The "and so on ..." bit is quite important to determine where and how did the conversation stop. Please post the whole debug.
Ivan Kalik Kalik Informatika ISP Dana 11/11/2007, "Bernd" <[EMAIL PROTECTED]> piše: >I think I have a problem, but I don't know what to do to fix it - RADIUS is >running, Certificates to do PEAP are created, copied, settings are done >(eap.cnf, radiusd.cnf) and the MySQL Database is filled with a test user. >When I run the Server it tells me it's ready to process requests. > >When I try to connect to my Network with a Laptop (certs installed) using >PEAP (MSCHAPv2), the Laptop finds the WLAN, I am asked to type in my >username and PW and - it does not work. > >RADIUS Debug tells me this: > >Ready to process requests. >rad_recv: Access-Request packet from host 192.168.1.6:1027, id=36, >length=256 > User-Name = "bnickaes" > NAS-IP-Address = 192.168.1.6 > NAS-Identifier = "BBi5" > Framed-MTU = 1496 > Called-Station-Id = "00-19-cb-1f-66-2d:BBi WLAN test" > Calling-Station-Id = "00-14-a5-3e-a8-ba" > NAS-Port-Type = Wireless-802.11 > EAP-Message = >0x0202007019800000006616030100610100005d03014736e9471b157a597019f0888c64f2ba >32b91e4e1399ed9a7e0d2583ec412d1f20af53175a1d6ac82c8f8fa4976c5f19f15efdc73564 >f9bf04752c425b17feb14b001600040005000a000900640062000300060013001200630100 > State = 0x1c573af9975491ac8be748bf8024ac41 > Message-Authenticator = 0xb14c0d8f757b07ce5cdeda12c2f6a070 > Processing the authorize section of radiusd.conf >modcall: entering group authorize for request 12 > modcall[authorize]: module "preprocess" returns ok for request 12 > modcall[authorize]: module "chap" returns noop for request 12 > modcall[authorize]: module "mschap" returns noop for request 12 > rlm_realm: No '@' in User-Name = "bnickaes", looking up realm NULL > rlm_realm: No such realm "NULL" > modcall[authorize]: module "suffix" returns noop for request 12 > rlm_eap: EAP packet type response id 2 length 112 > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > modcall[authorize]: module "eap" returns updated for request 12 >radius_xlat: 'bnickaes' >rlm_sql (sql): sql_set_user escaped user --> 'bnickaes' >radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM >radcheck WHERE Username = 'bnickaes' ORDER BY id' >rlm_sql (sql): Reserving sql socket id: 4 >rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >FROM radcheck WHERE Username = 'bnickaes' ORDER BY id >radius_xlat: 'SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche >ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE >usergroup.Username = 'bnickaes' AND usergroup.GroupName = >radgroupcheck.GroupName ORDER BY radgroupcheck.id' >rlm_sql_mysql: query: SELECT >radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche >ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE >usergroup.Username = 'bnickaes' AND usergroup.GroupName = >radgroupcheck.GroupName ORDER BY radgroupcheck.id >radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM >radreply WHERE Username = 'bnickaes' ORDER BY id' >rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op >FROM radreply WHERE Username = 'bnickaes' ORDER BY id >radius_xlat: 'SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep >ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE >usergroup.Username = 'bnickaes' AND usergroup.GroupName = >radgroupreply.GroupName ORDER BY radgroupreply.id' >rlm_sql_mysql: query: SELECT >radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep >ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE >usergroup.Username = 'bnickaes' AND usergroup.GroupName = >radgroupreply.GroupName ORDER BY radgroupreply.id >rlm_sql (sql): Released sql socket id: 4 > modcall[authorize]: module "sql" returns ok for request 12 >rlm_pap: Found existing Auth-Type, not changing it. > modcall[authorize]: