[ SOLVED ] Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, its work great thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3362708.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
chris wrote: i prepare freeradius with eap/peap and the users file that works fine. Now i setup a sql database, i can use radtest or radeapclient to check the user and password in the database and it works fine, but if i try to connect to freeradius the request will be rejected and i have no idea why The information is in the debug output you posted. Please read it. Also past the debug output into the web page: http://networkradius.com/freeradius.html So if you can give me some hints you are welcome... You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361206.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/via Auth-Type = EAP] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361212.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
Hi, Does anyone know what nabble.com is and why the mail looks like this? Clicking the link below the email does show a properly formatted response... On 2011/01/28 12:21 PM, chris wrote: Hi Alan, thx for the response, and yes i read the debug output and i also found the side you mentioned, to get more information about the output but, as you see in the number of my posting counts, i'm an newbie in using radius. And i didn't understood what these messages should occur in my mind or how it can be fixed... rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. You give me a hint: thx: You probably need to list sql in the inner-tunnel virtual server. In 2.1.10, you can test the inner-tunnel directly, without using PEAP. See the comments at the top of the file. I will try and give an answer thx Chris View this message in context: Re: Freeradius SQL: PEAP: Tunneled authentication was rejected. http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3361206.html Sent from the FreeRadius - User mailing list archive http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius SQL: PEAP: Tunneled authentication was rejected.
On 28/01/11 12:43, Johan Meiring wrote: Hi, Does anyone know what nabble.com is and why the mail looks like this? It's some kind of tedious post to mailing list via a web UI nonsense. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius SQL: PEAP: Tunneled authentication was rejected.
: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for sqluser with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [sqluser/via Auth-Type = EAP] (from client dlink-private-network port 0 via TLS tunnel) } # server inner-tunnel PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Processing from tunneled session code 0x81bd288 3 MS-CHAP-Error = \010E=691 R=1 EAP-Message = 0x04080004 Message-Authenticator = 0x PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled Sending Access-Challenge of id 8 to 192.168.0.50 port 1037 EAP-Message = 0x0109003b1900170301003034751d74d2db85e76a4a09990bc079aabf886c33adbae4de36aa4b998d1437564e312ceb4f3ef2e602a0ec1b74c34c8b Message-Authenticator = 0x State = 0xeff176eae7f86f7198f0e801bd7f42f1 Finished request 8. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.0.50 port 1037, id=9, length=296 Message-Authenticator = 0xcf9f988ac3da6a9784a700bd6e8bd235 Service-Type = Framed-User User-Name = sqluser Framed-MTU = 1488 State = 0xeff176eae7f86f7198f0e801bd7f42f1 Called-Station-Id = F0-7D-68-17-D4-39:dlink Calling-Station-Id = 00-18-DE-E1-85-89 NAS-Identifier = D-Link Access Point NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 54Mbps 802.11g EAP-Message = 0x0209006019001703010020b4f42681cb8004c329ba3e6eb3f20af6ab64a075776fd142c83e827add1a8e531703010030f9a9c64a35e6e5b5327b4c2e 91499e1a3897f2202d67ff4db4b2e03510edaa39019a712075a32f6ef78368edcc2e3bb6 NAS-IP-Address = 192.168.0.50 NAS-Port = 1 NAS-Port-Id = STA port # 1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = sqluser, looking up realm NULL rlm_realm: No such realm NULL ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 96 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type EAP +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [sqluser/via Auth-Type = EAP] (from client dlink-private-network port 1 cli 00-18-DE-E1-85-89) Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} - sqluser attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 9 to 192.168.0.50 port 1037 EAP-Message = 0x04090004 Message-Authenticator = 0x Waking up in 3.4 seconds. Cleaning up request 0 ID 0 with timestamp +24 Cleaning up request 1 ID 1 with timestamp +24 Waking up in 0.3 seconds. Cleaning up request 2 ID 2 with timestamp +24 Cleaning up request 3 ID 3 with timestamp +24 Cleaning up request 4 ID 4 with timestamp +24 Waking up in 0.1 seconds. Cleaning up request 5 ID 5 with timestamp +24 Cleaning up request 6 ID 6 with timestamp +24 Cleaning up request 7 ID 7 with timestamp +24 Cleaning up request 8 ID 8 with timestamp +24 Waking up in 1.0 seconds. Cleaning up request 9 ID 9 with timestamp +24 Ready to process requests. Tell me if you need more information thx Chris -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-SQL-PEAP-Tunneled-authentication-was-rejected-tp3360430p3360430.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html