PEAP+MSCHAP+AD (please help)

Hector.Ortiz at swisscom.com Hector.Ortiz at swisscom.com
Fri Dec 8 18:35:58 CET 2006


Hi there, this is an old issue, but AFAIAC hasn't been solved yet, that's why I'm asking for help with this problem which is driving me crazy.

I'm trying to auth the user with PEAP+MSCHAP against AD. Kerberos and Samba have been properly configured and the server has been joined to the domain. From the command line:

ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser
password:
NT_STATUS_OK: Success (0x0)

ntlm_auth is properly working so it should work fine with FreeRadius.

In the log below you'll find two auths performed by the same user in the same domain against the same FreeRadius server.

In the first attempt the user has checked the option "Automatically use my Windows logon name and password (and domain if any)", user account is valid in the domain and is not locked out, however user authentication fails.

In the next attempt the user has unchecked this option, so everytime he connects to the network he has to type his credentials in. After clicking "Connect" he gets access. 

Why if Windows sends the same user information only in the latter case user is able to get in?

Does anyone know how to solve/troubleshoot this problem?

Many thanks

Hector


----- FREERADIUS LOG -------

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "radiusd"
 main: group = "radiusd"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP 
 mschap: use_mppe = no
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = yes
 mschap: passwd = "(null)"
 mschap: ntlm_auth = "/opt/samba/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain:-DOMAIN} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap) 
Module: Loaded eap 
 eap: default_eap_type = "peap"
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = "(null)"
 tls: pem_file_type = yes
 tls: private_key_file = "/usr/local/etc/raddb/certs/private_key.pem"
 tls: certificate_file = "/usr/local/etc/raddb/certs/certificate.pem"
 tls: CA_file = "/usr/local/etc/raddb/certs/ca.pem"
 tls: private_key_password = "whatever"
 tls: dh_file = "/usr/local/etc/raddb/certs/dh"
 tls: random_file = "/dev/urandom"
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = yes
 tls: check_cert_cn = "(null)"
 tls: cipher_list = "(null)"
 tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
 ttls: default_eap_type = "mschapv2"
 ttls: copy_request_to_tunnel = yes
 ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
 peap: default_eap_type = "mschapv2"
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap) 
Module: Loaded perl 
 perl: module = "/opt/nac/bin/rad2vmps"
 perl: func_authorize = "authorize"
 perl: func_authenticate = "authenticate"
 perl: func_accounting = "accounting"
 perl: func_preacct = "preacct"
 perl: func_checksimul = "checksimul"
 perl: func_detach = "detach"
 perl: func_xlat = "xlat"
 perl: func_pre_proxy = "pre_proxy"
 perl: func_post_proxy = "post_proxy"
 perl: func_post_auth = "post_auth"
 perl: perl_flags = "(null)"
 perl: func_start_accounting = "(null)"
 perl: func_stop_accounting = "(null)"
 perl: max_clones = 32
 perl: start_clones = 5
 perl: min_spare_clones = 3
 perl: max_spare_clones = 3
 perl: cleanup_delay = 5
 perl: max_request_per_clone = 0
Module: Instantiated perl (verify_mac) 
Module: Loaded files 
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "cistron"
[/usr/local/etc/raddb/users]:1 Cistron compatibility checks for entry DEFAULT ...
Module: Instantiated files (files) 
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=38, length=149
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
	Message-Authenticator = 0x9bc11b6f6182f53f6428ad12c48d8f10
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  rlm_eap: EAP packet type response id 2 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 38 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010300061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x67c75e29c6b4d8d32c662ce2d154d277
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=39, length=257
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0203007019800000006616030100610100005d0301457998f4e09ac05f33a934415945c7264b94c0701d13c0caab7fa36b0cc015282065c088fd4f3b7fdc5fed147045382b152c89d35916d5d2938f9dd648c55fa6d8001600040005000a000900640062000300060013001200630100
	Message-Authenticator = 0x4fe4e78473480d0bdd990a665c67c62d
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x67c75e29c6b4d8d32c662ce2d154d277
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  rlm_eap: EAP packet type response id 3 length 112
