier version
of Windows.
It is still supported for backward compatibility, but can be disabled.
By default, Win2k and 2003 use Kerberos for authentication.
You might have a security policy thats restricts the use of NTLM on your
network.
Check your GPO if NTLM is allowed to be transmitted across the network.
Regards,
Charles Schwartz
> Hi,
>
>
>
> I used the document freeRadius_AD_tutorial.pdf for configuring a linux
> box to get authenticated through users in Windows 2003 AD.
>
>
>
> I used the command net join -U Administrator to add the machine to the
> domain. It gave successful results. Now on typing the command
>
>
>
> wbinfo -a checkad%Quark_123
>
>
>
> I got the following results:-
>
>
>
> plaintext password authentication failed
>
> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>
> error messsage was: No such user
>
> Could not authenticate user checkad%Quark_123 with plaintext password
>
> challenge/response password authentication failed
>
> error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da)
>
> error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>
> Could not authenticate user checkad with challenge/response
>
>
>
> Also, on giving the command
>
>
>
> # ntlm_auth --request-nt-key --domain=india.quark.com --username=
> checkad
>
> password:
>
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> (0xc00000da)
>
> [EMAIL PROTECTED] etc]#
>
> I get the above stated error. Please help.
>
> Thanks & Regards
>
> Varun Marwah
>
> CONFIDENTIALITY NOTICE
>
> This e-mail transmission and any documents, files, or previous e-mail
> messages appended or attached to it, may contain information that is
> confidential or legally privileged. If you are not the intended
> recipient, or a person responsible for delivering it to the intended
> recipient, you are hereby notified that any disclosure, copying,
> printing, distribution, or use of the information contained or
attached
> to this transmission is STRICTLY PROHIBITED. If you have received this
> transmission in error, please immediately notify the sender by
telephone
> (+91-172-2299137) or return e-mail message ([EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ) and delete the original transmission, its
> attachments, and any copies without reading or saving in any manner.
> Thank you.
>
>
>
--
This message has been scanned for viruses and
dangerous content by Quark Anti Virus, and is
believed to be clean.
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "/etc/shadow"
unix: group = "(null)"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/etc/raddb/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=139
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0200001201494e4449415c766d6172776168
Message-Authenticator = 0x0f4a5ec136e65d7e0db18153fc0fb03d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9530f651b0706bb0f1026356910c9a2f
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=219
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x9530f651b0706bb0f1026356910c9a2f
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201005019800000004616030100410100003d0301438c3c4092d317acd6a3bcede29736bd841903cebe8989bd0b6a14e3cb4ee12d00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xa5f5573eaaff2689f61412f4a3a44b5a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ac], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x0102040a19c000000709160301004a020000460301438c3bfa14f8cb39f6cb67f1880cf4c929534d007b199ecfc41ee6f1277cbcd22074007fcf2107e6b2490355377b1a07bb9d3c65b26faf11622cd598c9b3df31f400040016030106ac0b0006a80006a50002d7308202d33082023ca003020102020102300d06092a864886f70d01010405003081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063
EAP-Message =
0x657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d301e170d3035313132393038343131345a170d3036313132393038343131345a3081a1310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d3119301706035504031310526f6f742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d30819f300d06092a86
EAP-Message =
0x4886f70d010101050003818d0030818902818100d1a1b4d3b8687f77e75fcf41f73904688098b590043b9819b1f5e31f76baa0d7ec540f5f826034ca4d8969292145306d09e2af699c1f5e9d43ac236e8a6cf06ee0cb8777c09f3cbfb389667bbcdc639539b953c765c21e98e37209349e80a7eb8bd61b3671ea41ec2e2707fce5914b2b073fb87a2d1059d7fbd9e9809a6a9d870203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100207bd3e9401737e68194c00ece227f7fcfdabcf8881cb4132eaa8d7ecb31c4ecdfe49b3fd3f8721aad540ba99642552d5c1c617a36b58533
EAP-Message =
0x1f7534d1624a33d86d9557d6b6a7e0ec830fb0d99124a937869ca883c33d65676a9785997ded8656cb01aaeea90bd4a1101006c1f7cd28d967660bc5b12d159e3200bd879d8cf4cb0003c8308203c43082032da003020102020100300d06092a864886f70d01010405003081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d01090116156974
EAP-Message = 0x2d6e6574776f726b7340717561726b2e636f6d301e17
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a11526b545c917adfdec91b4cb84e32
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=145
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x9a11526b545c917adfdec91b4cb84e32
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200061900
Message-Authenticator = 0xad26fe74011571e74de96b20051787fc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x0103030f19000d3035313132393038343131335a170d3037313132393038343131335a3081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b7ef624e6bea2713b55934beacf96c4b1459bd6e02405d
EAP-Message =
0xa2e3e216d1c3557467aabb1824784d4650b26901e457d29def9af9ffec6100e2ba7d1439b5c9584f9da9e0e91bd3ec5c5edccc3ff94160a8bdfa9666732efcb2cf694399493c36411d8a2c59089a3f4e8653e26202661a15dfdaaace84fac49be836d916854f043ae10203010001a382010430820100301d0603551d0e04160414a5a805bd6a8f8741b92888fa581ea9a8a94647443081d00603551d230481c83081c58014a5a805bd6a8f8741b92888fa581ea9a8a9464744a181a9a481a63081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a130551
EAP-Message =
0x7561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100b6be9be2d5f93ea41ebba0ba0dc6f9d0f23475965bf74520fa447d0748827eafa34e4a059ab7c2213004e6121d38b253cd2d80638d9bb6fb908ff82769cf2cf59d4642b6c2314faaaaddb62694cfd47206d4b4d7067d1982fe48e82d1cf04f1c1f8039f1a76da118a2a908bcd6d2816370
EAP-Message = 0xab43aba0dd371f0cad483a04583f2d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9f37c893434a992fff5a38c53689080c
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=331
