Dear All, I am using winxp as supplicant and configured every possible configuration files of freeRADIUS to support PEAP. But still the log file in server shows like following: and the client doesnot authenticated.
whatshould i do in Winxp supplicant....at the time of connection it shows to enter Username/Password/Logon Domain......what is that Logon Domain? What should i enter here?what configuration setting i should make in xpsupplicant? plz see the following log file and help me what should i do? / /************log file**************************8 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=214 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xd316349afcfe1dc084768fa39e502497 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201005019800000004616030100410100003d0301466ef55151e34499d4e0e15c72bb20474e547f6ca8156439c527ad5ac76c0a0700001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xf71f7a4777cdd86d08877ab3de3ec762 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05f6], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0102040a19c000000653160301004a020000460301466e470fa9c7109a172aed739dfa7cc7f5a64a8e4281076ebcc58c4a7676bee920a8c128e283cab0f2a26570674f1984771c0818971f23474e5db5a2bf5c77392100040016030105f60b0005f20005ef00028930820285308201eea003020102020102300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b74 EAP-Message = 0x6140636461632e696e301e170d3037303532393035303635315a170d3038303532383035303635315a307b310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450554e45310d300b060355040a130443444143310d300b060355040b13044e495347310f300d060355040313065052414a414b311f301d06092a864886f70d01090116105072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100c4682bbf78964108c4b94d5976695394751375febb82827ad98069865b6e8e8d5d151e4c22cb8b1b96d300972bc5b2905316b1b485d54c060eb3 EAP-Message = 0x19fe4f7248c37e493aa7a0459f6e8f6c50400f4e22e3bdd804ed998e9f9bfeab26e7d2c2ae2f99c7453670daf7cea13f891febc690c9be4ada506eba501d31fa49daf7fa8b130203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100159024193168e51423e2d73826a6e2bb07937a3de03bd4fe61eef65a0c00b6e0da6d08e51ae89f8bc12b312e29306466e53caae1f4ef4cb1cb0174c250621b520a265296de3c53df587a3a3c3f922b6949a95fbda7d149503d53361270cbb4043fcdb99a44011b1042efe168c70fd493123fb3a6f997671ef304f287cbc842ab000360308203 EAP-Message = 0x5c308202c5a0030201020209009271838f2a65231f300d06092a864886f70d0101050500307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e301e170d3037303532393035303530385a170d3039303532383035303530385a307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a13044344 EAP-Message = 0x4143310d300b060355040b13044e4953473111300f06 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x66261f68c0a988471b7dbd1406aa25a9 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=140 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0x66261f68c0a988471b7dbd1406aa25a9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0x715b22052c0a834c8ab26540be3c7ee1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 2 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0103025919000355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e30819f300d06092a864886f70d010101050003818d0030818902818100b4695f7f4ac6d738e8f1ba01d9ba31b7a55ec069aa18e5323fafd646b55a2c5fcf8777d20a34ebe6e6b3c7210f75cd3c0b9a1298565c6f4408fcb71fd95906402256723fe9c98d4d5ce6d6d47e2e705f2acf120d40ec9df1f05f376e9e61702409c1ab1df14225f2592720037abb529527f0140f266dda722bc85ee638e0927d0203010001a381e33081e0301d0603551d0e041604146e8a698195a518d1efe841869bc3b87746e660e430 EAP-Message = 0x81b00603551d230481a83081a580146e8a698195a518d1efe841869bc3b87746e660e4a18181a47f307d310b300906035504061302494e310d300b060355040813044d414841310d300b0603550407130450756e65310d300b060355040a130443444143310d300b060355040b13044e4953473111300f060355040313087072616a616b7461311f301d06092a864886f70d01090116107072616a616b746140636461632e696e8209009271838f2a65231f300c0603551d13040530030101ff300d06092a864886f70d010105050003818100876aaf9ca0aebb3f6331d22edc4d8a8fb3828e6db868fc65f40f2ab80dfba2a06bdedb167a348a1bdc59 EAP-Message = 0xb14cb59fb92bce6dac1822379ecb469faba3a4dd0efd449f7dd3ae13dd0cce3ed2a59f2c83f88a75585a94e269b51ce27008bc2dbd4e3493e7657b09f1f07eaed60ab55c9ef636d587e3aa7c530c0b3ef8c01b875a4316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xeeffea22eecd70571b93074167e1f9d9 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=326 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xeeffea22eecd70571b93074167e1f9d9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300c01980000000b6160301008610000082008057a095505e914a7b5abe8025749ed79d441c0253ffc67fca83b899e2f086449bb015e9389edc1e440c81e28aa97382183f45cc7ce253fb95218c43cafde60441baa54bb5fb50a7b44e9ae8ab6b4c83028e015e96fe32f4f66aa315cf6d61bb1f73767316d4a238ea9a5601ab94c31fc149d571858362ca64d87222891897bcbe1403010001011603010020e6f71473f403b2d477ad3db5019876b535c1f3d63622c01e65ce12f09f82f056 Message-Authenticator = 0x1adf37f766e60a62b2a64ea969e12a2e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 3 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0104003119001403010001011603010020ac7b7eae7df6a094a06aac986552e097a71e014578dcdac2d0aa555ac0e82762 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe09ac59efcfd79cdce50681ada73421e Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=140 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xe09ac59efcfd79cdce50681ada73421e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xc678535af140a79e91368303e815f863 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 4 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x0105002019001703010015ebc8d24acae130428ed6d6893d7ce9eabb27a803bb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcffd82ce7722fb003680179d65ba88e3 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=170 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xcffd82ce7722fb003680179d65ba88e3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0205002419001703010019c215488e5af95d08053d8add389cf76bec07c3b8a752467f63 Message-Authenticator = 0xf659306a361f36453617aadc3172c0c5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 36 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testuser rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testuser Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 5 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: No such EAP type mschapv2 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 5 modcall: leaving group authenticate (returns invalid) for request 5 auth: Failed to validate the user. PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x010600261900170301001b070ae9621b3a0172525b8ec994d48f8ba1eaa1993e5bad037fbc82 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xced664250055f6ce7932cae33490350b Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.6.14:2049, id=0, length=172 User-Name = "testuser" NAS-IP-Address = 192.168.6.14 Called-Station-Id = "0012172a3da3" Calling-Station-Id = "00131008616c" NAS-Identifier = "0012172a3da3" NAS-Port = 5 Framed-MTU = 1400 State = 0xced664250055f6ce7932cae33490350b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600261900170301001bbdd92f192251db8ca1d0badadf2540be9d4e58ac52a5b914f2a17d Message-Authenticator = 0xb04c98dd979b625880b0b41a63bd758d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 6 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry testuser at line 215 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 6 modcall: leaving group authenticate (returns invalid) for request 6 auth: Failed to validate the user. Delaying request 6 for 1 seconds Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.6.14 port 2049 EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 Cleaning up request 6 ID 0 with timestamp 466e4711 Nothing to do. Sleeping until we see a request. /*************end of log file*******/ with thanks... apangshu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html