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
    (other): before/accept initialization 
    TLS_accept: before/accept initialization 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello  
    TLS_accept: SSLv3 read client hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 080d], Certificate  
    TLS_accept: SSLv3 write certificate A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
    TLS_accept: SSLv3 write server done A 
    TLS_accept: SSLv3 flush data 
    TLS_accept:error in SSLv3 read client certificate A 
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase 
In SSL Accept mode  
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 39 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0104040a19c00000086a160301004a020000460301457998f53062b10c6041e3d6247d9f8189960a70e58063d2eb8416ca085f728a20c131ee8e347614dd96be74d24d8d0d56dffdbc25b8a27dded39fc3df92bb91d5000400160301080d0b0008090008060004b6308204b23082041ba003020102020a2e00e9e400000000002a300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345
	EAP-Message = 0x532d4341301e170d3036313032303132323831305a170d3037313032303132333831305a307e311b301906092a864886f70d010901160c726f6f7440767074742e6368310b3009060355040613024348310d300b060355040813044265726e3121301f060355040a13185377697373636f6d20496e6e6f766174696f6e204c74642e3120301e06035504031317696e6f636573766d7073312e73776973737074742e636830819f300d06092a864886f70d010101050003818d0030818902818100bcbadc4b571f51a19389879c2df4b32045fd76516d1afb6b06f96374dac730116958664972ae66216bf6bb9530573daaf005e0ea7018020baa62471f
	EAP-Message = 0xf05d3288cec3d40eac124ef80047cc9c853b0f2a925ab042bd1e0ba961de60cc0f1aca95a38b7ca9362977ed79f29de2b83325ff9c8cc4c087b3a7c7283e6fc0c95e1f470203010001a382024430820240301d0603551d0e0416041402827c1fe6af65cb4ed510eee57c81f9845126b33081a80603551d230481a030819d80140531afcf5f726f0182cc53ee960e4a53f8687bf4a173a471306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403
	EAP-Message = 0x130a494e4f2d4345532d4341821050dae873d6e1498e49c13dc445dc31f730818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c3081ce06082b060105050701010481c13081be305c06082b060105050730028650687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f696e6f63
	EAP-Message = 0x6573616373322e636f7270726f6f742e6e65745f494e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x584c9a8d95626f74ada9c048f89febd5
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=40, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020400061900
	Message-Authenticator = 0xcf9be95996c8d692195ff106f4f9ac5e
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x584c9a8d95626f74ada9c048f89febd5
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 2
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 40 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0105040619404f2d4345532d43412e637274305e06082b06010505073002865266696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c696e6f636573616373322e636f7270726f6f742e6e65745f494e4f2d4345532d43412e63727430130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181006a5fee48e1a8a5a43794cbaa520aaab4b9105add93c531bf8ce91f8374f08ae40dc04c03d7de7410b29bf3b64e97bf9af15be919096a8b04d021c615a763b01a05fbb572428830e1d1a2ad3cffcff079f524ce745cf8c9c7a2306d0f035eb7072ae63a
	EAP-Message = 0x92993d914ff7107b0ae9de3d3d4f19183f6b36383d91c57245f5cb694200034a30820346308202afa003020102021050dae873d6e1498e49c13dc445dc31f7300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d4341301e170d3035303831303136313232315a170d3135303831303136323134325a306f3128302606092a864886f70d0109011619696e6f2e68656c70646573
	EAP-Message = 0x6b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d434130819f300d06092a864886f70d010101050003818d0030818902818100bcdaa85f50acb0a704320cd308fe56ed5fff84b4ad027b0f8590495c17b15657a52475d8a7e14122f423213dae283a61978f27fa938e14adcc4ff6df9680be9520f576d041923181498768ad8f4e6a2c4c846359444d1ffba19b61d9086ddaa0b74d5ea18dc315482e3e14f43f3c6e937de7029cd2c1de45833fd6c4cf26697d0203010001a381e23081df300b
	EAP-Message = 0x0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604140531afcf5f726f0182cc53ee960e4a53f8687bf430818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c301006092b06010401823715010403020100300d06092a864886f70d010105050003818100a3eea55c46c0fa3d1cac6fa04e
	EAP-Message = 0x91a9f530133facb67f69835f8e7b389fa2d0
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x02a27b743dbcf852e5d08c96ccf2522b
Finished request 2
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=41, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020500061900
