3
Authentifizierung von Client und Radius Server schlägt Fehl!
Hallo Liebe Admins und co.
Wie manche schon wissen habe ich ein paar Probleme mit meinem Freeradius + OpenLdap Projekt gehapt.
Soweit so gut habe ich alle Probleme beseitigt und habe es heute getestet.
Leider funktioniert es nicht so ganz wie es eigentlich sollte.
Laut Server sollte die authentifizierung abgeschlossen sein soweit ich das auslesen kann aber bei dem XP Client bleibt er bei "Warten auf Authentifizierung" Hängen.
Das ganze läuft auf Ubuntu 8.10 mit Freeradius 2.1.0 und OpenLDAP. EAP-PEAP ist für die Authentifizierung zuständig.
Hier einmal die Ausgabe von dem Radius Server.
Wenn ihr noch die config Files dazu braucht sagt es bitte, aber vlt könnt ihr ja auch damit was anfangen.
Wie gesagt ich kann nichts erkennen das da etwas schief laufen sollte.
Wenn wer eine Idee hat möge er es bitte Posten ;)
Lg
Philipp
Wie manche schon wissen habe ich ein paar Probleme mit meinem Freeradius + OpenLdap Projekt gehapt.
Soweit so gut habe ich alle Probleme beseitigt und habe es heute getestet.
Leider funktioniert es nicht so ganz wie es eigentlich sollte.
Laut Server sollte die authentifizierung abgeschlossen sein soweit ich das auslesen kann aber bei dem XP Client bleibt er bei "Warten auf Authentifizierung" Hängen.
Das ganze läuft auf Ubuntu 8.10 mit Freeradius 2.1.0 und OpenLDAP. EAP-PEAP ist für die Authentifizierung zuständig.
Hier einmal die Ausgabe von dem Radius Server.
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x894a28b0894b31cfb70f7c603f7b1aa8
Finished request 50.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=211
Cleaning up request 50 ID 0 with timestamp +3424
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x894a28b0894b31cfb70f7c603f7b1aa8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201005019800000004616030100410100003d03014adf2ee3fd0252131967c996b2ee209c1949ea198d7d21f8e148830a406f19eb00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x0fedef8f3382095fc98e350d0284b9ac
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0488], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x0102040019c0000004c5160301002a0200002603014adf2edd5e7e5562834e6ade87e96cbbf68c62e3d099e65d35d9c1d4a4939bc80000040016030104880b00048400048100047e3082047a30820362a0030201020209009252663eab60caa8300d06092a864886f70d0101050500308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d301e170d303931
EAP-Message = 0x3031363131323831395a170d3139313031343131323831395a308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009e89ec671fbf03174125d0739cd302c45ca2f3761699c79ff574684c16d170792c83a72f38e12c317d3de89f6f733cb291290c2b44728893c39a5d3a
EAP-Message = 0x233bc82bbded4fdacf128401c5ae5475a19f5bfedb5d8249922d8dab58a6795e22ef7b6199babef710529020ef195a63029f9e76b929b014817337f296c2ac81821a5248127bca0d7cfc08976e8b523d4e5c2b2531f3935f3315176a6b9357d1fd66e3cca16ef5f66d6c5534f69dfb609419b87c19d0a9ca6715165ed6868331512303ecdd56b8ac4dd86ba962acc3511983c032472b3b68be95ae148ba72ef6b45641e87e86ac0a5c4a54046e5e6f049647b571ec5368c49aefa07369ddbe0c3f3fc5ed0203010001a381ec3081e9301d0603551d0e041604145221e69351424b0ba1e5e98bf5572135a5ccc6cb3081b90603551d230481b13081ae80
EAP-Message = 0x145221e69351424b0ba1e5e98bf5572135a5ccc6cba1818aa48187308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d8209009252663eab60caa8300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009e1d4293a5b4e79642aff4b3d4455753888f0a93b9c545cb123804892fb619977db65dd11338e93a881eae872e21
EAP-Message = 0xbdd8c65e24e03f6889d3bb8e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x894a28b0884831cfb70f7c603f7b1aa8
Finished request 51.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 51 ID 0 with timestamp +3424
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x894a28b0884831cfb70f7c603f7b1aa8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020200061900
Message-Authenticator = 0xff3389e0200d9cdf6ffac47083b40abc
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010300d51900c9400ce7ff967f714a193cbf3ec6ad33f0dfae0b8d307e04ccf9cfb6c90ba8327983e05278b1b13bb9833a3e1ad640b1d741e52cc6f31b75d08d10c5a91d4e5e7731d6b2a9a9dc14994a2950da7bb1487fce28227c4e854a2528206719472828e63113caf8553faadeb882701ab886fbf16d3ff8e5e7401e3835c71d229c453414d71c94c59dafb4912211671c4460fbd6fd96fca5f1886a04c823c9c35c5cb16a8524d5491c99f6dcfea152d4175558b4ec85d3c5b91cdccdad17a10637de747274b8a114cf16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x894a28b08b4931cfb70f7c603f7b1aa8
Finished request 52.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 52 ID 0 with timestamp +3424
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x894a28b08b4931cfb70f7c603f7b1aa8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0x12b69b8439f2a9fb19b65a7b9bb48310
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010400061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x894a28b08a4e31cfb70f7c603f7b1aa8
Finished request 53.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 53 ID 0 with timestamp +3424
Ready to process requests.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=123
