PEAP on NPS autorisation error

vokchaks · Tue Jun 17, 2014 6:36 am

Help me, please
For beginning, sorry for my english
I try make radius autorisation for my domen users for WiFi net, with mikrotik 751G-2HnD Firmware 3.13 OS version 6.13

I get error 266 on NPS server

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
   Security ID:         NGM\svo
   Account Name:         svo
   Account Domain:         NGM
   Fully Qualified Account Name:   NGM\svo

Client Machine:
   Security ID:         NULL SID
   Account Name:         -
   Fully Qualified Account Name:   -
   OS-Version:         -
   Called Station Identifier:      D4-CA-6D-4C-37-8B:NGM-S - mac  AP
   Calling Station Identifier:      74-E5-0B-E5-FB-92  - mac notebook with  wifi

NAS:
   NAS IPv4 Address:      - 192.168.1.91 - mikrotik address
   NAS IPv6 Address:      -
   NAS Identifier:         - RB-751G-16-1 - mikrotik name
   NAS Port-Type:         Wireless - IEEE 802.11
   NAS Port:         0

RADIUS Client:
   Client Friendly Name:      mikrotik
   Client IP Address:         192.168.1.91

Authentication Details:
   Connection Request Policy Name:   Wifi Secure Wireless Connection
   Authentication Provider:      Windows
   Authentication Server:      PDC.ngm.local
   Authentication Type:      PEAP
   EAP Type:         -
   Account Session Identifier:    3832323030303663
   Logging Results:         Accounting information was written to the local log file.
   Reason Code:         266
   Reason:            The message received was unexpected or badly formatted.

