Hey, I tring to set up freeradius with mysql using EAP PEAP on FreeBSD. I have the message "Had sent TLV failure" I noticed there is already a subject concerning my problem but it didn't help. I always have Any help will be welcome
here is a part of my output.
Starting - reading configuration files ... reread_config: reading radiusd.conf
Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.253:10575, id=62, length=116 User-Name = "passi" NAS-IP-Address = 192.168.0.253 Called-Station-Id = "00a0f8b32860" Calling-Station-Id = "0003c965497a" NAS-Identifier = "ANT01" NAS-Port = 29 Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02ad000a017061737369 Message-Authenticator = 0xa0ddc8da9b650e3417c67fa143d745e3
. . . rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1
0x02b500501900170301002037e42a82e851abed664f8d538b1470ec054582dd9165ccc5a11efa99467edb5d1703010020ae9e7598b85b49a26307d49b171c4ac2cc7d065872a3337c11cb4d19733d33a9
Message-Authenticator = 0x1e1506be92e65107c9d2c45dca2e8e1f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/radacct/192.168.0.253/auth-detail-20050414'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radacct/192.168.0.253/auth-detail-20050414
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "passi", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 181 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 151
modcall[authorize]: module "files" returns ok for request 7
radius_xlat: 'passi'
rlm_sql (sql): sql_set_user escaped user --> 'passi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'passi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'passi' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - passi
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of passi
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to passi
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20050414'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radacct/127.0.0.1/auth-detail-20050414
modcall[authorize]: module "auth_log" returns ok for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: No '@' in User-Name = "passi", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 181 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 151
modcall[authorize]: module "files" returns ok for request 7
radius_xlat: 'passi'
rlm_sql (sql): sql_set_user escaped user --> 'passi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'passi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'passi' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 69 to 192.168.0.253:10582
Password := "passi"
EAP-Message =
0x01b6006019001703010020532a2b7d5921755349a3492e0135882b0f87605dbe923ac066845dcd40077e26170301003070e2506b0d0169ce62da21624721fab19139961ea2a2cc3704b2cac65249e33ff48e2efcc27504b7ab03b68e204c926a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc57cee1f1e639421a5b1bc398e8c9657
Finished request 7
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 192.168.0.253:10583, id=70,
length=268
User-Name = "passi"
NAS-IP-Address = 192.168.0.253
Called-Station-Id = "00a0f8b32860"
Calling-Station-Id = "0003c965497a"
NAS-Identifier = "ANT01"
NAS-Port = 29
Framed-MTU = 1300
State = 0xc57cee1f1e639421a5b1bc398e8c9657
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x02b6009019001703010020f43e823cb952b6bab171cad8176421b65054adb6974cb7ad30db3c982ff916f317030100601111810e7da15fedf3293f8878686023303ac6f7dc4fd06dbec096198e33f9bea5adf8dbfe9c1bf8f0ae07e1e074bd53e745c0e713b818470046feb948c5eb28ea93a3faecbaf84e043a3e113b34095e87c7a55a03b966a7b688a8b28840cd21
Message-Authenticator = 0x10577be9d7d89008dd64f2a047e5ac6b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat: '/var/log/radacct/192.168.0.253/auth-detail-20050414'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radacct/192.168.0.253/auth-detail-20050414
modcall[authorize]: module "auth_log" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "passi", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 182 length 144
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 151
modcall[authorize]: module "files" returns ok for request 8
radius_xlat: 'passi'
rlm_sql (sql): sql_set_user escaped user --> 'passi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'passi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 0
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'passi' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 0
modcall[authorize]: module "sql" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to passi
PEAP: Adding old state with de 78
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
radius_xlat: '/var/log/radacct/127.0.0.1/auth-detail-20050414'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radacct/127.0.0.1/auth-detail-20050414
modcall[authorize]: module "auth_log" returns ok for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: No '@' in User-Name = "passi", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 182 length 64
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 151
modcall[authorize]: module "files" returns ok for request 8
radius_xlat: 'passi'
rlm_sql (sql): sql_set_user escaped user --> 'passi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'passi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'passi' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'passi' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'passi' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 8 rlm_mschap: Told to do MS-CHAPv2 for passi with NT-Password rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 8 modcall: group Auth-Type returns reject for request 8 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 8 modcall: group authenticate returns reject for request 8 auth: Failed to validate the user. Login incorrect: [passi] (from client local port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8
. . . 000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 10 ID 72 with timestamp 425ea355 Cleaning up request 11 ID 73 with timestamp 425ea355 Cleaning up request 12 ID 74 with timestamp 425ea355 Cleaning up request 13 ID 75 with timestamp 425ea355 Cleaning up request 14 ID 76 with timestamp 425ea355 Cleaning up request 15 ID 77 with timestamp 425ea355 Cleaning up request 16 ID 78 with timestamp 425ea355 Cleaning up request 17 ID 79 with timestamp 425ea355 Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 80 to 192.168.0.253:10593 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 18 ID 80 with timestamp 425ea35a Nothing to do. Sleeping until we see a request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
