Freeradius Authentication to Actice Directory
This is a discussion on Freeradius Authentication to Actice Directory within the FreeRADIUS Users forums, part of the Networking and Network Related category; I configured a freeradius server which should authenticate users on a Windows 2003 Active Directory server. Here are my configs: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-22-2007
|
|||
|
|||
Freeradius Authentication to Actice Directory
I configured a freeradius server which should authenticate users on a Windows 2003 Active Directory server. Here are my configs: http://sanni.org/stuff/radius/clients.conf http://sanni.org/stuff/radius/eap.conf http://sanni.org/stuff/radius/radiusd.conf http://sanni.org/stuff/radius/users The Clients are Windows XP SP2 with WPA2 Patch. If i try to authenticate with a Dell Laptop and its integratet wlan card it works fine (log: http://sanni.org/stuff/radius/works.txt). But if i try to logon on with a PC, which has a USB wlan card (http://www.avm.de/de/Produkte/FRITZB...ick/index.html) i get "Exec-Program output: Logon failure (0xc000006d)". Settings are the same. And the USB stick works in the Laptop also. I seems that the freeradius works correct with laptops, but why doesn't it work with normal PCs. Here is the full debug, of a try with a normal PC: root@lmtsu001:/var/log/radius# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/eap.conf main: prefix = "" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /lib Module: Loaded PAP pap: encryption_scheme = "md5" pap: auto_header = no Module: Instantiated pap (pap) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/lmtsu001.pem" tls: certificate_file = "/etc/raddb/certs/lmtsu001.pem" tls: CA_file = "/etc/raddb/certs/LiebherrRootCA.pem" tls: private_key_password = "secret" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.5.253.161:32768, id=20, length=192 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x02020013014c4d5457324b5c6c6d7465647630 Message-Authenticator = 0xdddd1f4219da4e9ab9795e715ae0852d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 modcall[authorize]: module "files" returns notfound for request 0 rlm_eap: EAP packet type response id 2 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 20 to 10.5.253.161 port 32768 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa95f7b6453528d1cff0d066b3104a7f6 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=21, length=271 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x0203005019800000004616030100410100003d030145dd99 4586ca939faaaeaba54545809612b1e8f0a0ca8e00c8630a29 d87109c900001600040005000a000900640062000300060013 001200630100 State = 0xa95f7b6453528d1cff0d066b3104a7f6 Message-Authenticator = 0x19fbf8bedb7f072096c22e5a04418ac1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 modcall[authorize]: module "files" returns notfound for request 1 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0474], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 21 to 10.5.253.161 port 32768 EAP-Message = 0x0104040a19c0000004d1160301004a02000046030145dd99 3e78c0527b162d5f7e38ecc295064684576f281936e17393ec 79554b9420a92ab4e0e944eb0f2c7e1f42a712fcf9099fae74 a95aa19e9725c037390cfe8500040016030104740b00047000 046d00046a308204663082034ea003020102020a44445dec00 01000008bb300d06092a864886f70d01010505003054310b30 090603550406130244453111300f060355040a13084c696562 686572723111300f060355040b13085a4544562d4f5247311f 301d060355040313164c69656268657272456e746572707269 736543413031301e170d3037303132353134353733395a170d 31303031 EAP-Message = 0x32343134353733395a3081b4310b30090603550406130244 45311b301906035504081312426164656e2057756572747465 6d626572673119301706035504071310426164205363687573 73656e726965643111300f060355040a13084c696562686572 72310c300a060355040b13034c4d543120301e060355040313 176c6d7473753030312e6c6d742e6c696562686572722e6931 2a302806092a864886f70d010901161b6d69636861656c2e64 657765696e406c696562686572722e636f6d30819f300d0609 2a864886f70d010101050003818d0030818902818100b36949 4643464bc0605937bc85aec08540102c9cf5ae605ec1855ff2 ed635dbf EAP-Message = 0x3c64d3242c426067843f1d6555523c5d0e2697dab98a8685 2477ec576ec552e36da7cdf78812851ba984b352ea4b88c7b7 c9d323fe4d10b8406cdc40b69110ace0ef94431baa7fecb716 dccdaa298ca31bcc05933b9357a5813a2afca1522c25020301 0001a382015b30820157300b0603551d0f0404030205a0301d 0603551d0e0416041483d2835d90edabd0529874fbae5d7a53 4e20c5a7303b06092b0601040182371507042e302c06242b06 0104018237150885b9b113e8be6587d99111e0d81382c1ba07 817081d1953f9daa24020164020106301f0603551d23041830 1680145d8e0e61cd050d159d72d205abd7775fb09cbac43046 0603551d EAP-Message = 0x1f043f303d303ba039a0378635687474703a2f2f6470312e 6c696562686572722e636f6d2f4c69656268657272456e7465 727072697365434130312831292e63726c305106082b060105 0507010104453043304106082b060105050730028635687474 703a2f2f6470312e6c696562686572722e636f6d2f4c696562 68657272456e7465727072697365434130312831292e637274 30130603551d25040c300a06082b06010505070301301b0609 2b060104018237150a040e300c300a06082b06010505070301 300d06092a864886f70d0101050500038201010014e9db390f 59b52bc62469fe2013c9ce9ade4435a91add0cbdb98142d292 68383af4 EAP-Message = 0xf6307c4d76f61ad1a2b57f53c38f870bded3021a9f1d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4afc67a3e8014fee131055371aa38023 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=22, length=197 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x020400061900 State = 0x4afc67a3e8014fee131055371aa38023 Message-Authenticator = 0x299c938225edf0c465675cbec851f3d1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 modcall[authorize]: module "files" returns notfound for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 22 to 10.5.253.161 port 32768 EAP-Message = 0x010500d719004e8f1edcca934c54c42f6f512d7d25b9ef39 