LinuxQuestions.org - [SOLVED] FreeRadius PEAP auth help!

Wireless ------- (Access Point : Smartbridges )-------- DNS server (FreeRadius PEAP).

Wirelss Client (XP)
192.168.2.0/24
|
|
=======================================================================
SmartBridge SB3210 Access Point |
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Wireless interface 192.168.2.10 |
Sub 255.255.255.0 |
_______________________________ |
Bridging Interface 192.168.0.3 |
Sub 255.255.255.0 |
GW 192.168.0.1 |
DNS : 192.168.1.4 |
DHCP : Disabled |
|
Security |
WPA - Radius |
|
Routing Table |
Destination Gateway Mask Flags Metric Interface Type|
192.168.2.0 * 255.255.255.0 U 0 Radio D |
192.168.0.0 * 255.255.255.0 U 0 Ethernet D |
224.0.0.0 * 240.0.0.0. U 0 Ethernet D |
default 192.168.0.1 0.0.0.0 UG 0 Ethernet D |
|
Add Static Route |
Network IP Address __.__.__.__ |
Gateway __.__.__.__ |
Mask __.__.__.__ |
Metric __ |
Interface [Radio / Ethernet] |
|
IP / Port Forwarding |
Application : _________________ |
Protocol : [TCP / UDP / BOTH ] |
Destination start port : ______ Destination End Port : ______ |
Destination IP Add : __.__.__.__ Destination Map Port : ______ |
|
Added List |
Sr.no Application Dest.start Dest.End Dest.Protocol Dest.IP:Map Port |
1 Radius 1812 1813 both 192.168.2.10 :1812|
|
========================================================================
|
|
+++++++++++++++++++++++++++++++++++++++++
eth0 192.168.0.1 +
+
Linux RHEL5 +
eth1 192.168.1.4 +
DNS, DHCP, Iptabels server, +
Apache (httpd). +
+++++++++++++++++++++++++++++++++++++++++

I suspect a few think that cause the errors
Wireless configuration or NAS hence NAS-IP-Address = 0.0.0.0
Its suppose to be some IP address like Wireless IP : 192.168.0.3
secondly MS-CHAP-Error = "\010E=691 R=1". I do not implement eDirect.
Thirdly, there is not NAS-Port?

Anyone have any idea what's wrong? ready don't know what to do now!

Here the FreeRadius Log:

Sending Access-Challenge of id 38 to 192.168.0.3 port 1025
EAP-Message = 0x010403fc1940020102020900f0dbe98bb952d8df300d06092a864886f70d0101050500308193310b300906035504061302 4944310e300c060355040813054b65707269310e300c06035504071305426174616d31153013060355040a130c6d61727369 6e646f2e636f6d3125302306092a864886f70d01090116166d617273696e646f2e636f6d40676d61696c2e636f6d31263024 0603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31303034303331353237 33355a170d3230303333313135323733355a308193310b3009060355040613024944310e300c060355040813054b65707269 310e300c
EAP-Message = 0x06035504071305426174616d31153013060355040a130c6d617273696e646f2e636f6d3125302306092a864886f70d0109 0116166d617273696e646f2e636f6d40676d61696c2e636f6d312630240603550403131d4578616d706c6520436572746966 696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ebdc 67015ca784f67f3e56767b8baad92391129b5fb663f61285cceae01d786f27dfe08033079f4754070c33e4d482edc38e8c5e fc6acb06543b7e9926d5fb8ae4119effd874e718ad184e648167f5dfb17951d73a288f7a34a519c0e2057e820d0bea05ec02 90f1d68b
EAP-Message = 0xd8db26898f41278793f8b4634fee64e6b3c3683bbc983bf9cb5d46e19efab63b865c80ec964ce4b33610caafcf6aa9375b 4567556cacb1a1ae9e92fdea1314e01f631e9c5bb79805cb5a50db207f225974279baf4d4ca3d176a6a3e2265d3392d29be1 fb3355afa85c982aa5b255f07886738ebb51c6535be6c1036d2541dba262a4ae8db14cc28375b5628e29eb15836f38412683 7f0203010001a381fb3081f8301d0603551d0e04160414f2925e4d0aaf6704093b10b66ff9a3be7df032f03081c80603551d 230481c03081bd8014f2925e4d0aaf6704093b10b66ff9a3be7df032f0a18199a48196308193310b30090603550406130249 44310e30
