Hi, I use successfully WinXP with peap-mschap-v2. But I'm unable to enter aditional items in the check list.
The users file for working peap-mschap-v2 looks this way: test Auth-Type := EAP, User-Password == "abc123" And I want it also to check for NAS-IP and NAS-Port. Doing local tests (non eap with radiusclient) this line works: test Auth-Type := Local, User-Password == "abc123", NAS-IP-Address == 10.41.10.252, NAS-Port == 20 With EAP: test Auth-Type := EAP, User-Password == "abc123", NAS-IP-Address == 10.41.10.252, NAS-Port == 20 it dosn't work. The output of radiusd -X is at the end of this mail. I would be very pleased if someone could help. Thanks, Sascha. # debug output eap/peap-mschap-v2 + users file + check items NAS-IP-Address == 10.41.10.252, NAS-Port == 20 rad_recv: Access-Request packet from host 10.41.10.252:3040, id=101, length=198 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x020100090174657374 Message-Authenticator = 0xb9b550b43e6e65d1babc24d76d27d2d1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 101 to 10.41.10.252 port 3040 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3f9c073b23e622ceeb3a2886221f9ea5 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=102, length=287 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x3f9c073b23e622ceeb3a2886221f9ea5 EAP-Message = 0x0202005019800000004616030100410100003d030144a8d111da4d413b10bb2411c172ee75 8d06ca151d978c0f541b2348004478cf00001600040005000a00090064006200030006001300 1200630100 Message-Authenticator = 0x2fde818824e742555ed7b02d2d733927 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 102 to 10.41.10.252 port 3040 EAP-Message = 0x0103040a19c0000006f1160301004a02000046030144a8d0d24aee3e74a3550f10e6ada640 f87b148ff808970232709f9a8dd7650120bc88d3ebf81d424ab881a051ee756c679534cac2e9 a80f35ecb05a6f8a37f1b900040016030106940b00069000068d0002cd308202c930820232a0 03020102020102300d06092a864886f70d010104050030819f310b3009060355040613024341 3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974 7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63 616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d 706c652e636f6d301e170d3034303132353133323631305a170d303530313234313332363130 5a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112 301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174 696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74 206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d 706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a78 2098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014 a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f8 1ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603 551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d 921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd70845370834 96fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f 295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003 020102020100300d06092a864886f70d010104050030819f310b300906035504061302434131 11300f0603550408130850726f76696e63653112301006035504071309536f6d652043697479 31153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f6361 6c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f 06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5558eafcc0c9270f0a601ce7ebf1b725 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=103, length=213 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x5558eafcc0c9270f0a601ce7ebf1b725 EAP-Message = 0x020300061900 Message-Authenticator = 0x9a0049ea0d3c63a3f373ec1b17be7f1e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 103 to 10.41.10.252 port 3040 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b3009060355040613024341 3111300f0603550408130850726f76696e63653112301006035504071309536f6d6520436974 7931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63 616c686f7374311b301906035504031312436c69656e74206365727469666963617465312130 1f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06 092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8f bff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249e dd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229 963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e 1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7 bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111 300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931 153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420636572 74696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c 652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d010104050003 81810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc27 43fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00 163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d437 3354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb2f0902c5695d24029c1eae67f8dc832 Finished request 2 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=104, length=399 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0xb2f0902c5695d24029c1eae67f8dc832 EAP-Message = 