FreeRadius PEAP auth help!
Wireless ------- (Access Point : Smartbridges )-------- DNS server (FreeRadius PEAP).
Wirelss Client (XP) 192.168.2.0/24 | | ======================================================================= SmartBridge SB3210 Access Point | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Wireless interface 192.168.2.10 | Sub 255.255.255.0 | _______________________________ | Bridging Interface 192.168.0.3 | Sub 255.255.255.0 | GW 192.168.0.1 | DNS : 192.168.1.4 | DHCP : Disabled | | Security | WPA - Radius | | Routing Table | Destination Gateway Mask Flags Metric Interface Type| 192.168.2.0 * 255.255.255.0 U 0 Radio D | 192.168.0.0 * 255.255.255.0 U 0 Ethernet D | 224.0.0.0 * 240.0.0.0. U 0 Ethernet D | default 192.168.0.1 0.0.0.0 UG 0 Ethernet D | | Add Static Route | Network IP Address __.__.__.__ | Gateway __.__.__.__ | Mask __.__.__.__ | Metric __ | Interface [Radio / Ethernet] | | IP / Port Forwarding | Application : _________________ | Protocol : [TCP / UDP / BOTH ] | Destination start port : ______ Destination End Port : ______ | Destination IP Add : __.__.__.__ Destination Map Port : ______ | | Added List | Sr.no Application Dest.start Dest.End Dest.Protocol Dest.IP:Map Port | 1 Radius 1812 1813 both 192.168.2.10 :1812| | ======================================================================== | | +++++++++++++++++++++++++++++++++++++++++ eth0 192.168.0.1 + + Linux RHEL5 + eth1 192.168.1.4 + DNS, DHCP, Iptabels server, + Apache (httpd). + +++++++++++++++++++++++++++++++++++++++++ I suspect a few think that cause the errors Wireless configuration or NAS hence NAS-IP-Address = 0.0.0.0 Its suppose to be some IP address like Wireless IP : 192.168.0.3 secondly MS-CHAP-Error = "\010E=691 R=1". I do not implement eDirect. Thirdly, there is not NAS-Port? Anyone have any idea what's wrong? ready don't know what to do now! Here the FreeRadius Log: Sending Access-Challenge of id 38 to 192.168.0.3 port 1025 EAP-Message = 0x010403fc1940020102020900f0dbe98bb952d8df300d06092a864886f70d0101050500308193310b300906035504061302 4944310e300c060355040813054b65707269310e300c06035504071305426174616d31153013060355040a130c6d61727369 6e646f2e636f6d3125302306092a864886f70d01090116166d617273696e646f2e636f6d40676d61696c2e636f6d31263024 0603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31303034303331353237 33355a170d3230303333313135323733355a308193310b3009060355040613024944310e300c060355040813054b65707269 310e300c EAP-Message = 0x06035504071305426174616d31153013060355040a130c6d617273696e646f2e636f6d3125302306092a864886f70d0109 0116166d617273696e646f2e636f6d40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966 696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ebdc 67015ca784f67f3e56767b8baad92391129b5fb663f61285cceae01d786f27dfe08033079f4754070c33e4d482edc38e8c5e fc6acb06543b7e9926d5fb8ae4119effd874e718ad184e648167f5dfb17951d73a288f7a34a519c0e2057e820d0bea05ec02 90f1d68b EAP-Message = 0xd8db26898f41278793f8b4634fee64e6b3c3683bbc983bf9cb5d46e19efab63b865c80ec964ce4b33610caafcf6aa9375b 4567556cacb1a1ae9e92fdea1314e01f631e9c5bb79805cb5a50db207f225974279baf4d4ca3d176a6a3e2265d3392d29be1 fb3355afa85c982aa5b255f07886738ebb51c6535be6c1036d2541dba262a4ae8db14cc28375b5628e29eb15836f38412683 7f0203010001a381fb3081f8301d0603551d0e04160414f2925e4d0aaf6704093b10b66ff9a3be7df032f03081c80603551d 230481c03081bd8014f2925e4d0aaf6704093b10b66ff9a3be7df032f0a18199a48196308193310b30090603550406130249 44310e30 EAP-Message = 0x0c060355040813054b65707269310e300c06035504071305426174616d31153013060355040a130c6d617273696e646f2e 636f6d3125302306092a864886f70d01090116166d617273696e646f2e636f6d40676d61696c2e636f6d3126302406035504 03131d4578616d706c6520436572746966696361746520417574686f72697479820900f0dbe98bb952d8df300c0603551d13 040530030101ff300d06092a864886f70d01010505000382010100b3660043e867e08612eb397c13a075a7f4c3cc82029779 b37697a46bda58340d7b22d0a92b6adda3d93e2b346aeccb08a399eb1f5a81fc4ca35faaa197bacac9ed80fa8c1eebbfb224 e325ce9c EAP-Message = 0xe4e3d1001ac7c779 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279871b93eb1f96352cba5144b6d Finished request 2. