Hello, here request 46, i don`t know where is the problem. Is it possible the problem were on the access point?
Thank you Going to the next request Waking up in 0.4 seconds. rad_recv: Access-Request packet from host 192.168.202.252 port 46850, id=223, length=182 User-Name = "clemente.blanch" NAS-IP-Address = 192.168.202.252 NAS-Port = 2049 Called-Station-Id = "00-90-0B-23-2E-BF:Escuelas-Radius" Calling-Station-Id = "4C-ED-DE-2C-9C-B2" Framed-MTU = 1250 NAS-Port-Type = Wireless-802.11 Framed-Compression = None Connect-Info = "CONNECT 802.11g" EAP-Message = 0x020500061500 State = 0x4e024d7b4d0758f10683e8b8e5ce125e Message-Authenticator = 0x5adf1c83c912ef741d7687fe7de9b226 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] Received TLS ACK [ttls] ACK handshake fragment handler [ttls] eaptls_verify returned 1 [ttls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 223 to 192.168.202.252 port 46850 EAP-Message = 0x010602c9158000000aaba5cbca72cee849c5a0b651c56765579abd9a986a5fcb01c4a687c6f907c21d5dc3e15fbcbb39ba86df9e391818ae4d274726e71a30fe43ce96eb23dbd6dd8d651b21e3ceee6ce738c0facef28c11698b5ebd2c46ce4e5e045f3299319205bcba10c47aef515d36ead0b9e5c588327bd2b4f6bfbd93792feb770daddb8d218581b804ba8584031c5ffdd7cc7f45c615b2b00f8a98a4547bb83ba741979e45a767d21a53ff160301020d0c0002090080f988aa6110dbdcf8f712b596003c281ad1eb20d3de4b781d0d4a886f77cb532083cbaa12852faea6eb40b05ca55539d59e9666f0ad01e6021ff68a7fce928b09119f1336 EAP-Message = 0x46c6abbb9815f5bf03ad5a34549689eee38f0f8749b669788158ed02c99bddc031a069aa78ad6ef473f1cc2e5dc016c2f9538ae1e24f83badf9e788b0001020080b560679c6fc4418267e58e17becc0f688a586adc71902f17c206a8065c780e2fe36e220da345feb93855c4f2a6d600c73745ea7e69075b8285945a001cf174f8da462a39a504428e9077e72c8d65b43c45f7d8ba6c8ce4b5938ba58be88496cc0d6e078e17fb53e039ae538da3b6a89ef4e9f0cc0a8837d83d35961911de34fb0100d3bfd22703553e937e1e38d0f3fe1e67b78be4d1324561938bb05242ba3733a267cef6fd3b3db42fc29f030e17419eadb95b9411fda589cfcbc4 EAP-Message = 0x3b33f495f8363f05f8ed10fc5d826838c45f846c5e7145dfb8753840c2489a6f12a2b71e00d94849a9743304595ac5a586384f0b0342e7fea8e83f2bf738c5e2ce76c213e7fd879f0c85e551e45f48381f22e48b935436a4600e7024caf024dde1b89e9c5c83f6420a755b01a6a9ac0df1b458f8e89da242d6abaf734eaa6d5fc7d62597f45fa88eef3cd20c402f162d5cf36068f7c3660669dc871a39f675661ce01232becc1af56f1076b6fcb4bbd9fddc60e284e1359b9102eb41bb63d67d313ca6a6fa6016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4e024d7b4a0458f10683e8b8e5ce125e Finished request 46. Going to the next request Waking up in 0.4 seconds. rad_recv: Access-Request packet from host 192.168.202.252 port 46850, id=224, length=380 User-Name = "clemente.blanch" NAS-IP-Address = 192.168.202.252 NAS-Port = 2049 Called-Station-Id = "00-90-0B-23-2E-BF:Escuelas-Radius" Calling-Station-Id = "4C-ED-DE-2C-9C-B2" Framed-MTU = 1250 NAS-Port-Type = Wireless-802.11 Framed-Compression = None Connect-Info = "CONNECT 802.11g" EAP-Message = 0x020600cc15001603010086100000820080ef5a474eba5c6b6611cebaf4ba980236d5b7e38ddc6ac3cad1dfeeef9fca0149e7d04c559eae7a8ffd5774074661824a8daa5dc80e7139926ca32017223a67eb374bdacac5f215b47a1c410712e795751ecf35ebef68bc203079928490d2c4f7880d39e7a50be95b0784f405b031376584d8f6ce571b7d5ee7d6b66af90584611403010001011603010030109250d45ec686c1201d06799ab9a2545a16714723963f3f1978ea17ac0f6ebf000bf4961cb1e86765a1a347b2ab2147 State = 0x4e024d7b4a0458f10683e8b8e5ce125e Message-Authenticator = 0x8c6e9a915c23118f9b3fa95af7c596f9 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 192 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/ttls [eap] processing type ttls [ttls] Authenticate [ttls] processing EAP-TLS [ttls] eaptls_verify returned 7 [ttls] Done initial handshake [ttls] eaptls_process returned 7 [ttls] Session established. Proceeding to decode tunneled attributes. [ttls] Got tunneled request User-Name = "clemente.blanch" MS-CHAP-Challenge = 0xb3c40922186ffd0242e48ab5e4236d74 MS-CHAP2-Response = 0xf5006784de2648c7ba1f7605053cd7d6bc6d0000000000000000d4e98791848669280eeffe69a579e683618ca0dcf0e4e87e FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = "clemente.blanch" MS-CHAP-Challenge = 0xb3c40922186ffd0242e48ab5e4236d74 MS-CHAP2-Response = 0xf5006784de2648c7ba1f7605053cd7d6bc6d0000000000000000d4e98791848669280eeffe69a579e683618ca0dcf0e4e87e FreeRADIUS-Proxied-To = 127.0.0.1 server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap' ++[mschap] returns ok [suffix] No '@' in User-Name = "clemente.blanch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = MSCHAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: clemente.blanch [mschap] Told to do MS-CHAPv2 for clemente.blanch with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject Failed to authenticate the user. } # server inner-tunnel [ttls] Got tunneled reply code 3 MS-CHAP-Error = "\365E=691 R=1" [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> clemente.blanch attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 48 for 1 seconds Going to the next request Waking up in 0.4 seconds. 2013/6/3 Alan DeKok <al...@deployingradius.com> > Roberto Ortega Ramiro wrote: > > Hi, the changes i have done in FreeRadius configuration: > > > > I have read than client and user files are not necesary, the others > > files are: > > Which aren't necessary. We ask for the debug output because we need > it. We *don't* ask for other files. We don't need them. > > ... > > Sending Access-Challenge of id 180 to 192.168.202.252 port 46850 > > EAP-Message = > > > 0x0105040015c000000aab0102020900efd0613949b1baab300d06092a864886f70d0101050500308191310b3009060355040613024553310f300d060355040813065261646975733111300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303533303038313533385a170d3133303732393038313533385a308191310b3009060355040613024553310f300d060355040813065261646975733111 > > EAP-Message = > > > 0x300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100b4038637d9aaab4bc725afe37405268509a155c83ff93ce77ea1009cc5fd8870c1a9da1d80bfdc7425f6a7487822c3cd67b2ce25def5ea1eb92cb9426151aa1af3545aa0ee144e4e8fecfcad2375da868eb97b0c891b53a7b93fb75599171dded6a8103df106aeb3b8d2ba > > EAP-Message = > > > 0x2378c42fb79dfe3ea604f8685af42d3061b26a28f6a3d5ddd5cc5791a11841f93fc94f722cecd6e149fc22df5578b708f1ca2fdfa542ff88ffc9d9ada134dcc995537e8ac728352a769db3183d5a2f4201840a3c374674e50433e6a2354c3b9128777cd6d87607972077d2f018672438515b4ee44238e07f53cc2b1864b245bdaded300c59081e93096d6fa48ef6a53ffc85f59cdb0203010001a381f93081f6301d0603551d0e041604142abebda37fff69e3d2e86331827670f67d284ced3081c60603551d230481be3081bb80142abebda37fff69e3d2e86331827670f67d284ceda18197a48194308191310b3009060355040613024553310f300d > > EAP-Message = > > > 0x060355040813065261646975733111300f0603550407130845736375656c617331133011060355040a130a45736375656c6173534a3121301f06092a864886f70d01090116127469634065736375656c6173736a2e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900efd0613949b1baab300c0603551d13040530030101ff300d06092a864886f70d010105050003820101001f2f907fe03918e01039a2ada650daf223dcacd123e17b1a605c91c390c944b9a71096ba93917d5c7e61274394af291b4933b4e12071c826a5daf0654a67f48108f9bc7f2751a59ae54ce9d788a8b719 > > EAP-Message = 0x83f82d312c7744ab946edc5e > > Message-Authenticator = 0x00000000000000000000000000000000 > > State = 0x4300b9324005ac785bc66cf0b8940050 > > Finished request 3. > > Fix the client PC. It is receiving the EAP message, and doing nothing > more with it. > > If you wait for a few more seconds, the server will print out a > WARNING message. That message tells you what the problem is, and how to > fix it. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- -- Un saludo. ____________________ Roberto Ortega Profesor de Informática. http://www.proyectoret.es Escuelas San José Valencia Avd.Cortes Valencianas nº1 46015 Valencia R4600489A Tf:963499011 ext. 262 Fax:963488835 http://www.escuelassj.com No imprimas este correo si no es necesario. Protejamos el medio ambiente.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html