	Message-Authenticator = 0xd6811650c78d31a1bbdf1865603d3648
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x02a27b743dbcf852e5d08c96ccf2522b
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 3
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 41 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010600701900dbff8395b2eecf4ff75d35aab631de6621a8a96949ad6f63abc615b5714293a8d4e23d6248cea124a8fce49a67f5bdef8bbf0cb12f58375bb72154f29bd69b8ed6df9ea14c1ed5d83bae339f1a23503923e1d7a4839f8139393a0ccfb5cce9fe1116030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7aedd96540c2242a267e0424a4c9cbff
Finished request 3
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=42, length=337
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020600c01980000000b6160301008610000082008041592edd109fc742430339b195f3331b296a316d33bc4a1d2ad4b8ee94d3f8b1dffc35e9e5c43f55a57cdf20ce0c9dbeca20f7845d878c6f99478055e2c44925b19832f4dd8733c3191d8a71b1d29f7ab23582096afd195e6f1d744171e72418851e9e26b960b3becca6d411b06d8a226063d6766f6a995958f05229a9a26b361403010001011603010020a5c032ec42c1f401f46d26a7beee41c9d7d53ca2a81b0f39eda4f53358a0785f
	Message-Authenticator = 0xcee410317912a566868d80e5464ecd6f
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x7aedd96540c2242a267e0424a4c9cbff
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
  rlm_eap: EAP packet type response id 6 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 4
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 4
modcall: leaving group authorize (returns updated) for request 4
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
    TLS_accept: SSLv3 read client key exchange A 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A 
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
    TLS_accept: SSLv3 write change cipher spec A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 write finished A 
    TLS_accept: SSLv3 flush data 
    (other): SSL negotiation finished successfully 
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 42 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0107003119001403010001011603010020fefca61bf40214a8674a24a744408e2795478ad43134b5d51fcda813c83db9f9
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x84dbafc4fc829bf55dde2305fe57301d
Finished request 4
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=43, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020700061900
	Message-Authenticator = 0x68c215c3eec41520df4f6ec8077a54b2
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x84dbafc4fc829bf55dde2305fe57301d
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 5
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 5
modcall: leaving group authorize (returns updated) for request 5
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 43 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x01080020190017030100151c2a8c3c0c99b55e4921f4ba75e5c39e27c47f5011
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x28cc94d72d7a29ad80708e0c77706331
Finished request 5
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=44, length=190
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0208002d1900170301002220a8f31f4e1afb10a647d8177fc5d434c42609050977ee8eb3c2f8041f5807db237b
	Message-Authenticator = 0x473b21fd979924a3323bb151624d0f18
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x28cc94d72d7a29ad80708e0c77706331
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  rlm_eap: EAP packet type response id 8 length 45
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - DOMAIN\testuser
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of DOMAIN\testuser
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to DOMAIN\testuser
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  rlm_eap: EAP packet type response id 8 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 6
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 6
modcall: leaving group authorize (returns updated) for request 6
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 44 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0109004219001703010037dfcb5591de4c7a22576166fe485dac01fa4bf329838e9a52075e34d60fb88a44b1ca1c1a613596f8f3229d76528804705cc80524c9d03a
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x33eadcfaac046aed67ca9098faaa2927
Finished request 6
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=45, length=244
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x02090063190017030100585809205c332fd978f5caf5249f239c285a36684ac4b3db2a5c5126a9d83a48a4f0399ac6b9368cba8c23e91ea2b28643a5b679aa0ce0bc096fb91772d0e25bbb7ab8c1c393ad0a6ff1390f08fe575ec1f3aa65aa2d632aa2
