Hello,
I have a problem with eap-pearp-mschapv2 modules, not sending MPPE keys
after successfull authentication using ntlm-auth (for testing - fixed
NT_KEY).
Below there log and configs.
Freeradius snapshot 20041213, client - Windows XP SP2.
I would appreciate any help.
Thank you
Jakub Jermak
----------------------------------------
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/freeradius/proxy.conf
Config: including file: /etc/freeradius/clients.conf
Config: including file: /etc/freeradius/snmp.conf
Config: including file: /etc/freeradius/eap.conf
Config: including file: /etc/freeradius/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/freeradius/radacct"
main: hostname_lookups = no
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/var/log/freeradius/radius.log"
main: log_destination = "files"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/freeradius/freeradius.pid"
main: user = "freerad"
main: group = "freerad"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: debug_level = 0
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
proxy: proxy_fail_type = "(null)"
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = yes
mschap: passwd = "(null)"
mschap: authtype = "EAP"
mschap: ntlm_auth = "/usr/bin/ntlm_auth "
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/etc/freeradius/certs/cert-srv.pem"
tls: certificate_file = "/etc/freeradius/certs/cert-srv.pem"
tls: CA_file = "/etc/freeradius/certs/demoCA/cacert.pem"
tls: private_key_password = "weglocrap"
tls: dh_file = "/etc/freeradius/certs/dh"
tls: random_file = "/dev/urandom"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/freeradius/huntgroups"
preprocess: hints = "/etc/freeradius/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (ntdomain)
Module: Loaded files
files: usersfile = "/etc/freeradius/users"
files: acctusersfile = "/etc/freeradius/acct_users"
files: preproxy_usersfile = "/etc/freeradius/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%
Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/var/log/freeradius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
detail: detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-de
tail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (reply_log)
Initializing the thread pool...
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.39:2575, id=32, length=52
User-Name = "000bcd7437d6"
User-Password = "000bcd7437d6"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '\' in User-Name = "000bcd7437d6", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "ntdomain" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry 000bcd7437d6 at line 125
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
modcall[authenticate]: module "eap" returns fail for request 0
modcall: group authenticate returns fail for request 0
auth: Failed to validate the user.
Login incorrect: [000bcd7437d6/000bcd7437d6] (from client wifi port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2576, id=33, length=140
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
EAP-Message = 0x020100100144494f52415c61646d696e
Message-Authenticator = 0x3d9bbe59e7b89448dfb43545f110621f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 33 to 192.168.1.39:2576
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7541af80c1b404c2e4a29559b2f1a684
Finished request 1
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2577, id=34, length=254
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
State = 0x7541af80c1b404c2e4a29559b2f1a684
EAP-Message = 0x0202007019800000006616030100610100005d030141c49d48367e8d
9d9445f6c0c52e554ba3bf61d7c1b98361d712c00ec5f6101c20f93c029d79618069fe7e02c94a22
13dac20f7e4ccc7abee0de820946e1511435001600040005000a0009006400620003000600130012
00630100
Message-Authenticator = 0x71010341f60b523192033ace091c4d39
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0288], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 34 to 192.168.1.39:2577
EAP-Message = 0x010302eb1900160301004a02000046030141c49d48b067476061e4e5
d4b18f98bd8073236f8c02c3905493cdced819c3ba207db575cbbfcf94c5772b9406a9896c18089b
629dbabbeee7866e76ffc39f094900040016030102880b00028400028100027e3082027a308201e3
a003020102020900cf496406ea378c43300d06092a864886f70d01010405003077310b3009060355
04061302504c3110300e0603550408130753696c657369613111300f060355040713084b61746f77
69636531153013060355040a130c5765676c6f6b6f6b7320534131153013060355040b130c576567
6c6f6b6f6b73205341311530130603550403130c5765676c6f
EAP-Message = 0x6b6f6b73205341301e170d3034313231343032323531385a170d3035
313231343032323531385a306e310b300906035504061302504c3110300e0603550408130753696c
