FR 2.1.1 core dump Solaris 10 x86

Chris Howley C.P.Howley at leeds.ac.uk
Fri Sep 26 11:27:36 CEST 2008


Dear Alan,

FR 2.1.1 running under Solaris 10 x86 creates a core dump when using EAP
PEAP/MSCHAPv2.

Chris Howley 

bash-3.00# radiusd -X
FreeRADIUS Version 2.1.1, for host i386-pc-solaris2.10, built on Sep 25
2008 at 12:42:55
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
including dictionary file /usr/local/etc/raddb/dictionary
main {
        prefix = "/usr/local"
        localstatedir = "/usr/local/var"
        logdir = "/usr/local/var/log/radius"
        libdir = "/usr/local/lib"
        radacctdir = "/usr/local/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        allow_core_dumps = no
        pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/local/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
 }
 client 10.12.80.96/27 {
        require_message_authenticator = no
        secret = "testing123"
        shortname = "wism"
 }
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
        retry_delay = 5
        retry_count = 3
        default_fallback = no
        dead_time = 120
        wake_all_if_all_dead = no
 }
 home_server localhost {
        ipaddr = 127.0.0.1
        port = 1812
        type = "auth"
        secret = "testing123"
        response_window = 20
        max_outstanding = 65536
        zombie_period = 40
        status_check = "status-server"
        ping_interval = 30
        check_interval = 30
        num_answers_to_alive = 3
        num_pings_to_alive = 3
        revive_interval = 120
        status_check_timeout = 4
 }
 home_server_pool my_auth_failover {
        type = fail-over
        home_server = localhost
 }
 realm example.com {
        auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan
"
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
        use_mppe = yes
        require_encryption = yes
        require_strong = yes
        with_ntdomain_hack = no
        ntlm_auth = "/usr/sfw/bin/ntlm_auth --request-nt-key
--username=%{Stripped-User-Name:-%{User-Name:-None}}
--domain=%{mschap:NT-Domain:-DS.LEEDS.AC.UK}
--challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}"
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
        radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
        default_eap_type = "peap"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        pem_file_type = yes
        private_key_file = "/usr/local/etc/raddb/certs/server.pem"
        certificate_file = "/usr/local/etc/raddb/certs/server.pem"
        CA_file = "/usr/local/etc/raddb/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/usr/local/etc/raddb/certs/dh"
        random_file = "/dev/urandom"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
    cache {
        enable = no
        lifetime = 24
        max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        proxy_tunneled_request_as_eap = no
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
        format = "suffix"
        delimiter = "@"
        ignore_default = no
        ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
        usersfile = "/usr/local/etc/raddb/users"
        acctusersfile = "/usr/local/etc/raddb/acct_users"
        preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
        compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
        filename = "/usr/local/var/log/radius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
        attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
  }
 }
}
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
        huntgroups = "/usr/local/etc/raddb/huntgroups"
        hints = "/usr/local/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
        detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
        attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=142, length=176
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message = 0x0201000c01656475726f616d
        Message-Authenticator = 0x106b870c32a62fb087dc711482652b96
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 142 to 10.12.80.101 port 32769
        EAP-Message = 0x010200061920
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c820cb675ef9949b7230ccbdaa5
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=143, length=262
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message =
