Find the answer to your Linux question:
Results 1 to 3 of 3
i want to implement peap for my wifi connection. I have set up the access point(D-Link DWL 2100 AP) for using FreeRADIUS 2.1 For authentication.Whenever i send a request from ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2009
    Posts
    1

    freeradius - peap cannot authenticate windows xp clients


    i want to implement peap for my wifi connection. I have set up the access point(D-Link DWL 2100 AP) for using FreeRADIUS 2.1 For authentication.Whenever i send a request from the client to the server,the server fails to authenticate the client. What happens can be seen in the debug code attached below.The problem may be due to the fact that the server certificate used requires to be signed by special XP extensions but i am not sure about it.I am currently using the default certificates created when FreeRADIUS 2.1 is first installed.Can anyone please tell me why the error is occuring and what the remedy for this is??
    I am using Fedora 8 as server.

    Debug output for FreeRADIUS is as follows:

    [eap] Request found, released from the list
    [eap] EAP NAK
    [eap] EAP-NAK asked for EAP-Type/peap
    [eap] processing type tls
    [tls] Initiate
    [tls] Start returned 1
    ++[eap] returns handled
    Sending Access-Challenge of id 1 to 192.168.1.250 port 1034
    EAP-Message = 0x010200061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x9927156798250cebdde85f1a77c9228b
    Finished request 9.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=2, length=290
    Message-Authenticator = 0xf65b54a824859ff5858d51b34bb2ea0a
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x9927156798250cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0202005019800000004616030100410100003d030149b8c7 6c86fa22fb3b65c1a3da9d93f69b65a4f9489aaffaa42657f6 4516c2f600001600040005000a000900640062000300060013 001200630100
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 2 length 80
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    TLS Length 70
    [peap] Length Included
    [peap] eaptls_verify returned 11
    [peap] (other): before/accept initialization
    [peap] TLS_accept: before/accept initialization
    [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
    [peap] TLS_accept: SSLv3 read client hello A
    [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
    [peap] TLS_accept: SSLv3 write server hello A
    [peap] >>> TLS 1.0 Handshake [length 03b0], Certificate
    [peap] TLS_accept: SSLv3 write certificate A
    [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    [peap] TLS_accept: SSLv3 write server done A
    [peap] TLS_accept: SSLv3 flush data
    [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
    In SSL Handshake Phase
    In SSL Accept mode
    [peap] eaptls_process returned 13
    [peap] EAPTLS_HANDLED
    ++[eap] returns handled
    Sending Access-Challenge of id 2 to 192.168.1.250 port 1034
    EAP-Message = 0x010303f31900160301002a02000026030149b8c79ad72fa3 1c2fc8459b30bd15126d3e5d6c74b1cb5228c06435c81fa644 0000040016030103b00b0003ac0003a90003a6308203a23082 028aa003020102020102300d06092a864886f70d0101040500 308193310b3009060355040613024652310f300d0603550408 13065261646975733112301006035504071309536f6d657768 65726531153013060355040a130c4578616d706c6520496e63 2e3120301e06092a864886f70d010901161161646d696e4065 78616d706c652e636f6d312630240603550403131d4578616d 706c6520436572746966696361746520417574686f72697479 301e170d
    EAP-Message = 0x3039303232373139323130325a170d313030323237313932 3130325a307c310b3009060355040613024652310f300d0603 550408130652616469757331153013060355040a130c457861 6d706c6520496e632e312330210603550403131a4578616d70 6c65205365727665722043657274696669636174653120301e 06092a864886f70d010901161161646d696e406578616d706c 652e636f6d30820122300d06092a864886f70d010101050003 82010f003082010a0282010100ac916a34fdc11effd3bf47f5 e73c79237047fe7f11563c666003ddfc4d734778cf075ee599 8c76f03bf71fa77f53e08588af1dcb33f926a1404901e5d800 8e613952
    EAP-Message = 0x979ae3c175d60f86c9c0ae82c554378f11f0cf9302931b38 88dc716df066a15c655817bd3cc6617cb6feb8e2f41ad9531b 68cddece4f8ebe50581111d673463cd9a00198eb4d43adefaa 1322618e20d7fe3c5408d3a2329be135a664bf99f281b2b8c1 810be4fb1b0cee61b7f943e9eac630a69865faeba4a4206f4b b89c8b27ecbd8e9545615a030151559b539a8c533f5b9779d1 c4eb22279c0b5409eb2e242878bff8ac400c10f0fd81e15e24 6f85d940182be0a60a4a4399cc0bd0a70203010001a3173015 30130603551d25040c300a06082b06010505070301300d0609 2a864886f70d010104050003820101001b2311c96ac3ee97d6 ecfd99e8
