Issues using EAP/peap with LDAP
sparrow
sparrow at walled.net
Sat Sep 3 07:00:14 CEST 2005
Hi,
I am currently running into an issue using FreeRadius with a client
doing EAP/peap and a LDAP backend, and hoping someone may be able to
help me. I am using FreeRadius 1.0.4, OpenSSL 0.9.7g, and SunOne
Directory 5.2 as the LDAP (With passwords stored in clear text.)
Thanks for your time,
Steven O'Reilly
The last few lines of my radius out put are (With the whole output at
the end of the file):
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190,
length=171
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x1a5f7c6946f75f67fede6eea4c31cd67
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x9764183b6394f9c7eea9391ab09ef362
EAP-Message =
0x020b00261900170301001bca06a5f4ff78c2954ca5b40d3d078c5c70e8c203e6a8ec2f8c8f25
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM
\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm
WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter
(uid=Administrator)
rlm_ldap: Added password supp0rt in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190,
length=171
Sending Access-Reject of id 190 to 192.168.101.250:2048
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 189 with timestamp 43191e2f
Cleaning up request 7 ID 190 with timestamp 43191e2f
Nothing to do. Sleeping until we see a request.
My eap.conf is as follows (with the comments removed):
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
check_crl = yes
}
peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}
My radiusd.conf is as follows (Comments removed):
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = yes
lower_pass = yes
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
use_mppe = no
require_encryption = yes
require_strong = yes
with_ntdomain_hack = no
}
ldap {
server = "localhost"
identity = "cn=Directory Manager"
password = <removed>
basedn = "dc=nwtel,dc=ca"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
password_attribute = userpassword
timeout = 4
timelimit = 3
net_timeout = 1
}
realm IPASS {
format = prefix
delimiter = "/"
ignore_default = no
ignore_null = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
realm realmpercent {
format = suffix
delimiter = "%"
ignore_default = no
ignore_null = no
}
realm WH-NAPDOM {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
realm default {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
digest {
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
}
authorize {
preprocess
chap
mschap
WH-NAPDOM
ldap
eap
}
authenticate {
Auth-Type LDAP {
ldap
}
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
radutmp
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}
Full radius output:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "yes"
main: lower_pass = "yes"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded LDAP
ldap: server = "localhost"
ldap: port = 389
ldap: net_timeout = 1
ldap: timeout = 4
ldap: timelimit = 3
ldap: identity = "cn=Directory Manager"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "directory"
ldap: basedn = "dc=nwtel,dc=ca"
ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userpassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 41fe8
Module: Instantiated ldap (ldap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = yes
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded realm
realm: format = "prefix"
realm: delimiter = "\"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (WH-NAPDOM)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=183, length=143
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x1a666892897ba0cf98cc1bce477d3ec5
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
EAP-Message = 0x0204001c0157482d4e4150444f4d5c41646d696e6973747261746f72
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Directory Manager/directory to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
rlm_eap: EAP packet type response id 4 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 183 to 192.168.101.250:2048
EAP-Message = 0x010500061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b1f35003563be72723112935854df49
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=184, length=213
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x62b3cfcf67c478d77d46464791ec2685
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x6b1f35003563be72723112935854df49
EAP-Message = 0x0205005019800000004616030100410100003d030143191f93898c2441686a4745cd95f80682a75cf9294d29d34ad531fb4e3fc60c00001600040005000a000900640062000300060013001200630100
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 1
rlm_eap: EAP packet type response id 5 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 184 to 192.168.101.250:2048
EAP-Message = 0x0106040a19c0000006f1160301004a02000046030143191e102583319fb3baf835a350f1b454a8ae120a63904d6ae2dc4c45314b092080fac3e87756ef8ab9bf75274bae8016d331382b5835613fd5bf182e5f4e019100040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365
EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003
EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09
EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c
EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x64ba85b38a22b7f68c4e48a0ddbfbc09
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=185, length=139
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x77294043bb599c907b21b5b8d3b661a1
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x64ba85b38a22b7f68c4e48a0ddbfbc09
EAP-Message = 0x020600061900
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 2
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 2
rlm_eap: EAP packet type response id 6 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 185 to 192.168.101.250:2048
EAP-Message = 0x010702f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8
EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010
EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf1ce0f34ed39f8771721b79c08e55cfa
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=186, length=325
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xdc9a16cb80388150d1c5f77ff50ee8b2
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0xf1ce0f34ed39f8771721b79c08e55cfa
