DEVHIDE
Login Or Sign up

Android phone can not pass the RADIUS authentication using EAP-PEAP-MSCHAPv2

1.9k Views Asked by At

I've created an account/password in the "users" file, and the client (Android phone) could successfully pass the RADIUS authentication through EAP-TTLS-MSCHAPv2.

But, I failed to use EAP-PEAP-MSCHAPv2 to finish the authentication process, the client would eventually display "Password may be incorrect". However, I'm pretty sure that the account and password are the same with TTLS used.

Are there any different settings between TTLS and PEAP in the FreeRADIUS server ? The different settings I did are: modify the "default_eap_type = peap" and uncomment the peap {...} section in the eap.conf file.

The fail log of freeRADIUS server is as below:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1 port 65524, id=45, length=119
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    EAP-Message = 0x0201000d017769666974657374
    Message-Authenticator = 0x57d3133deaf6e6a25993d56bed67305f
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry wifitest at line 94
[files]     expand: HelloWiFi, %{User-Name} -> HelloWiFi, wifitest
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 45 to 192.168.1.1 port 65524
    Reply-Message = "HelloWiFi, wifitest"
    EAP-Message = 0x010200061920
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00ac5a8adfe884be35ffc7d0d
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65525, id=46, length=299
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00ac5a8adfe884be35ffc7d0d
    EAP-Message = 0x020200af1980000000a516030100a00100009c0303fc7c8a84191c13ae8a8403a782d1e177845b8f00c11210edb4a7be161fa2c2c000003ec02cc030009fc02bc02f009ecca9cca8c00ac024c014c0280039006bc009c023c013c02700330067c007c011009d009c0035003d002f003c00050004000a01000035ff0100010000170000000d001600140601060305010503040104030301030302010203000b00020100000a00080006001700180019
    Message-Authenticator = 0x8a28ef1f68576118361f4bf6e905e151
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 175
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 165
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 00a0], ClientHello  
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0039], ServerHello  
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0c5e], Certificate  
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 024b], ServerKeyExchange  
[peap]     TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode  
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 46 to 192.168.1.1 port 65525
    EAP-Message = 0x0103040019c000000efa16030100390200003503016e2bbd93a310b46d50495b5b7a0cc457b8f42b054d511e190df32dbef4918cca00c01400000dff01000100000b0004030001021603010c5e0b000c5a000c570005a6308205a23082038aa003020102020106300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966
    EAP-Message = 0x696361746520417574686f72697479301e170d3136303630313039333435375a170d3231303533313039333435375a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100c5b8ab4e7aa5865334894f1a3b75958692742d5eaa525b667a717f50227c8ae3d7c9eb5bcf144faa1e05750f4c77a7
    EAP-Message = 0x8413be4749003d8c8630f0c40c4250255ca49191927a91fd230a93bfc6ffd0b21809a33282ebf1eb2b5dffca64fcf13ce4cbb747d8cc9db13e0d87612f871508193f048b4d85093306cc74aeff8328a6d20aef973e9806916a80504c5fbf9cff3f9ec42b749780cad0e34cce10007892ea65f0f39171da1e5628633565ea5da85f1ac1f28330a5bc82ca4aba341ecf05b9fc04e579c5ae551ced6c21eabe02a6aea988fdb8e783bc15055b00b57866b8227b9ef1148ed809c157e9f2e5868b73d21f4cc4341e64716513413f5b472368b43dc1a39b2f30f591ba0505148d369f3aa7843d87ec583098108d0f77fbe467402866d4341da75a518e84e10b