	Message-Authenticator = 0x973387facc75ffe21b452d6d0792f299
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x33eadcfaac046aed67ca9098faaa2927
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  rlm_eap: EAP packet type response id 9 length 99
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to DOMAIN\testuser
  PEAP: Adding old state with 77 f6
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
  rlm_eap: EAP packet type response id 9 length 76
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 7
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 7
modcall: leaving group authorize (returns updated) for request 7
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 7
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
 mschap2: 03
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat:  '/opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=c61ad7019723b68d --nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785'
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=c61ad7019723b68d --nt-response=70fb1b0438208667d0bac6eb895ea8644b413566785d5785
Exec-Program output: Logon failure (0xc000006d) 
Exec-Program-Wait: plaintext: Logon failure (0xc000006d) 
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
  modcall[authenticate]: module "mschap" returns reject for request 7
modcall: leaving group MS-CHAP (returns reject) for request 7
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns reject for request 7
modcall: leaving group authenticate (returns reject) for request 7
auth: Failed to validate the user.
  PEAP: Tunneled authentication was rejected.
  rlm_eap_peap: FAILURE
  modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 45 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010a00261900170301001b3ffcb99afafe29c89fa4affeb4d1e75070457ba622dfc56ec0f2c6
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xa6d1473e96c7a14c29a8f17fc89a3671
Finished request 7
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=46, length=183
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020a00261900170301001b0bcaa64a94c7d49ee3af36354ce0441251bb53a91d33b73f0d5953
	Message-Authenticator = 0xe45d9f748e60859d612b2ed26966c765
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0xa6d1473e96c7a14c29a8f17fc89a3671
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
  rlm_eap: EAP packet type response id 10 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 8
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 8
modcall: leaving group authorize (returns updated) for request 8
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in this session.
 rlm_eap: Handler failed in EAP/peap
  rlm_eap: Failed in EAP select
  modcall[authenticate]: module "eap" returns invalid for request 8
modcall: leaving group authenticate (returns invalid) for request 8
auth: Failed to validate the user.
Delaying request 8 for 1 seconds
Finished request 8
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=46, length=183
Sending Access-Reject of id 46 to 192.168.1.1 port 1645
	EAP-Message = 0x040a0004
	Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Cleaning up request 0 ID 38 with timestamp 457998f5
Cleaning up request 1 ID 39 with timestamp 457998f5
Cleaning up request 2 ID 40 with timestamp 457998f5
Cleaning up request 3 ID 41 with timestamp 457998f5
Cleaning up request 4 ID 42 with timestamp 457998f5
Cleaning up request 5 ID 43 with timestamp 457998f5
Cleaning up request 6 ID 44 with timestamp 457998f5
Cleaning up request 7 ID 45 with timestamp 457998f5
Cleaning up request 8 ID 46 with timestamp 457998f5
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=47, length=149
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0202001601434f5250524f4f545c7467646f72686531
	Message-Authenticator = 0x956d87ecbd35d2f1f9079f33f7e1238e
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
  rlm_eap: EAP packet type response id 2 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 9
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 9
modcall: leaving group authorize (returns updated) for request 9
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
  rlm_eap: EAP Identity
  rlm_eap: processing type tls
  rlm_eap_tls: Initiate
  rlm_eap_tls: Start returned 1
  modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 47 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010300061920
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x0c208d59dc2577205f327cbfac00af89