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=40, length=181 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279871b93eb1f96352cba5144b6d EAP-Message = 0x020400061900 Message-Authenticator = 0xbc48e50a1f2ab04aeeed9c87aebba1f8 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:32 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 40 to 192.168.0.3 port 1025 EAP-Message = 0x010502cc19002374f11dd6b0708640efd6b2de11978560442a9e3c8793f9881f4c925d79947a804e9cf80f7113c7431598 721c990dc9f18e63f703a5a2ab33f3da3178e91cebbe8b826f7926e55579c70f958803395c8510a8f1c95a7761507c72f685 0e517aa4a859a4c5708029538d938dc3f4fba1d97d74dce4932b1a7e10bfbdb921d4608b70672b09bbe3125004c179f4af87 cba3843fd42fc4ac27b7a14c3edc57fad76ea2bd2a1737fe8141aed3160301020d0c00020900808f4e860d256fc16a1a2e5f 0bc7c3803a712266a5af98229883324fbb0628ac32499d74a94559c852c137f6ac623bed51acc87a48c9d108ae9e04cfbd98 744a963c EAP-Message = 0x7b0b1ca9ebfe4d580c6896123092842d004c80b73083f3c5d85330d2407de02c0cd9465fbdec9ad1fa84f9cdba01f18a4e c0acf5734d5188cc90aa412843cb0001020080741260d389c7fd1061a0dbee8e4c392bbb8dfe954d5ee4f68057250264e929 d573d6847c98f6caad55b98f1ccedeabcab1e7095a0760d95ce3fa67b0d3d74dab7bd4a8528c77e717655cd391fa6b3779f4 36c755463bb24c0435592efd99885d0108160b414cbc970ea2e2ad7492eb4b2e5a78b542cfca091f0526f13226a1e4010030 f7c88bfb10728bee51b42d3711ec35249b07bf4295b00eef7f7e57fa7c713d0b87667b0e37a67383ca462a8b6ad27fca5399 0cdc5bc6 EAP-Message = 0xed3d2099c536a6cf386e59c571e46ed3bc5bcc9ca3bec405ab15ffe7632749d239e92254bed906e2f2b4fd43e801527a8a 717895b29163c58fd46ea23c76dd222b30a1d25c74daaa43c9dcfab6269334334a4d1f6b03db5ff1ebe8bd0f4450da87a90b 4f7a3db24abafcc47be11b978740a4f8117b75d4f7070de9b152bfdbbe69d76bab30f8f780700dcbddad76b53ff7530349eb 727f3ed68839211c93ff86f5e07c4cbecdc7ff34a3c847c23598c45d6aea37661c1cafb2b0d82a1ba2168e04f337069ea7a7 c71b16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279870b83eb1f96352cba5144b6d Finished request 3. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=42, length=375 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279870b83eb1f96352cba5144b6d EAP-Message = 0x020500c81980000000be16030100861000008200804971ade53be6bcebffc084f2c3724e36877a322ed8f8629a15d3aa0b 9b0b5f5f22934f81fd253da2447e1a2cc2a022a0ce78526761ebe3309db257a1cad3e222828e85bcad464e99a2adfa6c89e1 83b5ac59e9906aafb4cd49b2c43ab00ea268335f44c8af91fbf998c42f3baffed564c57be048a9375400ccd844cedfb4a4f3 1403010001011603010028b0ed7f85718cfd03886475a13b51a3f62c91f724a86656d84bc1b6fc02159cb0d9f5a0b061a2e3 5c Message-Authenticator = 0x2c59c0fd3562d87fb77b1a2cc9732992 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:33 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 200 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 42 to 192.168.0.3 port 1025 EAP-Message = 0x0106003919001403010001011603010028654e5b6ee248fef071ed5bbc91972b1f5cb993d5b2863e6c5bfd37183b061a71 c5af6b2ff130634a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279877bb3eb1f96352cba5144b6d Finished request 4. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=44, length=181 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279877bb3eb1f96352cba5144b6d EAP-Message = 0x020600061900 Message-Authenticator = 0x544fd6a7d6ad2f2ccac2e9aed3a06acf +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:33 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 44 to 192.168.0.3 port 1025 EAP-Message = 0x0107002b190017030100201148b34d507a70cb2efd1379ce0bcdc6add56e8c92fa2eeb939546554c1d6d70 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279876ba3eb1f96352cba5144b6d Finished request 5. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=46, length=263 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279876ba3eb1f96352cba5144b6d EAP-Message = 0x02070058190017030100183c528aa0e5ebc5af87ddc810c814fb0cd09373bfdae36d4817030100304a1021dd65609521b6 6e12d01ec0be84d302d5b6f69850061cbc37a5c73e7ecee1219494f33c4fdb887f8bb92b01968c Message-Authenticator = 0x13e4f7a9d1e58c6de8b6b115bd5a82b9 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:33 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 88 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - GRACELIA-4E4DD9\gracelia [peap] Got tunneled request EAP-Message = 0x0207001d0147524143454c49412d3445344444395c67726163656c6961 server { PEAP: Got tunneled identity of GRACELIA-4E4DD9\gracelia PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to GRACELIA-4E4DD9\gracelia Sending tunneled request EAP-Message = 0x0207001d0147524143454c49412d3445344444395c67726163656c6961 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "GRACELIA-4E4DD9\\gracelia" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 29 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry GRACELIA-4E4DD9\gracelia at line 94 [files] expand: Hello, %{User-Name} -> Hello, GRACELIA-4E4DD9\gracelia ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia" EAP-Message = 0x010800321a0108002d107a42333d5241931274a11c7a4c5e9bcf47524143454c49412d3445344444395c67726163656c69 61 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x903896fd90308c035f9e5f144e4ca6d3 [peap] Got tunneled reply RADIUS code 11 Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia" EAP-Message = 0x010800321a0108002d107a42333d5241931274a11c7a4c5e9bcf47524143454c49412d3445344444395c67726163656c69 61 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x903896fd90308c035f9e5f144e4ca6d3 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 46 to 192.168.0.3 port 1025 EAP-Message = 0x01080053190017030100486f59f3981d974346ddd4f0e84b1478201e806f386226159056421d226c48fae03bac2ad77ad4 9401625e5995fc025cdc874c7fcb74f2e1ec1155c80f39722d29815a5c5b43f77bc8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279875b53eb1f96352cba5144b6d Finished request 6. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=48, length=303 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279875b53eb1f96352cba5144b6d EAP-Message = 0x0208008019001703010018f5b1d65c4ba3f9ea138b1af8789f9f3fb7969005c876e86317030100589f5190a7f24e29d802 68390a1c8ec8d0f9f54c75e2c2af0617e90d98ce1dd374f4f4c5f68d1242e8028d6d3b482637d547b77848c079cd41318478 c2be342ec92f21336f310d106f834c687154463acdfe16dee5f628b25d Message-Authenticator = 0x2aaba34d54a546f219517fabb7d276a6 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:33 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 128 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800471a02080042310be4bdddde252242e04e348510d4ea7d0000000000000000c677b9802342af732ee685a59acc4d f60fd84a62743e4bc8006d617273696e646f2e636f6d server { PEAP: Setting User-Name to GRACELIA-4E4DD9\gracelia Sending tunneled request EAP-Message = 0x020800471a02080042310be4bdddde252242e04e348510d4ea7d0000000000000000c677b9802342af732ee685a59acc4d