    EAP-Message = 0x009de9ec409ee64adfe9f1ece249b6b6db4586c40520a3fc511750772099e6f363e163f417d9b1d14885851b82fd6b0a7efc9504ef1cf502a632164141ea644d7fdd45e3e5ebee8169de5f7677d5f45a6c09a96b71b73a67e236e0feea17ff34cdbc34ec6aa871201a2a7d4466f43cb813a783770cf3be4215de2bdc4f4733fb6174c8b36426b7553ff6d313ef66bdcdd305ddd7887cd464ac3bee96e91b2cbc0c46cd8d96fa1e64cfd65bb889138614d2f61a3a9bb32f2acc96e5dbc05cef66d3b9ceddeca8b91aff1c152188aa3e998be2f4a90203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01
    EAP-Message = 0x010505000382020100add083
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00bc4a8adfe884be35ffc7d0d
Finished request 1.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65460, id=47, length=130
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00bc4a8adfe884be35ffc7d0d
    EAP-Message = 0x020300061900
    Message-Authenticator = 0x97038b89a169c3527cd44c02f7f20973
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 47 to 192.168.1.1 port 65460
    EAP-Message = 0x010403fc19406079f0d2f3281a40096e05244d319c55b5da12e083ad7de46c1fd67fbf447399d10b712479b6b6c3d1665cab48b6b44ded2c585957aeb79cd433432f61d9ff62ba5d6121d3c620beab754791983c0469841b21c95424a3464a4e43c3ca9477b2461f4901babda8cbc309ab3c873af661727b6f7bf3f7bc8ff6247ab27ed900771120ecf20aa8ce9708f91ec169e112406113c3d3c9decb71031db3d956867b59cd5fa890e4750fbe1fb36019b75f6c86faae9a1fa91b9fe29f501dbb1b83f4e1f209d996628efb236888f909fd288722fa9e0956992438feca3a95741f3d99c9015ed688e869ff3a5537d65c37934d99aee2a074a04d27
    EAP-Message = 0x5e7f46abdb38960c53545e4e83c78f6163081a61d1cc4cfa0af30a1ab7bc13de039411ea5d18029caa12c54448b6c83e02d21c5678336dc91d82a65177e7115cdee3ad280f97d7ac85604397c69749456ba85af3d4bdb2b6ab576200cdc94182f5c146f2538845cb445797e357d0416ec16ace8d420d540b5b98f637bd9dfcf8769cb428a8ee597fc756b4ce8da91627d1a7efb8c6977cf6146dff9b0237cf0464802516a69821c7923f0c88bd366991d1ad9c082526c113391c102693fc800ba4847c8c6d0b18c12322c4ebc3569545d0f48b80ec1547089cc7897fe27e1bdd16d733c749691b02ade540bb59dc927ba3ff11ea4a946da4e203ec6e0f
    EAP-Message = 0x5a6f793acac2ebc2ef0006ab308206a73082048fa00302010202090099d37edcf77ff19f300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3136303630313039333134375a170d3231303533313039333134375a308193310b3009060355040613024652310f300d
    EAP-Message = 0x060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100c28a1e509673aa5a74e504d70c2ac0714a14c2e3e9b2863fee372665bc830f8bb775fc9d733edfd7e95a7270d02100ff4179c9d2db2f17c72c646c53a441194ca094db7b4000a679ff427f43f83a7fc5fcdde8ba810778e2a23b
    EAP-Message = 0xe18b087d9dd63c98
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a008c3a8adfe884be35ffc7d0d
Finished request 2.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65461, id=48, length=130
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a008c3a8adfe884be35ffc7d0d
    EAP-Message = 0x020400061900
    Message-Authenticator = 0xdb1c2e526bee62e61be6813ce1748dc8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 48 to 192.168.1.1 port 65461
    EAP-Message = 0x010503fc19403369ae7946772f6ef5d99dce22c9e859ad763673e04c40790332ceb6a9bd1424ffedb2cb10981260e5dfba3d105f6e4bc28ef2c88ab0cc603cc5635644c31b82884e97fddcfed4cb98cb260ffd3e75e672a0d0eda18b6fda0c349546ce354c81f7c2162d8e782e09864540e6975b8063df95589bd40c8e8ba0734137cc270455c301e78ecfb6c88444c51123487fbf4f06c3e713e2396b702624d56233caf1beb6eb1bccbdefbf77fb9a2ce05f21570d824afe77e75a8310aab28dcf0b2c820453275a1f97a8b2257bb706923375abdde24c0b816946d13ca1eba5a11da3d76ac5203253b4aa5cf8c4819eb6c235461441ed1cd7f92b16
    EAP-Message = 0x1ffaea04fc083aeffbb9930ca6bc283f91cc4ee235e94d702c70288d886cbbdc3e244defdb0c54fd2b67bf5ef6e11d5c51cbbe7c405f07162acfe13a51e28be2b6dce0aa1a0a0464d13745274d0dfd15b83894c1afec4712b824c2b0a7cc66e53a383da3a87c584b1508516415d5aed992e7c097202edc7c12b015949cdc1ba69a4e41ae4ac52b746eb4f7bdea3abb2dfe5cd1fbbe381d88bd110a591b8aadab3f06d51458b19f0203010001a381fb3081f8301d0603551d0e0416041485dce2df9413899626bed9e6565f115193fe05333081c80603551d230481c03081bd801485dce2df9413899626bed9e6565f115193fe0533a18199a481963081
