For beginning, sorry for my english
I try make radius autorisation for my domen users for WiFi net, with mikrotik 751G-2HnD Firmware 3.13 OS version 6.13
I get error 266 on NPS server
Code: Select all
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: NGM\svo
Account Name: svo
Account Domain: NGM
Fully Qualified Account Name: NGM\svo
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: D4-CA-6D-4C-37-8B:NGM-S - mac AP
Calling Station Identifier: 74-E5-0B-E5-FB-92 - mac notebook with wifi
NAS:
NAS IPv4 Address: - 192.168.1.91 - mikrotik address
NAS IPv6 Address: -
NAS Identifier: - RB-751G-16-1 - mikrotik name
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0
RADIUS Client:
Client Friendly Name: mikrotik
Client IP Address: 192.168.1.91
Authentication Details:
Connection Request Policy Name: Wifi Secure Wireless Connection
Authentication Provider: Windows
Authentication Server: PDC.ngm.local
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: 3832323030303663
Logging Results: Accounting information was written to the local log file.
Reason Code: 266
Reason: The message received was unexpected or badly formatted.
Code: Select all
2014-06-17 14:00:14 wireless,info 74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 14:00:19 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:00:19 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:00:19 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:00:19 wireless,debug wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 14:00:19 wireless,info 74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 14:00:59 wireless,info 74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 14:01:00 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:01:00 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:01:01 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:01 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 14:01:01 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:01 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 14:01:01 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:01 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 14:01:05 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:05 wireless,debug wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 14:01:05 wireless,info 74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 14:01:10 radius,debug new request 58:254 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 14:01:10 radius,debug sending 58:254 to 192.168.1.6:1812
2014-06-17 14:01:10 radius,debug,packet sending Access-Request with id 228 to 192.168.1.6:1812
2014-06-17 14:01:10 radius,debug,packet Signature = 0x842065a53ba5d63f963abfe87f67f0ce
2014-06-17 14:01:10 radius,debug,packet Service-Type = 2
2014-06-17 14:01:10 radius,debug,packet Framed-MTU = 1400
2014-06-17 14:01:10 radius,debug,packet User-Name = \"svo\"
2014-06-17 14:01:10 radius,debug,packet NAS-Port-Id = \"wlan1\"
2014-06-17 14:01:10 radius,debug,packet NAS-Port-Type = 19
2014-06-17 14:01:10 radius,debug,packet Acct-Session-Id = \"8220006c\"
2014-06-17 14:01:10 radius,debug,packet Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 14:01:10 radius,debug,packet Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 14:01:10 radius,debug,packet Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 14:01:10 radius,debug,packet EAP-Message = 0x020100080173766f
2014-06-17 14:01:10 radius,debug,packet Message-Authenticator = 0x764ee0079d1d3647b7b6f4481d06b717
2014-06-17 14:01:10 radius,debug,packet NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 14:01:10 radius,debug,packet NAS-IP-Address = 192.168.1.91
2014-06-17 14:01:10 radius,debug,packet received Access-Challenge with id 228 from 192.168.1.6:1812
2014-06-17 14:01:10 radius,debug,packet Signature = 0xe7af9eb719f00bd7fae184801cec0c44
2014-06-17 14:01:10 radius,debug,packet Session-Timeout = 30
2014-06-17 14:01:10 radius,debug,packet EAP-Message = 0x010200061920
2014-06-17 14:01:10 radius,debug,packet State = 0x2c3603810000013700010200c0a80106
2014-06-17 14:01:10 radius,debug,packet 00000000000000000000000000000004
2014-06-17 14:01:10 radius,debug,packet 27855dc9
2014-06-17 14:01:10 radius,debug,packet Message-Authenticator = 0x8561436fa2885102bba144dfd01b78fd
2014-06-17 14:01:10 radius,debug received reply for 58:254
2014-06-17 14:01:10 radius,debug new request 58:255 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 14:01:11 radius,debug sending 58:255 to 192.168.1.6:1812
