(RADIATOR) AuthBy LSA and Lan Manager Auth Level
Kirk T Byers
ktbyers at stanford.edu
Wed Dec 1 11:25:21 CST 2004
Hugh,
OK, I have upgraded to Radiator 3.11 (plus patches). I still have the
same issue. The error message is the same as before, "WARNING: Could
not LogonUserNetworkMSCHAP (V2): 3221225581, 0, Logon failure: unknown
user name or bad password". I tried this both with and without specifying
the domain in my PEAP supplicant (i.e. both with and without the "NT\"
prefix). I looked at the new lsa_eap_peap.cfg, and didn't see any
meaningful differences between my configuration and the example
configuration. The only difference was that I had the "DefaultDomain NT"
set (although I tried it both with and without this). I also looked at the
example lsa.cfg, but this didn't look applicable since I am using PEAP.
Here is the end of the logfile from my last attempt. This is with
"DefaultDomain NT" set, and without specifying the domain in the
supplicant.
Kirk
Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 72
Authentic: SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
Attributes:
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<208><249><209><7><236>x<<217><203><169><167><19
7><142>*<192>L
EAP-Message =
<2><9><0>Y<25><0><23><3><1><0>N<244>m<140><21><218>p<29>i<
208>q<218><212><142><1>M<231><174><168>L<246><168><155><225><227>K<144><225><248
><250><150><228>!<0><228><138><178><204><159>V<186><31>e<135><242><129><244>u6><
149>
8<229><229><211><193>++<20><154><192><216>2<14><203><25>l<172>.<178>^<21><2
09>Z<169><154>#<189>
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 322
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler ''
Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for testuser,
171.64.19.234, 322
Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 89
Wed Dec 1 08:55:38 2004: DEBUG: Response type 25
Wed Dec 1 08:55:38 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Wed Dec 1 08:55:38 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <138><198><252><222>nI<23>$X<219><221><2>3<217>s<224>
Attributes:
EAP-Message =
<2><9><0>><26><2><9><0>=1<144><150><222>=<188><237>vB<173>
<209><204><136>~D<215>~<0><0><0><0><0><0><0><0><23><255>q/<230><6><187><170>5w<1
9><198>5<180><154>A<183><137>M<150><148><3><225><253><0>testuser
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
User-Name = "anonymous"
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
NAS-Port = 322
Calling-Station-Id = "000c.41a9.930f"
Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for , 171.64.19.234, 322
Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthLSA:
Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 62
Wed Dec 1 08:55:38 2004: DEBUG: Response type 26
Wed Dec 1 08:55:38 2004: DEBUG: Radius::AuthLSA looks for match with
testuser
Wed Dec 1 08:55:38 2004: DEBUG: Radius::AuthLSA ACCEPT:
Wed Dec 1 08:55:38 2004: WARNING: Could not LogonUserNetworkMSCHAP (V2):
3221225581, 0, Logon failure: unknown user name or bad password.
Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication
failure
Wed Dec 1 08:55:38 2004: INFO: Access rejected for anonymous: EAP MSCHAP-V2
Authentication failure
Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Wed Dec 1 08:55:38 2004: DEBUG: Access challenged for testuser: EAP PEAP
inner authentication redespatched to a Handler
Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Challenge
Identifier: 72
Authentic: SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
Attributes:
EAP-Message =
<1><10><0>&<25><0><23><3><1><0><27><24><253><234>&~<10><15
2><<248><144><28><197>7<163>cF<147><215>~<139>i<141>z<215><165><177><137>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code: Access-Request
Identifier: 73
Authentic: <154><206><167>LM{<178><245><135>2/<l<18><144><28>
Attributes:
User-Name = "testuser"
Framed-MTU = 1400
Called-Station-Id = "0011.931f.57c0"
Calling-Station-Id = "000c.41a9.930f"
Message-Authenticator =
<239><166>xq!<215><23><198>)<175><29>@x@<210><18
3>
EAP-Message =
<2><10><0>&<25><0><23><3><1><0><27><244>lH<206>H88<254><15
0><182><132><24><216><10>9<7><202><240>}<244><244><188><240>=<165>Pm
NAS-Port-Type = Wireless-IEEE-802-11
NAS-Port = 322
Service-Type = Framed-User
NAS-IP-Address = 171.64.19.234
NAS-Identifier = "ap"
Wed Dec 1 08:55:38 2004: DEBUG: Handling request with Handler ''
Wed Dec 1 08:55:38 2004: DEBUG: Deleting session for testuser,
171.64.19.234, 322
Wed Dec 1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Dec 1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 10, 38
Wed Dec 1 08:55:38 2004: DEBUG: Response type 25
Wed Dec 1 08:55:38 2004: DEBUG: EAP result: 1, PEAP Authentication Failure
Wed Dec 1 08:55:38 2004: INFO: Access rejected for testuser: PEAP
Authentication Failure
Wed Dec 1 08:55:38 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code: Access-Reject
Identifier: 73
Authentic: <154><206><167>LM{<178><245><135>2/<l<18><144><28>
Attributes:
EAP-Message = <4><10><0><4>
Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
Reply-Message = "Request Denied"
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list