    EAP-Message = 0x93310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090099d37edcf77ff19f300c0603551d13040530030101ff300d06092a864886f70d01010b05000382020100105e3f9216b37634aa92db34a4624950f21dbfc6d1ea22233640b7406c2f0534acd6ddc8646f637651df353058bc9fcf8115d868010499440d36b671
    EAP-Message = 0x021e0ef5cb7c10a364e8fcb7294325cafd5ccb1eb1b19a623603d3acf91dac1256c52ea78b08cc0ff3d994ca7687413cf2fef642faef4646612dda0e943367dffb10ec06d88d34ed26ac36d20068f499605d7227669ff97530b3ffccd4018d91a622fbc7551a73241732eb9ab0cd42b26e69067479480de230a70ac9180ef332dfaa8cfa91788a8614be6d45e787342b90e01fcbee466d5c437e8cd84d37c3f8a680a75ab3800363a2b66f489bfa025bd3f586c1ff822784fb3067756b48b7d42e5b5c867c33fedea19b10c068a9ea584ddedfce30ccefd4e7eca8655aeff259ab0afd9838af2e629d1d1f27b04c86d2eeda8492efdcaf0a67cf9dfe39
    EAP-Message = 0x1b79642b879016a9
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a009c2a8adfe884be35ffc7d0d
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65462, id=49, length=130
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a009c2a8adfe884be35ffc7d0d
    EAP-Message = 0x020500061900
    Message-Authenticator = 0xc3cda7510fb1b33edc51ca2bbdf1db68
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 49 to 192.168.1.1 port 65462
    EAP-Message = 0x0106031e190004d1292d15b881155210f2bb201e16de770a465e12c98420dda39a1068b666150527f26761e5a407828cfad8037da749131363bc30af8fb5702ad500400b9ff554768ba24c27385a72b5b640fe368757f423c581bc9aa904671cea63168da8dca9e272a20825372268ac9b300a5a6e06715f179ee443feba2a24b66ebb5e1fb3104e9d32c2bd094af9330d8e9e1689a75960782ee8d939d82b57062257b434054f488ad31538217d45d283406d13cf4f1a1e6df8707d7c44fa99c203c410eb160301024b0c0002470300174104e1e0bf67a4251302135a6081cf85de3e6fe719a17065e225cfb93e28776194dd0590e9d26c1f3268ff59
    EAP-Message = 0x7e1d8560169a994926988f4befd64a09f528f42a102002006a25e2844961c383888a207386b361b59b4e16ef1ca76134bfad7b13235c13ce731d982bb5e350680c774a45d479dcb4c8deeef992e87a2713a92b542b491f9280b6303248a085e94957c8113a19055f29099f8b4db897a127d553c1dbc944db941e69f6f78808d82c40b8c4b1281a72d9f0edde2d1bb9aa5f1f312ff8c7ae210e8fe316a42ae3a853dadb6baac8f3f09bc7bd17034d6deb4288533031fbaae05b9444762bcc70735f479cb68ce715589e68961433d708b8f31fec55b6d6a297e60fcf34a8e16a727daaecb7d5ec9ec7e3469bfd01001413e201f5f928a7b250e1d023e484
    EAP-Message = 0xba6d7500d96c749af6f288c646682392f47057d42c0d19d2cef00ef353f48e94b16cba38317aa35c08e5d26db15cd6b98f43e3232c340315ef190ff88017486704fd36b728a92e2a6a49c5e12eb9e2e626a0bc0dca6d80c9a73ef8326851b93e6699e7b81b0a03d56233f4a8521b6062c6b743efecd6c78942d2d21b18f9ca6eb0fa6b1e12a26692eeaf1e5159bd6d6df45a13ace07bc4f789eb025f9637ee293c7e4900fbc8d1a9020c072491fc07b70928e9a927df99cb975fce9a259994ae1d78845994fe0e5f994087addb8640fbdae2177c5ca0c3b38ecabc364e021a2e1102b4d84228eafb51253bb947fa451f8e2cfd76716e38648c19504948
    EAP-Message = 0xa1d4ed0224163fefed7bdf06c119067edb4e9fc5405172005a578c2690a516030100040e000000
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00ec1a8adfe884be35ffc7d0d
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65463, id=50, length=268
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00ec1a8adfe884be35ffc7d0d
    EAP-Message = 0x02060090198000000086160301004610000042410451d7946c6db099c77bab87d55fd6c1c931b6e74dfd178a5938f3e367229919e2d13fc6ae87e1e08abae29d5fc4c439a1eaa5d769288ac2c57ff05acc3ce49cd21403010001011603010030d2730a92cffc790d51b6bd15f10fa461138cb4f7238f30b4af6b8a04bd90eac7a769a64683f32872f886311d77e322d1
    Message-Authenticator = 0xf6d668ee7258659efeeb32a6c70c74ed
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 144
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 134
