Hi There I have configured the Freeradius on Fedora core 3 as per the documentation
[EMAIL PROTECTED] raddb]# ntlm_auth --request-nt-key --domain=INDIA --username=checkad password: NT_STATUS_OK: Success (0x0) [EMAIL PROTECTED] raddb]# When I start the the Radius Server using Radius -X command Starts fine. When I give the logon credentials through the wireless laptop the user doesn't get validated. Please help me out. If you need the any config files for your reference, please let me know.Atached is the log file of output generated. Also guide me, as I have already given allow permissions to users with Dialin Permissions in AD domain. Thanks & Regards Varun Marwah CONFIDENTIALITY NOTICE This e-mail transmission and any documents, files, or previous e-mail messages appended or attached to it, may contain information that is confidential or legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, printing, distribution, or use of the information contained or attached to this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify the sender by telephone (+91-172-2299137) or return e-mail message ([EMAIL PROTECTED]) and delete the original transmission, its attachments, and any copies without reading or saving in any manner. Thank you. -----Original Message----- From: charles schwartz [mailto:[EMAIL PROTECTED] Sent: Monday, November 28, 2005 10:51 PM To: freeradius-users@lists.freeradius.org Cc: Varun Marwah Subject: Re: AD authentication Hi, If the wbinfo command does not work, ntlm_auth won't work too. > error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) > > error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO This error indicates that something went wrong with the domain access. Try to troubleshoot by using wbinfo -g or wbinfo -u. With these commands you should be able to list the users and groups of your domain. There may be a problem with NTLM on your Windows2003 server. Note thath NTLM was the authentication protocol used by earlier version of Windows. It is still supported for backward compatibility, but can be disabled. By default, Win2k and 2003 use Kerberos for authentication. You might have a security policy thats restricts the use of NTLM on your network. Check your GPO if NTLM is allowed to be transmitted across the network. Regards, Charles Schwartz > Hi, > > > > I used the document freeRadius_AD_tutorial.pdf for configuring a linux > box to get authenticated through users in Windows 2003 AD. > > > > I used the command net join -U Administrator to add the machine to the > domain. It gave successful results. Now on typing the command > > > > wbinfo -a checkad%Quark_123 > > > > I got the following results:- > > > > plaintext password authentication failed > > error code was NT_STATUS_NO_SUCH_USER (0xc0000064) > > error messsage was: No such user > > Could not authenticate user checkad%Quark_123 with plaintext password > > challenge/response password authentication failed > > error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc00000da) > > error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > > Could not authenticate user checkad with challenge/response > > > > Also, on giving the command > > > > # ntlm_auth --request-nt-key --domain=india.quark.com --username= > checkad > > password: > > NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > (0xc00000da) > > [EMAIL PROTECTED] etc]# > > I get the above stated error. Please help. > > Thanks & Regards > > Varun Marwah > > CONFIDENTIALITY NOTICE > > This e-mail transmission and any documents, files, or previous e-mail > messages appended or attached to it, may contain information that is > confidential or legally privileged. If you are not the intended > recipient, or a person responsible for delivering it to the intended > recipient, you are hereby notified that any disclosure, copying, > printing, distribution, or use of the information contained or attached > to this transmission is STRICTLY PROHIBITED. If you have received this > transmission in error, please immediately notify the sender by telephone > (+91-172-2299137) or return e-mail message ([EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> ) and delete the original transmission, its > attachments, and any copies without reading or saving in any manner. > Thank you. > > > -- This message has been scanned for viruses and dangerous content by Quark Anti Virus, and is believed to be clean.
Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=139 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0200001201494e4449415c766d6172776168 Message-Authenticator = 0x0f4a5ec136e65d7e0db18153fc0fb03d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9530f651b0706bb0f1026356910c9a2f Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=219 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x9530f651b0706bb0f1026356910c9a2f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201005019800000004616030100410100003d0301438c3c4092d317acd6a3bcede29736bd841903cebe8989bd0b6a14e3cb4ee12d00001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xa5f5573eaaff2689f61412f4a3a44b5a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 06ac], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x0102040a19c000000709160301004a020000460301438c3bfa14f8cb39f6cb67f1880cf4c929534d007b199ecfc41ee6f1277cbcd22074007fcf2107e6b2490355377b1a07bb9d3c65b26faf11622cd598c9b3df31f400040016030106ac0b0006a80006a50002d7308202d33082023ca003020102020102300d06092a864886f70d01010405003081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063 EAP-Message = 0x657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d301e170d3035313132393038343131345a170d3036313132393038343131345a3081a1310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d3119301706035504031310526f6f742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d30819f300d06092a86 EAP-Message = 0x4886f70d010101050003818d0030818902818100d1a1b4d3b8687f77e75fcf41f73904688098b590043b9819b1f5e31f76baa0d7ec540f5f826034ca4d8969292145306d09e2af699c1f5e9d43ac236e8a6cf06ee0cb8777c09f3cbfb389667bbcdc639539b953c765c21e98e37209349e80a7eb8bd61b3671ea41ec2e2707fce5914b2b073fb87a2d1059d7fbd9e9809a6a9d870203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100207bd3e9401737e68194c00ece227f7fcfdabcf8881cb4132eaa8d7ecb31c4ecdfe49b3fd3f8721aad540ba99642552d5c1c617a36b58533 EAP-Message = 0x1f7534d1624a33d86d9557d6b6a7e0ec830fb0d99124a937869ca883c33d65676a9785997ded8656cb01aaeea90bd4a1101006c1f7cd28d967660bc5b12d159e3200bd879d8cf4cb0003c8308203c43082032da003020102020100300d06092a864886f70d01010405003081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d01090116156974 EAP-Message = 0x2d6e6574776f726b7340717561726b2e636f6d301e17 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a11526b545c917adfdec91b4cb84e32 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=145 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x9a11526b545c917adfdec91b4cb84e32 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0xad26fe74011571e74de96b20051787fc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x0103030f19000d3035313132393038343131335a170d3037313132393038343131335a3081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a1305517561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100b7ef624e6bea2713b55934beacf96c4b1459bd6e02405d EAP-Message = 0xa2e3e216d1c3557467aabb1824784d4650b26901e457d29def9af9ffec6100e2ba7d1439b5c9584f9da9e0e91bd3ec5c5edccc3ff94160a8bdfa9666732efcb2cf694399493c36411d8a2c59089a3f4e8653e26202661a15dfdaaace84fac49be836d916854f043ae10203010001a382010430820100301d0603551d0e04160414a5a805bd6a8f8741b92888fa581ea9a8a94647443081d00603551d230481c83081c58014a5a805bd6a8f8741b92888fa581ea9a8a9464744a181a9a481a63081a3310b300906035504061302494e310f300d0603550408130650756e6a6162310f300d060355040713064d6f68616c69310e300c060355040a130551 EAP-Message = 0x7561726b311f301d060355040b13165261646975732e696e6469612e717561726b2e636f6d311b301906035504031312436c69656e742063657274696669636174653124302206092a864886f70d010901161569742d6e6574776f726b7340717561726b2e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100b6be9be2d5f93ea41ebba0ba0dc6f9d0f23475965bf74520fa447d0748827eafa34e4a059ab7c2213004e6121d38b253cd2d80638d9bb6fb908ff82769cf2cf59d4642b6c2314faaaaddb62694cfd47206d4b4d7067d1982fe48e82d1cf04f1c1f8039f1a76da118a2a908bcd6d2816370 EAP-Message = 0xab43aba0dd371f0cad483a04583f2d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9f37c893434a992fff5a38c53689080c Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=331 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x9f37c893434a992fff5a38c53689080c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300c01980000000b61603010086100000820080ad4e4d344170c2a6a87f0655cdb95a05064e04b2b20c9045d727b5552e32b12cd385b96b823cb8ac59925f4d1133b795584b650b552ea066fe03ab2f345de3f21c9ea75f48c401df618743d192ae101c9e3ce30c69a50fcc0df16f7446cadfbee01a4d45176c744661b43df46cc246796599c49cd0ffb3cd892a68013035e63f14030100010116030100202102acdc6bfbbe36f1449cf4929730e0f91444a694e41a81ebb3d1164fd8b8b2 Message-Authenticator = 0x5f2c4c1bad1dc47caa646910b454de5f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x010400311900140301000101160301002035cc6c2f1bdf982713f0022c4bcd304f855b68e3052d818373f419390efc74c3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2637ac0e5baf68c38a112e95d4dc0857 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=145 