0x0202005019800000004616030100410100003d030148dca64833b2ae971205068066e7
ac41dce152d7a4a1f0abe60489262290d3c900001600040005000a000900640062000300
060013001200630100
        State = 0x0cb46c820cb675ef9949b7230ccbdaa5
        Message-Authenticator = 0xdd4d5afdd354da330e8a851117507a41
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 143 to 10.12.80.101 port 32769
        EAP-Message =
0x0103040019c00000088b160301002a02000026030148dca647db39a03303db064cd3bc
4b90a41614d174e0141d3d3f27b99935267900000400160301084e0b00084a0008470003
a6308203a23082028aa003020102020101300d06092a864886f70d010104050030819331
0b3009060355040613024652310f300d0603550408130652616469757331123010060355
04071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e
3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126
30240603550403131d4578616d706c6520436572746966696361746520417574686f7269
7479
        EAP-Message =
0x301e170d3038303932353134353731385a170d3039303932353134353731385a307c31
0b3009060355040613024652310f300d0603550408130652616469757331153013060355
040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c652053
65727665722043657274696669636174653120301e06092a864886f70d01090116116164
6d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382
010f003082010a0282010100d0766818cb56a43de093034321aca55bbbe9d3222e476e89
959a7f56e169825c7b08debc9b41bdceff6ed5ba350b4ec81197e8ef508c842c8173d190
913f
        EAP-Message =
0xc85131e44cf875ac2feec3ef18c0f9275462d925449b7273f6150d86c885c268fec945
5f0763abffdadc38307319af270b4ff7c6dc4b6ff54dd33e67c80c9b21e9de61077c9561
9e3b74d1791c320c23304aad26d741234947eba6a253da1359e88078a25ae61c099f0fcd
103f85d84038d81aeee595c9901cd007cbdbd6eee9b8f3845459e4f8342f05266eb164e4
6074e557f9fe37b9c3967a9e57b12a503beeaf81b6d013e6d8c534c83753a12e7cee7564
ee0cd31f3253bff7e27c8b069adc670203010001a317301530130603551d25040c300a06
082b06010505070301300d06092a864886f70d010104050003820101006b2c6c7331c040
9c00
        EAP-Message =
0x994bf72bcb52a61eca106b42cf409ca599d69f529a9a21e991c625ac71cf01da4185a1
447e38cea9563fb819296ff0bef68a8b8335c3fa5d2af11607b06b212797a6e7c6d5d175
61656aa47f925e6d26852fd5e850efb253372b9d89a41343c10309a242af62ca4820d8dd
7336710d47a12e104c59285f36bcd406b682548c337b5dfb5eda1c37da7d5ae95c1ad0ff
8611b0c2794e74c039d14dbc5e6d93afa224a87c6eef38460000b29118f3f9fc5ed27037
399b190ca0e2f1d98c7376e77f4afecf6b55f234c5734ec74b9c836e8aeafc770ec5cf63
ec6e1fe465a5a9233f5ebdaf3a02d8f43ea5026d4fba067882646ed2b14a983f00049b30
8204
        EAP-Message = 0x973082037fa0030201020201
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c820db775ef9949b7230ccbdaa5
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=144, length=188
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message = 0x020300061900
        State = 0x0cb46c820db775ef9949b7230ccbdaa5
        Message-Authenticator = 0x306ba7aa4d3c40bf26c3200a39f91071
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 144 to 10.12.80.101 port 32769
        EAP-Message =
0x010403fc194000300d06092a864886f70d0101040500308193310b3009060355040613
024652310f300d060355040813065261646975733112301006035504071309536f6d6577
6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a8648
86f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d
4578616d706c6520436572746966696361746520417574686f72697479301e170d303830
3932353134353731375a170d3038313032353134353731375a308193310b300906035504
0613024652310f300d060355040813065261646975733112301006035504071309536f6d
6577
        EAP-Message =
0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a86
4886f70d010901161161646d696e406578616d706c652e636f6d31263024060355040313
1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d
06092a864886f70d01010105000382010f003082010a0282010100c808067e3b9540e4ce
6ec3115c5d07a7db66c329bdc5c1e33a156fbee608d1ef787d79031aedd1ff660914247a
076fbbe674d17d47e805418815576932174c0a67b4ecb92cee42519375933687af2f632a
3e6d25f5d781a5b4cacf3383f3984b27f7ce147005c6e5f4904166a696ad9b2e6efe53c4
87b3
        EAP-Message =
0x01040076d327ff47280d6416a8f41e4b588e8cc4f3c904511b6242b5baf175bc998bfd
79717111e3f48e999ed733094d2f0f4e1f79fbe31bd6f932b9ac937e0e9c232d52d87444
547d0f0375acf5f4b9affc31ad80026589bf4e577beaa792ced4eb75d37a4059347c5411
000587df3ed9bd130610434ebb8a3a0c67bce235ac9efb8fe858473923c30203010001a3
81f33081f0301d0603551d0e041604147ac63ac5ff6dbb9a842a4295883c0025fe8cb1cd
3081c00603551d230481b83081b580147ac63ac5ff6dbb9a842a4295883c0025fe8cb1cd