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x9f37c893434a992fff5a38c53689080c
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020300c01980000000b61603010086100000820080ad4e4d344170c2a6a87f0655cdb95a05064e04b2b20c9045d727b5552e32b12cd385b96b823cb8ac59925f4d1133b795584b650b552ea066fe03ab2f345de3f21c9ea75f48c401df618743d192ae101c9e3ce30c69a50fcc0df16f7446cadfbee01a4d45176c744661b43df46cc246796599c49cd0ffb3cd892a68013035e63f14030100010116030100202102acdc6bfbbe36f1449cf4929730e0f91444a694e41a81ebb3d1164fd8b8b2
Message-Authenticator = 0x5f2c4c1bad1dc47caa646910b454de5f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x010400311900140301000101160301002035cc6c2f1bdf982713f0022c4bcd304f855b68e3052d818373f419390efc74c3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2637ac0e5baf68c38a112e95d4dc0857
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=145
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x2637ac0e5baf68c38a112e95d4dc0857
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0x9873362eccdffe502d374ad713a534ba
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x010500201900170301001587a6aec1037697bc5a9427651699d2645a08a36d06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1aa742cffe70175a35d4f00720aff89d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=180
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x1aa742cffe70175a35d4f00720aff89d
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020500291900170301001ebbc69ffaf7e4b895705113337ee68fad333872f50eae3d791c000e454d15
Message-Authenticator = 0x2f23afd66d74bf5b6c5acbdd0b32778b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 41
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - INDIA\vmarwah
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x0205001201494e4449415c766d6172776168
PEAP: Got tunneled identity of INDIA\vmarwah
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to INDIA\vmarwah
PEAP: Sending tunneled request
EAP-Message = 0x0205001201494e4449415c766d6172776168
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "INDIA\\vmarwah"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 18
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled reply RADIUS code 11
EAP-Message =
0x010600271a0106002210561b5e09676c542f624aeb405117f4fa494e4449415c766d6172776168
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1276627d3f533bcae22b089821e765c7
PEAP: Processing from tunneled session code 0x99071c0 11
EAP-Message =
0x010600271a0106002210561b5e09676c542f624aeb405117f4fa494e4449415c766d6172776168
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1276627d3f533bcae22b089821e765c7
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x0106003e19001703010033c10c4e5c4a09bc7f8854750da0d3da26b03945f7f0ea1f2659f6c13edd4b5a3e24e3a25f8fbf95852883ed91e93e08cbd3c902
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x26c569543d59a8c1748c235784cb9e94
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=234
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x26c569543d59a8c1748c235784cb9e94
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0206005f1900170301005496f8637812dd805c525d87178dbcc559d44ba6606feb8e4707962f8c87c8848ef34ee36ae4c64e0de7a34bf7fb60503b9f5456d26dc1a8dbcf085b4dbc30d53d68c6636e66d94a323f2de5fb2c3c87629c8ea597
Message-Authenticator = 0xbdc3136199fb58af44cddc6add550165
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 95
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message =
0x020600481a0206004331e2ce5274aa62fa2934a3ebfaf792b53e00000000000000009bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f900494e4449415c766d6172776168
PEAP: Setting User-Name to INDIA\vmarwah
PEAP: Adding old state with 12 76
PEAP: Sending tunneled request
EAP-Message =
0x020600481a0206004331e2ce5274aa62fa2934a3ebfaf792b53e00000000000000009bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f900494e4449415c766d6172776168
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "INDIA\\vmarwah"
State = 0x1276627d3f533bcae22b089821e765c7
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for vmarwah with NT-Password
radius_xlat: Running registered xlat function of module mschap for string
'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string
'User-Name'
radius_xlat: Running registered xlat function of module mschap for string
'Challenge'
mschap2: 56
radius_xlat: Running registered xlat function of module mschap for string
'NT-Response'
radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=INDIA
--username=vmarwah --challenge=f68f3d3d36389904
--nt-response=9bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f9'
Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=INDIA
--username=vmarwah --challenge=f68f3d3d36389904
--nt-response=9bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f9
Exec-Program output: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)
Exec-Program-Wait: plaintext: winbind client not authorized to use
winbindd_pam_auth_crap. Ensure permissions on
/var/cache/samba/winbindd_privileged are set correctly. (0xc0000022)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 6
modcall: group Auth-Type returns reject for request 6
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Processing from tunneled session code 0x99071c0 3
MS-CHAP-Error = "\006E=691 R=1"
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 0 to 10.91.192.115:3072
EAP-Message =
0x010700261900170301001bc2da89a1dd8fc24c64f69a165e5bd54cda67ae996e667de67c58f1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3c3ad0ab4fc041a1ded2de89e4dc93f9
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=177
User-Name = "INDIA\\vmarwah"
NAS-IP-Address = 10.91.192.115
Called-Station-Id = "0012178026ed"
Calling-Station-Id = "0012f0b442e3"
NAS-Identifier = "0012178026ed"
NAS-Port = 21
Framed-MTU = 1400
State = 0x3c3ad0ab4fc041a1ded2de89e4dc93f9
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x020700261900170301001b48a10772f15d37341658700dc5047fbde6c31733ac5bf0fcafff4b
Message-Authenticator = 0xed3d2cac26ce5dab5e51ee2f860b4ea0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 7 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched DEFAULT at 152
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 0 to 10.91.192.115:3072
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
Cleaning up request 7 ID 0 with timestamp 438c3bfa
Nothing to do. Sleeping until we see a request.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