EAP-Message = 0x0c060355040813054b65707269310e300c06035504071305426174616d31153013060355040a130c6d617273696e646f2e 636f6d3125302306092a864886f70d01090116166d617273696e646f2e636f6d40676d61696c2e636f6d3126302406035504 03131d4578616d706c6520436572746966696361746520417574686f72697479820900f0dbe98bb952d8df300c0603551d13 040530030101ff300d06092a864886f70d01010505000382010100b3660043e867e08612eb397c13a075a7f4c3cc82029779 b37697a46bda58340d7b22d0a92b6adda3d93e2b346aeccb08a399eb1f5a81fc4ca35faaa197bacac9ed80fa8c1eebbfb224 e325ce9c
EAP-Message = 0xe4e3d1001ac7c779
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279871b93eb1f96352cba5144b6d
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=40, length=181
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279871b93eb1f96352cba5144b6d
EAP-Message = 0x020400061900
Message-Authenticator = 0xbc48e50a1f2ab04aeeed9c87aebba1f8
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:32 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 40 to 192.168.0.3 port 1025
EAP-Message = 0x010502cc19002374f11dd6b0708640efd6b2de11978560442a9e3c8793f9881f4c925d79947a804e9cf80f7113c7431598 721c990dc9f18e63f703a5a2ab33f3da3178e91cebbe8b826f7926e55579c70f958803395c8510a8f1c95a7761507c72f685 0e517aa4a859a4c5708029538d938dc3f4fba1d97d74dce4932b1a7e10bfbdb921d4608b70672b09bbe3125004c179f4af87 cba3843fd42fc4ac27b7a14c3edc57fad76ea2bd2a1737fe8141aed3160301020d0c00020900808f4e860d256fc16a1a2e5f 0bc7c3803a712266a5af98229883324fbb0628ac32499d74a94559c852c137f6ac623bed51acc87a48c9d108ae9e04cfbd98 744a963c
EAP-Message = 0x7b0b1ca9ebfe4d580c6896123092842d004c80b73083f3c5d85330d2407de02c0cd9465fbdec9ad1fa84f9cdba01f18a4e c0acf5734d5188cc90aa412843cb0001020080741260d389c7fd1061a0dbee8e4c392bbb8dfe954d5ee4f68057250264e929 d573d6847c98f6caad55b98f1ccedeabcab1e7095a0760d95ce3fa67b0d3d74dab7bd4a8528c77e717655cd391fa6b3779f4 36c755463bb24c0435592efd99885d0108160b414cbc970ea2e2ad7492eb4b2e5a78b542cfca091f0526f13226a1e4010030 f7c88bfb10728bee51b42d3711ec35249b07bf4295b00eef7f7e57fa7c713d0b87667b0e37a67383ca462a8b6ad27fca5399 0cdc5bc6
EAP-Message = 0xed3d2099c536a6cf386e59c571e46ed3bc5bcc9ca3bec405ab15ffe7632749d239e92254bed906e2f2b4fd43e801527a8a 717895b29163c58fd46ea23c76dd222b30a1d25c74daaa43c9dcfab6269334334a4d1f6b03db5ff1ebe8bd0f4450da87a90b 4f7a3db24abafcc47be11b978740a4f8117b75d4f7070de9b152bfdbbe69d76bab30f8f780700dcbddad76b53ff7530349eb 727f3ed68839211c93ff86f5e07c4cbecdc7ff34a3c847c23598c45d6aea37661c1cafb2b0d82a1ba2168e04f337069ea7a7 c71b16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279870b83eb1f96352cba5144b6d
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=42, length=375
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279870b83eb1f96352cba5144b6d
EAP-Message = 0x020500c81980000000be16030100861000008200804971ade53be6bcebffc084f2c3724e36877a322ed8f8629a15d3aa0b 9b0b5f5f22934f81fd253da2447e1a2cc2a022a0ce78526761ebe3309db257a1cad3e222828e85bcad464e99a2adfa6c89e1 83b5ac59e9906aafb4cd49b2c43ab00ea268335f44c8af91fbf998c42f3baffed564c57be048a9375400ccd844cedfb4a4f3 1403010001011603010028b0ed7f85718cfd03886475a13b51a3f62c91f724a86656d84bc1b6fc02159cb0d9f5a0b061a2e3 5c
Message-Authenticator = 0x2c59c0fd3562d87fb77b1a2cc9732992
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:33 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 200
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 190