EAP-Message = 0x020700c01980000000b61603010086100000820080bfdbb106a2811ab59439639a87a42a2eeca5b07bbc4d5a11769ac32db520414df100a819362dec4d2a8e9b191b7acc1d89146af126a404c19f5d8d022af1f3f4c21bfdd2f9c915303c66153f96de7137abbbc472b3c8d87c94d15eec00754913bc084092a2ebd3b3d3ea62697c9f3739037a56bebdb3f21fc220e2a4d59d4ae61403010001011603010020ce8ac3187b6df1b5c656c9ef9645b0161668683bdc22ca2483c5e52623cf0be9
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 3
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
rlm_eap: EAP packet type response id 7 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 186 to 192.168.101.250:2048
EAP-Message = 0x0108003119001403010001011603010020a9403766c44c8e40583524e9973f7843197385a2198b6ec26c079b5f83445357
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5d990deb70612c8a90e3cec27ce1c43f
Finished request 3
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=187, length=139
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x7ad9b7af853c27463d2a954e9634172e
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x5d990deb70612c8a90e3cec27ce1c43f
EAP-Message = 0x020800061900
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
modcall[authorize]: module "chap" returns noop for request 4
modcall[authorize]: module "mschap" returns noop for request 4
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 4
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 4
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 4
modcall: group authenticate returns handled for request 4
Sending Access-Challenge of id 187 to 192.168.101.250:2048
EAP-Message = 0x0109002019001703010015851f902b1d46f6e1fca410781f3498d853c35018f8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x2aad7d893568391f2a63d56f863b85b1
Finished request 4
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=188, length=184
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x47f37c1d8f7337d57936df3e017bdcfc
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x2aad7d893568391f2a63d56f863b85b1
EAP-Message = 0x0209003319001703010028a76b6b181ab38f047fc9f16fbc3e26bfafc7c2ac6f76fab9b0e04a96b097dabf0e93c7998b512f8e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_eap: EAP packet type response id 9 length 51
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - WH-NAPDOM\Administrator
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of WH-NAPDOM\Administrator
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to WH-NAPDOM\Administrator
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 5
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 5
rlm_eap: EAP packet type response id 9 length 28
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 188 to 192.168.101.250:2048
EAP-Message = 0x010a00481900170301003dbb59d54e0550b693880303685feb347de0db1f9d1a679ca68e2a0f1cf3ab09dcd4b0dec06df9dbc3f9a1695e2acfb0afd1aead92f43f87e8973bcdfc54
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x524736a44cbab0c3fb187d738a94ccac
Finished request 5
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 183 with timestamp 43191e10
Cleaning up request 1 ID 184 with timestamp 43191e10
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 185 with timestamp 43191e11
Cleaning up request 3 ID 186 with timestamp 43191e11
Cleaning up request 4 ID 187 with timestamp 43191e11
Cleaning up request 5 ID 188 with timestamp 43191e11
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=189, length=228
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xc7b37ad96e283e990d4806356e2cc875
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x524736a44cbab0c3fb187d738a94ccac
EAP-Message = 0x020a005f1900170301005412a18e20937d7ab2b6d807437f36fd15cc8e33ac011d902e61510ccad067e0b2cb19bcf39b50e53bceabeddfcfe581535b9e5e603cf4c8a409968dcd38dc13806ac383c5317e551e0b76b21e7e50f5c553458d1b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_eap: EAP packet type response id 10 length 95
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to WH-NAPDOM\Administrator
PEAP: Adding old state with c2 19
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 6
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 6
rlm_eap: EAP packet type response id 10 length 72
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
ERROR: Unknown value specified for Auth-Type. Cannot perform requested action.
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 6
modcall: group authenticate returns reject for request 6
auth: Failed to validate the user.
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 189 to 192.168.101.250:2048
EAP-Message = 0x010b00261900170301001bdb1b489686611e04644aa40ee1532bca2bce245433e1c6c489ded8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9764183b6394f9c7eea9391ab09ef362
Finished request 6
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171
NAS-IP-Address = 192.168.101.250
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x1a5f7c6946f75f67fede6eea4c31cd67
NAS-Port = 2
Framed-MTU = 1490
User-Name = "WH-NAPDOM\\Administrator"
Calling-Station-Id = "00-04-AC-5D-19-F6"
State = 0x9764183b6394f9c7eea9391ab09ef362
EAP-Message = 0x020b00261900170301001bca06a5f4ff78c2954ca5b40d3d078c5c70e8c203e6a8ec2f8c8f25
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "WH-NAPDOM" for User-Name = "WH-NAPDOM\Administrator"
rlm_realm: Found realm "WH-NAPDOM"
rlm_realm: Adding Stripped-User-Name = "Administrator"
rlm_realm: Proxying request from user Administrator to realm WH-NAPDOM
rlm_realm: Adding Realm = "WH-NAPDOM"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "WH-NAPDOM" returns noop for request 7
rlm_ldap: - authorize
rlm_ldap: performing user authorization for Administrator
radius_xlat: '(uid=Administrator)'
radius_xlat: 'dc=nwtel,dc=ca'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=nwtel,dc=ca, with filter (uid=Administrator)
rlm_ldap: Added password password in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user Administrator authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 7
rlm_eap: EAP packet type response id 11 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 7
modcall: group authenticate returns invalid for request 7
auth: Failed to validate the user.
Delaying request 7 for 1 seconds
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.101.250:2048, id=190, length=171
Sending Access-Reject of id 190 to 192.168.101.250:2048
EAP-Message = 0x040b0004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 189 with timestamp 43191e2f
Cleaning up request 7 ID 190 with timestamp 43191e2f
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list