on Mikrotik

2014-06-17 	14:00:14			wireless,info	74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 	14:00:19			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:00:19			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:00:19			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:00:19			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 	14:00:19			wireless,info	74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 	14:00:59			wireless,info	74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 	14:01:00			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:01:00			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:01:01			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:01			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 	14:01:01			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:01			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 	14:01:01			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:01			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 	14:01:05			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:05			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 	14:01:05			wireless,info	74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 	14:01:10			radius,debug	new request 58:254 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 	14:01:10			radius,debug	sending 58:254 to 192.168.1.6:1812
2014-06-17 	14:01:10			radius,debug,packet	sending Access-Request with id 228 to 192.168.1.6:1812
2014-06-17 	14:01:10			radius,debug,packet	Signature = 0x842065a53ba5d63f963abfe87f67f0ce
2014-06-17 	14:01:10			radius,debug,packet	Service-Type = 2
2014-06-17 	14:01:10			radius,debug,packet	Framed-MTU = 1400
2014-06-17 	14:01:10			radius,debug,packet	User-Name = \"svo\"
2014-06-17 	14:01:10			radius,debug,packet	NAS-Port-Id = \"wlan1\"
2014-06-17 	14:01:10			radius,debug,packet	NAS-Port-Type = 19
2014-06-17 	14:01:10			radius,debug,packet	Acct-Session-Id = \"8220006c\"
2014-06-17 	14:01:10			radius,debug,packet	Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 	14:01:10			radius,debug,packet	Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 	14:01:10			radius,debug,packet	Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 	14:01:10			radius,debug,packet	EAP-Message = 0x020100080173766f
2014-06-17 	14:01:10			radius,debug,packet	Message-Authenticator = 0x764ee0079d1d3647b7b6f4481d06b717
2014-06-17 	14:01:10			radius,debug,packet	NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 	14:01:10			radius,debug,packet	NAS-IP-Address = 192.168.1.91
2014-06-17 	14:01:10			radius,debug,packet	received Access-Challenge with id 228 from 192.168.1.6:1812
2014-06-17 	14:01:10			radius,debug,packet	Signature = 0xe7af9eb719f00bd7fae184801cec0c44
2014-06-17 	14:01:10			radius,debug,packet	Session-Timeout = 30
2014-06-17 	14:01:10			radius,debug,packet	EAP-Message = 0x010200061920
2014-06-17 	14:01:10			radius,debug,packet	State = 0x2c3603810000013700010200c0a80106
2014-06-17 	14:01:10			radius,debug,packet	00000000000000000000000000000004
2014-06-17 	14:01:10			radius,debug,packet	27855dc9
2014-06-17 	14:01:10			radius,debug,packet	Message-Authenticator = 0x8561436fa2885102bba144dfd01b78fd
2014-06-17 	14:01:10			radius,debug	received reply for 58:254
2014-06-17 	14:01:10			radius,debug	new request 58:255 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 	14:01:11			radius,debug	sending 58:255 to 192.168.1.6:1812
2014-06-17 	14:01:11			radius,debug,packet	sending Access-Request with id 229 to 192.168.1.6:1812
2014-06-17 	14:01:11			radius,debug,packet	Signature = 0xe07804c3e29ca269a5f21a29f1253b58
2014-06-17 	14:01:11			radius,debug,packet	Service-Type = 2
2014-06-17 	14:01:11			radius,debug,packet	Framed-MTU = 1400
2014-06-17 	14:01:11			radius,debug,packet	User-Name = \"svo\"
2014-06-17 	14:01:11			radius,debug,packet	State = 0x2c3603810000013700010200c0a80106
2014-06-17 	14:01:11			radius,debug,packet	00000000000000000000000000000004
2014-06-17 	14:01:11			radius,debug,packet	27855dc9
2014-06-17 	14:01:11			radius,debug,packet	NAS-Port-Id = \"wlan1\"
2014-06-17 	14:01:11			radius,debug,packet	NAS-Port-Type = 19
2014-06-17 	14:01:11			radius,debug,packet	Acct-Session-Id = \"8220006c\"
2014-06-17 	14:01:11			radius,debug,packet	Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 	14:01:11			radius,debug,packet	Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 	14:01:11			radius,debug,packet	Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x0202006919800000005f160301005a01
2014-06-17 	14:01:11			radius,debug,packet	0000560301539faf76d08035a1b31ab8
2014-06-17 	14:01:11			radius,debug,packet	62a8e07d106d6d8e7b92e37cf0163f27
2014-06-17 	14:01:11			radius,debug,packet	b050784d5c000018002f00350005000a
2014-06-17 	14:01:11			radius,debug,packet	c013c014c009c00a0032003800130004
2014-06-17 	14:01:11			radius,debug,packet	01000015ff01000100000a0006000400
2014-06-17 	14:01:11			radius,debug,packet	170018000b00020100
2014-06-17 	14:01:11			radius,debug,packet	Message-Authenticator = 0x6998393ce3cbfed45863bb3c62b06a18
2014-06-17 	14:01:11			radius,debug,packet	NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 	14:01:11			radius,debug,packet	NAS-IP-Address = 192.168.1.91
2014-06-17 	14:01:11			radius,debug,packet	received Access-Challenge with id 229 from 192.168.1.6:1812
2014-06-17 	14:01:11			radius,debug,packet	Signature = 0xcf63165903920d5b9e5a443b8c5df6be
2014-06-17 	14:01:11			radius,debug,packet	Session-Timeout = 30
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x0103057419c0000047ee16030108a102
2014-06-17 	14:01:11			radius,debug,packet	00004d0301539faf76d759c8448f1bdc
2014-06-17 	14:01:11			radius,debug,packet	53c676b29dd8ab954d4fa4f719389f30
2014-06-17 	14:01:11			radius,debug,packet	5983f721da20af3400009b54c231a9eb
2014-06-17 	14:01:11			radius,debug,packet	0da91a9009d481a0203635a81237566f
...
2014-06-17 	14:01:11			radius,debug,packet	55422d43413031301e170d3134303532
2014-06-17 	14:01:11			radius,debug,packet	313037313131385a170d313730333234