module "pap" returns noop for request 12 >modcall: leaving group authorize (returns updated) for request 12 > rad_check_password: Found Auth-Type EAP >auth: type "EAP" > Processing the authenticate section of radiusd.conf >modcall: entering group authenticate for request 12 > rlm_eap: Request found, released from the list > rlm_eap: EAP/peap > rlm_eap: processing type peap > rlm_eap_peap: Authenticate > rlm_eap_tls: processing TLS >rlm_eap_tls: Length Included > eaptls_verify returned 11 > (other): before/accept initialization > TLS_accept: before/accept initialization > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello > TLS_accept: SSLv3 read client hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello > TLS_accept: SSLv3 write server hello A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 075b], Certificate > TLS_accept: SSLv3 write certificate A > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone > TLS_accept: SSLv3 write server done A > TLS_accept: SSLv3 flush data > TLS_accept: Need to read more data: SSLv3 read client certificate A >In SSL Handshake Phase >In SSL Accept mode > eaptls_process returned 13 > rlm_eap_peap: EAPTLS_HANDLED > modcall[authenticate]: module "eap" returns handled for request 12 >modcall: leaving group authenticate (returns handled) for request 12 >Sending Access-Challenge of id 36 to 192.168.1.6 port 1027 > EAP-Message = >0x0103040a19c0000007b8160301004a0200004603014736e98b65609455a21ef05c01b85131 >0ea51b4d64d3efc8da5d618a1ad35f34208c101f1f581270999dfb1eb285802ebbf9a2bcd4fb >94a3e82ecc4f9fc0a6e2cb000400160301075b0b0007570007540003a6308203a23082028aa0 >03020102020102300d06092a864886f70d0101040500308193310b3009060355040613024652 >310f300d060355040813065261646975733112301006035504071309536f6d65776865726531 >153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116 >1161646d696e406578616d706c652e636f6d3126302406035504 > EAP-Message = >0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d30 >37313130373134333834375a170d3038313130363134333834375a307c310b30090603550406 >13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c >6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966 >69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f >6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b39ce1ac >f0f1d9d6d70e21f6296a1641eb5902cf64fd1e4542652851f83b > EAP-Message = >0xa00fa1b7df9fca03131f92f41be7e5d162d71bf91f740fdfac8fcd0df46c31895d81405e6d >f28103ef244753bd42b1b1ca6ddc4415eba090ced2084944626c815ed764795f9f4667fc851e >a23224ffcfe374f6007e96e86bbb552ef308a1ba6f4db62648aef4d32f82fe4a25b837377f44 >1f0c212f3be30caa15d3fb587f1dd81b3d5fb83e76d9a8db16646c0fed788b08347a90be2fd2 >05e2bf6c20e893f8dfe0520c7e0d94747b579d37dec0eeb1201ed42d476f5224597d5cc66ca2 >9fdbfe5c62e99bccb861a11742bdd63081201964f744441fe7b024d1ec5d4bbb32d316506f02 >03010001a317301530130603551d25040c300a06082b06010505 > EAP-Message = >0x070301300d06092a864886f70d0101040500038201010065205f756eae963e5a0ddf7e982f >b453ede31c5c913da37cf87ddd9a7a7ae7e195caa5e6de89327098ec5e9763185909a63bc3e9 >c86085cbf31d84a2e14c9e8c93d841cb29eb080ff8dd7076d6929cb4c821994718b13bafe196 >83eea9a98e54eb8e0fcb8ebcc988ab5e3116785088f31d9968b49ef1b3c017b7720360dadafb >44dd9645c389bb7cd5b362884dc03d35302d267bcfaabe56cfb8f2a1bc46e7632cea223f72ca >3aa0329a76284ff85c109fee855ebc69d7e82cdceef73fcfbea095dd080d2e58eedace1e13cb >4f008d0a8f731d3eaa17d17462e67164cdab589e305e5bf2c2e3 > EAP-Message = 0x9390707123f3c195a6b9dd93b1605ae7e0c7d20c49b3 > Message-Authenticator = 0x00000000000000000000000000000000 > State = 0x4693336b54c59c785a6b877b8ff1fa6e >Finished request 12 >Going to the next request >Waking up in 3 seconds... > >And so on... > >Can someone help me please...I don't know whats wrong there. > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