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 42 to 192.168.0.3 port 1025
EAP-Message = 0x0106003919001403010001011603010028654e5b6ee248fef071ed5bbc91972b1f5cb993d5b2863e6c5bfd37183b061a71 c5af6b2ff130634a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279877bb3eb1f96352cba5144b6d
Finished request 4.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=44, length=181
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279877bb3eb1f96352cba5144b6d
EAP-Message = 0x020600061900
Message-Authenticator = 0x544fd6a7d6ad2f2ccac2e9aed3a06acf
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:33 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 44 to 192.168.0.3 port 1025
EAP-Message = 0x0107002b190017030100201148b34d507a70cb2efd1379ce0bcdc6add56e8c92fa2eeb939546554c1d6d70
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279876ba3eb1f96352cba5144b6d
Finished request 5.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=46, length=263
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279876ba3eb1f96352cba5144b6d
EAP-Message = 0x02070058190017030100183c528aa0e5ebc5af87ddc810c814fb0cd09373bfdae36d4817030100304a1021dd65609521b6 6e12d01ec0be84d302d5b6f69850061cbc37a5c73e7ecee1219494f33c4fdb887f8bb92b01968c
Message-Authenticator = 0x13e4f7a9d1e58c6de8b6b115bd5a82b9
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:33 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 88
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - GRACELIA-4E4DD9\gracelia
[peap] Got tunneled request
EAP-Message = 0x0207001d0147524143454c49412d3445344444395c67726163656c6961
server {
PEAP: Got tunneled identity of GRACELIA-4E4DD9\gracelia
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to GRACELIA-4E4DD9\gracelia
Sending tunneled request
EAP-Message = 0x0207001d0147524143454c49412d3445344444395c67726163656c6961
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "GRACELIA-4E4DD9\\gracelia"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 29
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry GRACELIA-4E4DD9\gracelia at line 94
[files] expand: Hello, %{User-Name} -> Hello, GRACELIA-4E4DD9\gracelia
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia"
EAP-Message = 0x010800321a0108002d107a42333d5241931274a11c7a4c5e9bcf47524143454c49412d3445344444395c67726163656c69 61
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x903896fd90308c035f9e5f144e4ca6d3
[peap] Got tunneled reply RADIUS code 11
Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia"
EAP-Message = 0x010800321a0108002d107a42333d5241931274a11c7a4c5e9bcf47524143454c49412d3445344444395c67726163656c69 61
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x903896fd90308c035f9e5f144e4ca6d3
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 46 to 192.168.0.3 port 1025
EAP-Message = 0x01080053190017030100486f59f3981d974346ddd4f0e84b1478201e806f386226159056421d226c48fae03bac2ad77ad4 9401625e5995fc025cdc874c7fcb74f2e1ec1155c80f39722d29815a5c5b43f77bc8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279875b53eb1f96352cba5144b6d
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=48, length=303
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279875b53eb1f96352cba5144b6d
EAP-Message = 0x0208008019001703010018f5b1d65c4ba3f9ea138b1af8789f9f3fb7969005c876e86317030100589f5190a7f24e29d802 68390a1c8ec8d0f9f54c75e2c2af0617e90d98ce1dd374f4f4c5f68d1242e8028d6d3b482637d547b77848c079cd41318478 c2be342ec92f21336f310d106f834c687154463acdfe16dee5f628b25d