fe2c6e15c74264b2734400b8aa05d51c9607fd98008e50cb6c 5daa5630305585d45185dd6bea73fb29de949e8a3614520437 24878b2d5112db973dcbd6b4fabbd77086c4320d49a4bbc671 e09e032bf32127ad0f76c6543883cc11336e07ad341ac8e5bc e9a941e3cb8f85d80de4e34b53dc7774d176be2616193cec81 21c1c195f88ea1513e8589e8675fcb20809566ff30fa456a00 a9f066a81bdc848c2140ec6e5589a7da0d1ec84ceb28a3e2ca 8851cede63bbb716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x530b2dba728bbaa88434d2d0792a4a28 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=23, length=383 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x020500c01980000000b616030100861000008200803fff72 d54b14ed9df96aeb3fe68043f44992f3ebddf67c1b42a23376 810cb99c04c51e873ec6305fa2ca19774ce4992c86792b7187 d6acb390335e4e56ae11967f63353c641d15ee982e9795e859 d787140055b6993c41f5ea8da9b58149cd78f94d6cbbf43c2e f9163274e3723455b5cca3e050dae91f647f2da364b0b2e322 140301000101160301002070573150efbe715780423828c05b 5fb3a1bf18338ab44785fddcc5593af59157 State = 0x530b2dba728bbaa88434d2d0792a4a28 Message-Authenticator = 0xd94e80495369db6b588447a6e209e185 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 modcall[authorize]: module "files" returns notfound for request 3 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 23 to 10.5.253.161 port 32768 EAP-Message = 0x0106003119001403010001011603010020371c7467b748a1 33b50fd00510553f3bb3b2454509afc6b0c0f78d5d52dbd8b3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfa3d7a965dd0ad213b7e4b58554e38dc Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=24, length=197 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x020600061900 State = 0xfa3d7a965dd0ad213b7e4b58554e38dc Message-Authenticator = 0xcd43325aa4181859a93c812343af9008 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 modcall[authorize]: module "files" returns notfound for request 4 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 24 to 10.5.253.161 port 32768 EAP-Message = 0x010700201900170301001591a2d21ce9953bc2b489072a8b e60b8fb76e64d61c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x239b7587e5d69633313552d097ccd5ce Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=25, length=233 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x0207002a1900170301001fd67e5d53095da3e44b5bae83c9 b5c86e8a74d67efc0aaffd881709822ab76e State = 0x239b7587e5d69633313552d097ccd5ce Message-Authenticator = 0xf555dcfbbd229d838e3680f49290f0a4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 modcall[authorize]: module "files" returns notfound for request 5 rlm_eap: EAP packet type response id 7 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - LMTW2K\lmtedv0 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of LMTW2K\lmtedv0 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to LMTW2K\lmtedv0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 modcall[authorize]: module "files" returns notfound for request 5 rlm_eap: EAP packet type response id 7 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 25 to 10.5.253.161 port 32768 EAP-Message = 0x0108003f190017030100344db8a99be139eaac9dd7ebd5f8 5642c00726a56913fd781c51c94645fadef1cf3aae988f035e 7624bb08f338b4f2ee27085e83a4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd89568e532d25257fb891e6d0cc2a2dd Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=26, length=287 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x020800601900170301005536511a892ca59ce94a2a971136 f8ff49a3ee3b0992110977ef18cb3c7064117b3c0a316b26fe 6d508e0551811c491cbdfa33b9717a471c782786181892662e e41a462d130ddc4f59f0c9bccf8c93daf3d3dc7de764 State = 0xd89568e532d25257fb891e6d0cc2a2dd Message-Authenticator = 0x154cd4e6319551e54988fd8aa494aa4d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 modcall[authorize]: module "files" returns notfound for request 6 rlm_eap: EAP packet type response id 8 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to LMTW2K\lmtedv0 PEAP: Adding old state with fc 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 modcall[authorize]: module "files" returns notfound for request 6 rlm_eap: EAP packet type response id 8 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for lmtedv0 with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=lmtedv0' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: fc radius_xlat: '--challenge=0db1cf76e0c965cb' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=12a9fde094819f06320066f1e7dfe14a3592948c3 1aee8bd' Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [LMTW2K\\lmtedv0] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 26 to 10.5.253.161 port 32768 EAP-Message = 0x010900261900170301001b2939686bcf3fef828e50293342 fcbfa3dabbb7981f84c2d20af334 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x543585135e55b58d928a2a90b9f60379 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.5.253.161:32768, id=27, length=229 User-Name = "LMTW2K\\lmtedv0" Calling-Station-Id = "00-04-0E-FC-54-BA" Called-Station-Id = "00-19-A9-FD-9E-A0:DATA" NAS-Port = 29 NAS-IP-Address = 10.5.253.161 NAS-Identifier = "Cisco_71:72:27" Airespace-Wlan-Id = 1 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "20" EAP-Message = 0x020900261900170301001bdb86f77b75f354a83e03cdef13 66f87ebbd85c6a045e8f835d742d State = 0x543585135e55b58d928a2a90b9f60379 Message-Authenticator = 0x18b6efd956617405afa59369cf816869 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "LMTW2K\lmtedv0", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 modcall[authorize]: module "files" returns notfound for request 7 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Login incorrect: [LMTW2K\\lmtedv0] (from client lmt-wc01 port 29 cli 00-04-0E-FC-54-BA) Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... -- View this message in context: http://www.nabble.com/Freeradius-Aut....html#a9101194 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
