[RADIATOR] PEAP/MSCHAPv2 auth fails with username at realm

Christopher Bongaarts cab at umn.edu
Fri Nov 2 11:27:52 CDT 2012 

On 11/1/2012 5:53 PM, alan buxey wrote:
> hi,
>
> this log looks like the client is doing
>
> PEAPv0/EAP-MSCHAPv2  rather than PEAPv0/MSCHAPv2 - is that correct?

I believe so (I didn't realize it was possible to do the latter...)

For comparison, here is a log file from the currently working version of 
this (no PEAP).  I guess I was expecting something like this for the 
inner authentication...

*** Received from 134.84.XX.XX port 47710 ....
Code:       Access-Request
Identifier: 50
Authentic:  <248>V<245><127><232>'<29>z<5>{<182><15>}:<234><154>
Attributes:
         User-Name = "cab"
         MS-CHAP2-Response = 
<1><0><241>h<151>IJ<245><142><191><156><216>L<127><193><163>N<177><0><0><0><0><0><0><0><0><3>{#=M<181><15>C<252>*=L<179><159>}<191><246>X<201>JHw<14>>
         MS-CHAP-Challenge = $y<197><231><186><134>Ara:qh])L<152>
         NAS-Identifier = "WIRELESS"
         Proxy-State = OSC-Extended-Id=7474

Fri Nov  2 11:21:27 2012: DEBUG: Handling request with Handler ''
Fri Nov  2 11:21:27 2012: DEBUG:  Deleting session for cab, 134.84.XX.XX,
Fri Nov  2 11:21:27 2012: DEBUG: Handling with Radius::AuthGROUP:
Fri Nov  2 11:21:27 2012: DEBUG: Rewrote user name to cab
Fri Nov  2 11:21:27 2012: DEBUG: Handling with Radius::AuthLDAP2:
Fri Nov  2 11:21:27 2012: INFO: Connecting to ldapserver-1.tc.umn.edu:389
Fri Nov  2 11:21:27 2012: INFO: Attempting to bind to LDAP server 
ldapserver-1.tc.umn.edu:389
Fri Nov  2 11:21:27 2012: DEBUG: LDAP got result for cn=Christopher A 
Bongaarts-2,ou=People,o=University of Minnesota,c=US
Fri Nov  2 11:21:27 2012: DEBUG: LDAP got umnNTPasswordHash: 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Fri Nov  2 11:21:27 2012: DEBUG: LDAP got umnXythosStatus: A
Fri Nov  2 11:21:27 2012: DEBUG: Radius::AuthLDAP2 looks for match with 
cab [cab]
Fri Nov  2 11:21:27 2012: DEBUG: Radius::AuthLDAP2 ACCEPT: : cab [cab]
Fri Nov  2 11:21:27 2012: DEBUG: AuthBy GROUP result: ACCEPT,
Fri Nov  2 11:21:27 2012: DEBUG: Access accepted for cab
Fri Nov  2 11:21:27 2012: DEBUG: Packet dump:
*** Sending to 134.84.XX.XX port 47710 ....
Code:       Access-Accept
Identifier: 50
Authentic:  <248>V<245><127><232>'<29>z<5>{<182><15>}:<234><154>
Attributes:
         MS-CHAP2-Success = "<1>S=E8DBDB9DB277D070C33688C570CC8FF9C3D1XXXX"
         Proxy-State = OSC-Extended-Id=7474




-- 
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

More information about the radiator mailing list