Re: No Auth password from XP.
This is a discussion on Re: No Auth password from XP. within the FreeRADIUS Users forums, part of the Networking and Network Related category; Hi all, I've about the same problem that John. Windows prompted me for a=20 user/password (test/test ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-23-2005
|
|||
|
|||
Re: No Auth password from XP.
Hi all,
I've about the same problem that John. Windows prompted me for a=20 user/password (test/test in my case). but in my log it doesn't want to=20 transmit it and I don't find where the process is blocked, so could you=20 help me ? (I use an Cisco AP1231) I'm using a PEAP method, hmmm I'm trying to use to better saying ..... :) ---Radius Log--- rad_recv: Access-Request packet from host 192.168.1.103:1645, id=3D11,=20 length=3D121 User-Name =3D "test" Framed-MTU =3D 1400 Called-Station-Id =3D "000d.bd43.edb7" Calling-Station-Id =3D "0002.2d74.711d" Service-Type =3D Login-User Message-Authenticator =3D 0xcb1a7bef14f3e7542ec928fdd11f9679 EAP-Message =3D 0x020200090174657374 NAS-Port-Type =3D Wireless-802.11 NAS-Port =3D 291 NAS-IP-Address =3D 192.168.1.103 NAS-Identifier =3D "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry test at line 80 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 11 to 192.168.1.103:1645 EAP-Message =3D 0x010300061920 Message-Authenticator =3D 0x00000000000000000000000000000000 State =3D 0xaef7bec42865986c66cd5baffee35bd1 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.103:1645, id=3D12,=20 length=3D210 User-Name =3D "test" Framed-MTU =3D 1400 Called-Station-Id =3D "000d.bd43.edb7" Calling-Station-Id =3D "0002.2d74.711d" Service-Type =3D Login-User Message-Authenticator =3D 0xb5cc2126cd122d66c41dbe79b64a4706 EAP-Message =3D=20 0x0203005019800000004616030100410100003d03014291f2 d85cbcd6ccaa773f543d4fd= 0300fba3d677bd18e92c3f96731f40acfeb000016000400050 00a00090064006200030006= 0013001200630100 NAS-Port-Type =3D Wireless-802.11 NAS-Port =3D 291 State =3D 0xaef7bec42865986c66cd5baffee35bd1 NAS-IP-Address =3D 192.168.1.103 NAS-Identifier =3D "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry test at line 80 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 12 to 192.168.1.103:1645 EAP-Message =3D=20 0x0104040a19c0000006f1160301004a0200004603014291f2 cbc7f1a77a6192a0e7e37e2= 6935693924f30b8533c58dc1c2b0ff4e9df204608e682154f1 b0c0ab391c1b8ae2f2c423d= 2b002bf6b4dc625895a10cc1d1a200040016030106940b0006 9000068d0002cd308202c93= 0820232a003020102020102300d06092a864886f70d0101040 50030819f310b3009060355= 0406130243413111300f0603550408130850726f76696e6365 31123010060355040713095= 36f6d65204369747931153013060355040a130c4f7267616e6 97a6174696f6e3112301006= 0355040b13096c6f63616c686f7374311b3019060355040313 12436c69656e74206365 EAP-Message =3D=20 0x7274696669636174653121301f06092a864886f70d010901 1612636c69656e744065786= 16d706c652e636f6d301e170d3034303132353133323631305 a170d303530313234313332= 3631305a30819b310b30090603550406130243413111300f06 03550408130850726f76696= e63653112301006035504071309536f6d65204369747931153 013060355040a130c4f7267= 616e697a6174696f6e31123010060355040b13096c6f63616c 686f7374311930170603550= 4031310526f6f74206365727469666963617465311f301d060 92a864886f70d0109011610= 726f6f74406578616d706c652e636f6d30819f300d06092a86 4886f70d010101050003 EAP-Message =3D=20 0x818d0030818902818100dac525422bfedb082629a2cba44b 3449c90d0ab462fb72c8434= a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d709 1615ab450d5289553ae6616= aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda1 77d34920eb30585edc87739= 99c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f624 1a903d7f30203010001a317= 