657369613111300f060355040713084b61746f7769636531123010060355040a13095765676c6f6b
6f6b7331123010060355040b13095765676c6f6b6f6b7331123010060355040313095765676c6f6b
6f6b7330819f300d06092a864886f70d010101050003818d0030818902818100a96c6868bdfbced5
1daed9727b57b90562757053c012131b97dc6706b19d01866d49cbd7c1476e17a2950d15ef1f1324
9690f3b1dc871baf3bc27ecb9465f0a5e5e3cc066ae304b61c
EAP-Message = 0x6127e129f857943042133bb73171541e82fdbad3036e136768c6c0c1
a3770ebdfcf1d28a2535e17cba770b58e87addfe2cc80ff10106670203010001a317301530130603
551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181003cd4d0a1
339f9bad726c2bdf1f25621a1e4dfd2a71009261b9ae96b0422108a3932dc6ebb20be1fc4a255a7b
8ecf9abaeda49ef7a5726b80eb7c3b02ba7cec25aa48c0ece6c77d87b1836368c4852f55ace960e7
b420da1dc57237f371c6c36a4986728d9f39df18e8801aa106b7d0cf2e7dc88477cf85b0cc17f88e
cca910ef16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x83f50efce2fc94220986df910e1b7eb7
Finished request 2
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2578, id=35, length=334
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
State = 0x83f50efce2fc94220986df910e1b7eb7
EAP-Message = 0x020300c01980000000b6160301008610000082008040ee53e13d10c4
0a75f6a7934c5de427039e5dea9e457533958d8838b53dfb2cf563b664e48fe04af2d782c465a86c
395d910f49ab5cac25a35b1b108f3e8124883c7c036e63dfabfc31deaf86d5a4d48d788ac5859b76
8f4f45c74c4af1dcfd6145eab74c71a38c11b62392d25f60261e2da6e78837bc35fcf62d3a732f14
11140301000101160301002003f1bef493adfb5c3e97723080a11033bc88527437f084e0b9d34e0a
cde0222a
Message-Authenticator = 0x4fb0f4a1b7fcbdbd51e4c15ee3a10f07
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 3
rlm_eap: EAP packet type response id 3 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 35 to 192.168.1.39:2578
EAP-Message = 0x01040031190014030100010116030100208d7f6d722d35edc687beac
89b846bd0e36da7d9c668a88df8e1d2aa9195416f4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf85b1367e6ca6d023948883ac9a9acac
Finished request 3
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2579, id=36, length=148
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
State = 0xf85b1367e6ca6d023948883ac9a9acac
EAP-Message = 0x020400061900
Message-Authenticator = 0x2457bf6092cd9851b56b32d6331c0022
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 4
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 36 to 192.168.1.39:2579
EAP-Message = 0x01050020190017030100159bc1c0035d27a3c43344a568058203c10a
12849adc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51a66ef30be6ab44351a0daa39292120
Finished request 4
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2580, id=37, length=181
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
State = 0x51a66ef30be6ab44351a0daa39292120
EAP-Message = 0x020500271900170301001c00f9cb05e163db6d8c67bb40dc934ecab8
e60aa3a2e6347ace2a70de
Message-Authenticator = 0x50941fad3eb9c339afef832dae5b5b02
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 39
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - DIORA\admin
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020500100144494f52415c61646d696e
PEAP: Got tunneled identity of DIORA\admin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to DIORA\admin
PEAP: Sending tunneled request
EAP-Message = 0x020500100144494f52415c61646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DIORA\\admin"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 5
rlm_eap: EAP packet type response id 5 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled reply RADIUS code 11
EAP-Message = 0x010600251a010600201024b9cc214fc392c3c981da4f10ddaae04449
4f52415c61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa64af4a83178d7ab5f2fa6a519840f62
PEAP: Processing from tunneled session code 0x8177e38 11
EAP-Message = 0x010600251a010600201024b9cc214fc392c3c981da4f10ddaae04449
4f52415c61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa64af4a83178d7ab5f2fa6a519840f62
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 37 to 192.168.1.39:2580
EAP-Message = 0x0106003c19001703010031c7f7479f6170650d9f88b53010df970c14
4bc0d892cd0820dcd19b3c08a15f6cf8b5f00b00ee26340662612bc5d92ca680
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x915a8ff8e315434978c89a6ea92f8f18
Finished request 5
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.1.39:2581, id=38, length=229
NAS-IP-Address = 192.168.1.39
NAS-Port-Type = Wireless-802.11
NAS-Port = 2
Framed-MTU = 1400
User-Name = "DIORA\\admin"
Calling-Station-Id = "000bcd7437d6"
Called-Station-Id = "000e6ad14d1f"
NAS-Identifier = "3Com Access Point"
State = 0x915a8ff8e315434978c89a6ea92f8f18
EAP-Message = 0x020600571900170301004c818b1bb3f032eeabe7ec2871af40897c3e
