Hi, > Run the server with '-Xx' to get a hex dump of the tunneled data. > That will give a bit more information about what's going on. >
that doesn't reveal much new info. For outer id set, it dumps the inner EAP-Message, but for unset, only the error message. -Xxxx (-Xx looks the same): - with id privacy Mon Apr 12 08:08:25 2010 : Info: +- entering group authenticate {...} Mon Apr 12 08:08:25 2010 : Info: [eap] Request found, released from the list Mon Apr 12 08:08:25 2010 : Info: [eap] EAP/peap Mon Apr 12 08:08:25 2010 : Info: [eap] processing type peap Mon Apr 12 08:08:25 2010 : Info: [peap] processing EAP-TLS Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_verify returned 7 Mon Apr 12 08:08:25 2010 : Info: [peap] Done initial handshake Mon Apr 12 08:08:25 2010 : Info: [peap] eaptls_process returned 7 Mon Apr 12 08:08:25 2010 : Info: [peap] EAPTLS_OK Mon Apr 12 08:08:25 2010 : Info: [peap] Session established. Decoding tunneled attributes. Mon Apr 12 08:08:25 2010 : Info: [peap] Identity - claude.tomp...@education.lu Mon Apr 12 08:08:25 2010 : Info: [peap] Got tunneled request EAP-Message = 0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75 server VPN { Mon Apr 12 08:08:25 2010 : Debug: PEAP: Got tunneled identity of claude.tomp...@education.lu Mon Apr 12 08:08:25 2010 : Debug: PEAP: Setting default EAP type for tunneled EAP session. Mon Apr 12 08:08:25 2010 : Debug: PEAP: Setting User-Name to claude.tomp...@education.lu Sending tunneled request EAP-Message = 0x0205002001636c617564652e746f6d7065727340656475636174696f6e2e6c75 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "claude.tomp...@education.lu" NAS-Port-Type = Virtual NAS-Identifier = "strongSwan" RESTENA-Service-Type = "VPN" - without id privacy: Mon Apr 12 08:07:38 2010 : Info: +- entering group authenticate {...} Mon Apr 12 08:07:38 2010 : Info: [eap] Request found, released from the list Mon Apr 12 08:07:38 2010 : Info: [eap] EAP/peap Mon Apr 12 08:07:38 2010 : Info: [eap] processing type peap Mon Apr 12 08:07:38 2010 : Info: [peap] processing EAP-TLS Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_verify returned 7 Mon Apr 12 08:07:38 2010 : Info: [peap] Done initial handshake Mon Apr 12 08:07:38 2010 : Info: [peap] eaptls_process returned 7 Mon Apr 12 08:07:38 2010 : Info: [peap] EAPTLS_OK Mon Apr 12 08:07:38 2010 : Info: [peap] Session established. Decoding tunneled attributes. Mon Apr 12 08:07:38 2010 : Info: [peap] Tunneled data is invalid. Mon Apr 12 08:07:38 2010 : Info: [eap] Handler failed in EAP/peap Mon Apr 12 08:07:38 2010 : Info: [eap] Failed in EAP select Mon Apr 12 08:07:38 2010 : Info: ++[eap] returns invalid Mon Apr 12 08:07:38 2010 : Info: Failed to authenticate the user. Mon Apr 12 08:07:38 2010 : Auth: Login incorrect: [ \001\n\030\000\000\004\003\235A\2112\236\240\242\220/<via A uth-Type = EAP>] (from client vpn6-test-v4 port 0) Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html