Message-Authenticator = 0x2aaba34d54a546f219517fabb7d276a6
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:33 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 128
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020800471a02080042310be4bdddde252242e04e348510d4ea7d0000000000000000c677b9802342af732ee685a59acc4d f60fd84a62743e4bc8006d617273696e646f2e636f6d
server {
PEAP: Setting User-Name to GRACELIA-4E4DD9\gracelia
Sending tunneled request
EAP-Message = 0x020800471a02080042310be4bdddde252242e04e348510d4ea7d0000000000000000c677b9802342af732ee685a59acc4d f60fd84a62743e4bc8006d617273696e646f2e636f6d
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "GRACELIA-4E4DD9\\gracelia"
State = 0x903896fd90308c035f9e5f144e4ca6d3
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 71
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry GRACELIA-4E4DD9\gracelia at line 94
[files] expand: Hello, %{User-Name} -> Hello, GRACELIA-4E4DD9\gracelia
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack?
[mschap] Told to do MS-CHAPv2 for GRACELIA-4E4DD9\gracelia with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [GRACELIA-4E4DD9\\gracelia] (from client radius port 0 via TLS tunnel)
} # server inner-tunnel
[peap] Got tunneled reply code 3
Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia"
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
Reply-Message = "Hello, GRACELIA-4E4DD9\\gracelia"
MS-CHAP-Error = "\010E=691 R=1"
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 48 to 192.168.0.3 port 1025
EAP-Message = 0x0109002b190017030100200eaeca51af41abb55948fb1bcd8027578dbcfcf2d3c7b9ccc071a2704eb6e3ee
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73bd279874b43eb1f96352cba5144b6d
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.0.3 port 1025, id=50, length=247
User-Name = "GRACELIA-4E4DD9\\gracelia"
NAS-IP-Address = 0.0.0.0
Framed-MTU = 1488
Called-Station-Id = "00:00:10:00:00:00"
Calling-Station-Id = "00:10:00:10:00:08"
NAS-Port-Type = Wireless-802.11
NAS-Identifier = "127.0.0.1"
Connect-Info = "CONNECT 11Mbps 802.11b"
State = 0x73bd279874b43eb1f96352cba5144b6d
EAP-Message = 0x0209004819001703010018e18c4fa14b7ac7e79812eba0eb3d965bc1d177eaae9044a2170301002006657b40483d11fdf6 b473904953585ddb1d5561f70af4904ab971c1eb5d9082
Message-Authenticator = 0x024b616ff4b1c86100040ec8d36f9512
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.0.3/auth-detail-20100519
[auth_log] expand: %t -> Wed May 19 11:32:33 2010
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "GRACELIA-4E4DD9\gracelia", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [GRACELIA-4E4DD9\\gracelia] (from client radius port 0 cli 00:1c:f0:10:56:b8)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> GRACELIA-4E4DD9\gracelia
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 50 to 192.168.0.3 port 1025
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.3 seconds.
Cleaning up request 0 ID 34 with timestamp +15
Cleaning up request 1 ID 36 with timestamp +15
Waking up in 0.1 seconds.
Cleaning up request 2 ID 38 with timestamp +15
Cleaning up request 3 ID 40 with timestamp +15
Cleaning up request 4 ID 42 with timestamp +16
Waking up in 0.1 seconds.
Cleaning up request 5 ID 44 with timestamp +16
Cleaning up request 6 ID 46 with timestamp +16
Cleaning up request 7 ID 48 with timestamp +16
Waking up in 1.1 seconds.
Cleaning up request 8 ID 50 with timestamp +16
Ready to process requests.