Hello, I have a problem with eap-pearp-mschapv2 modules, not sending MPPE keys after successfull authentication using ntlm-auth (for testing - fixed NT_KEY).
Below there log and configs. Freeradius snapshot 20041213, client - Windows XP SP2. I would appreciate any help. Thank you Jakub Jermak ---------------------------------------- Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/freeradius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/freeradius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/var/log/freeradius/radius.log" main: log_destination = "files" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/freeradius/freeradius.pid" main: user = "freerad" main: group = "freerad" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: debug_level = 0 main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no proxy: proxy_fail_type = "(null)" security: max_attributes = 200 security: reject_delay = 1 security: status_server = no read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: authtype = "EAP" mschap: ntlm_auth = "/usr/bin/ntlm_auth " Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/freeradius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem" tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem" tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem" tls: private_key_password = "weglocrap" tls: dh_file = "/etc/freeradius/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "prefix" realm: delimiter = "\" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (ntdomain) Module: Loaded files files: usersfile = "/etc/freeradius/users" files: acctusersfile = "/etc/freeradius/acct_users" files: preproxy_usersfile = "/etc/freeradius/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-% Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/freeradius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-de tail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (reply_log) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.39:2575, id=32, length=52 User-Name = "000bcd7437d6" User-Password = "000bcd7437d6" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '\' in User-Name = "000bcd7437d6", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "ntdomain" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry 000bcd7437d6 at line 125 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP-Message not found rlm_eap: Malformed EAP Message modcall[authenticate]: module "eap" returns fail for request 0 modcall: group authenticate returns fail for request 0 auth: Failed to validate the user. Login incorrect: [000bcd7437d6/000bcd7437d6] (from client wifi port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2576, id=33, length=140 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" EAP-Message = 0x020100100144494f52415c61646d696e Message-Authenticator = 0x3d9bbe59e7b89448dfb43545f110621f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 33 to 192.168.1.39:2576 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7541af80c1b404c2e4a29559b2f1a684 Finished request 1 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2577, id=34, length=254 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" State = 0x7541af80c1b404c2e4a29559b2f1a684 EAP-Message = 0x0202007019800000006616030100610100005d030141c49d48367e8d 9d9445f6c0c52e554ba3bf61d7c1b98361d712c00ec5f6101c20f93c029d79618069fe7e02c94a22 13dac20f7e4ccc7abee0de820946e1511435001600040005000a0009006400620003000600130012 00630100 Message-Authenticator = 0x71010341f60b523192033ace091c4d39 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0288], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 34 to 192.168.1.39:2577 EAP-Message = 0x010302eb1900160301004a02000046030141c49d48b067476061e4e5 d4b18f98bd8073236f8c02c3905493cdced819c3ba207db575cbbfcf94c5772b9406a9896c18089b 629dbabbeee7866e76ffc39f094900040016030102880b00028400028100027e3082027a308201e3 a003020102020900cf496406ea378c43300d06092a864886f70d01010405003077310b3009060355 04061302504c3110300e0603550408130753696c657369613111300f060355040713084b61746f77 69636531153013060355040a130c5765676c6f6b6f6b7320534131153013060355040b130c576567 6c6f6b6f6b73205341311530130603550403130c5765676c6f EAP-Message = 0x6b6f6b73205341301e170d3034313231343032323531385a170d3035 313231343032323531385a306e310b300906035504061302504c3110300e0603550408130753696c 657369613111300f060355040713084b61746f7769636531123010060355040a13095765676c6f6b 6f6b7331123010060355040b13095765676c6f6b6f6b7331123010060355040313095765676c6f6b 