    EAP-Message = 0x0adfa8b3b89b7481c139127c0a69572763e40b467f29150c 33c33ac9a582fe1c591bd4150d769c0e35195182835bc30144 1bbb8235a3cdcabf877b8652ce74782d0045114312dd6c214e 67adc2ebc59b7330e5fdba13a5e28be5cfdaa4d2e5eaa84e5c 500df001989d673ec3ee37cd4b2404722233d2f5ab442e691f f244653402d1b22260370262bee269a518e02bb0b47452aeb5 1465d047fc83f9075914ba86efbc202b60d5e9ce652ce28561 edb25ec4e49cae1a3762672a85ad2bc11efc117481b7de9661 3d83438a712c589b5f6aef84c695f516c87a6b1f17bfe69446 e4e9e7b03fe9f5553486e8dd1aa28d6b36a47216030100040e 000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x992715679b240cebdde85f1a77c9228b
    Finished request 10.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=3, length=532
    Message-Authenticator = 0xc54164092ed8dc2f09a7418d5560f076
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x992715679b240cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0203014019800000013616030101061000010201000c9697 49c74343d53a00c5cd79f5301ddf1fdc7283cd04a8f1083c17 e1944c5c7cbed10b12ee27e4b5d4eb1430e87e9f739302bc72 5d88acd7f03e5db8b5cd7d9d89cd283ade84801b26aa4e337d 4b31589f1bf73c906348443555a170e26ba0ec25df48d057c5 43282027d39982bfd922e3efc5fea974147b2a1439ef3be601 084102ab0c4974ef2dde486b00c9b5110a812bf2a4913ed711 ae9b749c45779344535984212c852b5bc1056d1389d51ae647 fe6341fcc24109f379da2762aa8def42675dc0472220927b6b 0b3f93082ab8ab06df5dfb76e4645dda6ddd2c588229ad183c a921501b
    EAP-Message = 0xa3bbac963e046ef6c7c96392af28b267d494957e189efda8 14030100010116030100201f15bf9882f5f81840a2f0b88eac f2b32487bec7a66273e6bae9f5899090f568
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 3 length 253
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    TLS Length 310
    [peap] Length Included
    [peap] eaptls_verify returned 11
    [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
    [peap] TLS_accept: SSLv3 read client key exchange A
    [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
    [peap] <<< TLS 1.0 Handshake [length 0010], Finished
    [peap] TLS_accept: SSLv3 read finished A
    [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
    [peap] TLS_accept: SSLv3 write change cipher spec A
    [peap] >>> TLS 1.0 Handshake [length 0010], Finished
    [peap] TLS_accept: SSLv3 write finished A
    [peap] TLS_accept: SSLv3 flush data
    [peap] (other): SSL negotiation finished successfully
    SSL Connection Established
    [peap] eaptls_process returned 13
    [peap] EAPTLS_HANDLED
    ++[eap] returns handled
    Sending Access-Challenge of id 3 to 192.168.1.250 port 1034
    EAP-Message = 0x01040031190014030100010116030100204c2d5ce111b4cf 1d8484d0a7b0bc663743b67f0dfcf3bc69dfa62631fd9d3e30
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x992715679a230cebdde85f1a77c9228b
    Finished request 11.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=4, length=216
    Message-Authenticator = 0xfb5cafdd0840b6ccedd584509afb6159
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x992715679a230cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x020400061900
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 4 length 6
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    [peap] Received TLS ACK
    [peap] ACK handshake is finished
    [peap] eaptls_verify returned 3
    [peap] eaptls_process returned 3
    [peap] EAPTLS_SUCCESS
    ++[eap] returns handled
    Sending Access-Challenge of id 4 to 192.168.1.250 port 1034
    EAP-Message = 0x0105002019001703010015b1bb8da1accb8c051e43c474f0 b25b6888371dafd2
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x992715679d220cebdde85f1a77c9228b
    Finished request 12.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=5, length=253
    Message-Authenticator = 0x559b57aca5bffa7b01a186f5ae288fc8
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x992715679d220cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0205002b19001703010020a690881c896db8f3366ba3ee32 944a59d4b9fea829756099f89ed10931342409
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 5 length 43
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    [peap] eaptls_verify returned 7