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=48, length=257
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0203007019800000006616030100610100005d03014579990cb3f8c006d0888a660f8163cc33a6543ba8996c4c6436238f339115b620c131ee8e347614dd96be74d24d8d0d56dffdbc25b8a27dded39fc3df92bb91d5001600040005000a000900640062000300060013001200630100
	Message-Authenticator = 0xeb43847282321ac0066c963b43b9c673
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x0c208d59dc2577205f327cbfac00af89
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
  rlm_eap: EAP packet type response id 3 length 112
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 10
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 10
modcall: leaving group authorize (returns updated) for request 10
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
    (other): before/accept initialization 
    TLS_accept: before/accept initialization 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello  
    TLS_accept: SSLv3 read client hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello  
    TLS_accept: SSLv3 write server hello A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 080d], Certificate  
    TLS_accept: SSLv3 write certificate A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone  
    TLS_accept: SSLv3 write server done A 
    TLS_accept: SSLv3 flush data 
    TLS_accept:error in SSLv3 read client certificate A 
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
In SSL Handshake Phase 
In SSL Accept mode  
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 48 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0104040a19c00000086a160301004a0200004603014579990d967c1d56a8d185c7dc01abf8a6207c7b608b4b176311c434940cdd2d2097e122bab4dc1446d18733d8fc80cbaefc8e1e9e3226d4bef2a7bf35f0beb813000400160301080d0b0008090008060004b6308204b23082041ba003020102020a2e00e9e400000000002a300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345
	EAP-Message = 0x532d4341301e170d3036313032303132323831305a170d3037313032303132333831305a307e311b301906092a864886f70d010901160c726f6f7440767074742e6368310b3009060355040613024348310d300b060355040813044265726e3121301f060355040a13185377697373636f6d20496e6e6f766174696f6e204c74642e3120301e06035504031317696e6f636573766d7073312e73776973737074742e636830819f300d06092a864886f70d010101050003818d0030818902818100bcbadc4b571f51a19389879c2df4b32045fd76516d1afb6b06f96374dac730116958664972ae66216bf6bb9530573daaf005e0ea7018020baa62471f
	EAP-Message = 0xf05d3288cec3d40eac124ef80047cc9c853b0f2a925ab042bd1e0ba961de60cc0f1aca95a38b7ca9362977ed79f29de2b83325ff9c8cc4c087b3a7c7283e6fc0c95e1f470203010001a382024430820240301d0603551d0e0416041402827c1fe6af65cb4ed510eee57c81f9845126b33081a80603551d230481a030819d80140531afcf5f726f0182cc53ee960e4a53f8687bf4a173a471306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403
	EAP-Message = 0x130a494e4f2d4345532d4341821050dae873d6e1498e49c13dc445dc31f730818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c3081ce06082b060105050701010481c13081be305c06082b060105050730028650687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f696e6f63
	EAP-Message = 0x6573616373322e636f7270726f6f742e6e65745f494e
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x7e54bdce3e0f83476c1d3cc8929b06e2
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=49, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020400061900
	Message-Authenticator = 0xdcf1f45087c3f55071c74f33303d6098
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x7e54bdce3e0f83476c1d3cc8929b06e2
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
  rlm_eap: EAP packet type response id 4 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 11
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 11
modcall: leaving group authorize (returns updated) for request 11
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 49 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0105040619404f2d4345532d43412e637274305e06082b06010505073002865266696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c696e6f636573616373322e636f7270726f6f742e6e65745f494e4f2d4345532d43412e63727430130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181006a5fee48e1a8a5a43794cbaa520aaab4b9105add93c531bf8ce91f8374f08ae40dc04c03d7de7410b29bf3b64e97bf9af15be919096a8b04d021c615a763b01a05fbb572428830e1d1a2ad3cffcff079f524ce745cf8c9c7a2306d0f035eb7072ae63a