301530130603551d25040c300a06082b06010505070301300d 06092a864886f70d0101040= 500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc17 8a2e8bd40a0a06fb6f07699= 57884cd7084537083496fd184165293f583c8e8240eb68e042 c94b15752e4c07e80d09 EAP-Message =3D=20 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57ca f9bd21ff2a8d16cc0911c50= e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e8350 3650003ba308203b6308203= 1fa003020102020100300d06092a864886f70d010104050030 819f310b300906035504061= 30243413111300f0603550408130850726f76696e636531123 01006035504071309536f6d= 65204369747931153013060355040a130c4f7267616e697a61 74696f6e311230100603550= 40b13096c6f63616c686f7374311b301906035504031312436 c69656e7420636572746966= 69636174653121301f06092a864886f70d0109011612636c69 656e74406578616d706c EAP-Message =3D 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator =3D 0x00000000000000000000000000000000 State =3D 0xd99835003b1893702175f1e73d7e0598 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.103:1645, id=3D13,=20 length=3D136 User-Name =3D "test" Framed-MTU =3D 1400 Called-Station-Id =3D "000d.bd43.edb7" Calling-Station-Id =3D "0002.2d74.711d" Service-Type =3D Login-User Message-Authenticator =3D 0x94ec294b4a12f08e033166b0fa7203e3 EAP-Message =3D 0x020400061900 NAS-Port-Type =3D Wireless-802.11 NAS-Port =3D 291 State =3D 0xd99835003b1893702175f1e73d7e0598 NAS-IP-Address =3D 192.168.1.103 NAS-Identifier =3D "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry test at line 80 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 13 to 192.168.1.103:1645 EAP-Message =3D=20 0x010502f71900170d3036303132343133323630375a30819f 310b3009060355040613024= 3413111300f0603550408130850726f76696e6365311230100 6035504071309536f6d6520= 4369747931153013060355040a130c4f7267616e697a617469 6f6e31123010060355040b1= 3096c6f63616c686f7374311b301906035504031312436c696 56e74206365727469666963= 6174653121301f06092a864886f70d0109011612636c69656e 74406578616d706c652e636= f6d30819f300d06092a864886f70d010101050003818d00308 18902818100d4c5b19724f1= 64acf1ffb189db1c8fbff4f14396ea7cb1e90f78d694517253 77895dfe52ccb99b41e8 EAP-Message =3D=20 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7 c130d35cf5188817e9b1332= 49edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77 e17c6446c5dd9b188b43250= ca0229963722a123a726b00b4027fd0203010001a381ff3081 fc301d0603551d0e0416041= 468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc060 3551d230481c43081c18014= 68d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481 a230819f310b30090603550= 406130243413111300f0603550408130850726f76696e63653 11230100603550407130953= 6f6d65204369747931153013060355040a130c4f7267616e69 7a6174696f6e31123010 EAP-Message =3D=20 0x060355040b13096c6f63616c686f7374311b301906035504 031312436c69656e7420636= 57274696669636174653121301f06092a864886f70d0109011 612636c69656e7440657861= 6d706c652e636f6d820100300c0603551d13040530030101ff 300d06092a864886f70d010= 10405000381810033c00b66b1e579ef73a06798252dab8d5e5 511fc00fd276d80d12f8347= 77c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f 347369229d1f77229ba2e98= 2359da563024a00163dba6d6c986c0bad28af85132ff8f0d76 501bf1b7c2dff658ce1e62c= 01997b6e64e3e8d4373354ce9912847651539063b85bbc5485 c516030100040e000000 Message-Authenticator =3D 0x00000000000000000000000000000000 State =3D 0xe3d13a90a751438ae5e10543ec59b7ed Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.103:1645, id=3D14,=20 length=3D136 User-Name =3D "test" Framed-MTU =3D 1400 Called-Station-Id =3D "000d.bd43.edb7" Calling-Station-Id =3D "0002.2d74.711d" Service-Type =3D Login-User Message-Authenticator =3D 0xf74a7ef6ec481c15d33c558c5deb2a8f