    [peap] Done initial handshake
    [peap] eaptls_process returned 7
    [peap] EAPTLS_OK
    [peap] Session established. Decoding tunneled attributes.
    [peap] Identity - ITDEPT.COM\scoe
    [peap] Got tunnled request
    EAP-Message = 0x02050014014954444550542e434f4d5c73636f65
    server (null) {
    PEAP: Got tunneled identity of ITDEPT.COM\scoe
    PEAP: Setting default EAP type for tunneled EAP session.
    PEAP: Setting User-Name to ITDEPT.COM\scoe
    Sending tunneled request
    EAP-Message = 0x02050014014954444550542e434f4d5c73636f65
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "ITDEPT.COM\\scoe"
    Service-Type = Framed-User
    Framed-MTU = 1488
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    server inner-tunnel {
    +- entering group authorize {...}
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[unix] returns notfound
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    ++[control] returns noop
    [eap] EAP packet type response id 5 length 20
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] EAP Identity
    [eap] processing type mschapv2
    rlm_eap_mschapv2: Issuing Challenge
    ++[eap] returns handled
    } # server inner-tunnel
    [peap] Got tunneled reply code 11
    EAP-Message = 0x010600291a01060024100063da3b7cc3f43eabec58facf4e 1a544954444550542e434f4d5c73636f65
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x5dac34625daa2ecf48629eb40108d58e
    [peap] Got tunneled reply RADIUS code 11
    EAP-Message = 0x010600291a01060024100063da3b7cc3f43eabec58facf4e 1a544954444550542e434f4d5c73636f65
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x5dac34625daa2ecf48629eb40108d58e
    [peap] Got tunneled Access-Challenge
    ++[eap] returns handled
    Sending Access-Challenge of id 5 to 192.168.1.250 port 1034
    EAP-Message = 0x01060040190017030100352c6462427fabed095dd20eb0a2 7126d825f307f85f0ecd4fd26ae52617d9731aa14fcadeb19f ac8fc0d0137ed2f8014bf4ef79384e
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x992715679c210cebdde85f1a77c9228b
    Finished request 13.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=6, length=307
    Message-Authenticator = 0xa39a6fe70736fcc5f6106730554498e1
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x992715679c210cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x0206006119001703010056ef7f7df93da28d67e1bb560078 a1f55a38558fc7fe965a4d12729fedfd5978ea7678f2942854 64c7a58049a65ac6bfed51f72f89937a6275d512063adefe77 cd4a4866c11af7b1d49e60f77003a2581559e005a77732
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 6 length 97
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    [peap] eaptls_verify returned 7
    [peap] Done initial handshake
    [peap] eaptls_process returned 7
    [peap] EAPTLS_OK
    [peap] Session established. Decoding tunneled attributes.
    [peap] EAP type mschapv2
    [peap] Got tunnled request
    EAP-Message = 0x0206004a1a02060045315c0291fe1459500e2ea66e03781a 141b0000000000000000a1f11ae4843edcb38707bda4af4252 c47ea544de54571725004954444550542e434f4d5c73636f65
    server (null) {
    PEAP: Setting User-Name to ITDEPT.COM\scoe
    Sending tunneled request
    EAP-Message = 0x0206004a1a02060045315c0291fe1459500e2ea66e03781a 141b0000000000000000a1f11ae4843edcb38707bda4af4252 c47ea544de54571725004954444550542e434f4d5c73636f65
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "ITDEPT.COM\\scoe"
    State = 0x5dac34625daa2ecf48629eb40108d58e
    Service-Type = Framed-User
    Framed-MTU = 1488
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    server inner-tunnel {
    +- entering group authorize {...}
    ++[chap] returns noop
    ++[mschap] returns noop
    ++[unix] returns notfound
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    ++[control] returns noop
    [eap] EAP packet type response id 6 length 74
    [eap] No EAP Start, assuming it's an on-going EAP conversation
    ++[eap] returns updated
    ++[files] returns noop
    ++[expiration] returns noop
    ++[logintime] returns noop
    ++[pap] returns noop
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/mschapv2
    [eap] processing type mschapv2
    [mschapv2] +- entering group MS-CHAP {...}
    [mschap] No Cleartext-Password configured. Cannot create LM-Password.
