API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 7th, 2017
179
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.00 KB | None | 0 0
raw download clone embed print report
  1. EAP Method: PEAP
  2. Phase 2 Authentication: None
  3. CA Certificate: Don't convalidate
  4.  
  5. Identity: Elia
  6. Password: stackoverflow
  7.  
  8. root@zenelia:~# radtest -x Elia stackoverflow localhost 0 secret
  9. Sending Access-Request of id 211 to 127.0.0.1 port 1812
  10. User-Name = "Elia"
  11. User-Password = "stackoverflow"
  12. NAS-IP-Address = 127.0.1.1
  13. NAS-Port = 0
  14. Message-Authenticator = 0x00000000000000000000000000000000
  15. rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=211, length=20
  16.  
  17. rad_recv: Access-Request packet from host 127.0.0.1 port 52877, id=91,
  18. length=74
  19. User-Name = "Elia"
  20. User-Password = "stackoverflow"
  21. NAS-IP-Address = 127.0.1.1
  22. NAS-Port = 0
  23. Message-Authenticator = 0x0cca55945b14f3caf1f8f1ab3374df4c
  24. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  25. +group authorize {
  26. ++[preprocess] = ok
  27. ++[chap] = noop
  28. ++[mschap] = noop
  29. [eap] No EAP-Message, not doing EAP
  30. ++[eap] = noop
  31. [files] users: Matched entry DEFAULT at line 1
  32. ++[files] = ok
  33. [ldap] performing user authorization for Elia
  34. [ldap] expand: %{Stripped-User-Name} ->
  35. [ldap] ... expanding second conditional
  36. [ldap] expand: %{User-Name} -> Elia
  37. [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=Elia)
  38. [ldap] expand: DC=zentyal-domain,DC=lan -> DC=zentyal-domain,DC=lan
  39. [ldap] ldap_get_conn: Checking Id: 0
  40. [ldap] ldap_get_conn: Got Id: 0
  41. [ldap] attempting LDAP reconnection
  42. [ldap] (re)connect to ldap://127.0.0.1, authentication 0
  43. [ldap] bind as CN=zentyal-radius-zenelia,CN=Users,DC=zentyal-domain,DC=lan/ELEwgGNcoFmjQ@Yj5oJS to ldap://127.0.0.1
  44. [ldap] waiting for bind result ...
  45. [ldap] Bind was successful
  46. [ldap] performing search in DC=zentyal-domain,DC=lan, with filter (sAMAccountName=Elia)
  47. [ldap] rebind to URL ldap://zentyal-domain.lan/CN=Configuration,DC=zentyal-domain,DC=lan
  48. [ldap] No default NMAS login sequence
  49. [ldap] looking for check items in directory...
  50. [ldap] looking for reply items in directory...
  51. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  52. [ldap] Setting Auth-Type = LDAP
  53. [ldap] ldap_release_conn: Release Id: 0
  54. ++[ldap] = ok
  55. ++[expiration] = noop
  56. ++[logintime] = noop
  57. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  58. ++[pap] = noop
  59. +} # group authorize = ok
  60. Found Auth-Type = LDAP
  61. # Executing group from file /etc/freeradius/sites-enabled/default
  62. +group LDAP {
  63. [ldap] login attempt by "Elia" with password "stackoverflow"
  64. [ldap] user DN: CN=Elia Perantoni,CN=Users,DC=zentyal-domain,DC=lan
  65. [ldap] (re)connect to ldap://127.0.0.1, authentication 1
  66. [ldap] bind as CN=Elia Perantoni,CN=Users,DC=zentyal-domain,DC=lan/stackoverflow to ldap://127.0.0.1
  67. [ldap] waiting for bind result ...
