Re: [PacketFence-users] 802.1x authentication

Sohaib Afourid Wed, 03 Jun 2015 07:15:23 -0700

Hello Louis.
take a look at this, i still can't authenticate successfuly

[root@centos ~]# ntlm_auth --username nissan
password:
NT_STATUS_OK: Success (0x0)
[root@centos ~]#


And here is the outcome of radiusd -X -d /usr/local/pf/raddb


Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.202.10 port 1645, id=78,
length=275
User-Name = "nissan"
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
EAP-Message =
0x0207002b190017030100207a50e1e582f4d8b3a054ee9f240f2c2f6cda13e2454f7f3c1d5491f3f53b130d
Message-Authenticator = 0x44267a41e6dadddfca171a3a30706502
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
State = 0xa746a08ea241b9e808648831db3c4d6a
NAS-IP-Address = 172.16.202.10
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
[eap] EAP packet type response id 7 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - nissan
[peap] Got inner identity 'nissan'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0207000b016e697373616e
server packetfence {
[peap] Setting User-Name to nissan
Sending tunneled request
EAP-Message = 0x0207000b016e697373616e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "nissan"
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
NAS-IP-Address = 172.16.202.10
server packetfence-tunnel {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
[eap] EAP packet type response id 7 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> nissan
[sql] sql_set_user escaped user --> 'nissan'
rlm_sql (sql): Reserving sql socket id: 2
[sql] expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'nissan'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'nissan'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 2
[sql] User nissan not found
++[sql] = notfound
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authenticate {
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] = handled
+} # group authenticate = handled
} # server packetfence-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010800201a0108001b108f0cbb33d198add18ed801cd271609816e697373616e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e9be8884e1a416382f174cb0ff55c9
[peap] Got tunneled reply RADIUS code Access-Challenge
EAP-Message =
0x010800201a0108001b108f0cbb33d198add18ed801cd271609816e697373616e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e9be8884e1a416382f174cb0ff55c9
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
} # server packetfence
Sending Access-Challenge of id 78 to 172.16.202.10 port 1645
EAP-Message =
0x0108004b19001703010040d82ceab929e58ab77446892cb4e72166481eee14bcb495aafbd72ca49cc34b0946ba70b8c0ede4bceb5babf851d32aa7d5e1576fde290f8d62b0bd42e7ef33fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa746a08ea14eb9e808648831db3c4d6a
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.202.10 port 1645, id=79,
length=339
User-Name = "nissan"
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
EAP-Message =
0x0208006b19001703010060585643b7f86c9a7dfa7f12df465630e6aa2619913be9c782715db9a9cbcb41c064a2068c332b037fbc9c738541bb0b497d4a17315566aca8bfca510138e1d70f53a4f550ab95adb3193a17b8867974473f343b5ec345d5c4d60f4e6acd9dbe7c
Message-Authenticator = 0xa2d605fa8bcbd714d1eaf414c48a5113
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
State = 0xa746a08ea14eb9e808648831db3c4d6a
NAS-IP-Address = 172.16.202.10
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
[eap] EAP packet type response id 8 length 107
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020800411a0208003c313699e4665d5c553bfa2ccfd4d503c55100000000000000000cc6b0604c71d3b3dee699a5d41a2eea73ae3cfa53d61d3f006e697373616e
server packetfence {
[peap] Setting User-Name to nissan
Sending tunneled request
EAP-Message =
0x020800411a0208003c313699e4665d5c553bfa2ccfd4d503c55100000000000000000cc6b0604c71d3b3dee699a5d41a2eea73ae3cfa53d61d3f006e697373616e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "nissan"
State = 0x84e9be8884e1a416382f174cb0ff55c9
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
NAS-IP-Address = 172.16.202.10
server packetfence-tunnel {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
[eap] EAP packet type response id 8 length 65
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> nissan
[sql] sql_set_user escaped user --> 'nissan'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'nissan'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'nissan'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 1
[sql] User nissan not found
++[sql] = notfound
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
[mschapv2] +group MS-CHAP {
[mschap] Creating challenge hash with username: nissan