6f6b7330819f300d06092a864886f70d010101050003818d0030818902818100a96c6868bdfbced5 1daed9727b57b90562757053c012131b97dc6706b19d01866d49cbd7c1476e17a2950d15ef1f1324 9690f3b1dc871baf3bc27ecb9465f0a5e5e3cc066ae304b61c EAP-Message = 0x6127e129f857943042133bb73171541e82fdbad3036e136768c6c0c1 a3770ebdfcf1d28a2535e17cba770b58e87addfe2cc80ff10106670203010001a317301530130603 551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181003cd4d0a1 339f9bad726c2bdf1f25621a1e4dfd2a71009261b9ae96b0422108a3932dc6ebb20be1fc4a255a7b 8ecf9abaeda49ef7a5726b80eb7c3b02ba7cec25aa48c0ece6c77d87b1836368c4852f55ace960e7 b420da1dc57237f371c6c36a4986728d9f39df18e8801aa106b7d0cf2e7dc88477cf85b0cc17f88e cca910ef16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x83f50efce2fc94220986df910e1b7eb7 Finished request 2 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2578, id=35, length=334 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" State = 0x83f50efce2fc94220986df910e1b7eb7 EAP-Message = 0x020300c01980000000b6160301008610000082008040ee53e13d10c4 0a75f6a7934c5de427039e5dea9e457533958d8838b53dfb2cf563b664e48fe04af2d782c465a86c 395d910f49ab5cac25a35b1b108f3e8124883c7c036e63dfabfc31deaf86d5a4d48d788ac5859b76 8f4f45c74c4af1dcfd6145eab74c71a38c11b62392d25f60261e2da6e78837bc35fcf62d3a732f14 11140301000101160301002003f1bef493adfb5c3e97723080a11033bc88527437f084e0b9d34e0a cde0222a Message-Authenticator = 0x4fb0f4a1b7fcbdbd51e4c15ee3a10f07 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 35 to 192.168.1.39:2578 EAP-Message = 0x01040031190014030100010116030100208d7f6d722d35edc687beac 89b846bd0e36da7d9c668a88df8e1d2aa9195416f4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf85b1367e6ca6d023948883ac9a9acac Finished request 3 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2579, id=36, length=148 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" State = 0xf85b1367e6ca6d023948883ac9a9acac EAP-Message = 0x020400061900 Message-Authenticator = 0x2457bf6092cd9851b56b32d6331c0022 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 36 to 192.168.1.39:2579 EAP-Message = 0x01050020190017030100159bc1c0035d27a3c43344a568058203c10a 12849adc Message-Authenticator = 0x00000000000000000000000000000000 State = 0x51a66ef30be6ab44351a0daa39292120 Finished request 4 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2580, id=37, length=181 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" State = 0x51a66ef30be6ab44351a0daa39292120 EAP-Message = 0x020500271900170301001c00f9cb05e163db6d8c67bb40dc934ecab8 e60aa3a2e6347ace2a70de Message-Authenticator = 0x50941fad3eb9c339afef832dae5b5b02 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 39 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - DIORA\admin rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020500100144494f52415c61646d696e PEAP: Got tunneled identity of DIORA\admin PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to DIORA\admin PEAP: Sending tunneled request EAP-Message = 0x020500100144494f52415c61646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "DIORA\\admin" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 16 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010600251a010600201024b9cc214fc392c3c981da4f10ddaae04449 4f52415c61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa64af4a83178d7ab5f2fa6a519840f62 PEAP: Processing from tunneled session code 0x8177e38 11 EAP-Message = 0x010600251a010600201024b9cc214fc392c3c981da4f10ddaae04449 4f52415c61646d696e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa64af4a83178d7ab5f2fa6a519840f62 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 37 to 192.168.1.39:2580 EAP-Message = 0x0106003c19001703010031c7f7479f6170650d9f88b53010df970c14 4bc0d892cd0820dcd19b3c08a15f6cf8b5f00b00ee26340662612bc5d92ca680 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x915a8ff8e315434978c89a6ea92f8f18 Finished request 5 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.1.39:2581, id=38, length=229 NAS-IP-Address = 192.168.1.39 NAS-Port-Type = Wireless-802.11 NAS-Port = 2 Framed-MTU = 1400 User-Name = "DIORA\\admin" Calling-Station-Id = "000bcd7437d6" Called-Station-Id = "000e6ad14d1f" NAS-Identifier = "3Com Access Point" State = 0x915a8ff8e315434978c89a6ea92f8f18 EAP-Message = 0x020600571900170301004c818b1bb3f032eeabe7ec2871af40897c3e 8a5bc9d9ca441af30f1d92f64b6c258607a7cfa31a6217a3148c0c73410518185a9cc66e0c40c636 a7d9b65c65f45fef856bcad98fe3eab3347b23 Message-Authenticator = 