Hi,
I've configured modules/preprocess with
with_ntdomain_hack = yes
and tried again to authenticate Vista user but got as follows:
--------------------------------------------------------
rad_recv: Access-Request packet from host 192.168.14.240 port 3882, id=0,
length=235
Message-Authenticator = 0x1d3ad896dc4a74ba303ea91c436eb1de
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
[files] users: Matched entry oreshkin at line 229
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Identity does not match User-Name, setting from EAP Identity.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 192.168.14.240 port 3882
Waking up in 4.9 seconds.
Cleaning up request 0 ID 0 with timestamp +7
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.14.240 port 3883, id=0,
length=235
Message-Authenticator = 0xa3e7a7ca6dba61b4439c131be684f918
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
[files] users: Matched entry oreshkin at line 229
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Identity does not match User-Name, setting from EAP Identity.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 0 to 192.168.14.240 port 3883
Waking up in 4.9 seconds.
----------------------------------------------------------
Users file contains the line:
oreshkin Cleartext-Password := "some_password"
What is the cause ?
On Wed, 8 Jul 2009 [email protected] wrote:
Date: Wed, 8 Jul 2009 16:22:56 +0100
From: [email protected]
Reply-To: FreeRadius users mailing list
<[email protected]>
To: FreeRadius users mailing list <[email protected]>
Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
Hi,
csd-notebook\user_name Cleartext-Password := "user_password"
Where csd-notebook is notebook name.
This setting is working.
But I would like to make 2 improvements to current configuration.
1. to have an ability to specify only user name in users file in order to
not depend on user computer name.
I was trying to do this by changing some FR 2.1.6 configuration parameters
but failed.
you need to ensure that the preprocess module is called and that is configured
with
the nt_domain_hack = yes
2. To add athentication by computer MAC address
I added Calling-Station-Id == "00-16-EA-8A-DE-38" parameter to users file
csd-notebook\user_name Cleartext-Password := "user_password", Calling-Station-Id ==
"00-16-EA-8A-DE-38"
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
this log is very much chewed
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