    [mschap] No Cleartext-Password configured. Cannot create NT-Password.
    [mschap] NT Domain delimeter found, should we have enabled with_ntdomain_hack?
    [mschap] Told to do MS-CHAPv2 for ITDEPT.COM\scoe with NT-Password
    [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
    [mschap] FAILED: MS-CHAP2-Response is incorrect
    ++[mschap] returns reject
    [eap] Freeing handler
    ++[eap] returns reject
    Failed to authenticate the user.
    } # server inner-tunnel
    [peap] Got tunneled reply code 3
    MS-CHAP-Error = "\006E=691 R=1"
    EAP-Message = 0x04060004
    Message-Authenticator = 0x00000000000000000000000000000000
    [peap] Got tunneled reply RADIUS code 3
    MS-CHAP-Error = "\006E=691 R=1"
    EAP-Message = 0x04060004
    Message-Authenticator = 0x00000000000000000000000000000000
    [peap] Tunneled authentication was rejected.
    [peap] FAILURE
    ++[eap] returns handled
    Sending Access-Challenge of id 6 to 192.168.1.250 port 1034
    EAP-Message = 0x010700261900170301001b0b161d0dbb31d7d3cd65286f7a a084ee8708935bed2bc963e60797
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x992715679f200cebdde85f1a77c9228b
    Finished request 14.
    Going to the next request
    Waking up in 4.9 seconds.
    rad_recv: Access-Request packet from host 192.168.1.250 port 1034, id=7, length=248
    Message-Authenticator = 0x5b1ec30419fb1addf07d5979c76176e0
    Service-Type = Framed-User
    User-Name = "ITDEPT.COM\\scoe\000"
    Framed-MTU = 1488
    State = 0x992715679f200cebdde85f1a77c9228b
    Called-Station-Id = "00-17-9A-09-C4-DD:scoeit"
    Calling-Station-Id = "00-13-02-12-16-6E"
    NAS-Identifier = "D-Link Access Point"
    NAS-Port-Type = Wireless-802.11
    Connect-Info = "CONNECT 54Mbps 802.11g"
    EAP-Message = 0x020700261900170301001b01aef267bca260c0c202dbaad9 6a2914551d213d9a74266916a21a
    NAS-IP-Address = 192.168.1.250
    NAS-Port = 1
    NAS-Port-Id = "STA port # 1"
    +- entering group authorize {...}
    ++[preprocess] returns ok
    ++[chap] returns noop
    ++[mschap] returns noop
    [suffix] No '@' in User-Name = "ITDEPT.COM\scoe", looking up realm NULL
    [suffix] No such realm "NULL"
    ++[suffix] returns noop
    [eap] EAP packet type response id 7 length 38
    [eap] Continuing tunnel setup.
    ++[eap] returns ok
    Found Auth-Type = EAP
    +- entering group authenticate {...}
    [eap] Request found, released from the list
    [eap] EAP/peap
    [eap] processing type peap
    [peap] processing EAP-TLS
    [peap] eaptls_verify returned 7
    [peap] Done initial handshake
    [peap] eaptls_process returned 7
    [peap] EAPTLS_OK
    [peap] Session established. Decoding tunneled attributes.
    [peap] Received EAP-TLV response.
    [peap] Had sent TLV failure. User was rejected earlier in this session.
    [eap] Handler failed in EAP/peap
    [eap] Failed in EAP select
    ++[eap] returns invalid
    Failed to authenticate the user.
    Using Post-Auth-Type Reject
    +- entering group REJECT {...}
    [attr_filter.access_reject] expand: %{User-Name} -> ITDEPT.COM\scoe
    attr_filter: Matched entry DEFAULT at line 11
    ++[attr_filter.access_reject] returns updated
    Delaying reject of request 15 for 1 seconds
    Going to the next request
    Waking up in 0.9 seconds.
    Sending delayed reject for request 15
    Sending Access-Reject of id 7 to 192.168.1.250 port 1034
    EAP-Message = 0x04070004
    Message-Authenticator = 0x00000000000000000000000000000000
    Waking up in 3.9 seconds.
    Cleaning up request 8 ID 0 with timestamp +558
    Cleaning up request 9 ID 1 with timestamp +558
    Cleaning up request 10 ID 2 with timestamp +559
    Cleaning up request 11 ID 3 with timestamp +559
    Cleaning up request 12 ID 4 with timestamp +559
    Cleaning up request 13 ID 5 with timestamp +559
    Cleaning up request 14 ID 6 with timestamp +559
    Waking up in 1.0 seconds.
    Cleaning up request 15 ID 7 with timestamp +559
    Ready to process requests.

  2. #2
    Just Joined!
    Join Date
    Apr 2009
    Posts
    1

    problems

    I got the same results.
    Debian Lenny freeradius 2.0.4. Does anyone has found a solution?

  3. #3
    Just Joined!
    Join Date
    Apr 2009
    Posts
    2
    Can we see your radiusd.conf file???

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •