ERROR in the EAP/PEAP test of eapol_test
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
,I just delete the # before 'eap' in radiusd.conf and default files.
the test eapol_test -c peap.txt -s testing123
my peap.txt is
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity=sqluser
password=123
ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem
phase2=auth=MSCHAPV2
anonymous_identity=anonymous
}
The result is(too long I cut it,all the messages which contain
'fail'and'warning' are here)
rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=0,
length=126
User-Name = anonymous
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = 02-00-00-00-00-01
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x020e01616e6f6e796d6f7573
Message-Authenticator = 0x028746a6804037ea96543cd3853748ca
# Executing section authorize from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = anonymous, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 0 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} - anonymous
[sql] sql_set_user escaped user -- 'anonymous'
rlm_sql (sql): Reserving sql socket id: 3
……
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 127.0.0.1 port 40004
EAP-Message = 0x010200061920
Message-Authenticator = 0x
State = 0x2e0cc3a22f0eda51cc2cadc82e7658db
Finished request 2.
Going to the next request
……
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: sqluser
[mschap] Told to do MS-CHAPv2 for sqluser with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = \010E=691 R=1
EAP-Message = 0x04080004
Message-Authenticator = 0x
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = \010E=691 R=1
EAP-Message = 0x04080004
Message-Authenticator = 0x
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 8 to 127.0.0.1 port 40004
EAP-Message =
0x0109003b190017030100302ab43a32e6ec7ff42289efbdfda591f3a3562799d9559589146b128457125284645e7d72ef66bb121d8dbb003bdab8ab
Message-Authenticator = 0x
State = 0x2e0cc3a22605da51cc2cadc82e7658db
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=9,
length=226
User-Name = anonymous
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = 02-00-00-00-00-01
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message =
0x0209006019001703010020b314a72f4acdfaf2dd08dcf94fd6c7082929e8fd0472499fb3f0ba7b79cae39517030100300bbd73ce8691181df7af8f7caabe39c7c75fa967f055a40ba68caf2780dbcf60a2f6b8be08e9d789e433758deacb3e88
State = 0x2e0cc3a22605da51cc2cadc82e7658db
Message-Authenticator = 0x6b7fca3ade7064bc39fb78dc05a9d319
# Executing section authorize from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = anonymous, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP
EAP: method process - ignore=FALSE methodState=MAY_CONT decision=FAIL
Hi ! I meet a ERROR in the test of PEAP
eapol_test -c peap.txt -s testing123
my peap.txt is
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity=sqluser
password=123
ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem
phase2=auth=MSCHAPV2
anonymous_identity=anonymous
}
the result:
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server:
EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=8): 00 00 00 00 1a 00 00 00
TLS: using phase1 config options
TLS: Trusted root certificate(s) loaded
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0x)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 95 bytes pending from ssl_out
SSL: 95 bytes left to be sent out (of total 95 bytes)
EAP: method process - ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
……
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=0
EAPOL: EAP key not available
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
I am a *freshman ,I do not know how to fix it. *
*THANK YOU!*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, how to cooperate with a wireless AP( system is linux, openwrt)
Hi,I want to build a wireless network with radius server . server computer is ubuntu , wireless router is a linux system-openwrt.So i need to install something in the router,So what is it? Can somebody know something about it? please do me a favor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Something about the commonName of client certificate
Hi! I want to build eap/tls so i need to produce a client certificate. in the certs catalog there are ca.pem and server.pem,but not client.pem.so I should use command make client.pem. in the README file there are some words:Be sure that the commonName field here is the User-Name that will be used for logins! Does it mean ommonName must the same with the login name in the eapol_test ? thank you for your help ,best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ERROR in the EAP/PEAP test of eapol_test
Hi ! I meet a ERROR in the test of EAP/PEAP
radtest sqluser 123 localhost 1812 testing123 is OK
,I just delete the # before 'eap' in radiusd.conf and default files.
the test eapol_test -c peap.txt -s testing123
my peap.txt is
network={
eap=PEAP
eapol_flags=0
key_mgmt=IEEE8021X
identity=sqluser
password=123
ca_cert=/usr/local/freeradius/etc/raddb/certs/ca.pem
phase2=auth=MSCHAPV2
anonymous_identity=anonymous
}
The result is(too long I cut it,all the messages which contain
'fail'and'warning' are here)
rad_recv: Access-Request packet from host 127.0.0.1 port 40004, id=0, length=126
User-Name = anonymous
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = 02-00-00-00-00-01
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x020e01616e6f6e796d6f7573
Message-Authenticator = 0x028746a6804037ea96543cd3853748ca
# Executing section authorize from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = anonymous, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 0 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[sql] expand: %{User-Name} - anonymous
[sql] sql_set_user escaped user -- 'anonymous'
rlm_sql (sql): Reserving sql socket id: 3
……
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 127.0.0.1 port 40004
EAP-Message = 0x010100160410d8844619dd6d7c77c5de455754592c0b
Message-Authenticator = 0x
State = 0x2e0cc3a22e0dc751cc2cadc82e7658db
Finished request 1
.……
rlm_sql (sql): Released sql socket id: 2
[sql] User anonymous not found
++[sql] returns notfound
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 127.0.0.1 port 40004
EAP-Message = 0x010200061920
Message-Authenticator = 0x
State = 0x2e0cc3a22f0eda51cc2cadc82e7658db
Finished request 2.
Going to the next request
……
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 127.0.0.1 port 40004
EAP-Message =
0x0103040019c00ab41603010031022d03014da1adfaa31490e821fdfa4885df0c8fc2d0ddd363a209a6143ab7d68062c39739010005ff01000100160301085e0b00085a0008570003a6308203a23082028
……
[eap] EAP packet type response id 5 length 208
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
