Wincdows Clients works, Linux don't
Sergio Belkin
sebelk at gmail.com
Mon Oct 22 21:58:08 CEST 2007
I am using freeradius with EAP/TTLS. Windows Clients work fine, but
not from Linux. These are the message after trying to access from
Ubuntu 7.04:
--- Walking the entire request list ---
Sending Access-Reject of id 252 to 10.30.1.151 port 1031
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=253, length=102
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message = 0x0201000b016d6261726265
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
Message-Authenticator = 0x10cf9173f0fc56e7c29c6febe5be1f90
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 48
modcall[authorize]: module "preprocess" returns ok for request 48
rlm_eap: EAP packet type response id 1 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 48
modcall[authorize]: module "files" returns notfound for request 48
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 58
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 48
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 48
modcall: leaving group authorize (returns updated) for request 48
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 48
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 48
modcall: leaving group authenticate (returns handled) for request 48
Sending Access-Challenge of id 253 to 10.30.1.151 port 1031
EAP-Message = 0x010f061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x93a4cdfad4b31637cd74d6d3255e4b30
Finished request 48
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=254, length=202
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message =
0x0202005d150016030100520100004e0301471e027b594fc3bd23cd735f39013a7f93bc2b2574587abf78b635eb801f850600002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
State = 0x93a4cdfad4b31637cd74d6d3255e4b30
Message-Authenticator = 0x3c9b688b198579b1ba4e97ba79c783cf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 49
modcall[authorize]: module "preprocess" returns ok for request 49
rlm_eap: EAP packet type response id 2 length 93
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 49
modcall[authorize]: module "files" returns notfound for request 49
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 59
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 49
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 49
modcall: leaving group authorize (returns updated) for request 49
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 49
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0052], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0852], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 49
modcall: leaving group authenticate (returns handled) for request 49
Sending Access-Challenge of id 254 to 10.30.1.151 port 1031
EAP-Message =
0x0103040a15c000000ac1160301004a020000460301471cdb5884f622bdad38ebc5862a7813cc4220fa5f1fd7a4a3a60fd18f9e2893200f5d445c4201d335a4d3376418bb45730265c2ab57c352cd5c8ddd4c2679a9b700390016030108520b00084e00084b0003b9308203b53082029da003020102020111300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06
EAP-Message =
0x035504031315436572746966696361746520417574686f72697479301e170d3037313031313233333633305a170d3131313031303233333633305a308193310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f312d302b060355040b1324446570617274616d656e746f20646520436f6d756e69636163696f6e6573202d20737032311d301b06035504031314737065637472756d2e70616c65726d6f2e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100e04585aa76fe88e53fe2e5
EAP-Message =
0xfd4e4c9732987996ca13093a1173f9760319f9bf6b1bbad6702284056432c8b9409e28789a2d91e8027baa1fadcf4951be8b3d1932d6a125dd50d18a57ea8c909eb93b83f73404193b6ebb16e7abcc49ec7b3d2546f65e41d895631ab82cbf09c6744c9d6e01064fd1548487e70baf1179f387430d7f193460f4bf55e9c6cb2100202382b2c0c10929e125f8c32bd5cd0d26c3d908688cb747475263370195f56c256bad4ee232fb9db6bf07966c6ad88f5bfa07143c5a626fde432f3582bdc50164e1b216e902efb947be80f5d64cf05e33e1ba76c3734bd4a1586895b5575ac4ea9f87384629547e75ad7c119c66abe7a07f8c7d0203010001a31730
EAP-Message =
0x1530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c056381386ae47210e7781b5f29f6e345d3cf3170d7b56f207c5120ad7a0a3f50d8d5089b1b670e12571f30f6035435027ba8a6c0f560c4ed67436b09470a25f6c6ed5f6183671143d0119cdbd58f1564ff62d829557d30db8e3e629cde53dc086b2b6e6cbc199f38653349b1abd884554bde148d0b3c6972f3910a3d9a6004b4b85b5c2bea77f8939d3518d718d5a1290ca6c03f3ce5d98906e243f4cc698360b5d5f3015054f0dc7f0cb42475760038477a75d03c048f80b4f50b554499749833660883b818630ae143a9e0ac935e5e3d594
EAP-Message = 0xf97b881df18c0b1712e00eef6a91fa1582e7f8eb93fa
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9f0fb729292fd1fa84bf8407b903c2f1
Finished request 49
Going to the next request
Cleaning up request 42 ID 247 with timestamp 471cdb53
Cleaning up request 43 ID 248 with timestamp 471cdb53
Cleaning up request 44 ID 249 with timestamp 471cdb53
Cleaning up request 45 ID 250 with timestamp 471cdb53
Cleaning up request 46 ID 251 with timestamp 471cdb53
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=255, length=115