0x065ccc893b6320ff7a2115d952cdbdf6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 87 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020600401a0206003b31526c32f3c4299cd82e670c13ca24e1d40000 00000000000082a7d807fd573ece41202727da0406ce52aa867217202e720061646d696e PEAP: Setting User-Name to DIORA\admin PEAP: Adding old state with a6 4a PEAP: Sending tunneled request EAP-Message = 0x020600401a0206003b31526c32f3c4299cd82e670c13ca24e1d40000 00000000000082a7d807fd573ece41202727da0406ce52aa867217202e720061646d696e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "DIORA\\admin" State = 0xa64af4a83178d7ab5f2fa6a519840f62 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin" rlm_realm: No such realm "DIORA" modcall[authorize]: module "ntdomain" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 64 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DIORA\admin at line 120 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: Told to do MS-CHAPv2 for admin with NT-Password Exec-Program output: NT_KEY: 0137B71A98047507417EAF50CFAC29C3 Exec-Program-Wait: plaintext: NT_KEY: 0137B71A98047507417EAF50CFAC29C3 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 6 modcall: group Auth-Type returns ok for request 6 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 PEAP: Got tunneled reply RADIUS code 11 MS-CHAP2-Success = 0x06533d333732434134424230464642463944444341364537434 13544423843313433434642334643453139 EAP-Message = 0x010700331a0306002e533d3337324341344242304646424639444443 4136453743413544423843313433434642334643453139 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf82ecaa579f0f96793a4d41fbe78b6de PEAP: Processing from tunneled session code 0x8198468 11 MS-CHAP2-Success = 0x06533d333732434134424230464642463944444341364537434 13544423843313433434642334643453139 EAP-Message = 0x010700331a0306002e533d3337324341344242304646424639444443 4136453743413544423843313433434642334643453139 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf82ecaa579f0f96793a4d41fbe78b6de PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 38 to 192.168.1.39:2581 EAP-Message = 0x0107004a1900170301003f55216730f8c4f5393161613600c5bed982 6edde34ec24d62f27373112eb090b7ed3819eb4648920a7c66496dfe7fa12940a217620c26c63993 fbe3ceb99eee Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9c61b944e64b7b1d0449f40ad7808656 Finished request 6 Going to the next request Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 32 to 192.168.1.39:2575 Waking up in 4 seconds... rad_recv: Accounting-Request packet from host 192.168.1.39:2573, id=241, length= 184 Acct-Status-Type = Start Acct-Session-Id = "000bcd7437d6-000e6ad14d1f-6e57" NAS-IP-Address = 0.0.0.0 Acct-Input-Octets = 1264 Acct-Output-Octets = 705 Acct-Input-Packets = 7 Acct-Output-Packets = 7 Vendor-Specific = 0x45415020557365726e616d652069733a206e6f7420617661696c 61626c65 Vendor-Specific = 0x564c414e2049442069733a2030 Vendor-Specific = 0x4553534944203d20737061776e Vendor-Specific = 0x45415020547970652069733a206e6f7420617661696c61626c65 Acct-Session-Time = 3 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 7 radius_xlat: '/var/log/freeradius/radacct//detail-20041218' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expan ds to /var/log/freeradius/radacct//detail-20041218 modcall[accounting]: module "detail" returns ok for request 7 modcall: group accounting returns ok for request 7 Sending Accounting-Response of id 241 to 192.168.1.39:2573 Finished request 7 Going to the next request --- Walking the entire request list --- Cleaning up request 7 ID 241 with timestamp 41c49d4b Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 32 with timestamp 41c49d48 Cleaning up request 1 ID 33 with timestamp 41c49d48 Cleaning up request 2 ID 34 with timestamp 41c49d48 Cleaning up request 3 ID 35 with timestamp 41c49d48 Cleaning up request 4 ID 36 with timestamp 41c49d48 Cleaning up request 5 ID 37 with timestamp 41c49d48 Cleaning up request 6 ID 38 with timestamp 41c49d48 Nothing to do. Sleeping until we see a request. ------------------------------------------------------ mschap { authtype = EAP use_mppe = yes with_ntdomain_hack = yes } eap { default_eap_type = peap ignore_unknown_eap_types = no tls { private_key_password = weglocrap private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = /dev/urandom fragment_size = 1024 include_length = yes } peap { default_eap_type = mschapv2 } mschapv2 { } } -- I may be getting th_ntdomain_hack = yes older, but I refuse to grow up! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html