[mschap] Client is using MS-CHAPv2 for nissan, we need NT-Password
[mschap] expand: %{Stripped-User-Name} ->
[mschap] ... expanding second conditional
[mschap] expand: %{mschap:User-Name:-None} -> nissan
[mschap] expand:
--username=%{%{Stripped-User-Name}:-%{mschap:User-Name:-None}} ->
--username=nissan
[mschap] Creating challenge hash with username: nissan
[mschap] expand: %{mschap:Challenge} -> 58808ed7a0a09a46
[mschap] expand: --challenge=%{%{mschap:Challenge}:-00} ->
--challenge=58808ed7a0a09a46
[mschap] expand: %{mschap:NT-Response} ->
0cc6b0604c71d3b3dee699a5d41a2eea73ae3cfa53d61d3f
[mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} ->
--nt-response=0cc6b0604c71d3b3dee699a5d41a2eea73ae3cfa53d61d3f
Exec output: NT_KEY: DAFF3016529E48258753FD023D33E85A
Exec plaintext: NT_KEY: DAFF3016529E48258753FD023D33E85A
[mschap] Exec: program returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] = ok
+} # group MS-CHAP = ok
MSCHAP Success
++[eap] = handled
+} # group authenticate = handled
} # server packetfence-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010900331a0308002e533d32463035384538314244313943324446433132464443374545433430434434314335373734304346
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e9be8885e0a416382f174cb0ff55c9
[peap] Got tunneled reply RADIUS code Access-Challenge
EAP-Message =
0x010900331a0308002e533d32463035384538314244313943324446433132464443374545433430434434314335373734304346
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84e9be8885e0a416382f174cb0ff55c9
[peap] Got tunneled Access-Challenge
++[eap] = handled
+} # group authenticate = handled
} # server packetfence
Sending Access-Challenge of id 79 to 172.16.202.10 port 1645
EAP-Message =
0x0109005b19001703010050fb4f7d570a7c4a240789b0e35e0b2824e342259e98bf1dffcbeb136f028a17c70d3cc347cba8151801b433ae74f2575c5a3ecf79928a70a3838d5e063e04e238517a4cb939d4bc7656b4e9acfb7dc645
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa746a08ea04fb9e808648831db3c4d6a
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.202.10 port 1645, id=80,
length=275
User-Name = "nissan"
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
EAP-Message =
0x0209002b19001703010020e1eaeb1a131651307353c90aa14f17fa0c0f18f3490ebd9cdc61a7be4a4a34df
Message-Authenticator = 0xb12c359f7bcade74732cbf0d2d559f21
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
State = 0xa746a08ea04fb9e808648831db3c4d6a
NAS-IP-Address = 172.16.202.10
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020900061a03
server packetfence {
[peap] Setting User-Name to nissan
Sending tunneled request
EAP-Message = 0x020900061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "nissan"
State = 0x84e9be8885e0a416382f174cb0ff55c9
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
NAS-IP-Address = 172.16.202.10
server packetfence-tunnel {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
[eap] EAP packet type response id 9 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] = updated
++[files] = noop
[sql] expand: %{User-Name} -> nissan
[sql] sql_set_user escaped user --> 'nissan'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op           FROM
radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY
id -> SELECT id, username, attribute, value, op           FROM radcheck
      WHERE username = 'nissan'           ORDER BY id
[sql] expand: SELECT groupname           FROM radusergroup           WHERE
username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username = 'nissan'
        ORDER BY priority
rlm_sql (sql): Released sql socket id: 0
[sql] User nissan not found
++[sql] = notfound
++[expiration] = noop
++[logintime] = noop
+} # group authorize = updated
Found Auth-Type = EAP
# Executing group from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] = ok
+} # group authenticate = ok
Login OK: [nissan] (from client 172.16.202.10 port 50007 cli
7C-05-07-56-F5-45 via TLS tunnel)
# Executing section post-auth from file
/usr/local/pf/raddb/sites-enabled/packetfence-tunnel
+group post-auth {
++[exec] = noop
++update control {
++} # update control = noop
rlm_perl: An error occurred while processing the authorize RPC request: An
error occured while sending a MessagePack request: 7 Couldn't connect to
server couldn't connect to host at /usr/local/pf/lib//pf/radius/rpc.pm line
52.
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 7C-05-07-56-F5-45
rlm_perl: Added pair Called-Station-Id = C8-9C-1D-F4-82-87
rlm_perl: Added pair State = 0x84e9be8885e0a416382f174cb0ff55c9
rlm_perl: Added pair FreeRADIUS-Proxied-To = 127.0.0.1
rlm_perl: Added pair Cisco-AVPair = service-type=Framed
rlm_perl: Added pair Cisco-AVPair =