f60fd84a62743e4bc8006d617273696e646f2e636f6d FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "GRACELIA-4E4DD9\\gracelia" State = 0x903896fd90308c035f9e5f144e4ca6d3 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 71 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry GRACELIA-4E4DD9\gracelia at line 94 [files] expand: Hello, %{User-Name} -> Hello, GRACELIA-4E4DD9\gracelia ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack? [mschap] Told to do MS-CHAPv2 for GRACELIA-4E4DD9\gracelia with NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [GRACELIA-4E4DD9\\gracelia] (from client radius port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia" MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia" MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 48 to 192.168.0.3 port 1025 EAP-Message = 0x0109002b190017030100200eaeca51af41abb55948fb1bcd8027578dbcfcf2d3c7b9ccc071a2704eb6e3ee Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73bd279874b43eb1f96352cba5144b6d Finished request 7. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=50, length=247 User-Name = "GRACELIA-4E4DD9\\gracelia" NAS-IP-Address = 0.0.0.0 Framed-MTU = 1488 Called-Station-Id = "00:00:10:00:00:00" Calling-Station-Id = "00:10:00:10:00:08" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "127.0.0.1" Connect-Info = "CONNECT 11Mbps 802.11b" State = 0x73bd279874b43eb1f96352cba5144b6d EAP-Message = 0x0209004819001703010018e18c4fa14b7ac7e79812eba0eb3d965bc1d177eaae9044a2170301002006657b40483d11fdf6 b473904953585ddb1d5561f70af4904ab971c1eb5d9082 Message-Authenticator = 0x024b616ff4b1c86100040ec8d36f9512 +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519 [auth_log] expand: %t -> Wed May 19 11:32:33 2010 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 72 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [GRACELIA-4E4DD9\\gracelia] (from client radius port 0 cli 00:1c:f0:10:56:b8) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> GRACELIA-4E4DD9\gracelia attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 50 to 192.168.0.3 port 1025 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.3 seconds. Cleaning up request 0 ID 34 with timestamp +15 Cleaning up request 1 ID 36 with timestamp +15 Waking up in 0.1 seconds. Cleaning up request 2 ID 38 with timestamp +15 Cleaning up request 3 ID 40 with timestamp +15 Cleaning up request 4 ID 42 with timestamp +16 Waking up in 0.1 seconds. Cleaning up request 5 ID 44 with timestamp +16 Cleaning up request 6 ID 46 with timestamp +16 Cleaning up request 7 ID 48 with timestamp +16 Waking up in 1.1 seconds. Cleaning up request 8 ID 50 with timestamp +16 Ready to process requests. |
Your post is marked "[SOLVED]", yet I can scarcely find a question in it, let alone a answer. If you meant this to be marked "[SOLVED]", please provide the solution.
OTOH, if you still need help; perhaps the following advice would help you Edit your OP into a form that would get you an answer: Learn about pastebins & "Code:" blocks -- 86% of your post, 424 out of 692 lines, is taken up w/ a "Here the FreeRadius Log:" entry that obscures your question, it belongs in a pastebin. The 1st 56 lines of your post looked like gibberish, until I pasted them into Kwrite, then I saw that they are an elaborate ASCII art diagram. Unfortunately, at LQ you have to put your ASCII art in a "Code:" block to preserve the spacing. BTW, yours is wide & long enough to deserve its own (separate) pastebin entry. On the plus side, it's a serious & interesting question. |
All times are GMT -5. The time now is 02:28 AM. |