  68. [ldap] Bind was successful
  69. [ldap] user Elia authenticated succesfully
  70. ++[ldap] = ok
  71. +} # group LDAP = ok
  72. Login OK: [Elia] (from client 127.0.0.1/32 port 0)
  73. # Executing section post-auth from file /etc/freeradius/sites-enabled/default
  74. +group post-auth {
  75. ++[exec] = noop
  76. +} # group post-auth = noop
  77. Sending Access-Accept of id 91 to 127.0.0.1 port 52877
  78. Finished request 0.
  79. Going to the next request
  80. Waking up in 4.9 seconds.
  81. Cleaning up request 0 ID 91 with timestamp +8
  82. Ready to process requests.
  83.  
  84. root@zenelia:~# radtest -x -t mschap Elia stackoverflow localhost 0 secret
  85. Sending Access-Request of id 183 to 127.0.0.1 port 1812
  86. User-Name = "Elia"
  87. NAS-IP-Address = 127.0.1.1
  88. NAS-Port = 0
  89. Message-Authenticator = 0x00000000000000000000000000000000
  90. MS-CHAP-Challenge = 0xf7a1a65b013d5d6b
  91. MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000f024d5b89a20308d6a54dffacb2c4bb6ca20a6deedaebf71
  92. rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=183, length=38
  93. MS-CHAP-Error = "00E=691 R=1"
  94.  
  95. rad_recv: Access-Request packet from host 127.0.0.1 port 59549, id=63,
  96. length=130
  97. User-Name = "Elia"
  98. NAS-IP-Address = 127.0.1.1
  99. NAS-Port = 0
  100. Message-Authenticator = 0xb28350b23c97bdfc9d9bac99504dcd4a
  101. MS-CHAP-Challenge = 0xadac5f0fddda582f
  102. MS-CHAP-Response = 0x0001000000000000000000000000000000000000000000000000b4a9b44b238efc1cc4fbaf934c8e8b47fc72ebf43104a100
  103. # Executing section authorize from file /etc/freeradius/sites-enabled/default
  104. +group authorize {
  105. ++[preprocess] = ok
  106. ++[chap] = noop
  107. [mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
  108. ++[mschap] = ok
  109. [eap] No EAP-Message, not doing EAP
  110. ++[eap] = noop
  111. [files] users: Matched entry DEFAULT at line 1
  112. ++[files] = ok
  113. [ldap] performing user authorization for Elia
  114. [ldap] expand: %{Stripped-User-Name} ->
  115. [ldap] ... expanding second conditional
  116. [ldap] expand: %{User-Name} -> Elia
  117. [ldap] expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=Elia)
  118. [ldap] expand: DC=zentyal-domain,DC=lan -> DC=zentyal-domain,DC=lan
  119. [ldap] ldap_get_conn: Checking Id: 0
  120. [ldap] ldap_get_conn: Got Id: 0
  121. [ldap] attempting LDAP reconnection
  122. [ldap] (re)connect to ldap://127.0.0.1, authentication 0
  123. [ldap] bind as CN=zentyal-radius-zenelia,CN=Users,DC=zentyal-domain,DC=lan/ELEwgGNcoFmjQ@Yj5oJS to ldap://127.0.0.1
  124. [ldap] waiting for bind result ...
  125. [ldap] Bind was successful
  126. [ldap] performing search in DC=zentyal-domain,DC=lan, with filter (sAMAccountName=Elia)
  127. [ldap] rebind to URL ldap://zentyal-domain.lan/CN=Configuration,DC=zentyal-domain,DC=lan
  128. [ldap] No default NMAS login sequence
  129. [ldap] looking for check items in directory...
  130. [ldap] looking for reply items in directory...