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201000a01707a656e7a
Message-Authenticator = 0x1e6ee2415e8f2ec8ece0247f3f43b176
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x57d553ec57d74ac228b656f21d398631
Finished request 54.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=211
Cleaning up request 54 ID 0 with timestamp +3454
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x57d553ec57d74ac228b656f21d398631
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202005019800000004616030100410100003d03014adf2f01d7bcb8f1a06dfd2abb492adadf3528512edb795c278b4551f23f550000001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x1d51d87157d12ee790063784ea08dfaf
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0488], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x0103040019c0000004c5160301002a0200002603014adf2efbd7f7fe59852ed2789d73a1a9870492eedeb8be07b7ff8b116e91d6750000040016030104880b00048400048100047e3082047a30820362a0030201020209009252663eab60caa8300d06092a864886f70d0101050500308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d301e170d303931
EAP-Message = 0x3031363131323831395a170d3139313031343131323831395a308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009e89ec671fbf03174125d0739cd302c45ca2f3761699c79ff574684c16d170792c83a72f38e12c317d3de89f6f733cb291290c2b44728893c39a5d3a
EAP-Message = 0x233bc82bbded4fdacf128401c5ae5475a19f5bfedb5d8249922d8dab58a6795e22ef7b6199babef710529020ef195a63029f9e76b929b014817337f296c2ac81821a5248127bca0d7cfc08976e8b523d4e5c2b2531f3935f3315176a6b9357d1fd66e3cca16ef5f66d6c5534f69dfb609419b87c19d0a9ca6715165ed6868331512303ecdd56b8ac4dd86ba962acc3511983c032472b3b68be95ae148ba72ef6b45641e87e86ac0a5c4a54046e5e6f049647b571ec5368c49aefa07369ddbe0c3f3fc5ed0203010001a381ec3081e9301d0603551d0e041604145221e69351424b0ba1e5e98bf5572135a5ccc6cb3081b90603551d230481b13081ae80
EAP-Message = 0x145221e69351424b0ba1e5e98bf5572135a5ccc6cba1818aa48187308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d8209009252663eab60caa8300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009e1d4293a5b4e79642aff4b3d4455753888f0a93b9c545cb123804892fb619977db65dd11338e93a881eae872e21
EAP-Message = 0xbdd8c65e24e03f6889d3bb8e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x57d553ec56d64ac228b656f21d398631
Finished request 55.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 55 ID 0 with timestamp +3454
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x57d553ec56d64ac228b656f21d398631
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0x3fd73d2d2ec087681f2fdcf467ca0cb9
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010400d51900c9400ce7ff967f714a193cbf3ec6ad33f0dfae0b8d307e04ccf9cfb6c90ba8327983e05278b1b13bb9833a3e1ad640b1d741e52cc6f31b75d08d10c5a91d4e5e7731d6b2a9a9dc14994a2950da7bb1487fce28227c4e854a2528206719472828e63113caf8553faadeb882701ab886fbf16d3ff8e5e7401e3835c71d229c453414d71c94c59dafb4912211671c4460fbd6fd96fca5f1886a04c823c9c35c5cb16a8524d5491c99f6dcfea152d4175558b4ec85d3c5b91cdccdad17a10637de747274b8a114cf16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x57d553ec55d14ac228b656f21d398631
Finished request 56.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 56 ID 0 with timestamp +3454
User-Name = "pzenz"
NAS-IP-Address = 172.20.140.174
Called-Station-Id = "00226b6e8e06"
Calling-Station-Id = "0019d202a559"
NAS-Identifier = "00226b6e8e06"
NAS-Port = 62
Framed-MTU = 1400
State = 0x57d553ec55d14ac228b656f21d398631
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0x171352194d6366d1b48208827fd064cc
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
expand: (uid=%u) -> (uid=pzenz)
expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
EAP-Message = 0x010500061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x57d553ec54d04ac228b656f21d398631
Finished request 57.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 57 ID 0 with timestamp +3454
Ready to process requests.Wenn ihr noch die config Files dazu braucht sagt es bitte, aber vlt könnt ihr ja auch damit was anfangen.
Wie gesagt ich kann nichts erkennen das da etwas schief laufen sollte.
Wenn wer eine Idee hat möge er es bitte Posten ;)
Lg
Philipp
Share on Facebook
Share on Twitter
Share on Reddit
Share on LinkedinPlease also mark the comments that contributed to the solution of the article
Content-Key: 127653
Url: https://administrator.de/contentid/127653
Printed on: April 23, 2024 at 12:04 o'clock
3 Comments
Latest comment
Das hier
Dynamische VLAN-Zuweisung mit FreeRADIUS und Active Directory
bzw.
http://www.air09.net/air09_dokumentation.pdf
hattest du schon dazu gelesen ??
Dynamische VLAN-Zuweisung mit FreeRADIUS und Active Directory
bzw.
http://www.air09.net/air09_dokumentation.pdf
hattest du schon dazu gelesen ??
Habe ich beides schon gelesen.
Schon bei der Konfiguration des Systems.
Doch ich weiß nicht wo hierbei das Problem liegt...
Schon bei der Konfiguration des Systems.
Doch ich weiß nicht wo hierbei das Problem liegt...
411. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
Benutzername und Password richtig?
Benutzername und Password richtig?