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message = 0x020300061500
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
State = 0x9f0fb729292fd1fa84bf8407b903c2f1
Message-Authenticator = 0x1bf865fa2b8ecd5298a3ba37822d1ce6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 50
modcall[authorize]: module "preprocess" returns ok for request 50
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 50
modcall[authorize]: module "files" returns notfound for request 50
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 60
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 50
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 50
modcall: leaving group authorize (returns updated) for request 50
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 50
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 50
modcall: leaving group authenticate (returns handled) for request 50
Sending Access-Challenge of id 255 to 10.30.1.151 port 1031
EAP-Message =
0x0104040a15c000000ac14ee3f701692818d33744866b15afbc8774a1ed07b5b43200048c3082048830820370a003020102020101300d06092a864886f70d010104050030818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479301e170d3035313230313134353835305a170d3135313132393134353835305a30818e310b30090603
EAP-Message =
0x55040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb878d17120d3af300ab78838b32fde160463d4ff2693c5ebc59123788f0bfe9d90aaa34a22bab04b8e8f294176215b97f2edf6c686434ad87acccd5ecf7edec871e8449a876cbfe531c5158385aa9d30685723c
EAP-Message =
0xf3273b5d2d8cde4ca62b0c07c3bdd54be96f2f68074454281c527079276d3388dcdb097e730c419f58d24eaca71fd8c5d8b6fe023154b9bdb920dc6ac013a57dc9bf94b99250b47bc32a07afbf2a2eddd37bdb8f0421f7df33eb999dce70784d065458b5e590f1c285837464709c6af7e3ae092dd38372420e780d8567699d534897f298fcde4309a2f66afee6dce842a69c31f1ca580454665eae87a04881b0bbb009928b30ef374fa534e50203010001a381ee3081eb301d0603551d0e04160414fd77533bb6a66d1e3b48bfb5d21501d829ddf4693081bb0603551d230481b33081b08014fd77533bb6a66d1e3b48bfb5d21501d829ddf469a18194
EAP-Message =
0xa4819130818e310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311e301c06035504031315436572746966696361746520417574686f72697479820101300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010066656bbb8617d0aa046d938fb367586fb47ba22a4c54ccfc21d3bdc13ae39df3cd89029a0b5bcacb39977e824d94ba8c61296ce2e38d91e22766ce9ce6d988580251e19e
EAP-Message = 0xf037cea75d86cb016c26f8d51bb33fbe8f07daf1f9fc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8ec906c143e12a91c2923decee5f456a
Finished request 50
Going to the next request
Cleaning up request 47 ID 252 with timestamp 471cdb53
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=0, length=115
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message = 0x020400061500
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
State = 0x8ec906c143e12a91c2923decee5f456a
Message-Authenticator = 0x6505201bc52e449d0d78f34393accd3f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 51
modcall[authorize]: module "preprocess" returns ok for request 51
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 51
modcall[authorize]: module "files" returns notfound for request 51
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 61
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 51
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 51
modcall: leaving group authorize (returns updated) for request 51
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 51
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 51
modcall: leaving group authenticate (returns handled) for request 51
Sending Access-Challenge of id 0 to 10.30.1.151 port 1031
EAP-Message =
0x010502cb158000000ac178833f2254362517e85e9dcd2c4362773223204e9c66dff65f08f319c5c9a2bb6a6de09b6534fd5df1fc14ba8dc996930e5413bbb2d4cae1c5aa68abe3785bec762c0c47246c2a89066512727dfc1c8b96fb0005841d05009db8e084a3931d2046b4d8047d2c182c9b0a5b5f340ee1b4331ec0ece5185dc33e4f100ec0a0a7e6e2bad313ea717fa4d4ed2e913575014832f80d0298e5c662015b0729eabd6220c0082326acb5160301020d0c0002090080ab5cc42c337b650ab1047c54f7a4fc1a130b5596597983a2b227b2a9969953ee8238cee287777922551db722e8db74a6f760d006dac6ebfcc8a12be3a29d341f28c8
EAP-Message =
0x4c7276144e8ef17163040ab5133ee9dab782f2a030bf37bef653c2081f601c1563997b74cecc8d1d10f7bfdd6d812abd1b020076c2f9d125d24e7148765b00010200802b5df81bd6d61aef7ac659e75d873e6160d654a21ae35372e1f4c23b27eb9da51e47b885d05c5b384b6607e45a86bb5498b5909c81cfcf8079bfaf7a205b1e8ae0e4cc055ddf84fd7a3122952b744b777e35b50385e8de99a39fdce13f3806e54f399cfa985e9b938f7787f8cb091b6c9d344cc1c8cbf49a6b69642f29054f1e01008e859eb9cf1a0a028e0dac00ea41f9c36444e7e1fca9a1d1443f9facbf531a834d0ad6f4ddd46c4b724c359cccce7b96ba81baf8e3571623
EAP-Message =
0xd53ab675a4d6256fbd3485a7c422d677afcbec25fbac4b50c9d9d410bff745fe20cc8604ff15eb43fc8923b0757caac662887d1123dc38dd090c41a7f9e5352a4e2075e80b8473dcb05bf3b76bf63b6de5f7d32ce8d44933b09aa972a16d9f07da5398db6a8cd8567c1b017ec6be611af3cb5a983083297c706459982b8040cbd09c0af14f74f3130a72f89309a68eb110a947055823e5c5390c4846b3e59b63e66ddcbdcb62c6f03958908363a9185afe60cbc91aac69609409435b4b56b750383b8b251a12bac416030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x89c261d0437eeb9dcddbe806fe528723