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x2637ac0e5baf68c38a112e95d4dc0857 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0x9873362eccdffe502d374ad713a534ba Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x010500201900170301001587a6aec1037697bc5a9427651699d2645a08a36d06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1aa742cffe70175a35d4f00720aff89d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=180 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x1aa742cffe70175a35d4f00720aff89d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500291900170301001ebbc69ffaf7e4b895705113337ee68fad333872f50eae3d791c000e454d15 Message-Authenticator = 0x2f23afd66d74bf5b6c5acbdd0b32778b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 41 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - INDIA\vmarwah rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0205001201494e4449415c766d6172776168 PEAP: Got tunneled identity of INDIA\vmarwah PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to INDIA\vmarwah PEAP: Sending tunneled request EAP-Message = 0x0205001201494e4449415c766d6172776168 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "INDIA\\vmarwah" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x010600271a0106002210561b5e09676c542f624aeb405117f4fa494e4449415c766d6172776168 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1276627d3f533bcae22b089821e765c7 PEAP: Processing from tunneled session code 0x99071c0 11 EAP-Message = 0x010600271a0106002210561b5e09676c542f624aeb405117f4fa494e4449415c766d6172776168 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1276627d3f533bcae22b089821e765c7 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x0106003e19001703010033c10c4e5c4a09bc7f8854750da0d3da26b03945f7f0ea1f2659f6c13edd4b5a3e24e3a25f8fbf95852883ed91e93e08cbd3c902 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x26c569543d59a8c1748c235784cb9e94 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=234 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x26c569543d59a8c1748c235784cb9e94 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206005f1900170301005496f8637812dd805c525d87178dbcc559d44ba6606feb8e4707962f8c87c8848ef34ee36ae4c64e0de7a34bf7fb60503b9f5456d26dc1a8dbcf085b4dbc30d53d68c6636e66d94a323f2de5fb2c3c87629c8ea597 Message-Authenticator = 0xbdc3136199fb58af44cddc6add550165 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 95 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020600481a0206004331e2ce5274aa62fa2934a3ebfaf792b53e00000000000000009bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f900494e4449415c766d6172776168 PEAP: Setting User-Name to INDIA\vmarwah PEAP: Adding old state with 12 76 PEAP: Sending tunneled request EAP-Message = 0x020600481a0206004331e2ce5274aa62fa2934a3ebfaf792b53e00000000000000009bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f900494e4449415c766d6172776168 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "INDIA\\vmarwah" State = 0x1276627d3f533bcae22b089821e765c7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 72 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for vmarwah with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 56 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=INDIA --username=vmarwah --challenge=f68f3d3d36389904 --nt-response=9bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f9' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=INDIA --username=vmarwah --challenge=f68f3d3d36389904 --nt-response=9bee19a28bea67549d2484ae5c2ee97c945a8e65968cf2f9 Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: group Auth-Type returns reject for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: group authenticate returns reject for request 6 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x99071c0 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 0 to 10.91.192.115:3072 EAP-Message = 0x010700261900170301001bc2da89a1dd8fc24c64f69a165e5bd54cda67ae996e667de67c58f1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3c3ad0ab4fc041a1ded2de89e4dc93f9 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.91.192.115:3072, id=0, length=177 User-Name = "INDIA\\vmarwah" NAS-IP-Address = 10.91.192.115 Called-Station-Id = "0012178026ed" Calling-Station-Id = "0012f0b442e3" NAS-Identifier = "0012178026ed" NAS-Port = 21 Framed-MTU = 1400 State = 0x3c3ad0ab4fc041a1ded2de89e4dc93f9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700261900170301001b48a10772f15d37341658700dc5047fbde6c31733ac5bf0fcafff4b Message-Authenticator = 0xed3d2cac26ce5dab5e51ee2f860b4ea0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "INDIA\vmarwah", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 7 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: group authenticate returns invalid for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 10.91.192.115:3072 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 7 ID 0 with timestamp 438c3bfa Nothing to do. Sleeping until we see a request.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html