[ SOLVED ] Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, its work great thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3362708.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
chris wrote: i prepare freeradius with eap/peap and the users file that works fine. Now i setup a sql database, i can use radtest or radeapclient to check the user and password in the database and it works fine, but if i try to connect to freeradius the request will be rejected and i have no idea why The information is in the debug output you posted. Please read it. Also past the debug output into the web page: http://networkradius.com/freeradius.html So if you can give me some hints you are welcome... You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361206.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/via Auth-Type = EAP] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361212.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi, Does anyone know what nabble.com is and why the mail looks like this? Clicking the link below the email does show a properly formatted response... On 2011/01/28 12:21 PM, chris wrote: Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris View this message in context: Re: Freeradius SQL: PEAP: Tunneled authentication was rejected. http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361206.html Sent from the FreeRadius - User mailing list archive http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
On 28/01/11 12:43, Johan Meiring wrote: Hi, Does anyone know what nabble.com is and why the mail looks like this? It's some kind of tedious post to mailing list via a web UI nonsense. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius SQL: PEAP: Tunneled authentication was rejected.
: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [sqluser/via Auth-Type = EAP] (from client
dlink-private-network port 0 via TLS tunnel)
} # server inner-tunnel
PEAP: Got tunneled reply RADIUS code 3
MS-CHAP-Error = \010E=691 R=1
EAP-Message = 0x04080004
Message-Authenticator = 0x
PEAP: Processing from tunneled session code 0x81bd288 3
MS-CHAP-Error = \010E=691 R=1
EAP-Message = 0x04080004
Message-Authenticator = 0x
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.0.50 port 1037
EAP-Message =
0x0109003b1900170301003034751d74d2db85e76a4a09990bc079aabf886c33adbae4de36aa4b998d1437564e312ceb4f3ef2e602a0ec1b74c34c8b
Message-Authenticator = 0x
State = 0xeff176eae7f86f7198f0e801bd7f42f1
Finished request 8.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.50 port 1037, id=9,
length=296
Message-Authenticator = 0xcf9f988ac3da6a9784a700bd6e8bd235
Service-Type = Framed-User
User-Name = sqluser
Framed-MTU = 1488
State = 0xeff176eae7f86f7198f0e801bd7f42f1
Called-Station-Id = F0-7D-68-17-D4-39:dlink
Calling-Station-Id = 00-18-DE-E1-85-89
NAS-Identifier = D-Link Access Point
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 54Mbps 802.11g
EAP-Message =
0x0209006019001703010020b4f42681cb8004c329ba3e6eb3f20af6ab64a075776fd142c83e827add1a8e531703010030f9a9c64a35e6e5b5327b4c2e
91499e1a3897f2202d67ff4db4b2e03510edaa39019a712075a32f6ef78368edcc2e3bb6
NAS-IP-Address = 192.168.0.50
NAS-Port = 1
NAS-Port-Id = STA port # 1
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = sqluser, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 96
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type EAP
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this
session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [sqluser/via Auth-Type = EAP] (from client
dlink-private-network port 1 cli 00-18-DE-E1-85-89)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - sqluser
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 9 to 192.168.0.50 port 1037
EAP-Message = 0x04090004
Message-Authenticator = 0x
Waking up in 3.4 seconds.
Cleaning up request 0 ID 0 with timestamp +24
Cleaning up request 1 ID 1 with timestamp +24
Waking up in 0.3 seconds.
Cleaning up request 2 ID 2 with timestamp +24
Cleaning up request 3 ID 3 with timestamp +24
Cleaning up request 4 ID 4 with timestamp +24
Waking up in 0.1 seconds.
Cleaning up request 5 ID 5 with timestamp +24
Cleaning up request 6 ID 6 with timestamp +24
Cleaning up request 7 ID 7 with timestamp +24
Cleaning up request 8 ID 8 with timestamp +24
Waking up in 1.0 seconds.
Cleaning up request 9 ID 9 with timestamp +24
Ready to process requests.
Tell me if you need more information
thx
Chris
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3360430.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