	EAP-Message = 0x92993d914ff7107b0ae9de3d3d4f19183f6b36383d91c57245f5cb694200034a30820346308202afa003020102021050dae873d6e1498e49c13dc445dc31f7300d06092a864886f70d0101050500306f3128302606092a864886f70d0109011619696e6f2e68656c706465736b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d4341301e170d3035303831303136313232315a170d3135303831303136323134325a306f3128302606092a864886f70d0109011619696e6f2e68656c70646573
	EAP-Message = 0x6b407377697373636f6d2e636f6d310b30090603550406130243483121301f060355040a13185377697373636f6d20496e6e6f766174696f6e73204c7464311330110603550403130a494e4f2d4345532d434130819f300d06092a864886f70d010101050003818d0030818902818100bcdaa85f50acb0a704320cd308fe56ed5fff84b4ad027b0f8590495c17b15657a52475d8a7e14122f423213dae283a61978f27fa938e14adcc4ff6df9680be9520f576d041923181498768ad8f4e6a2c4c846359444d1ffba19b61d9086ddaa0b74d5ea18dc315482e3e14f43f3c6e937de7029cd2c1de45833fd6c4cf26697d0203010001a381e23081df300b
	EAP-Message = 0x0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e041604140531afcf5f726f0182cc53ee960e4a53f8687bf430818d0603551d1f048185308182303ea03ca03a8638687474703a2f2f696e6f636573616373322e636f7270726f6f742e6e65742f43657274456e726f6c6c2f494e4f2d4345532d43412e63726c3040a03ea03c863a66696c653a2f2f5c5c696e6f636573616373322e636f7270726f6f742e6e65745c43657274456e726f6c6c5c494e4f2d4345532d43412e63726c301006092b06010401823715010403020100300d06092a864886f70d010105050003818100a3eea55c46c0fa3d1cac6fa04e
	EAP-Message = 0x91a9f530133facb67f69835f8e7b389fa2d0
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x3779029a8e48dc53a1d62d035f619fbd
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=50, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020500061900
	Message-Authenticator = 0x83767edf44377d33a3ecde25cd988373
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x3779029a8e48dc53a1d62d035f619fbd
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
  rlm_eap: EAP packet type response id 5 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 12
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 12
modcall: leaving group authorize (returns updated) for request 12
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake fragment handler
  eaptls_verify returned 1 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 50 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010600701900dbff8395b2eecf4ff75d35aab631de6621a8a96949ad6f63abc615b5714293a8d4e23d6248cea124a8fce49a67f5bdef8bbf0cb12f58375bb72154f29bd69b8ed6df9ea14c1ed5d83bae339f1a23503923e1d7a4839f8139393a0ccfb5cce9fe1116030100040e000000
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xe5f038edb0f8c3f8e06f0a5f23f410d7
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=51, length=337
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020600c01980000000b6160301008610000082008036b1acf72df2a0e0aea88ccdca72785802c8e7cf7cc809cbc1cd2970526bddd05f407a1ba93a4c9ced40e5657569189acf8c3aa31d4066ad7d0485cdb25f33eee747cca76116a0f2531df2402036a15a8899a25e241056b7bbd467a074c4113184f88103702ec427de5614b21844988a02cee2ddc2f70bbc51c8a7363b6ed97e140301000101160301002047274e9ee0b53905bee7cbe41e7544504fe13dee7413181a9e75c5fb3db96dc3
	Message-Authenticator = 0x330e5ade3dc6c1b98211db9a1749ee4e
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0xe5f038edb0f8c3f8e06f0a5f23f410d7
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
  rlm_eap: EAP packet type response id 6 length 192
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 13
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 13
modcall: leaving group authorize (returns updated) for request 13
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls:  Length Included
  eaptls_verify returned 11 
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange  
    TLS_accept: SSLv3 read client key exchange A 
  rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]  
  rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 read finished A 
  rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]  
    TLS_accept: SSLv3 write change cipher spec A 
  rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished  
    TLS_accept: SSLv3 write finished A 
    TLS_accept: SSLv3 flush data 
    (other): SSL negotiation finished successfully 
rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0)
SSL Connection Established 
  eaptls_process returned 13 
  rlm_eap_peap: EAPTLS_HANDLED
  modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 51 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0107003119001403010001011603010020ae982aadb0779708c8ac084a0c27220bd931ddd0dc1027d641df762da01e7c13
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x60cfa0a5edf7c174c3514cd7c7f65a7b
Finished request 13
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=52, length=151