2014-06-17 	14:01:11			radius,debug,packet	3030323435315a301831163014
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x0603550403130d5044432e6e676d2e6c
2014-06-17 	14:01:11			radius,debug,packet	6f63616c30820122300d06092a864886
2014-06-17 	14:01:11			radius,debug,packet	f70d01010105000382010f003082010a
2014-06-17 	14:01:11			radius,debug,packet	0282010100d6f8a6cdbe8400e3d3b7b1
...
2014-06-17 	14:01:11			radius,debug,packet	0a8be0611e3734f4c87ffb8ca63ff4db
2014-06-17 	14:01:11			radius,debug,packet	8870f2eb7c7798ad60cc245af5
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x3f3c4bb42c1cf126f26b866993b4c141
2014-06-17 	14:01:11			radius,debug,packet	03ca5a8c4a7d7651a6675d013b338a68
2014-06-17 	14:01:11			radius,debug,packet	996bd294cdb0248d52005cbeb2378a44
....
2014-06-17 	14:01:11			radius,debug,packet	1a3018300a06082b0601050507030130
2014-06-17 	14:01:11			radius,debug,packet	0a06082b06010505070302301d060355
2014-06-17 	14:01:11			radius,debug,packet	1d0e0416041419e3ac93a6eb67c7de99
2014-06-17 	14:01:11			radius,debug,packet	30a3f1e78af2c987ead7301f06
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x03551d2304183016801441e7dab08738
2014-06-17 	14:01:11			radius,debug,packet	a934b7a32722f418e4944e96765d3037
2014-06-17 	14:01:11			radius,debug,packet	0603551d1f0430302e302ca02aa02886
....
2014-06-17 	14:01:11			radius,debug,packet	91bad4d834549b04b477cb1c1b1229fb
2014-06-17 	14:01:11			radius,debug,packet	351a725a571e2df8f777fd5e29
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x3e903cc292c0f61aa866ce7792933f62
2014-06-17 	14:01:11			radius,debug,packet	f0582d58a8a83ffc1ab681c529693457
....
2014-06-17 	14:01:11			radius,debug,packet	0f1f000000000002300d06092a864886
2014-06-17 	14:01:11			radius,debug,packet	f70d0101050500301631143012
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x0603550403130b4e474d2d524f4f542d
2014-06-17 	14:01:11			radius,debug,packet	4341301e170d31323033323430303134
.....
2014-06-17 	14:01:11			radius,debug,packet	311530130603550403130c4e474d2d53
2014-06-17 	14:01:11			radius,debug,packet	55422d4341303130820122300d06092a
2014-06-17 	14:01:11			radius,debug,packet	864886
2014-06-17 	14:01:11			radius,debug,packet	State = 0x2c3603810000013700010200c0a80106
2014-06-17 	14:01:11			radius,debug,packet	00000000000000000000000000000004
2014-06-17 	14:01:11			radius,debug,packet	27855dc9
2014-06-17 	14:01:11			radius,debug,packet	Message-Authenticator = 0xda13f54a95a340e40ef07b0c36abaf5d
2014-06-17 	14:01:11			radius,debug	received reply for 58:255
2014-06-17 	14:01:11			radius,debug	new request 58:256 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 	14:01:11			radius,debug	sending 58:256 to 192.168.1.6:1812
2014-06-17 	14:01:11			radius,debug,packet	sending Access-Request with id 230 to 192.168.1.6:1812
2014-06-17 	14:01:11			radius,debug,packet	Signature = 0x17bdd73aae9506e9df9baaec7710eb45
2014-06-17 	14:01:11			radius,debug,packet	Service-Type = 2
2014-06-17 	14:01:11			radius,debug,packet	Framed-MTU = 1400
2014-06-17 	14:01:11			radius,debug,packet	User-Name = \"svo\"
2014-06-17 	14:01:11			radius,debug,packet	State = 0x2c3603810000013700010200c0a80106
2014-06-17 	14:01:11			radius,debug,packet	00000000000000000000000000000004
2014-06-17 	14:01:11			radius,debug,packet	27855dc9
2014-06-17 	14:01:11			radius,debug,packet	NAS-Port-Id = \"wlan1\"
2014-06-17 	14:01:11			radius,debug,packet	NAS-Port-Type = 19
2014-06-17 	14:01:11			radius,debug,packet	Acct-Session-Id = \"8220006c\"
2014-06-17 	14:01:11			radius,debug,packet	Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 	14:01:11			radius,debug,packet	Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 	14:01:11			radius,debug,packet	Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x02030011198000000007150301000202
2014-06-17 	14:01:11			radius,debug,packet	2f
2014-06-17 	14:01:11			radius,debug,packet	Message-Authenticator = 0x5dce317a13f96d5179c7c7370ee9d60b
2014-06-17 	14:01:11			radius,debug,packet	NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 	14:01:11			radius,debug,packet	NAS-IP-Address = 192.168.1.91
2014-06-17 	14:01:11			radius,debug,packet	received Access-Reject with id 230 from 192.168.1.6:1812
2014-06-17 	14:01:11			wireless,info	74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication failed
2014-06-17 	14:01:11			radius,debug,packet	Signature = 0x96752073410fc71655648713ceae4d95
2014-06-17 	14:01:11			radius,debug,packet	EAP-Message = 0x04030004
2014-06-17 	14:01:11			radius,debug,packet	Message-Authenticator = 0xb34ae5d4dd84c44c04522997ed1792de
2014-06-17 	14:01:11			radius,debug	received reply for 58:256
2014-06-17 	14:01:15			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:01:15			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:15			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication failed)
2014-06-17 	14:01:15			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:15			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication failed)
2014-06-17 	14:01:26			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:01:26			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 	14:01:26			wireless,info	74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 	14:02:06			wireless,info	74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 	14:02:15			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:02:15			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:02:25			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:02:25			wireless,info	wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 	14:02:26			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:02:26			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 	14:02:26			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 	14:02:26			wireless,debug	wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 	14:02:36			wireless,debug	wlan1: 74:E5:0B:E5:FB:92 attempts to associate

Why?

PEAP on NPS autorisation error

PEAP on NPS autorisation error

Who is online