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange  
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]  
[peap] <<< TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]  
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished  
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 50 to 192.168.1.1 port 65463
    EAP-Message = 0x010700411900140301000101160301003053208a378c6d9dd4ebf97c372d8898063fbdc33f891ad18ad022ed1fce5e3b50e88d8ab406c630d904c365b0cde82703
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00fc0a8adfe884be35ffc7d0d
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65464, id=51, length=130
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00fc0a8adfe884be35ffc7d0d
    EAP-Message = 0x020700061900
    Message-Authenticator = 0x38022336d7bf3377b3b2e2d8cad98dcf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 51 to 192.168.1.1 port 65464
    EAP-Message = 0x0108002b190017030100203bea44bfaf0d3cb7dd8b3bb2dfe8e24d988856ab2dda082e51c314fdd8189b1a
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00ccfa8adfe884be35ffc7d0d
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65465, id=52, length=167
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00ccfa8adfe884be35ffc7d0d
    EAP-Message = 0x0208002b190017030100204eeb9a1bb90d4d5f0ae0e4e497ada34e29844eff109f13399594730b7edd7078
    Message-Authenticator = 0x1f27cf7d4b1f36e0c4ac83c23509530d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - wifitest
[peap] Got inner identity 'wifitest'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
    EAP-Message = 0x0208000d017769666974657374
server  {
[peap] Setting User-Name to wifitest
Sending tunneled request
    EAP-Message = 0x0208000d017769666974657374
    FreeRADIUS-Proxied-To = 127.0.0.1
    User-Name = "wifitest"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry wifitest at line 94
[files]     expand: HelloWiFi, %{User-Name} -> HelloWiFi, wifitest
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set.  Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] No such EAP type mschapv2
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
    Reply-Message = "HelloWiFi, wifitest"
    EAP-Message = 0x04080004
    Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
    Reply-Message = "HelloWiFi, wifitest"
    EAP-Message = 0x04080004
    Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 52 to 192.168.1.1 port 65465
    EAP-Message = 0x0109002b19001703010020572a74599cc45c80b14c309cc97e354b5a357277b3713e42dfe79a0ae136ebc5
    Message-Authenticator = 0x00000000000000000000000000000000
    State = 0x0ac7b1a00dcea8adfe884be35ffc7d0d
Finished request 7.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.1.1 port 65466, id=53, length=167
    User-Name = "wifitest"
    NAS-Port-Type = Wireless-802.11
    Called-Station-Id = "00-0A-79-98-19-1F"
    Calling-Station-Id = "00-10-20-A7-7E-08"
    NAS-IP-Address = 192.168.1.1
    Framed-MTU = 1400
    State = 0x0ac7b1a00dcea8adfe884be35ffc7d0d
    EAP-Message = 0x0209002b1900170301002011994ee8ade612577c284d3774f192fe16ec990740c07c6d6d11ff0a7a3b3714
    Message-Authenticator = 0xc979186ad70969571f2d3fee85447035
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "wifitest", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug output
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell you.
[peap]  *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> wifitest
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 53 to 192.168.1.1 port 65466
    EAP-Message = 0x04090004
    Message-Authenticator = 0x00000000000000000000000000000000
android freeradius
Original Q&A
0

There are 0 best solutions below

Related Questions in ANDROID

Related Questions in FREERADIUS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.