Hi,
Any ideas on this error. Waiting anxiously for some pointer to the right
direction.
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
Thanks
Joseph
"Joseph Silvin"
<[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: Re: rlm_eap_leap: No
User-Password or NT-Password configured for this
eradius.org user
26/05/2004 04:47 PM
Please respond to
freeradius-users
Hi,
Thanks.
I have rectified the password_header and now the Password header is gone.
But still the EAP is not taking the LDAP password ( rlm_eap_leap: Stage
4).
My config:
radiusd.conf
-------------------
default_eap_type = md5
users
-----------
DEFAULT Auth-Type = LDAP
Fall-Through = 1
Instead of this, if I put (as below) manually, the card associated with the
AP. (LDAPPassword is the actual password)
DEFAULT Auth-Type = LDAP, User-Password = "LDAPPassword"
Fall-Through = 1
Waiting for your comments.
Joseph
Revised Log below.
=============================
rad_recv: Access-Request packet from host 192.168.1.7:21646, id=16,
length=125
User-Name = "FAnthony"
Framed-MTU = 1400
Called-Station-Id = "000e.d7b1.008b"
Calling-Station-Id = "000f.2478.85cf"
Message-Authenticator = 0xe8f0eb5a20be270bdf42e04b15641dd6
EAP-Message = 0x0202000d0146416e74686f6e79
NAS-Port-Type = Wireless-802.11
NAS-Port = 495
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.7
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_eap: EAP packet type notification id 2 length 13
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 0
rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'o=MyOrg'
radius_xlat: '(uid=FAnthony)'
ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.1.41:389, authentication 0
rlm_ldap: bind as cn=Admin,o=MyOrg/<deleted> to 192.168.1.41:389
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
ldap_release_conn: Release Id: 0
radius_xlat: '(&(uid=FAnthony)(objectclass=top))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter
(&(uid=FAnthony)(objectclass=top))
rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for FAnthony
radius_xlat: '(uid=FAnthony)'
radius_xlat: 'o=MyOrg'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
rlm_ldap: checking if remote access for FAnthony is allowed by
proposedaltorgunit
rlm_ldap: Added password (91CA074DSFSD4453936C9A32AF) in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user FAnthony authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: EAP packet type notification id 2 length 13
rlm_eap: EAP Start not found
rlm_eap: EAP Identity
rlm_eap: processing type leap
rlm_eap_leap: Stage 2
rlm_eap_leap: Issuing AP Challenge
rlm_eap_leap: Successfully initiated
modcall[authenticate]: module "eap" returns ok for request 0
modcall: group authenticate returns ok for request 0
modcall: entering group post-auth for request 0
radius_xlat: '/var/log/radius/radacct/192.168.1.7/reply-detail-20040524'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.1.7/reply-detail-20040524
modcall[post-auth]: module "reply_log" returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Challenge of id 16 to 192.168.1.7:21646
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x01030018110100087900c7559163b3ae46416e74686f6e79
Message-Authenticator = 0x00000000000000000000000000000000
State =
0x862fd36799ba12ee881a477605e2880b5bd0b140aba87a1a97c697e9e6ca0f3a970c65d2
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.7:21646, id=17,
length=190
User-Name = "FAnthony"
Framed-MTU = 1400
Called-Station-Id = "000e.d7b1.008b"
Calling-Station-Id = "000f.2478.85cf"
Message-Authenticator = 0x61f158e50ab18ae2609916cdde5d3768
EAP-Message =
0x0203002811010018010364ea1f5cfcc8d6a0ce99255ffd208bbc7dd9f77326a246416e74686f6e79
NAS-Port-Type = Wireless-802.11
NAS-Port = 495
State =
0x862fd36799ba12ee881a477605e2880b5bd0b140aba87a1a97c697e9e6ca0f3a970c65d2
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.7
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
rlm_eap: EAP packet type notification id 3 length 40
rlm_eap: EAP Start not found
modcall[authorize]: module "eap" returns updated for request 1
rlm_realm: No '@' in User-Name = "FAnthony", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'o=MyOrg'
radius_xlat: '(uid=FAnthony)'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
ldap_release_conn: Release Id: 0
radius_xlat: '(&(uid=FAnthony)(objectclass=top))'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in OU=MyLoc,O=MyOrg, with filter
(&(uid=FAnthony)(objectclass=top))
rlm_ldap::ldap_groupcmp: User found in group OU=MyLoc,O=MyOrg
ldap_release_conn: Release Id: 0
users: Matched DEFAULT at 156
users: Matched DEFAULT at 175
modcall[authorize]: module "files" returns ok for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for FAnthony
radius_xlat: '(uid=FAnthony)'
radius_xlat: 'o=MyOrg'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=MyOrg, with filter (uid=FAnthony)
rlm_ldap: checking if remote access for FAnthony is allowed by
proposedaltorgunit
rlm_ldap: Added password (91CA074DSFSD4453936C9A32AF) in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user FAnthony authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate for request 1
rlm_eap: EAP packet type notification id 3 length 40
rlm_eap: EAP Start not found
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - leap
rlm_eap: processing type leap
rlm_eap_leap: Stage 4
rlm_eap_leap: FAILED incorrect NtChallengeResponse from AP
modcall[authenticate]: module "eap" returns invalid for request 1
modcall: group authenticate returns invalid for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 17 to 192.168.1.7:21646
EAP-Message = 0x04030004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 16 with timestamp 40b1d05b
Cleaning up request 1 ID 17 with timestamp 40b1d05b
Nothing to do. Sleeping until we see a request.
==============================
Kostas Kalevras
<[EMAIL PROTECTED]> To:
[EMAIL PROTECTED]
Sent by: cc:
[EMAIL PROTECTED] Subject: Re:
rlm_eap_leap: No User-Password or NT-Password configured for this
eradius.org user
26/05/2004 04:27 PM
Please respond to
freeradius-users
On Wed, 26 May 2004, Joseph Silvin wrote:
> Hi,
>
> I am trying to authenticate Cisco AP 1200 against FreeRadius through
> LDAP.The following is the error I am getting after stage 2 "rlm_eap_leap:
> No User-Password or NT-Password configured for this user". The LDAP
> authentication is getting done. and the EAP is also getting started. But,
> the credentials of the LDAP is not getting used for EAP.
>
> Please suggest the reason for this error. Log is given below.
>
> Joseph
>
>
===============================================================================
> rad_recv: Access-Request packet from host 192.168.1.7:21645, id=245,
> length=125
> User-Name = "FAnthony"
> Framed-MTU = 1400
> Called-Station-Id = "000e.d7b1.008b"
> Calling-Station-Id = "000f.2478.85cf"
> Message-Authenticator = 0x2f568765c076a1cc35ec515b50580740
> EAP-Message = 0x0202000d0146416e74686f6e79
> NAS-Port-Type = Wireless-802.11
> NAS-Port = 485
> Service-Type = Framed-User
> NAS-IP-Address = 192.168.1.7
[...]
> rlm_ldap: Password header not found in password
(91CA0741343JHUG6C9A32A21F)
> for user FAnthony
The above is the error you are looking for. Check the password_header ldap
configuration directive.
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens,
Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