8a5bc9d9ca441af30f1d92f64b6c258607a7cfa31a6217a3148c0c73410518185a9cc66e0c40c636
a7d9b65c65f45fef856bcad98fe3eab3347b23
Message-Authenticator = 0x065ccc893b6320ff7a2115d952cdbdf6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 87
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled EAP-Message
EAP-Message = 0x020600401a0206003b31526c32f3c4299cd82e670c13ca24e1d40000
00000000000082a7d807fd573ece41202727da0406ce52aa867217202e720061646d696e
PEAP: Setting User-Name to DIORA\admin
PEAP: Adding old state with a6 4a
PEAP: Sending tunneled request
EAP-Message = 0x020600401a0206003b31526c32f3c4299cd82e670c13ca24e1d40000
00000000000082a7d807fd573ece41202727da0406ce52aa867217202e720061646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "DIORA\\admin"
State = 0xa64af4a83178d7ab5f2fa6a519840f62
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
rlm_realm: Looking up realm "DIORA" for User-Name = "DIORA\admin"
rlm_realm: No such realm "DIORA"
modcall[authorize]: module "ntdomain" returns noop for request 6
rlm_eap: EAP packet type response id 6 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DIORA\admin at line 120
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 6
rlm_mschap: Told to do MS-CHAPv2 for admin with NT-Password
Exec-Program output: NT_KEY: 0137B71A98047507417EAF50CFAC29C3
Exec-Program-Wait: plaintext: NT_KEY: 0137B71A98047507417EAF50CFAC29C3
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 6
modcall: group Auth-Type returns ok for request 6
MSCHAP Success
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
PEAP: Got tunneled reply RADIUS code 11
MS-CHAP2-Success = 0x06533d333732434134424230464642463944444341364537434
13544423843313433434642334643453139
EAP-Message = 0x010700331a0306002e533d3337324341344242304646424639444443
4136453743413544423843313433434642334643453139
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf82ecaa579f0f96793a4d41fbe78b6de
PEAP: Processing from tunneled session code 0x8198468 11
MS-CHAP2-Success = 0x06533d333732434134424230464642463944444341364537434
13544423843313433434642334643453139
EAP-Message = 0x010700331a0306002e533d3337324341344242304646424639444443
4136453743413544423843313433434642334643453139
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf82ecaa579f0f96793a4d41fbe78b6de
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 38 to 192.168.1.39:2581
EAP-Message = 0x0107004a1900170301003f55216730f8c4f5393161613600c5bed982
6edde34ec24d62f27373112eb090b7ed3819eb4648920a7c66496dfe7fa12940a217620c26c63993
fbe3ceb99eee
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9c61b944e64b7b1d0449f40ad7808656
Finished request 6
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 32 to 192.168.1.39:2575
Waking up in 4 seconds...
rad_recv: Accounting-Request packet from host 192.168.1.39:2573, id=241, length=
184
Acct-Status-Type = Start
Acct-Session-Id = "000bcd7437d6-000e6ad14d1f-6e57"
NAS-IP-Address = 0.0.0.0
Acct-Input-Octets = 1264
Acct-Output-Octets = 705
Acct-Input-Packets = 7
Acct-Output-Packets = 7
Vendor-Specific = 0x45415020557365726e616d652069733a206e6f7420617661696c
61626c65
Vendor-Specific = 0x564c414e2049442069733a2030
Vendor-Specific = 0x4553534944203d20737061776e
Vendor-Specific = 0x45415020547970652069733a206e6f7420617661696c61626c65
Acct-Session-Time = 3
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 7
radius_xlat: '/var/log/freeradius/radacct//detail-20041218'
rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expan
ds to /var/log/freeradius/radacct//detail-20041218
modcall[accounting]: module "detail" returns ok for request 7
modcall: group accounting returns ok for request 7
Sending Accounting-Response of id 241 to 192.168.1.39:2573
Finished request 7
Going to the next request
--- Walking the entire request list ---
Cleaning up request 7 ID 241 with timestamp 41c49d4b
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 32 with timestamp 41c49d48
Cleaning up request 1 ID 33 with timestamp 41c49d48
Cleaning up request 2 ID 34 with timestamp 41c49d48
Cleaning up request 3 ID 35 with timestamp 41c49d48
Cleaning up request 4 ID 36 with timestamp 41c49d48
Cleaning up request 5 ID 37 with timestamp 41c49d48
Cleaning up request 6 ID 38 with timestamp 41c49d48
Nothing to do. Sleeping until we see a request.
------------------------------------------------------
mschap {
authtype = EAP
use_mppe = yes
with_ntdomain_hack = yes
}
eap {
default_eap_type = peap
ignore_unknown_eap_types = no
tls {
private_key_password = weglocrap
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
--
I may be getting th_ntdomain_hack = yes
older, but I refuse to grow up!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
