Hi I have problem with EAP CAN YOU help me WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x90d4d2dd94c2cb92 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests. rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=97, length=144 User-Name = "12" NAS-IP-Address = 172.16.15.1 NAS-Identifier = "aminahoora.home.ir" Framed-MTU = 1496 Called-Station-Id = "40-4a-03-ad-0b-b0" Calling-Station-Id = "00-22-41-7d-9f-91" NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021600061900 State = 0x90d4d2dd94c2cb924b3cdc7780b3dc35 Message-Authenticator = 0xfa9a966f33ce0c76a0d15f303480f4ea # Executing section authorize from file /usr/local/etc/raddb/radiusd.conf +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [sql] expand: %{User-Name} -> 12 [sql] sql_set_user escaped user --> '12' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok [eap] EAP packet type response id 22 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 97 to 172.16.15.1 port 1027 EAP-Message = 0x0117002b19001703010020674bd0fe9ec9f56973ac49079d2029c578bad4ad1dac11d67968154832aa91fb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35 Finished request 21. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=98, length=181 User-Name = "12" NAS-IP-Address = 172.16.15.1 NAS-Identifier = "aminahoora.home.ir" Framed-MTU = 1496 Called-Station-Id = "40-4a-03-ad-0b-b0" Calling-Station-Id = "00-22-41-7d-9f-91" NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0217002b19001703010020f8c94f58aabcbdadb5aa695270bfa559530931a394827ef3894bfc31d1f7f4a5 State = 0x90d4d2dd95c3cb924b3cdc7780b3dc35 Message-Authenticator = 0x54cf580c0926a0e3575707db7ec6e193 # Executing section authorize from file /usr/local/etc/raddb/radiusd.conf +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [sql] expand: %{User-Name} -> 12 [sql] sql_set_user escaped user --> '12' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok [eap] EAP packet type response id 23 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - 12 [peap] Got inner identity '12' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02170007013132 server { PEAP: Setting User-Name to 12 Sending tunneled request EAP-Message = 0x02170007013132 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "12" server inner-tunnel { No such virtual server "inner-tunnel" } # server inner-tunnel [peap] Got tunneled reply code 3 [peap] Got tunneled reply RADIUS code 3 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 98 to 172.16.15.1 port 1027 EAP-Message = 0x0118002b190017030100201edf1da3f3138e40f27c63d735a7bff7351f5abfac971a15b3d4c2369596858c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x90d4d2dd96cccb924b3cdc7780b3dc35 Finished request 22. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.16.15.1 port 1027, id=99, length=181 User-Name = "12" NAS-IP-Address = 172.16.15.1 NAS-Identifier = "aminahoora.home.ir" Framed-MTU = 1496 Called-Station-Id = "40-4a-03-ad-0b-b0" Calling-Station-Id = "00-22-41-7d-9f-91" NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0218002b190017030100203bfebde9a8e41dc51e361c135f24a7d001553e501d1989e8273c42570d62bff4 State = 0x90d4d2dd96cccb924b3cdc7780b3dc35 Message-Authenticator = 0xcad2dc0f9ca9a3aab35ea19c0b9b6356 # Executing section authorize from file /usr/local/etc/raddb/radiusd.conf +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [sql] expand: %{User-Name} -> 12 [sql] sql_set_user escaped user --> '12' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '12' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '12' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '12' ORDER BY priority rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok [eap] EAP packet type response id 24 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Sending Access-Reject of id 99 to 172.16.15.1 port 1027 EAP-Message = 0x04180004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 23. Going to the next request Waking up in 4.8 seconds. Cleaning up request 21 ID 97 with timestamp +108 Cleaning up request 22 ID 98 with timestamp +108 Cleaning up request 23 ID 99 with timestamp +108 Ready to process requests.
THANK YOU WITH BEST REGARDS AMIN AHOORA
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html