  131. WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
  132. [ldap] ldap_release_conn: Release Id: 0
  133. ++[ldap] = ok
  134. ++[expiration] = noop
  135. ++[logintime] = noop
  136. [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
  137. ++[pap] = noop
  138. +} # group authorize = ok
  139. Found Auth-Type = MSCHAP
  140. # Executing group from file /etc/freeradius/sites-enabled/default
  141. +group MS-CHAP {
  142. [mschap] Client is using MS-CHAPv1 with NT-Password
  143. [mschap] expand: %{Stripped-User-Name} ->
  144. [mschap] ... expanding second conditional
  145. [mschap] expand: %{User-Name} -> Elia
  146. [mschap] expand: %{%{User-Name}:-None} -> Elia
  147. [mschap] expand: --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} -> --username=Elia
  148. [mschap] mschap1: ad
  149. [mschap] expand: %{mschap:Challenge} -> adac5f0fddda582f
  150. [mschap] expand: --challenge=%{%{mschap:Challenge}:-00} -> --challenge=adac5f0fddda582f
  151. [mschap] expand: %{mschap:NT-Response} -> b4a9b44b238efc1cc4fbaf934c8e8b47fc72ebf43104a100
  152. [mschap] expand: --nt-response=%{%{mschap:NT-Response}:-00} -> --nt-response=b4a9b44b238efc1cc4fbaf934c8e8b47fc72ebf43104a100
  153. Exec output: Logon failure (0xc000006d)
  154. Exec plaintext: Logon failure (0xc000006d)
  155. [mschap] Exec: program returned: 1
  156. [mschap] External script failed.
  157. [mschap] MS-CHAP-Response is incorrect.
  158. ++[mschap] = reject
  159. +} # group MS-CHAP = reject
  160. Failed to authenticate the user.
  161. Login incorrect (mschap: External script says Logon failure (0xc000006d)): [Elia] (from client 127.0.0.1/32 port 0)
  162. Using Post-Auth-Type Reject
  163. # Executing group from file /etc/freeradius/sites-enabled/default
  164. +group REJECT {
  165. [attr_filter.access_reject] expand: %{User-Name} -> Elia
  166. attr_filter: Matched entry DEFAULT at line 11
  167. ++[attr_filter.access_reject] = updated
  168. +} # group REJECT = updated
  169. Delaying reject of request 0 for 1 seconds
  170. Going to the next request
  171. Waking up in 0.9 seconds.
  172. Sending delayed reject for request 0
  173. Sending Access-Reject of id 63 to 127.0.0.1 port 59549
  174. MS-CHAP-Error = "00E=691 R=1"
  175. Waking up in 4.9 seconds.
  176. Cleaning up request 0 ID 63 with timestamp +9
  177. Ready to process requests.
  178.  
  179. Fri Jun 9 16:11:52 2017 : Auth: Login OK: [Elia] (from client 127.0.0.1/32 port 1812)
  180.  
  181. Fri Jun 9 16:11:58 2017 : Auth: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [Elia] (from client 127.0.0.1/32 port 1812)
  182.  
  183. root@zenelia:~# ntlm_auth --username=Elia --password=stackoverflow
  184. NT_STATUS_OK: Success (0x0)
  185.  
  186. root@zenelia:/var/lib/samba# ls -l
  187. total 1404
  188. -rw------- 1 root root 421888 mag 31 17:03 account_policy.tdb
  189. -rw------- 1 root root 696 mag 31 17:03 group_mapping.tdb
  190. drwxr-x--- 2 root ntp 4096 giu 9 15:21 ntp_signd
  191. drwxr-xr-x 10 root root 4096 mag 31 17:02 printers
  192. drwxr-xr-x 8 root root 4096 giu 9 16:26 private
  193. -rw------- 1 root root 528384 mag 31 17:03 registry.tdb
  194. -rw------- 1 root root 421888 mag 31 17:03 share_info.tdb
  195. drwxrwx---+ 3 root adm 4096 mag 31 17:07 sysvol
  196. drwxrwx--T 2 root sambashare 4096 mag 31 17:03 usershares
  197. -rw------- 1 root root 32768 giu 9 16:24 winbindd_cache.tdb
  198. drwxr-x--- 2 root winbindd_priv 4096 giu 9 15:21 winbindd_privileged
  199.  
  200. root@zenelia:/var/lib/samba# grep '^winbindd_priv:' /etc/group
  201. winbindd_priv:x:118:freerad
  202.  
  203. Elia Cleartext-Password := "stackoverflow", MS-CHAP-Use-NTLM-Auth := No
  204.  
  205. Elia Cleartext-Password := "stackoverflow"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!