Re: Problem with PEAP auth using xp clients
So you're still getting the core dump. Let me guess... you have two versions of OpenSSL installed, and you built the server without using --disable-shared. Fix one of those two problems, and it will work. Alan DeKok. I am still getting the same dump, I have used --disable-shared while building the radius server Please find below the gdb output, would appreciate your comments: auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1076225856 (LWP 17733)] 0x401420d7 in BIO_read () from /lib/libcrypto.so.0.9.7 (gdb) bt #0 0x401420d7 in BIO_read () from /lib/libcrypto.so.0.9.7 #1 0x40290ffe in tls_handshake_send (ssn=0x40290798) at tls.c:230 #2 0x40295852 in eappeap_authenticate (arg=0x8194920, handler=0x819e4f8) at rlm_eap_peap.c:192 #3 0x4027b46d in eaptype_call (atype=0x8174b70, handler=0x819e4f8) at eap.c:170 #4 0x4027b5ce in eaptype_select (inst=0x81571b0, handler=0x819e4f8) at eap.c:353 #5 0x4027ab80 in eap_authenticate (instance=0x81571b0, request=0x81c1d80) at rlm_eap.c:289 #6 0x0805423c in call_modsingle (component=0, sp=0x8156730, request=0x81c1d80, default_result=0) at modcall.c:226 #7 0x080543a2 in modcall (component=0, c=0x8156730, request=0x81c1d80) at modcall.c:353 #8 0x0805432d in call_modgroup (component=0, g=0x57e58955, request=0x81c1d80, default_result=0) at modcall.c:261 #9 0x08054419 in modcall (component=0, c=0x8197120, request=0x81c1d80) at modcall.c:344 #10 0x08053f17 in module_authenticate (auth_type=6, request=0x81c1d80) at modules.c:907 #11 0x0805129c in rad_check_password (request=0x81c1d80) at auth.c:324 #12 0x080516af in rad_authenticate (request=0x81c1d80) at auth.c:586 #13 0x0804d17d in rad_respond (request=0x81c1d80, fun=0x80515c8 rad_authenticate) at radiusd.c:1555 ---Type return to continue, or q return to quit--- #14 0x0804cd85 in main (argc=2, argv=0x81c1d80) at radiusd.c:1327 #15 0x42015574 in __libc_start_main () from /lib/tls/libc.so.6 _ Sports, sports and more sports! Keep up with all thats happening! http://www.msn.co.in/sports/ Stay connected with MSN Sports! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with PEAP auth using xp clients
Hello, Following is the crux of what I am stuck on now: I am trying to use freeradius for xp clients, I get following messages when trying to use peap as default eap type (full log attched) : First i recieve all the success logs as follows: ...truncated... TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module eap returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 161 to 172.26.6.62:44530 EAP-Message = 0x0106003119001403010001011603010020dcd1f01332d46809f26364 888ab19d2259e9d6cbda6cd4bfad8f3da4a2bdfbbf Message-Authenticator = 0x State = 0xa70046675337ee5045cb375a4b7466a0 Finished request 3 Going to the next request Waking up in 6 seconds... - And when I click on certificate prompt that says click to provide logon information I get following logs: - rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Segmentation fault These are the steps I have followed : 1. installed openssl openssl-0.9.7b 2. installed freeradius freeradius-snapshot-20041006 3. imported certificate root.der to xp client and did the set up as in 'how to' document at freeradius web site TIA AD _ Buy or Sell. http://ads2.baazee.com/cgi-bin/banners/redirect.pl?id=1124 New and Used Items. rad_recv: Access-Request packet from host 172.26.6.62:44530, id=158, length=140 EAP-Message = 0x0202000d01737572696e646572 Calling-Station-Id = 00-09-5B-67-59-5B Called-Station-Id = 00-85-A0-01-01-01:Viking User-Name = surinder NAS-IP-Address = 172.26.6.62 NAS-Port = 3866625 NAS-Port-Type = Wireless-802.11 NAS-Port-Id = wlan-0 Framed-MTU = 1300 Message-Authenticator = 0xbd075cd5ef2ee84b8d1ec889c3893e1b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = surinder, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: EAP packet type response id 2 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 0 modcall[authorize]: module expiration returns noop for request 0 modcall[authorize]: module logintime returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module eap returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 158 to 172.26.6.62:44530 EAP-Message = 0x010300061920 Message-Authenticator = 0x State = 0x38f2f52a431bdbaabd3cd770f91831b0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.26.6.62:44530, id=159, length=225 EAP-Message = 0x02030050198000461603010041013d0301416a7618bf49c1 0fde73665508a9676474635f287049af08d36883af96c6a64a1600040005000a000900640062 000300060013001200630100 Calling-Station-Id = 00-09-5B-67-59-5B Called-Station-Id = 00-85-A0-01-01-01:Viking User-Name = surinder NAS-IP-Address = 172.26.6.62 NAS-Port = 3866625 NAS-Port-Type = Wireless-802.11 NAS-Port-Id = wlan-0 Framed-MTU = 1300 State = 0x38f2f52a431bdbaabd3cd770f91831b0 Message-Authenticator = 0x84cbbd34d0c669b5bf2d268398eaae3c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module mschap returns noop for request 1 rlm_realm: No '@' in User-Name = surinder, looking up realm NULL rlm_realm: No such realm NULL
segmentation fault ( eaptls_process returned 3 )
I am facing a segmentation fault error while using following snapshots for openssl and freeradius openssl-0.9.6-stable-SNAP-20041002 Use 0.9.7b or later. Alan DeKok. Thanks Alan, I used 0.9.7b, however this time I noticed that if I select Validate certificate in the XP machine I do not get segmentation fault and if I de-select the same I get the segmentation fault error. I am new to the use of wireless and radius and would like to know : Do I need to install certificates on xp machine for peap, if yes can you please let me know the procedure for the same? Thanks in advance AD _ The new MSN toolbar! Your shortcut to the internet! http://toolbar.msn.co.in/ Access a world of convenience! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault
Thanks Alan, I used 0.9.7b, however this time I noticed that if I select Validate certificate in the XP machine I do not get segmentation fault and if I de-select the same I get the segmentation fault error. I am new to the use of wireless and radius and would like to know : Do I need to install certificates on xp machine for peap, if yes can you please let me know the procedure for the same? Thanks in advance AD Hi , Thanks for your support till now, I am very close to acheiving what have been trying to do however I will need some more comments from you. Following is the crux of what I am stuck on now: I am trying to use freeradius for xp clients, I get following messages when trying to use peap as default eap type (full log attched) : First i recieve all the success logs as follows: ...truncated... TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module eap returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 161 to 172.26.6.62:44530 EAP-Message = 0x0106003119001403010001011603010020dcd1f01332d46809f26364 888ab19d2259e9d6cbda6cd4bfad8f3da4a2bdfbbf Message-Authenticator = 0x State = 0xa70046675337ee5045cb375a4b7466a0 Finished request 3 Going to the next request Waking up in 6 seconds... And when I click on certificate prompt that says click to provide logon information I get following logs: - rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Segmentation fault These are the steps I have followed : 1. installed openssl openssl-0.9.7b 2. installed freeradius freeradius-snapshot-20041006 3. imported certificate root.der to xp client and did the set up as in 'how to' document at freeradius web site Thanks much in advance AD _ Seized by wanderlust? Have the best vacation ever. http://www.msn.co.in/Travel/ Team up with MSN Travel! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem : segmentation fault
Hi freeradius users, Please help me out in getting to the root cause of following dump: I am getting segmentation fault at the end. I am using openssl-0.9.6-stable-SNAP-20041002 and freeradius-snapshot-20041006.tar.gz rad_recv: Access-Request packet from host 172.26.6.62:47414, id=17, lengt EAP-Message = 0x020500061900 Calling-Station-Id = "00-09-5B-74-0E-D1" Called-Station-Id = "00-85-A0-01-01-01:Viking" User-Name = "surinder" NAS-IP-Address = 172.26.6.62 NAS-Port = 3866625 NAS-Port-Type = Wireless-802.11 NAS-Port-Id = "wlan-0" Framed-MTU = 1300 State = 0x8c4b1cd2e34099dcbf1d28d6ebeb Message-Authenticator = 0x530304262e5099b5b6fb84f82ca87c26 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "surinder", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 4 modcall[authorize]: module "expiration" returns noop for request 4 modcall[authorize]: module "logintime" returns noop for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Segmentation fault Thanks in advance Atul.Millions of eligible singles. Find the perfect match on BharatMatrimony.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
segmentation fault ( eaptls_process returned 3 )
Hi All, I am facing a segmentation fault error while using following snapshots for openssl and freeradius openssl-0.9.6-stable-SNAP-20041002 freeradius-snapshot-20041006 Attched is the logs in debug mode of freeradius Thanks much in advance AD _ Cool ringtones, snazzy logos! Expressive cards, fun games! http://www.msn.co.in/Mobile/ Get it all at MSN mobile! [EMAIL PROTECTED] raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local//etc/raddb/proxy.conf Config: including file: /usr/local//etc/raddb/clients.conf Config: including file: /usr/local//etc/raddb/snmp.conf Config: including file: /usr/local//etc/raddb/eap.conf Config: including file: /usr/local//etc/raddb/sql.conf main: prefix = /usr/local/ main: localstatedir = /usr/local//var main: logdir = /usr/local//var/log/radius main: libdir = /usr/local//lib main: radacctdir = /usr/local//var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local//var/log/radius/radius.log main: log_destination = files main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local//var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local//sbin/checkrad main: debug_level = 0 main: proxy_requests = yes log: syslog_facility = daemon proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded Expiration expiration: reply-message = Password Has Expired Module: Instantiated expiration (expiration) Module: Loaded Login Time logintime: reply-message = You are calling outside your allowed timespan logintime: minimum-timeout = 60 Module: Instantiated logintime (logintime) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local//var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local//etc/raddb/certs/cert-srv.pem tls: certificate_file = /usr/local//etc/raddb/certs/cert-srv.pem tls: CA_file = /usr/local//etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = whatever tls: dh_file = /usr/local//etc/raddb/certs/dh tls: random_file = /usr/local//etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = (null) rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local//etc/raddb/huntgroups preprocess: hints = /usr/local//etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess:
Problem with PEAP Authentication
Hi freeradius-users, I have been trying to authenticate a win XP supplicant with freeradius, snapshot I have used is the latest one ie : HOwver after the install using : ./configure make and me install I do not see peap option in the raduisd.conf. Please let me know if im missing something... Thanks Atul. Sports, sports and more sports! Keep up with all thats happening! Stay connected with MSN Sports! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with PEAP Authentication
Hi freeradius-users, I have been trying to authenticate a win XP supplicant with freeradius, snapshot I have used is the latest one ie : freeradius-snapshot-20041006.tar.gz HOwver after the install using : ./configure make and me install I do not see peap option in the raduisd.conf. Please let me know if im missing something... Thanks Atul. Apply to over 65,000 jobs now. Post your CV on naukri.com today. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html