fipsinator
Goto Top

Authentifizierung von Client und Radius Server schlägt Fehl!

Hallo Liebe Admins und co.

Wie manche schon wissen habe ich ein paar Probleme mit meinem Freeradius + OpenLdap Projekt gehapt.
Soweit so gut habe ich alle Probleme beseitigt und habe es heute getestet.

Leider funktioniert es nicht so ganz wie es eigentlich sollte.
Laut Server sollte die authentifizierung abgeschlossen sein soweit ich das auslesen kann aber bei dem XP Client bleibt er bei "Warten auf Authentifizierung" Hängen.

Das ganze läuft auf Ubuntu 8.10 mit Freeradius 2.1.0 und OpenLDAP. EAP-PEAP ist für die Authentifizierung zuständig.


Hier einmal die Ausgabe von dem Radius Server.

[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010100061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x894a28b0894b31cfb70f7c603f7b1aa8
Finished request 50.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=211
Cleaning up request 50 ID 0 with timestamp +3424
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x894a28b0894b31cfb70f7c603f7b1aa8
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0201005019800000004616030100410100003d03014adf2ee3fd0252131967c996b2ee209c1949ea198d7d21f8e148830a406f19eb00001600040005000a000900640062000300060013001200630100
	Message-Authenticator = 0x0fedef8f3382095fc98e350d0284b9ac
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 1 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization 
[peap]     TLS_accept: before/accept initialization 
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A 
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A 
[peap] >>> TLS 1.0 Handshake [length 0488], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A 
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A 
[peap]     TLS_accept: SSLv3 flush data 
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x0102040019c0000004c5160301002a0200002603014adf2edd5e7e5562834e6ade87e96cbbf68c62e3d099e65d35d9c1d4a4939bc80000040016030104880b00048400048100047e3082047a30820362a0030201020209009252663eab60caa8300d06092a864886f70d0101050500308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d301e170d303931
	EAP-Message = 0x3031363131323831395a170d3139313031343131323831395a308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009e89ec671fbf03174125d0739cd302c45ca2f3761699c79ff574684c16d170792c83a72f38e12c317d3de89f6f733cb291290c2b44728893c39a5d3a
	EAP-Message = 0x233bc82bbded4fdacf128401c5ae5475a19f5bfedb5d8249922d8dab58a6795e22ef7b6199babef710529020ef195a63029f9e76b929b014817337f296c2ac81821a5248127bca0d7cfc08976e8b523d4e5c2b2531f3935f3315176a6b9357d1fd66e3cca16ef5f66d6c5534f69dfb609419b87c19d0a9ca6715165ed6868331512303ecdd56b8ac4dd86ba962acc3511983c032472b3b68be95ae148ba72ef6b45641e87e86ac0a5c4a54046e5e6f049647b571ec5368c49aefa07369ddbe0c3f3fc5ed0203010001a381ec3081e9301d0603551d0e041604145221e69351424b0ba1e5e98bf5572135a5ccc6cb3081b90603551d230481b13081ae80
	EAP-Message = 0x145221e69351424b0ba1e5e98bf5572135a5ccc6cba1818aa48187308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d8209009252663eab60caa8300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009e1d4293a5b4e79642aff4b3d4455753888f0a93b9c545cb123804892fb619977db65dd11338e93a881eae872e21
	EAP-Message = 0xbdd8c65e24e03f6889d3bb8e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x894a28b0884831cfb70f7c603f7b1aa8
Finished request 51.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 51 ID 0 with timestamp +3424
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x894a28b0884831cfb70f7c603f7b1aa8
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020200061900
	Message-Authenticator = 0xff3389e0200d9cdf6ffac47083b40abc
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010300d51900c9400ce7ff967f714a193cbf3ec6ad33f0dfae0b8d307e04ccf9cfb6c90ba8327983e05278b1b13bb9833a3e1ad640b1d741e52cc6f31b75d08d10c5a91d4e5e7731d6b2a9a9dc14994a2950da7bb1487fce28227c4e854a2528206719472828e63113caf8553faadeb882701ab886fbf16d3ff8e5e7401e3835c71d229c453414d71c94c59dafb4912211671c4460fbd6fd96fca5f1886a04c823c9c35c5cb16a8524d5491c99f6dcfea152d4175558b4ec85d3c5b91cdccdad17a10637de747274b8a114cf16030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x894a28b08b4931cfb70f7c603f7b1aa8
Finished request 52.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 52 ID 0 with timestamp +3424
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x894a28b08b4931cfb70f7c603f7b1aa8
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020300061900
	Message-Authenticator = 0x12b69b8439f2a9fb19b65a7b9bb48310
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010400061900
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x894a28b08a4e31cfb70f7c603f7b1aa8
Finished request 53.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 53 ID 0 with timestamp +3424
Ready to process requests.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=123
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0201000a01707a656e7a
	Message-Authenticator = 0x1e6ee2415e8f2ec8ece0247f3f43b176
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 1 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation  
++[eap] returns updated
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010200061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57d553ec57d74ac228b656f21d398631
Finished request 54.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=211
Cleaning up request 54 ID 0 with timestamp +3454
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x57d553ec57d74ac228b656f21d398631