2014-06-17 14:01:11 radius,debug,packet sending Access-Request with id 229 to 192.168.1.6:1812
2014-06-17 14:01:11 radius,debug,packet Signature = 0xe07804c3e29ca269a5f21a29f1253b58
2014-06-17 14:01:11 radius,debug,packet Service-Type = 2
2014-06-17 14:01:11 radius,debug,packet Framed-MTU = 1400
2014-06-17 14:01:11 radius,debug,packet User-Name = \"svo\"
2014-06-17 14:01:11 radius,debug,packet State = 0x2c3603810000013700010200c0a80106
2014-06-17 14:01:11 radius,debug,packet 00000000000000000000000000000004
2014-06-17 14:01:11 radius,debug,packet 27855dc9
2014-06-17 14:01:11 radius,debug,packet NAS-Port-Id = \"wlan1\"
2014-06-17 14:01:11 radius,debug,packet NAS-Port-Type = 19
2014-06-17 14:01:11 radius,debug,packet Acct-Session-Id = \"8220006c\"
2014-06-17 14:01:11 radius,debug,packet Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 14:01:11 radius,debug,packet Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 14:01:11 radius,debug,packet Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x0202006919800000005f160301005a01
2014-06-17 14:01:11 radius,debug,packet 0000560301539faf76d08035a1b31ab8
2014-06-17 14:01:11 radius,debug,packet 62a8e07d106d6d8e7b92e37cf0163f27
2014-06-17 14:01:11 radius,debug,packet b050784d5c000018002f00350005000a
2014-06-17 14:01:11 radius,debug,packet c013c014c009c00a0032003800130004
2014-06-17 14:01:11 radius,debug,packet 01000015ff01000100000a0006000400
2014-06-17 14:01:11 radius,debug,packet 170018000b00020100
2014-06-17 14:01:11 radius,debug,packet Message-Authenticator = 0x6998393ce3cbfed45863bb3c62b06a18
2014-06-17 14:01:11 radius,debug,packet NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 14:01:11 radius,debug,packet NAS-IP-Address = 192.168.1.91
2014-06-17 14:01:11 radius,debug,packet received Access-Challenge with id 229 from 192.168.1.6:1812
2014-06-17 14:01:11 radius,debug,packet Signature = 0xcf63165903920d5b9e5a443b8c5df6be
2014-06-17 14:01:11 radius,debug,packet Session-Timeout = 30
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x0103057419c0000047ee16030108a102
2014-06-17 14:01:11 radius,debug,packet 00004d0301539faf76d759c8448f1bdc
2014-06-17 14:01:11 radius,debug,packet 53c676b29dd8ab954d4fa4f719389f30
2014-06-17 14:01:11 radius,debug,packet 5983f721da20af3400009b54c231a9eb
2014-06-17 14:01:11 radius,debug,packet 0da91a9009d481a0203635a81237566f
...
2014-06-17 14:01:11 radius,debug,packet 55422d43413031301e170d3134303532
2014-06-17 14:01:11 radius,debug,packet 313037313131385a170d313730333234
2014-06-17 14:01:11 radius,debug,packet 3030323435315a301831163014
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x0603550403130d5044432e6e676d2e6c
2014-06-17 14:01:11 radius,debug,packet 6f63616c30820122300d06092a864886
2014-06-17 14:01:11 radius,debug,packet f70d01010105000382010f003082010a
2014-06-17 14:01:11 radius,debug,packet 0282010100d6f8a6cdbe8400e3d3b7b1
...
2014-06-17 14:01:11 radius,debug,packet 0a8be0611e3734f4c87ffb8ca63ff4db
2014-06-17 14:01:11 radius,debug,packet 8870f2eb7c7798ad60cc245af5
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x3f3c4bb42c1cf126f26b866993b4c141
2014-06-17 14:01:11 radius,debug,packet 03ca5a8c4a7d7651a6675d013b338a68
2014-06-17 14:01:11 radius,debug,packet 996bd294cdb0248d52005cbeb2378a44
....
2014-06-17 14:01:11 radius,debug,packet 1a3018300a06082b0601050507030130
2014-06-17 14:01:11 radius,debug,packet 0a06082b06010505070302301d060355
2014-06-17 14:01:11 radius,debug,packet 1d0e0416041419e3ac93a6eb67c7de99
2014-06-17 14:01:11 radius,debug,packet 30a3f1e78af2c987ead7301f06
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x03551d2304183016801441e7dab08738
2014-06-17 14:01:11 radius,debug,packet a934b7a32722f418e4944e96765d3037
2014-06-17 14:01:11 radius,debug,packet 0603551d1f0430302e302ca02aa02886
....
2014-06-17 14:01:11 radius,debug,packet 91bad4d834549b04b477cb1c1b1229fb
2014-06-17 14:01:11 radius,debug,packet 351a725a571e2df8f777fd5e29
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x3e903cc292c0f61aa866ce7792933f62
2014-06-17 14:01:11 radius,debug,packet f0582d58a8a83ffc1ab681c529693457
....
2014-06-17 14:01:11 radius,debug,packet 0f1f000000000002300d06092a864886
2014-06-17 14:01:11 radius,debug,packet f70d0101050500301631143012
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x0603550403130b4e474d2d524f4f542d
2014-06-17 14:01:11 radius,debug,packet 4341301e170d31323033323430303134
.....