Finished request 51
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=1, length=313
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message =
0x020500cc1500160301008610000082008057043d3068860732c837deabd3478f745b102bd2059b58a6ae82b07439e2333e4d08a61e062ecc61ecc31ac7461234f8a82565867e14f62ee29eb862282a7e4a2fb1c3e9e14b3df1a4e75281a4623872c1839bf9ca2ff9d7fac21f1427e057f9178814756a0ab73dc99098322d70e12cb698a85a2a81685771b951bded038d4514030100010116030100302282d77f0730d9d730c3e02ba2ffd22eb47bcf3a5a365ff22adf85d96bd84be66928ffcf58720562175aa6725ea1cff7
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
State = 0x89c261d0437eeb9dcddbe806fe528723
Message-Authenticator = 0x7610c5f0d8723787c71194309ef953c1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 52
modcall[authorize]: module "preprocess" returns ok for request 52
rlm_eap: EAP packet type response id 5 length 204
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 52
modcall[authorize]: module "files" returns notfound for request 52
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 62
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 52
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 52
modcall: leaving group authorize (returns updated) for request 52
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 52
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 52
modcall: leaving group authenticate (returns handled) for request 52
Sending Access-Challenge of id 1 to 10.30.1.151 port 1031
EAP-Message =
0x0106004515800000003b14030100010116030100305733430142da8ad230323c344f3ad0d604a9bfc411f63958f04a6d2da875d66d4b5f28db659aab44adfc8379f8b2ed9d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d7022d071c2cef6bf33debacd0cb017
Finished request 52
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 10.30.1.151:1031, id=2, length=205
User-Name = "jdoe"
Calling-Station-Id = "00-0e-35-bf-51-18"
EAP-Message =
0x020600601500170301002020647f7d8d2bccc5abe810057b62591cb8d50a9c28d9e1edac7975536e78ed8717030100305f194220a912f09dead1620b1bf24c355d0134f82f36caca739a61d3211d82c6c7b337d69e644127509b25da6874c0f2
Framed-MTU = 1287
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
State = 0x9d7022d071c2cef6bf33debacd0cb017
Message-Authenticator = 0x1981ceaaca92086c0e3517f5cd3f2858
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 53
modcall[authorize]: module "preprocess" returns ok for request 53
rlm_eap: EAP packet type response id 6 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 53
modcall[authorize]: module "files" returns notfound for request 53
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 63
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 53
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 53
modcall: leaving group authorize (returns updated) for request 53
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 53
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
TTLS: Got tunneled identity of jdoe
TTLS: Setting default EAP type for tunneled EAP session.
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 53
modcall[authorize]: module "preprocess" returns ok for request 53
rlm_eap: EAP packet type response id 6 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 53
modcall[authorize]: module "files" returns notfound for request 53
rlm_ldap: - authorize
rlm_ldap: performing user authorization for jdoe
radius_xlat: '(uid=jdoe)'
radius_xlat: 'ou=people,dc=cadorna,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=cadorna,dc=edu, with
filter (uid=jdoe)
request done: ld 0x5555557c3e70 msgid 64
rlm_ldap: checking if remote access for jdoe is allowed by radiusAllowed
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user jdoe authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 53
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 53
modcall: leaving group authorize (returns updated) for request 53
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 53
rlm_eap: EAP Identity
rlm_eap: No such EAP type md5
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 53
modcall: leaving group authenticate (returns invalid) for request 53
auth: Failed to validate the user.
TTLS: Got tunneled Access-Reject
rlm_eap: Handler failed in EAP/ttls
TTLS: Freeing handler for user jdoe
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 53
modcall: leaving group authenticate (returns invalid) for request 53
auth: Failed to validate the user.
Delaying request 53 for 1 seconds
Finished request 53
Going to the next request
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 2 to 10.30.1.151 port 1031
EAP-Message = 0x04060004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 51 ID 0 with timestamp 471cdb58
Cleaning up request 52 ID 1 with timestamp 471cdb58
Cleaning up request 53 ID 2 with timestamp 471cdb58
Cleaning up request 48 ID 253 with timestamp 471cdb58
Cleaning up request 49 ID 254 with timestamp 471cdb58
Cleaning up request 50 ID 255 with timestamp 471cdb58
Nothing to do. Sleeping until we see a request.
--
--
Sergio Belkin -
More information about the Freeradius-Users
mailing list