(RADIATOR) AuthBy LSA and Lan Manager Auth Level

Kirk T Byers ktbyers at stanford.edu
Wed Dec 1 11:25:21 CST 2004


Hugh,

OK, I have upgraded to Radiator 3.11 (plus patches).  I still have the
same issue.  The error message is the same as before, "WARNING: Could
not LogonUserNetworkMSCHAP  (V2): 3221225581, 0, Logon failure: unknown
user name or bad password".  I tried this both with and without specifying
the domain in my PEAP supplicant (i.e. both with and without the "NT\"
prefix).  I looked at the new lsa_eap_peap.cfg, and didn't see any
meaningful differences between my configuration and the example
configuration.  The only difference was that I had the "DefaultDomain NT"
set (although I tried it both with and without this).  I also looked at the
example lsa.cfg, but this didn't look applicable since I am using PEAP.

Here is the end of the logfile from my last attempt.  This is with
"DefaultDomain NT" set, and without specifying the domain in the
supplicant.


Kirk



Wed Dec  1 08:55:38 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code:       Access-Request
Identifier: 72
Authentic:  SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
Attributes:
        User-Name = "testuser"
        Framed-MTU = 1400
        Called-Station-Id = "0011.931f.57c0"
        Calling-Station-Id = "000c.41a9.930f"
        Message-Authenticator =
<208><249><209><7><236>x<<217><203><169><167><19
7><142>*<192>L
        EAP-Message =
<2><9><0>Y<25><0><23><3><1><0>N<244>m<140><21><218>p<29>i<
208>q<218><212><142><1>M<231><174><168>L<246><168><155><225><227>K<144><225><248
><250><150><228>!<0><228><138><178><204><159>V<186><31>e<135><242><129><244>u6><
149>
8<229><229><211><193>++<20><154><192><216>2<14><203><25>l<172>.<178>^<21><2
09>Z<169><154>#<189>
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 322
        Service-Type = Framed-User
        NAS-IP-Address = 171.64.19.234
        NAS-Identifier = "ap"

Wed Dec  1 08:55:38 2004: DEBUG: Handling request with Handler ''
Wed Dec  1 08:55:38 2004: DEBUG:  Deleting session for testuser,
171.64.19.234, 322
Wed Dec  1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Dec  1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 89
Wed Dec  1 08:55:38 2004: DEBUG: Response type 25
Wed Dec  1 08:55:38 2004: DEBUG: EAP PEAP inner authentication request for
anonymous
Wed Dec  1 08:55:38 2004: DEBUG: PEAP Tunnelled request Packet dump:
Code:       Access-Request
Identifier: UNDEF
Authentic:  <138><198><252><222>nI<23>$X<219><221><2>3<217>s<224>
Attributes:
        EAP-Message =
<2><9><0>><26><2><9><0>=1<144><150><222>=<188><237>vB<173>
<209><204><136>~D<215>~<0><0><0><0><0><0><0><0><23><255>q/<230><6><187><170>5w<1
9><198>5<180><154>A<183><137>M<150><148><3><225><253><0>testuser
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

        User-Name = "anonymous"
        NAS-IP-Address = 171.64.19.234
        NAS-Identifier = "ap"
        NAS-Port = 322
        Calling-Station-Id = "000c.41a9.930f"

Wed Dec  1 08:55:38 2004: DEBUG: Handling request with Handler
'TunnelledByPEAP=1'
Wed Dec  1 08:55:38 2004: DEBUG:  Deleting session for , 171.64.19.234, 322
Wed Dec  1 08:55:38 2004: DEBUG: Handling with Radius::AuthLSA:
Wed Dec  1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 9, 62
Wed Dec  1 08:55:38 2004: DEBUG: Response type 26
Wed Dec  1 08:55:38 2004: DEBUG: Radius::AuthLSA looks for match with
testuser
Wed Dec  1 08:55:38 2004: DEBUG: Radius::AuthLSA ACCEPT:
Wed Dec  1 08:55:38 2004: WARNING: Could not LogonUserNetworkMSCHAP (V2):
3221225581, 0, Logon failure: unknown user name or bad password.

Wed Dec  1 08:55:38 2004: DEBUG: EAP result: 1, EAP MSCHAP-V2 Authentication
failure
Wed Dec  1 08:55:38 2004: INFO: Access rejected for anonymous: EAP MSCHAP-V2
Authentication failure
Wed Dec  1 08:55:38 2004: DEBUG: EAP result: 3, EAP PEAP inner
authentication redespatched to a Handler
Wed Dec  1 08:55:38 2004: DEBUG: Access challenged for testuser: EAP PEAP
inner authentication redespatched to a Handler
Wed Dec  1 08:55:38 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code:       Access-Challenge
Identifier: 72
Authentic:  SM=<209><9><155><231><227><204><167><184><220><135>h<171><204>
Attributes:
        EAP-Message =
<1><10><0>&<25><0><23><3><1><0><27><24><253><234>&~<10><15
2><<248><144><28><197>7<163>cF<147><215>~<139>i<141>z<215><165><177><137>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>


Wed Dec  1 08:55:38 2004: DEBUG: Packet dump:
*** Received from 171.64.19.234 port 21645 ....
Code:       Access-Request
Identifier: 73
Authentic:  <154><206><167>LM{<178><245><135>2/<l<18><144><28>
Attributes:
        User-Name = "testuser"
        Framed-MTU = 1400
        Called-Station-Id = "0011.931f.57c0"
        Calling-Station-Id = "000c.41a9.930f"
        Message-Authenticator =
<239><166>xq!<215><23><198>)<175><29>@x@<210><18
3>
        EAP-Message =
<2><10><0>&<25><0><23><3><1><0><27><244>lH<206>H88<254><15
0><182><132><24><216><10>9<7><202><240>}<244><244><188><240>=<165>Pm
        NAS-Port-Type = Wireless-IEEE-802-11
        NAS-Port = 322
        Service-Type = Framed-User
        NAS-IP-Address = 171.64.19.234
        NAS-Identifier = "ap"

Wed Dec  1 08:55:38 2004: DEBUG: Handling request with Handler ''
Wed Dec  1 08:55:38 2004: DEBUG:  Deleting session for testuser,
171.64.19.234, 322
Wed Dec  1 08:55:38 2004: DEBUG: Handling with Radius::AuthFILE:
Wed Dec  1 08:55:38 2004: DEBUG: Handling with EAP: code 2, 10, 38
Wed Dec  1 08:55:38 2004: DEBUG: Response type 25
Wed Dec  1 08:55:38 2004: DEBUG: EAP result: 1, PEAP Authentication Failure
Wed Dec  1 08:55:38 2004: INFO: Access rejected for testuser: PEAP
Authentication Failure
Wed Dec  1 08:55:38 2004: DEBUG: Packet dump:
*** Sending to 171.64.19.234 port 21645 ....
Code:       Access-Reject
Identifier: 73
Authentic:  <154><206><167>LM{<178><245><135>2/<l<18><144><28>
Attributes:
        EAP-Message = <4><10><0><4>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>

       Reply-Message = "Request Denied"

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list