Re: peap user
BLANCA FERRERO RODRIGUEZ <[EMAIL PROTECTED]> wrote: > I think that message comes because the user sent by my AP to the > radius is not in my users file, and it matches a default user I > added with Auth-Type = reject... but it makes sense doesn't it? Yes. It's why the authentication is failing. It has nothing to do with PEAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap user
> > I'm configuring PEAP. I think the freeradius config is Ok. > ... > > modcall: group authorize returns updated for request 0 > > rad_check_password: Found Auth-Type Reject > > rad_check_password: Auth-Type = Reject, rejecting user > > Nope, it's not. > > Alan DeKok. > I think that message comes because the user sent by my AP to the radius is not in my users file, and it matches a default user I added with Auth-Type = reject... but it makes sense doesn't it? bfr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap user
BLANCA FERRERO RODRIGUEZ <[EMAIL PROTECTED]> wrote: > I'm configuring PEAP. I think the freeradius config is Ok. ... > modcall: group authorize returns updated for request 0 > rad_check_password: Found Auth-Type Reject > rad_check_password: Auth-Type = Reject, rejecting user Nope, it's not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap user
And the user sent isn't your computer name either? If not, I have no idea. I've never used Cisco's client software, I always use the supplicant built into windows. On May 24, 2004, at 11:04 AM, BLANCA FERRERO RODRIGUEZ wrote: I'm using Windows XP, the same as for eap/tls and it worked fine in that case. My card is a 350 cisco and follow the instructions in the cisco page to configure it as well as the AP. In teh network manager I enabled PEAP auth and unchecked the box you mentioned about using my windows login to auth. Anyway the user sent to the radius is not my login!!! any idea? bfr - Mensaje original - De: Bob McCormick <[EMAIL PROTECTED]> Fecha: Lunes, Mayo 24, 2004 6:42 pm Asunto: Re: peap user Sounds like a client side problem. What supplicant are you using? Are you using the one built into Win2k or WinXP? Both of those have checkboxes to automatically use your machine name or your windows login name. Make sure those aren't checked. On May 24, 2004, at 10:33 AM, BLANCA FERRERO RODRIGUEZ wrote: Hi, I'm configuring PEAP. I think the freeradius config is Ok. I'm using an Aironet AP 1100 configured to support 802.1X authentication and WEP and my wireless network is enabled to use PEAP auth. the fact is that when I try to authenticate my card against radius I'm not asked to enter a user and a passw and it directly uses an unknown user for me called PEAP-mi_card_MAC. Wasn't I suppossed to de asked to enter the user? I add the logs in case they can help. thanks a lot bfr rad_recv: Access-Request packet from host 172.26.0.3:1645, id=6, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0x642163f9e77208900dc76dd8c5b48981 EAP-Message = 0x0202001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 63 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 6 to 172.26.0.3:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 40b22f94 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0xbabd2bd7b3b9a2cf23018d052dcc7582 EAP-Message = 0x0201001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 64 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]:
Re: peap user
I'm using Windows XP, the same as for eap/tls and it worked fine in that case. My card is a 350 cisco and follow the instructions in the cisco page to configure it as well as the AP. In teh network manager I enabled PEAP auth and unchecked the box you mentioned about using my windows login to auth. Anyway the user sent to the radius is not my login!!! any idea? bfr - Mensaje original - De: Bob McCormick <[EMAIL PROTECTED]> Fecha: Lunes, Mayo 24, 2004 6:42 pm Asunto: Re: peap user > Sounds like a client side problem. What supplicant are you > using? > Are you using the one built into Win2k or WinXP? Both of those > have > checkboxes to automatically use your machine name or your windows > login > name. Make sure those aren't checked. > > > On May 24, 2004, at 10:33 AM, BLANCA FERRERO RODRIGUEZ wrote: > > > Hi, > > > > I'm configuring PEAP. I think the freeradius config is Ok. I'm > using > > an Aironet AP 1100 configured to support 802.1X authentication > and > > WEP and my wireless network is enabled to use PEAP auth. > > the fact is that when I try to authenticate my card against > radius I'm > > not asked to enter a user and a passw and it directly uses an > unknown > > user for me called PEAP-mi_card_MAC. Wasn't I suppossed to de > asked to > > enter the user? > > > > I add the logs in case they can help. > > thanks a lot > > > > bfr > > > > rad_recv: Access-Request packet from host 172.26.0.3:1645, id=6, > > length=161 > > User-Name = "PEAP-000CCE21141B" > > Framed-MTU = 1400 > > Called-Station-Id = "0040.96a0.19dc" > > Calling-Station-Id = "000c.ce21.141b" > > NAS-Port-Type = Wireless-802.11 > > Message-Authenticator = 0x642163f9e77208900dc76dd8c5b48981 > > EAP-Message = 0x0202001601504541502d303030434345323131343142 > > NAS-Port-Type = Virtual > > NAS-Port = 63 > > Service-Type = Login-User > > NAS-IP-Address = 172.26.0.3 > > NAS-Identifier = "ap_cisco " > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 0 > > modcall[authorize]: module "preprocess" returns ok for request 0 > > modcall[authorize]: module "chap" returns noop for request 0 > > modcall[authorize]: module "mschap" returns noop for request 0 > > rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", > looking up > > realm NULL > > rlm_realm: No such realm "NULL" > > modcall[authorize]: module "suffix" returns noop for request 0 > > rlm_eap: EAP packet type response id 2 length 22 > > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation > > modcall[authorize]: module "eap" returns updated for request 0 > > users: Matched DEFAULT at 177 > > modcall[authorize]: module "files" returns ok for request 0 > > modcall: group authorize returns updated for request 0 > > rad_check_password: Found Auth-Type Reject > > rad_check_password: Auth-Type = Reject, rejecting user > > auth: Failed to validate the user. > > Delaying request 0 for 1 seconds > > Finished request 0 > > Going to the next request > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Waking up in 1 seconds... > > --- Walking the entire request list --- > > Sending Access-Reject of id 6 to 172.26.0.3:1645 > > Waking up in 4 seconds... > > --- Walking the entire request list --- > > Cleaning up request 0 ID 6 with timestamp 40b22f94 > > Nothing to do. Sleeping until we see a request. > > rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, > > length=161 > > User-Name = "PEAP-000CCE21141B" > > Framed-MTU = 1400 > > Called-Station-Id = "0040.96a0.19dc" > > Calling-Station-Id = "000c.ce21.141b" > > NAS-Port-Type = Wireless-802.11 > > Message-Authenticator = 0xbabd2bd7b3b9a2cf23018d052dcc7582 > > EAP-Message = 0x0201001601504541502d303030434345323131343142 > > NAS-Port-Type = Virtual > > NAS-Port = 64 > > Service-Type = Login-User > > NAS-IP-Address = 172.26.0.3 > > NAS-Identifier = "ap_cisco " > > Processing the authorize section of radiusd.conf > > modcall: en
Re: peap user
Sounds like a client side problem. What supplicant are you using? Are you using the one built into Win2k or WinXP? Both of those have checkboxes to automatically use your machine name or your windows login name. Make sure those aren't checked. On May 24, 2004, at 10:33 AM, BLANCA FERRERO RODRIGUEZ wrote: Hi, I'm configuring PEAP. I think the freeradius config is Ok. I'm using an Aironet AP 1100 configured to support 802.1X authentication and WEP and my wireless network is enabled to use PEAP auth. the fact is that when I try to authenticate my card against radius I'm not asked to enter a user and a passw and it directly uses an unknown user for me called PEAP-mi_card_MAC. Wasn't I suppossed to de asked to enter the user? I add the logs in case they can help. thanks a lot bfr rad_recv: Access-Request packet from host 172.26.0.3:1645, id=6, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0x642163f9e77208900dc76dd8c5b48981 EAP-Message = 0x0202001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 63 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 6 to 172.26.0.3:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 40b22f94 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0xbabd2bd7b3b9a2cf23018d052dcc7582 EAP-Message = 0x0201001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 64 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 7 to 172.26.0.3:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 7 with timestamp 40b22f9f Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.26.0.3:1645, id=8, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.c
peap user
Hi, I'm configuring PEAP. I think the freeradius config is Ok. I'm using an Aironet AP 1100 configured to support 802.1X authentication and WEP and my wireless network is enabled to use PEAP auth. the fact is that when I try to authenticate my card against radius I'm not asked to enter a user and a passw and it directly uses an unknown user for me called PEAP-mi_card_MAC. Wasn't I suppossed to de asked to enter the user? I add the logs in case they can help. thanks a lot bfr rad_recv: Access-Request packet from host 172.26.0.3:1645, id=6, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0x642163f9e77208900dc76dd8c5b48981 EAP-Message = 0x0202001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 63 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 6 to 172.26.0.3:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 6 with timestamp 40b22f94 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.26.0.3:1645, id=7, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0xbabd2bd7b3b9a2cf23018d052dcc7582 EAP-Message = 0x0201001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 64 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 NAS-Identifier = "ap_cisco " Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "PEAP-000CCE21141B", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Delaying request 1 for 1 seconds Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 7 to 172.26.0.3:1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 7 with timestamp 40b22f9f Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.26.0.3:1645, id=8, length=161 User-Name = "PEAP-000CCE21141B" Framed-MTU = 1400 Called-Station-Id = "0040.96a0.19dc" Calling-Station-Id = "000c.ce21.141b" NAS-Port-Type = Wireless-802.11 Message-Authenticator = 0x017eb94e1149c58524647d0840f81dce EAP-Message = 0x0201001601504541502d303030434345323131343142 NAS-Port-Type = Virtual NAS-Port = 65 Service-Type = Login-User NAS-IP-Address = 172.26.0.3 N