EAP-Message =3D 0x020500061900 NAS-Port-Type =3D Wireless-802.11 NAS-Port =3D 291 State =3D 0xe3d13a90a751438ae5e10543ec59b7ed NAS-IP-Address =3D 192.168.1.103 NAS-Identifier =3D "ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name =3D "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry test at line 80 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 14 to 192.168.1.103:1645 EAP-Message =3D 0x010600061900 Message-Authenticator =3D 0x00000000000000000000000000000000 State =3D 0xe952cf78378bbd45d4d8cf8fc196f80b Finished request 3 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 11 with timestamp 4291f2cb Cleaning up request 1 ID 12 with timestamp 4291f2cb Cleaning up request 2 ID 13 with timestamp 4291f2cb Cleaning up request 3 ID 14 with timestamp 4291f2cb Nothing to do. Sleeping until we see a request. -------------------------------------- John Mulkerin a =E9crit : > I've already read the FAQ, mailinglists and all configs. Built=20 > Freeradius on RH9. Enabled EAP&TLS. Copied root.der and=20 > cert-clt.p12 to my WindowsXP clinet machine. On XP Client, enabled=20 > 802.1x authentication with PEAP. Authentication Method is EAP-MSCHAP v2= .. > > I get a WIndows Userid log in screen. I'm using the=20 > testuser/Secret149 combo. However, password doesn't seem to be=20 > sent. What am I doing wrong? AP is an ExtremeNetworks Altitude 300. > > Here is snippet from log: > rad_recv: Access-Request packet from host 192.168.75.2:1025, id=3D25,=20 > length=3D222 > NAS-IP-Address =3D 192.168.75.2 > NAS-Port-Id =3D "1:4:2" > Extreme-Attr-208 =3D 0x556e6b6e6f776e204c6f636174696f6e > NAS-Port-Type =3D Wireless-802.11 > NAS-Port =3D 2 > Framed-MTU =3D 1400 > User-Name =3D "testuser" > Calling-Station-Id =3D "00042384e7df" > Called-Station-Id =3D "0004960c6060" > NAS-Identifier =3D "Altitude 300" > State =3D 0x54de509544048f3b5c43608f7a647549 > EAP-Message =3D=20 > 0x020500211980000000171503010012afc80f7adc192c1d13 45f91dbc2a0576833d > Message-Authenticator =3D 0x210270844deb41e20ea5cf1e9595ce64 > Proxy-State =3D 0x0000000304043dd93dd93dd93dd93dd93dd93dd93dd9 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 9 > modcall[authorize]: module "preprocess" returns ok for request 9 > modcall[authorize]: module "chap" returns noop for request 9 > modcall[authorize]: module "mschap" returns noop for request 9 > rlm_realm: No '@' in User-Name =3D "testuser", looking up realm NUL= L > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 9 > rlm_eap: EAP packet type response id 5 length 33 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 9 > users: Matched DEFAULT at 152 > users: Matched testuser at 215 > modcall[authorize]: module "files" returns ok for request 9 > modcall: group authorize returns updated for request 9 > rad_check_password: Found Auth-Type EAP > auth: type "EAP" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 9 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS > rlm_eap_tls: Length Included > eaptls_verify returned 11 > eaptls_process returned 7 > rlm_eap_peap: EAPTLS_OK > rlm_eap_peap: Session established. Decoding tunneled attributes. > rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied > TLS Alert read:fatal:access denied > rlm_eap_peap: No data inside of the tunnel. > rlm_eap: Handler failed in EAP/peap > rlm_eap: Failed in EAP select > modcall[authenticate]: module "eap" returns invalid for request 9 > modcall: group authenticate returns invalid for request 9 > auth: Failed to validate the user. > Login incorrect: [testuser/<no User-Password attribute>] (from client=20 > 192.168.75.2 port 2 cli 00042384e7df) > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