0x020400c01980000000b61603010086100000820080cdc24c42a026646a258768cba99c8fc4 663b97faad681ab4b16c9d1d3b2d9ae81c135f675421f42912ca2200a1d4f3df872397371893 daf6cb5d1507beb7b912d97bac7076e4e3478f09e551d07325007beba10800a4b45c6c0e03e9 7c89e2a691825b6f3c3525eb6372375ac810a64f5428e1f76862a25ff6b279a244a662bd1403 010001011603010020557f15b5d607d32153c083d37d3034377433cd9be47a7ee48bb08f112c 874082 Message-Authenticator = 0x3e3e1529d2ee38f6d8c665ae580efc89 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 104 to 10.41.10.252 port 3040 EAP-Message = 0x0105003119001403010001011603010020d0acff5a32a5a7090f28f276af642f1b085b4ce7 cec1fb78dc46b40dae44c357 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5a3f8611e2d4236ad72e3d7097e41e1f Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=105, length=213 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x5a3f8611e2d4236ad72e3d7097e41e1f EAP-Message = 0x020500061900 Message-Authenticator = 0x0d39014ab2d25712f51e1c1bc8a63100 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 105 to 10.41.10.252 port 3040 EAP-Message = 0x0106002019001703010015a5bcc1098646b65ad2b7ceb329bb09c8fd5bfe9e6c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8 Finished request 4 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=106, length=239 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x8cf2e7cbbcef8f47bd80fc103a21bac8 EAP-Message = 0x02060020190017030100154e9945083e526ec76d94fe3b0faf652e8ae95dd20d Message-Authenticator = 0x80e9ce6c56c810fe207d187abc8cf74b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 32 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - test rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020600090174657374 PEAP: Got tunneled identity of test PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to test PEAP: Sending tunneled request EAP-Message = 0x020600090174657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 156 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled reply RADIUS code 11 EAP-Message = 0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd2f3b0fbb938453b949b7575007ebd51 PEAP: Processing from tunneled session code 0x8155688 11 EAP-Message = 0x0107001e1a01070019109c00b15bdca042d334024f3b55e29a9474657374 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd2f3b0fbb938453b949b7575007ebd51 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 106 to 10.41.10.252 port 3040 EAP-Message = 0x010700351900170301002a86144ef69a225f4ed4aec94cff229b6e7f5e9438bd4208abd0ab 38146938c267556769c40433b3c0eb06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9d12c4f6b1c13cc5148874296c3822ff Finished request 5 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=107, length=293 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x9d12c4f6b1c13cc5148874296c3822ff EAP-Message = 0x020700561900170301004b0b304800bd1b9d9375cbc1e6fb87f6365c444c8792e9e9228d86 22cc6056f8d7a789ec2601020e063432f3e48f22c7ccf859ac3cb35f7c0888f405805dff811b 5d30a14fcc5f8bd671abb8 Message-Authenticator = 0x33f83a79238b43e64c642ec3ec17c1d9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 86 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e 6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374 PEAP: Setting User-Name to test PEAP: Adding old state with d2 f3 PEAP: Sending tunneled request EAP-Message = 0x0207003f1a0207003a31624fff34123dd2294c3baba96a6ca295000000000000000022245e 6c3028e0fcfaded7fb7722ee8378952d2ec8b54d770074657374 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test" State = 0xd2f3b0fbb938453b949b7575007ebd51 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 63 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 156 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. PEAP: Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Processing from tunneled session code 0x8155850 3 MS-CHAP-Error = "\007E=691 R=1" EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 107 to 10.41.10.252 port 3040 EAP-Message = 0x010800261900170301001b118d4b906d0d0a0761d142e67ded34e61fefe0730e383181b4a1 d3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5f8f97e0a6faf1d69c594e447416078f Finished request 6 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108, length=245 Framed-MTU = 9178 NAS-IP-Address = 10.41.10.252 NAS-Identifier = "HP-2848_01" User-Name = "test" Service-Type = Administrative-User Framed-Protocol = PPP NAS-Port = 20 NAS-Port-Type = Ethernet NAS-Port-Id = "20" Called-Station-Id = "00-11-0a-a6-18-2c" Calling-Station-Id = "00-20-ed-5d-d1-74" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x5f8f97e0a6faf1d69c594e447416078f EAP-Message = 0x020800261900170301001ba6cfdc0618a8761283bb4f17f20c5e6b5db5599af0e735cffcaa 3b Message-Authenticator = 0x00959c1f93d389cf96647d272fcead14 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "test", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry test at line 91 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 10.41.10.252:3040, id=108, length=245 Sending Access-Reject of id 108 to 10.41.10.252 port 3040 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html