2014-06-17 14:01:11 radius,debug,packet 311530130603550403130c4e474d2d53
2014-06-17 14:01:11 radius,debug,packet 55422d4341303130820122300d06092a
2014-06-17 14:01:11 radius,debug,packet 864886
2014-06-17 14:01:11 radius,debug,packet State = 0x2c3603810000013700010200c0a80106
2014-06-17 14:01:11 radius,debug,packet 00000000000000000000000000000004
2014-06-17 14:01:11 radius,debug,packet 27855dc9
2014-06-17 14:01:11 radius,debug,packet Message-Authenticator = 0xda13f54a95a340e40ef07b0c36abaf5d
2014-06-17 14:01:11 radius,debug received reply for 58:255
2014-06-17 14:01:11 radius,debug new request 58:256 code=Access-Request service=wireless called-id=D4-CA-6D-4C-37-8B:NGM-S
2014-06-17 14:01:11 radius,debug sending 58:256 to 192.168.1.6:1812
2014-06-17 14:01:11 radius,debug,packet sending Access-Request with id 230 to 192.168.1.6:1812
2014-06-17 14:01:11 radius,debug,packet Signature = 0x17bdd73aae9506e9df9baaec7710eb45
2014-06-17 14:01:11 radius,debug,packet Service-Type = 2
2014-06-17 14:01:11 radius,debug,packet Framed-MTU = 1400
2014-06-17 14:01:11 radius,debug,packet User-Name = \"svo\"
2014-06-17 14:01:11 radius,debug,packet State = 0x2c3603810000013700010200c0a80106
2014-06-17 14:01:11 radius,debug,packet 00000000000000000000000000000004
2014-06-17 14:01:11 radius,debug,packet 27855dc9
2014-06-17 14:01:11 radius,debug,packet NAS-Port-Id = \"wlan1\"
2014-06-17 14:01:11 radius,debug,packet NAS-Port-Type = 19
2014-06-17 14:01:11 radius,debug,packet Acct-Session-Id = \"8220006c\"
2014-06-17 14:01:11 radius,debug,packet Acct-Multi-Session-Id = \"D4-CA-6D-4C-37-8B-74-E5-0B-E5-FB-92-82-20-00-00-00-00-00-69\"
2014-06-17 14:01:11 radius,debug,packet Calling-Station-Id = \"74-E5-0B-E5-FB-92\"
2014-06-17 14:01:11 radius,debug,packet Called-Station-Id = \"D4-CA-6D-4C-37-8B:NGM-S\"
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x02030011198000000007150301000202
2014-06-17 14:01:11 radius,debug,packet 2f
2014-06-17 14:01:11 radius,debug,packet Message-Authenticator = 0x5dce317a13f96d5179c7c7370ee9d60b
2014-06-17 14:01:11 radius,debug,packet NAS-Identifier = \"RB-751G-16-1\"
2014-06-17 14:01:11 radius,debug,packet NAS-IP-Address = 192.168.1.91
2014-06-17 14:01:11 radius,debug,packet received Access-Reject with id 230 from 192.168.1.6:1812
2014-06-17 14:01:11 wireless,info 74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication failed
2014-06-17 14:01:11 radius,debug,packet Signature = 0x96752073410fc71655648713ceae4d95
2014-06-17 14:01:11 radius,debug,packet EAP-Message = 0x04030004
2014-06-17 14:01:11 radius,debug,packet Message-Authenticator = 0xb34ae5d4dd84c44c04522997ed1792de
2014-06-17 14:01:11 radius,debug received reply for 58:256
2014-06-17 14:01:15 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:01:15 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:15 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication failed)
2014-06-17 14:01:15 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:15 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication failed)
2014-06-17 14:01:26 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:01:26 wireless,debug wlan1: 74:E5:0B:E5:FB:92 not in local ACL, by default accept
2014-06-17 14:01:26 wireless,info 74:E5:0B:E5:FB:92@wlan1: connected
2014-06-17 14:02:06 wireless,info 74:E5:0B:E5:FB:92@wlan1: disconnected, 802.1x authentication timeout
2014-06-17 14:02:15 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:02:15 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:02:25 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:02:25 wireless,info wlan1: data from unknown device 74:E5:0B:E5:FB:92, sent deauth
2014-06-17 14:02:26 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:02:26 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 14:02:26 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate
2014-06-17 14:02:26 wireless,debug wlan1: reject 74:E5:0B:E5:FB:92, banned (last failure - 802.1x authentication timeout)
2014-06-17 14:02:36 wireless,debug wlan1: 74:E5:0B:E5:FB:92 attempts to associate