audit-session-id=AC10CA0A0000000D0052239E
rlm_perl: Added pair User-Name = nissan
rlm_perl: Added pair EAP-Message = 0x020900061a03
rlm_perl: Added pair EAP-Type = MS-CHAP-V2
rlm_perl: Added pair NAS-IP-Address = 172.16.202.10
rlm_perl: Added pair NAS-Port = 50007
rlm_perl: Added pair NAS-Port-Id = GigabitEthernet0/7
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair User-Name = nissan
rlm_perl: Added pair MS-MPPE-Recv-Key = 0x811298e045c37fcf984f45f3733d85ea
rlm_perl: Added pair EAP-Message = 0x03090004
rlm_perl: Added pair MS-MPPE-Send-Key = 0x6f9b16f6185ba6c853bd751a74fc5e80
rlm_perl: Added pair MS-MPPE-Encryption-Types = 0x00000004
rlm_perl: Added pair Message-Authenticator =
0x00000000000000000000000000000000
rlm_perl: Added pair MS-MPPE-Encryption-Policy = 0x00000002
rlm_perl: Added pair PacketFence-RPC-Pass =
rlm_perl: Added pair PacketFence-RPC-Server = 127.0.0.1
rlm_perl: Added pair PacketFence-RPC-Proto = http
rlm_perl: Added pair PacketFence-RPC-User =
rlm_perl: Added pair Auth-Type = EAP
rlm_perl: Added pair PacketFence-RPC-Port = 7070
++[packetfence] = reject
+} # group post-auth = reject
} # server packetfence-tunnel
[peap] Got tunneled reply code 3
User-Name = "nissan"
MS-MPPE-Recv-Key = 0x811298e045c37fcf984f45f3733d85ea
EAP-Message = 0x03090004
MS-MPPE-Send-Key = 0x6f9b16f6185ba6c853bd751a74fc5e80
MS-MPPE-Encryption-Types = 0x00000004
Message-Authenticator = 0x00000000000000000000000000000000
MS-MPPE-Encryption-Policy = 0x00000002
[peap] Got tunneled reply RADIUS code Access-Reject
User-Name = "nissan"
MS-MPPE-Recv-Key = 0x811298e045c37fcf984f45f3733d85ea
EAP-Message = 0x03090004
MS-MPPE-Send-Key = 0x6f9b16f6185ba6c853bd751a74fc5e80
MS-MPPE-Encryption-Types = 0x00000004
Message-Authenticator = 0x00000000000000000000000000000000
MS-MPPE-Encryption-Policy = 0x00000002
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] = handled
+} # group authenticate = handled
} # server packetfence
Sending Access-Challenge of id 80 to 172.16.202.10 port 1645
EAP-Message =
0x010a002b190017030100206313612be900940332bc42d4c01f951da9369dd9c3b7170ff048f67b6e031da2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa746a08eaf4cb9e808648831db3c4d6a
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 172.16.202.10 port 1645, id=81,
length=275
User-Name = "nissan"
Service-Type = Framed-User
Cisco-AVPair = "service-type=Framed"
Framed-MTU = 1500
Called-Station-Id = "C8-9C-1D-F4-82-87"
Calling-Station-Id = "7C-05-07-56-F5-45"
EAP-Message =
0x020a002b19001703010020f853cb8c66cfb9c72c3b8b151b61fc74eb9db021cbd21b535326cf9572a77609
Message-Authenticator = 0xd47de39fdafac8f85a5f6b766c0371d0
Cisco-AVPair = "audit-session-id=AC10CA0A0000000D0052239E"
NAS-Port-Type = Ethernet
NAS-Port = 50007
NAS-Port-Id = "GigabitEthernet0/7"
State = 0xa746a08eaf4cb9e808648831db3c4d6a
NAS-IP-Address = 172.16.202.10
server packetfence {
# Executing section authorize from file
/usr/local/pf/raddb/sites-enabled/packetfence
+group authorize {
[suffix] No '@' in User-Name = "nissan", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] = noop
[ntdomain] No '\' in User-Name = "nissan", looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] = noop
++[preprocess] = ok
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] = ok
+} # group authorize = ok
Found Auth-Type = EAP
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+group authenticate {
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug
output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell
you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] = invalid
+} # group authenticate = invalid
Failed to authenticate the user.
Login incorrect: [nissan] (from client 172.16.202.10 port 50007 cli
7C-05-07-56-F5-45)
} # server packetfence
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence
+group REJECT {
[attr_filter.access_reject] expand: %{User-Name} -> nissan
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 81 to 172.16.202.10 port 1645
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.8 seconds.
Cleaning up request 0 ID 72 with timestamp +29
Cleaning up request 1 ID 73 with timestamp +29
Cleaning up request 2 ID 74 with timestamp +29
Cleaning up request 3 ID 75 with timestamp +29
Cleaning up request 4 ID 76 with timestamp +29
Cleaning up request 5 ID 77 with timestamp +29
Cleaning up request 6 ID 78 with timestamp +29
Cleaning up request 7 ID 79 with timestamp +29
Cleaning up request 8 ID 80 with timestamp +29
Waking up in 1.0 seconds.
Cleaning up request 9 ID 81 with timestamp +29
Ready to process requests.

------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Re: [PacketFence-users] 802.1x authentication

Reply via email to