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020700061900
	Message-Authenticator = 0xbf723e37c3551867e362981b36faa978
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x60cfa0a5edf7c174c3514cd7c7f65a7b
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  rlm_eap: EAP packet type response id 7 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 14
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 14
modcall: leaving group authorize (returns updated) for request 14
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
  rlm_eap_tls: ack handshake is finished
  eaptls_verify returned 3 
  eaptls_process returned 3 
  rlm_eap_peap: EAPTLS_SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 52 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010800201900170301001555db2701383a4dab60e28f0db0e824c4581a5671fe
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x852de9dd7e19d1a5c923bf08c10a13c2
Finished request 14
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=53, length=190
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x0208002d1900170301002288a7cafb3268a1d1350f7c6ba7666503b80405e48ba79e8a7682b8ffd3e63a7f6dbc
	Message-Authenticator = 0x1b06f7ed2260a697d6b3be1df34d3c52
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x852de9dd7e19d1a5c923bf08c10a13c2
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
  rlm_eap: EAP packet type response id 8 length 45
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 15
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Identity - DOMAIN\testuser
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Got tunneled identity of DOMAIN\testuser
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to DOMAIN\testuser
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
  rlm_eap: EAP packet type response id 8 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 15
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 15
modcall: leaving group authorize (returns updated) for request 15
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
  rlm_eap: EAP Identity
  rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
  modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
Sending Access-Challenge of id 53 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x0109004219001703010037427780b211d9581c91a92c2976cd7fb11800d9f8e18fc1dc475d70c0e3e1668a78ece916102069c7b5ed11416e729ce39933f80533fbc6
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0xded8de88766f4bccc413a3a23bcb5270
Finished request 15
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=54, length=244
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x02090063190017030100586094e3cc1d9e1f5856e8bccf4b82654c4ad75cd04c6a10fff6623b01356111bab02ff75ae23eb1c7b4aca810edccf35de1270f93ef9ff0e89440443ef866c918f23c945db147426c108f8ad6928e748d34bd10486dbe1a5f
	Message-Authenticator = 0xcf3d72e3d06990d7daa371a4a33f8053
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0xded8de88766f4bccc413a3a23bcb5270
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
  rlm_eap: EAP packet type response id 9 length 99
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 16
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 16
modcall: leaving group authorize (returns updated) for request 16
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to DOMAIN\testuser
  PEAP: Adding old state with db be
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
  rlm_eap: EAP packet type response id 9 length 76
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 16
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 16
modcall: leaving group authorize (returns updated) for request 16
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 16
  rlm_mschap: No User-Password configured.  Cannot create LM-Password.
  rlm_mschap: No User-Password configured.  Cannot create NT-Password.
  rlm_mschap: Told to do MS-CHAPv2 for testuser with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
 mschap2: ae
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat:  '/opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=aea3ef9fe78f8ac2 --nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d'
Exec-Program: /opt/samba/bin/ntlm_auth --request-nt-key --domain=DOMAIN --username=testuser --challenge=aea3ef9fe78f8ac2 --nt-response=8c6a735e29ed7cddb8c02ae601424aca79d115544324731d
Exec-Program output: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF 
Exec-Program-Wait: plaintext: NT_KEY: 12047FA4AC9D0AA0F53475F2FA2D03AF 
Exec-Program: returned: 0