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x0202005019800000004616030100410100003d03014adf2f01d7bcb8f1a06dfd2abb492adadf3528512edb795c278b4551f23f550000001600040005000a000900640062000300060013001200630100
	Message-Authenticator = 0x1d51d87157d12ee790063784ea08dfaf
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization 
[peap]     TLS_accept: before/accept initialization 
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A 
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A 
[peap] >>> TLS 1.0 Handshake [length 0488], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A 
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A 
[peap]     TLS_accept: SSLv3 flush data 
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x0103040019c0000004c5160301002a0200002603014adf2efbd7f7fe59852ed2789d73a1a9870492eedeb8be07b7ff8b116e91d6750000040016030104880b00048400048100047e3082047a30820362a0030201020209009252663eab60caa8300d06092a864886f70d0101050500308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d301e170d303931
	EAP-Message = 0x3031363131323831395a170d3139313031343131323831395a308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009e89ec671fbf03174125d0739cd302c45ca2f3761699c79ff574684c16d170792c83a72f38e12c317d3de89f6f733cb291290c2b44728893c39a5d3a
	EAP-Message = 0x233bc82bbded4fdacf128401c5ae5475a19f5bfedb5d8249922d8dab58a6795e22ef7b6199babef710529020ef195a63029f9e76b929b014817337f296c2ac81821a5248127bca0d7cfc08976e8b523d4e5c2b2531f3935f3315176a6b9357d1fd66e3cca16ef5f66d6c5534f69dfb609419b87c19d0a9ca6715165ed6868331512303ecdd56b8ac4dd86ba962acc3511983c032472b3b68be95ae148ba72ef6b45641e87e86ac0a5c4a54046e5e6f049647b571ec5368c49aefa07369ddbe0c3f3fc5ed0203010001a381ec3081e9301d0603551d0e041604145221e69351424b0ba1e5e98bf5572135a5ccc6cb3081b90603551d230481b13081ae80
	EAP-Message = 0x145221e69351424b0ba1e5e98bf5572135a5ccc6cba1818aa48187308184310b30090603550406130241553112301006035504081309456962697377616c643112301006035504071309456962697377616c64310d300b060355040a130467727037310d300b060355040b130467727037310d300b06035504031304677270373120301e06092a864886f70d0109011611707a656e7a313640676d61696c2e636f6d8209009252663eab60caa8300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009e1d4293a5b4e79642aff4b3d4455753888f0a93b9c545cb123804892fb619977db65dd11338e93a881eae872e21
	EAP-Message = 0xbdd8c65e24e03f6889d3bb8e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57d553ec56d64ac228b656f21d398631
Finished request 55.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 55 ID 0 with timestamp +3454
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x57d553ec56d64ac228b656f21d398631
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020300061900
	Message-Authenticator = 0x3fd73d2d2ec087681f2fdcf467ca0cb9
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010400d51900c9400ce7ff967f714a193cbf3ec6ad33f0dfae0b8d307e04ccf9cfb6c90ba8327983e05278b1b13bb9833a3e1ad640b1d741e52cc6f31b75d08d10c5a91d4e5e7731d6b2a9a9dc14994a2950da7bb1487fce28227c4e854a2528206719472828e63113caf8553faadeb882701ab886fbf16d3ff8e5e7401e3835c71d229c453414d71c94c59dafb4912211671c4460fbd6fd96fca5f1886a04c823c9c35c5cb16a8524d5491c99f6dcfea152d4175558b4ec85d3c5b91cdccdad17a10637de747274b8a114cf16030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57d553ec55d14ac228b656f21d398631
Finished request 56.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.20.140.174 port 1030, id=0, length=137
Cleaning up request 56 ID 0 with timestamp +3454
	User-Name = "pzenz"  
	NAS-IP-Address = 172.20.140.174
	Called-Station-Id = "00226b6e8e06"  
	Calling-Station-Id = "0019d202a559"  
	NAS-Identifier = "00226b6e8e06"  
	NAS-Port = 62
	Framed-MTU = 1400
	State = 0x57d553ec55d14ac228b656f21d398631
	NAS-Port-Type = Wireless-802.11
	EAP-Message = 0x020400061900
	Message-Authenticator = 0x171352194d6366d1b48208827fd064cc
+- entering group authorize {...}
++[mschap] returns noop
++[preprocess] returns ok
[suffix] No '@' in User-Name = "pzenz", looking up realm NULL  
[suffix] No such realm "NULL"  
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
++[files] returns noop
++[chap] returns noop
[ldap] performing user authorization for pzenz
	expand: (uid=%u) -> (uid=pzenz)
	expand: dc=grp7,dc=local -> dc=grp7,dc=local
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=grp7,dc=local, with filter (uid=pzenz)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP.  Are you sure that the user is configured correctly?  
[ldap] user pzenz authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 0 to 172.20.140.174 port 1030
	EAP-Message = 0x010500061900
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x57d553ec54d04ac228b656f21d398631
Finished request 57.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 57 ID 0 with timestamp +3454
Ready to process requests.

Wenn ihr noch die config Files dazu braucht sagt es bitte, aber vlt könnt ihr ja auch damit was anfangen.
Wie gesagt ich kann nichts erkennen das da etwas schief laufen sollte.

Wenn wer eine Idee hat möge er es bitte Posten ;)

Lg
Philipp

Content-ID: 127653

Url: https://administrator.de/forum/authentifizierung-von-client-und-radius-server-schlaegt-fehl-127653.html

Ausgedruckt am: 23.12.2024 um 23:12 Uhr

aqui
aqui 21.10.2009 um 22:37:03 Uhr
Goto Top
fipsinator
fipsinator 21.10.2009 um 23:28:28 Uhr
Goto Top
Habe ich beides schon gelesen.
Schon bei der Konfiguration des Systems.

Doch ich weiß nicht wo hierbei das Problem liegt...
Elwars
Elwars 24.07.2012 um 13:57:58 Uhr
Goto Top
411. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?

Benutzername und Password richtig?