freeradius+peap+mschapv2

Petr Safrata safrata na dhd.cz
Pátek Srpen 22 11:02:29 CEST 2008 

Zdravim,

ma nekdo zkusenosti s freeradius+peap+mschapv2 suplicant winxpSP3
Nefunguje mi overeni peap+mschapv2 a nenapada me kde je bota.

Diky
PS


uzivatele overuji proti souboru users

test User-Password == "test"


Vypis z radius serveru


Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.60:516, id=121, length=132
        User-Name = "test"
        NAS-IP-Address = 192.168.1.60
        NAS-Port = 12
        Called-Station-Id = "00:0C:46:93:A0:D1"
        Calling-Station-Id = "00:17:31:22:46:79"
        Framed-MTU = 1400
        NAS-Port-Type = Ethernet
        Connect-Info = "100Mbps"
        EAP-Message = 0x0201000c0173616672617461
        Message-Authenticator = 0x186748cc06e5b7189f00691586bbf1d2
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 12
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry test at line 228
    users: Matched entry DEFAULT at line 245
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 121 to 192.168.1.60 port 516
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x6c96bad1547c552c74b83d667bfda25a
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.60:516, id=122, length=218
        User-Name = "test"
        NAS-IP-Address = 192.168.1.60
        NAS-Port = 12
        Called-Station-Id = "00:0C:46:93:A0:D1"
        Calling-Station-Id = "00:17:31:22:46:79"
        Framed-MTU = 1400
        NAS-Port-Type = Ethernet
        Connect-Info = "100Mbps"
        EAP-Message = 0x0202005019800000004616030100410100003d030148ae7d192f03c307ea1dd9cb413d92e0e5811941a68822d7112ab97c13c0459100001600040005000a000900640062000300060013001200630100
        State = 0x6c96bad1547c552c74b83d667bfda25a
        Message-Authenticator = 0x01701e3ca9ea7b51c95b4ebb1e359297
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "test", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 2 length 80
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry test at line 228
    users: Matched entry DEFAULT at line 245
  
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11
    (other): before/accept initialization
    TLS_accept: before/accept initialization
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
    TLS_accept: SSLv3 read client hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
    TLS_accept: SSLv3 write server hello A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 06a9], Certificate
    TLS_accept: SSLv3 write certificate A
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
    TLS_accept: SSLv3 write server done A
    TLS_accept: SSLv3 flush data
    TLS_accept:error in SSLv3 read client certificate A
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase
In SSL Accept mode
  eaptls_process returned 13
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 122 to 192.168.1.60 port 516
        EAP-Message = 0x0103040a19c000000706160301004a02000046030148ae8189922ea9a064bc53dcbd2c22bc62ccf15c79e01fc4d2631b09829ad386205d1787d16da2af538c4789609e734eafdfbb8245c9cf93e4b185f5b19ef4808a00040016030106a90b0006a50006a200038530820381308202eaa003020102020102300d06092a864886f70d01010505003065310b300906035504061302435a310b3009060355040813024341310d300b0603550407130450454c48310d300b060355040a1304534e49543110300e06035504031307534e49542043413119301706092a864886f70d010901160a636140736e69742e637a301e170d3038303832323037303832
        EAP-Message = 0x325a170d3138303832303037303832325a3071310b300906035504061302435a310b3009060355040813024341310d300b0603550407130450454c48310d300b060355040a1304534e4954311c301a0603550403131373616d62612e736b7570696e612e6c6f63616c3119301706092a864886f70d010901160a636140736e69742e637a30819f300d06092a864886f70d010101050003818d0030818902818100ba207eb3e30789f15df069528753f5911edad79a23265560c5f04ac39128261d9f2e928f33359a9c531fe6b04a8277416fd967d3b83eb4560b1ef4e4fd525a757d6b433907fec270e3aa4b75f18cb60e6ee0bcb0f29a3ef7209df2f5
        EAP-Message = 0x96bc64d8c8f2a3742c0ce2a2e2e02e8a0370f582465a54c50bf26816ddc328573116e9950203010001a38201333082012f30090603551d1304023000301106096086480186f8420101040403020640303406096086480186f842010d04271625456173792d5253412047656e65726174656420536572766572204365727469666963617465301d0603551d0e04160414572ce22342e92ab1653563cced17c9b18b9416903081970603551d2304818f30818c80149faf56e5813f165cfba561fd27fa89455e4f0977a169a4673065310b300906035504061302435a310b3009060355040813024341310d300b0603550407130450454c48310d300b0603
        EAP-Message = 0x55040a1304534e49543110300e06035504031307534e49542043413119301706092a864886f70d010901160a636140736e69742e637a820900ef527decc3cb962b30130603551d25040c300a06082b06010505070301300b0603551d0f0404030205a0300d06092a864886f70d0101050500038181009212fe6a2a9345fed497ff4b9f67567a159e83827f318dfb6253461dca2b906c17ae54c718be03f41d13098cfec079254fd7db0a5e9b1de9d41a125436de24107ddd85501ea99f148d78b0ba54d587095f6c0b27013665d56aefb0fceda782c03f5997cd6ca9f12fa96df4c745f223d60a23e64bcfc23f72807dd218e487af9900031730820313
        EAP-Message = 0x3082027ca003020102020900ef527decc3cb962b300d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x91559799f2bbc9652f7b8cfa682da6d6
Finished request 1
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 121 with timestamp 48ae8189
Cleaning up request 1 ID 122 with timestamp 48ae8189
Nothing to do.  Sleeping until we see a request.

Další informace o konferenci Linux