  modcall[authenticate]: module "mschap" returns ok for request 16
modcall: leaving group MS-CHAP (returns ok) for request 16
MSCHAP Success 
  modcall[authenticate]: module "eap" returns handled for request 16
modcall: leaving group authenticate (returns handled) for request 16
  PEAP: Got tunneled Access-Challenge
  modcall[authenticate]: module "eap" returns handled for request 16
modcall: leaving group authenticate (returns handled) for request 16
Sending Access-Challenge of id 54 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010a004a1900170301003fef7905b2d4365d2237b81630423bc384d7bcb02b1b174a194bd45d2fd6cb233fe98fd93c30e1ebaa50e34ea3a409e352a990e1ed2c665b91344766a9f52135
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x05c6c7c2066a6d23236f6a02c7b62783
Finished request 16
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=55, length=174
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020a001d1900170301001237f99735d4db2ad15b56ba7ca23d6bd3d6c4
	Message-Authenticator = 0xb07169c8d70f58fe956cb729d91eb15f
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x05c6c7c2066a6d23236f6a02c7b62783
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  rlm_eap: EAP packet type response id 10 length 29
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: EAP type mschapv2
  rlm_eap_peap: Tunneled data is valid.
  PEAP: Setting User-Name to DOMAIN\testuser
  PEAP: Adding old state with 91 d5
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
  rlm_eap: EAP packet type response id 10 length 6
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 17
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 17
modcall: leaving group authorize (returns updated) for request 17
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 17
modcall: leaving group authenticate (returns ok) for request 17
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 17
modcall: leaving group authenticate (returns handled) for request 17
Sending Access-Challenge of id 55 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	EAP-Message = 0x010b00261900170301001b92a97899d7d36a01ce0773c89ec1912d02c257d4c5bb24239e1b84
	Message-Authenticator = 0x00000000000000000000000000000000
	State = 0x898f8d49a4dfd4d1e5c301eb592f532a
Finished request 17
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 192.168.1.1:1645, id=56, length=183
	User-Name = "DOMAIN\\testuser"
	Service-Type = Framed-User
	Framed-MTU = 1500
	Called-Station-Id = "00-19-AA-2C-8F-03"
	Calling-Station-Id = "00-08-74-46-2A-A5"
	EAP-Message = 0x020b00261900170301001b2b96f40aa3319766d8adf76e850b1f0bd44117041db965f51cf0b5
	Message-Authenticator = 0x3f0853b193e36a8d7b85d734713703a0
	NAS-Port = 50001
	NAS-Port-Type = Ethernet
	State = 0x898f8d49a4dfd4d1e5c301eb592f532a
	NAS-IP-Address = 192.168.1.1
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
  rlm_eap: EAP packet type response id 11 length 38
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 18
    users: Matched entry DEFAULT at line 1
  modcall[authorize]: module "files" returns ok for request 18
modcall: leaving group authorize (returns updated) for request 18
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/peap
  rlm_eap: processing type peap
  rlm_eap_peap: Authenticate
  rlm_eap_tls: processing TLS
  eaptls_verify returned 7 
  rlm_eap_tls: Done initial handshake
  eaptls_process returned 7 
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 18
modcall: leaving group authenticate (returns ok) for request 18
Sending Access-Accept of id 56 to 192.168.1.1 port 1645
	Tunnel-Type:0 = VLAN
	Tunnel-Medium-Type:0 = IEEE-802
	Tunnel-Private-Group-Id:0 = "vlanX"
	MS-MPPE-Recv-Key = 0x1c8f0ede465ed8d7250bfd67396e340423ff2859327f38942b13a210030ad18c
	MS-MPPE-Send-Key = 0xc12ccf7491c816122c7a2bd30eb177d2add2b23897493492288f1647c850d06f
	EAP-Message = 0x030b0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "DOMAIN\\testuser"
Finished request 18
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 47 with timestamp 4579990d
Cleaning up request 10 ID 48 with timestamp 4579990d
Cleaning up request 11 ID 49 with timestamp 4579990d
Cleaning up request 12 ID 50 with timestamp 4579990d
Cleaning up request 13 ID 51 with timestamp 4579990d
Cleaning up request 14 ID 52 with timestamp 4579990d
Cleaning up request 15 ID 53 with timestamp 4579990d
Cleaning up request 16 ID 54 with timestamp 4579990d
Cleaning up request 17 ID 55 with timestamp 4579990d
Cleaning up request 18 ID 56 with timestamp 4579990d
Nothing to do.  Sleeping until we see a request.




More information about the Freeradius-Users mailing list