[pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0108001f1a0108001a10c7d6fbe958d146ab792405e57d614d2c6d6172696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0108001f1a0108001a10c7d6fbe958d146ab792405e57d614d2c6d6172696f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 46 to 93.175.129.30 port 52446 EAP-Message = 0x0108003b19001703010030c644c5069947da1d0b65e9345c9f5d97f1c9d8425826085a5ea328def3834835f94fd58cc38cc96c8b32ad0c6af0bb17 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbd4bf931bb43e07726e24ebbe3a70713 Finished request 24. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 93.175.129.30 port 40335, id=47, length=250 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "mario" State = 0xbd4bf931bb43e07726e24ebbe3a70713 NAS-Port-Id = "wlan1" Calling-Station-Id = "00-24-23-05-18-62" Called-Station-Id = "00-0E-8E-12-5C-0B:PROV" EAP-Message = 0x0208006b190017030100601f901df53ab606b4241dc93bd9c8dc78503563b070c59551752ed754f1d3f1e2f5d75c23ee36ef74c37450136af9f17f917297da69b3dfe5e75b84c02141b409ed3c3a67f0ced9ae217318648a2e836a5aa47e05f226671f142ac33c9cd268fa Message-Authenticator = 0x2218a71be94f92ad7aac8a5477c3778c NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.1.141 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mario", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800401a0208003b31bffa8955e6709ec4fdf6d46331c8fa1d0000000000000000ed7a280e908424483bbc9c2c2454630d88756c09abc4c7bf006d6172696f server { PEAP: Setting User-Name to mario Sending tunneled request EAP-Message = 0x020800401a0208003b31bffa8955e6709ec4fdf6d46331c8fa1d0000000000000000ed7a280e908424483bbc9c2c2454630d88756c09abc4c7bf006d6172696f FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mario" State = 0x9e96f9a79e9ee37993bcc70e3aa60b8b server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns updated [suffix] No '@' in User-Name = "mario", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for mario with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 47 to 93.175.129.30 port 40335 EAP-Message = 0x0109002b19001703010020c31f20717df3dcaca42b6dc386f094200e0847944b4f87f37901e4ecc76b45e5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbd4bf931ba42e07726e24ebbe3a70713 Finished request 25. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 93.175.129.30 port 34473, id=48, length=186 Service-Type = Framed-User Framed-MTU = 1400 User-Name = "mario" State = 0xbd4bf931ba42e07726e24ebbe3a70713 NAS-Port-Id = "wlan1" Calling-Station-Id = "00-24-23-05-18-62" Called-Station-Id = "00-0E-8E-12-5C-0B:PROV" EAP-Message = 0x0209002b190017030100206a58c78b2bc64359b7abccfc8811c5f762ad6a538bdc50e41414c76c5e1253be Message-Authenticator = 0x7a4f0112fc90130c87304c87def0ef94 NAS-Identifier = "MikroTik" NAS-IP-Address = 192.168.1.141 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "mario", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> mario attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 26 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 93.175.129.30 port 34473, id=48, length=186 Waiting to send Access-Reject to client PROV -EST port 34473 - ID: 48 Waking up in 0.6 seconds.
2010/5/19 Maciej Drobniuch <mac...@drobniuch.pl>: > My NAS-es are located in the clients file and they are working fine > with pppoe auth. > > 2010/5/19 dorra aa <dj_dido2...@hotmail.com>: >> hi, >> in sql.conf did you modify that line :readclients = no to >> >> readclients = yes ? >> >>> Date: Wed, 19 ! May 2010 13:52:59 +0200 >>> Subject: freeradius 2.x EAP-MSCHAPv2 + MySQL >>> From: mac...@drobniuch.pl >>> To: freeradius-users@lists.freeradius.org >>> >>> Hi ALL!! >>> I'm trying to get authenticated with mikrotik wireless AP. All works >>> but only when I add the user into the users file. >>> The thing is that i want to get the users from mysql. >>> In this moment the authentication requests are coming from PPPoE >>> concentrator, and the users are in MySQL database - it works fine. >>> The freeradius server while authenticating is not searching in the sql >>> database. Why that? >>> Please help and sorry for my lame eng. >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >> >> ________________________________ >> Hotmail: Trusted email with powerful SPAM protection. Sign up now. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > > > -- > Pozdrawiam! > Maciej Drobniuch > -- Pozdrawiam! Maciej Drobniuch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html