a18199a48196308193310b3009060355040613024652310f300d06035504081306526164
6975
        EAP-Message =
0x733112301006035504071309536f6d65776865726531153013060355040a130c457861
6d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d312630240603550403131d4578616d706c652043657274696669636174
6520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886
f70d010104050003820101009ef5b32c06e5a05b107865ec976832e9b0ba15c84a521311
3bc31a1c8356c9aa129a00af265a7e1178d2dc279e6f8da03cf502b9c4c5c0535fef9052
eae9a18b5b5b409b0a948c2e59ca8a25bc6cbae91b866313b8a121554ddd00be2c4b3620
3f2a
        EAP-Message = 0xbef8ea593db1741c
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c820eb075ef9949b7230ccbdaa5
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=145, length=188
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message = 0x020400061900
        State = 0x0cb46c820eb075ef9949b7230ccbdaa5
        Message-Authenticator = 0x79702e24654636170854100516765466
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 145 to 10.12.80.101 port 32769
        EAP-Message =
0x010500a5190051f7587d8252a2fe137eb7e38b0e8fcef534028b2c428386171b32fbbd
c32dd19f8dfbb32ffaa058af9aac90d67ea54fbf0af236cf2d898f74b4094a6a4a506bff
ca8b0343e529813ba443b217057c2ac2d3e105ba819ea91f16eea7ccc5fdf227ad6b04f0
c3670f6fc80cb67b80f739fc220974e6205cea6eff801077234b2b1fe984b6bbc724ccb0
b111ace3c0c920bf802b4eeec816030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c820fb175ef9949b7230ccbdaa5
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=146, length=504
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message =
0x020501401980000001361603010106100001020100ad02c1ef3a938a536d4f773bc120
9e8785b2e98ee2441a3f905145cc38d552e28022588f574e36e97132b5a53e57a4d8c08d
86d38c4ccb6ede1050e26f0e38a430877de544a1b09fc4ee8d7dcb263cda083c8bd7bb2a
6654aaee155c27aaeb5c849c5b1f0b17e7d973dd302cab480a886f95fed090afacf4d445
ca89f5b7e929b7b9be5382d111806e600b9a1d9f08e7fc36868415d5448a52ebc07dfce7
e0463d0afea3f3a4d3bfa49d31d00bbd246b95934b68de2f5e47016af1f8d528965cb394
9ab6751dec08fc55333b32c4b186ed91fb9324fb5d2b0e65011c32d0583ce6dbabf83509
f165
        EAP-Message =
0xfc2930c450657a33d83a7cb0d3f56894100b5b601cf6c59b1403010001011603010020
f50a783ce47300318272c132172d390b388ca8597e452771d686db3e1cbfc8fb
        State = 0x0cb46c820fb175ef9949b7230ccbdaa5
        Message-Authenticator = 0x0efc830adc0963b7f12f33848a2e7215
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 146 to 10.12.80.101 port 32769
        EAP-Message =
0x0106003119001403010001011603010020c0714e9ed9b7ab79912d4e96168226e6274a
a9df918058f5e6e1eef4d9f231a0
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c8208b275ef9949b7230ccbdaa5
Finished request 4.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=147, length=188
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message = 0x020600061900
        State = 0x0cb46c8208b275ef9949b7230ccbdaa5
        Message-Authenticator = 0x83b9c2f9eff4a524ca5c4b8f8c59365c
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 147 to 10.12.80.101 port 32769
        EAP-Message =
0x01070020190017030100150ac4600ef9fffd886bc7eb1748e65fac575ea21069
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x0cb46c8209b375ef9949b7230ccbdaa5
Finished request 5.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.12.80.101 port 32769,
id=148, length=217
        User-Name = "testuser"
        Calling-Station-Id = "00-13-02-8D-F3-1F"
        Called-Station-Id = "00-14-6A-D8-C2-80:ISS TEST"
        NAS-Port = 29
        NAS-IP-Address = 10.12.80.101
        NAS-Identifier = "WM03-1"
        Airespace-Wlan-Id = 6
        Service-Type = Framed-User
        Framed-MTU = 1300
        NAS-Port-Type = Wireless-802.11
        Tunnel-Type:0 = VLAN
        Tunnel-Medium-Type:0 = IEEE-802
        Tunnel-Private-Group-Id:0 = "3021"
        EAP-Message =
0x020700231900170301001809d221beba90673f8aacd0022d3c037a4cac1d6be40d3d42
        State = 0x0cb46c8209b375ef9949b7230ccbdaa5
        Message-Authenticator = 0x54b9111ba19bd6a78c04a5e6ba6ac7bb
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "testuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 35
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - testuser
[peap] Got tunnled request
        EAP-Message = 0x0207000c01656475726f616d
Segmentation Fault (core dumped)
bash-3.00#




More information about the Freeradius-Users mailing list