Cannot authenticate using PEAPv0 and Windows XP SP3 native supplicant

Mateusz Pagacz matpg at poczta.onet.pl
Tue Mar 17 11:29:59 CET 2009


Hi
I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3 
native supplicant. I can authenticate using local flat file or ntlm_auth but 
authentication from WinXP doesn't work.

Here's the log:

FreeRADIUS Version 2.1.5, for host i486-pc-linux-gnu, built on Mar 13 2009 
at 19:44:44
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/radutmp
including configuration file 
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/control-socket
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
group = freerad
user = freerad
including dictionary file /etc/freeradius/dictionary
main {
 prefix = "/usr"
 localstatedir = "/var"
 logdir = "/var/log/freeradius"
 libdir = "/usr/lib/freeradius"
 radacctdir = "/var/log/freeradius/radacct"
 hostname_lookups = no
 max_request_time = 30
 cleanup_delay = 5
 max_requests = 1024
 allow_core_dumps = no
 pidfile = "/var/run/freeradius/freeradius.pid"
 checkrad = "/usr/sbin/checkrad"
 debug_level = 0
 proxy_requests = yes
 log {
 stripped_names = no
 auth = no
 auth_badpass = no
 auth_goodpass = no
 }
 security {
 max_attributes = 200
 reject_delay = 1
 status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
 retry_delay = 5
 retry_count = 3
 default_fallback = no
 dead_time = 120
 wake_all_if_all_dead = no
 }
 home_server localhost {
 ipaddr = 127.0.0.1
 port = 1812
 type = "auth"
 secret = "testing123"
 response_window = 20
 max_outstanding = 65536
 require_message_authenticator = no
 zombie_period = 40
 status_check = "status-server"
 ping_interval = 30
 check_interval = 30
 num_answers_to_alive = 3
 num_pings_to_alive = 3
 revive_interval = 120
 status_check_timeout = 4
 irt = 2
 mrt = 16
 mrc = 5
 mrd = 30
 }
 home_server_pool my_auth_failover {
 type = fail-over
 home_server = localhost
 }
 realm example.com {
 auth_pool = my_auth_failover
 }
 realm LOCAL {
 }
radiusd: #### Loading Clients ####
 client localhost {
 ipaddr = 127.0.0.1
 require_message_authenticator = no
 secret = "testing123"
 nastype = "other"
 }
 client 10.112.250.66 {
 require_message_authenticator = no
 secret = "XXXXXXXX"
 shortname = "XXXXXXXX"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
 wait = no
 input_pairs = "request"
 shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
 reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
 reply-message = "You are calling outside your allowed timespan  "
 minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating pap
  pap {
 encryption_scheme = "auto"
 auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating chap
 Module: Linked to module rlm_mschap
 Module: Instantiating mschap
  mschap {
 use_mppe = yes
 require_encryption = yes
 require_strong = yes
 with_ntdomain_hack = yes
 ntlm_auth = 
"/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} 
 --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
  }
 Module: Linked to module rlm_unix
 Module: Instantiating unix
  unix {
 radwtmp = "/var/log/freeradius/radwtmp"
  }
 Module: Linked to module rlm_eap
 Module: Instantiating eap
  eap {
 default_eap_type = "peap"
 timer_expire = 60
 ignore_unknown_eap_types = no
 cisco_accounting_username_bug = no
 max_sessions = 2048
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
 challenge = "Password: "
 auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
 rsa_key_exchange = no
 dh_key_exchange = yes
 rsa_key_length = 512
 dh_key_length = 512
 verify_depth = 0
 pem_file_type = yes
 private_key_file = "/etc/freeradius/certs/server.pem"
 certificate_file = "/etc/freeradius/certs/server.pem"
 CA_file = "/etc/freeradius/certs/ca.pem"
 private_key_password = "XXXXXXXX"
 dh_file = "/etc/freeradius/certs/dh"
 random_file = "/etc/freeradius/certs/random"
 fragment_size = 1024
 include_length = yes
 check_crl = no
 cipher_list = "DEFAULT"
    cache {
 enable = no
 lifetime = 24
 max_entries = 255
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
 default_eap_type = "md5"
 copy_request_to_tunnel = no
 use_tunneled_reply = no
 virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
 default_eap_type = "mschapv2"
 copy_request_to_tunnel = yes
 use_tunneled_reply = yes
 proxy_tunneled_request_as_eap = yes
 virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
 with_ntdomain_hack = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_realm
 Module: Instantiating suffix
  realm suffix {
 format = "suffix"
 delimiter = "@"
 ignore_default = no
 ignore_null = no
  }
 Module: Linked to module rlm_files
 Module: Instantiating files
  files {
 usersfile = "/etc/freeradius/users"
 acctusersfile = "/etc/freeradius/acct_users"
 preproxy_usersfile = "/etc/freeradius/preproxy_users"
 compat = "no"
  }
 Module: Checking session {...} for more modules to load
 Module: Linked to module rlm_radutmp
 Module: Instantiating radutmp
  radutmp {
 filename = "/var/log/freeradius/radutmp"
 username = "%{User-Name}"
 case_sensitive = yes
 check_with_nas = yes
 perm = 384
 callerid = yes
  }
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Linked to module rlm_attr_filter
 Module: Instantiating attr_filter.access_reject
  attr_filter attr_filter.access_reject {
 attrsfile = "/etc/freeradius/attrs.access_reject"
 key = "%{User-Name}"
  }
 }
}
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating preprocess
  preprocess {
 huntgroups = "/etc/freeradius/huntgroups"
 hints = "/etc/freeradius/hints"
 with_ascend_hack = no
 ascend_channels_per_line = 23
 with_ntdomain_hack = no
 with_specialix_jetstream_hack = no
 with_cisco_vsa_hack = no
 with_alvarion_vsa_hack = no
  }
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating acct_unique
  acct_unique {
 key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, 
NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating detail
  detail {
 detailfile = 
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
 header = "%t"
 detailperm = 384
 dirperm = 493
 locking = no
 log_packet_header = no
  }
 Module: Instantiating attr_filter.accounting_response
  attr_filter attr_filter.accounting_response {
 attrsfile = "/etc/freeradius/attrs.accounting_response"
 key = "%{User-Name}"
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 }
radiusd: #### Opening IP addresses and Ports ####
listen {
 type = "auth"
 ipaddr = *
 port = 0
}
listen {
 type = "acct"
 ipaddr = *
 port = 0
}
listen {
 type = "control"
 listen {
 socket = "/var/run/freeradius/freeradius.sock"
 }
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=153, 
length=249
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x5baffb9dd034cd9aa3cb29a45831918b
 EAP-Message = 0x0201000f015456505c703734303038
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication 
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 153 to 10.112.250.68 port 1645
 Session-Timeout = 3600
 EAP-Message = 0x010200061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065cdfc3973f250f474980ad2ad
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=154, 
length=332
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x722d94e3ceca44322ee60ba3bc0e13df
 EAP-Message = 
0x0202005019800000004616030100410100003d030149bf736722dcce9632a19c40c8caac0b9ac85b77726a8e2a55e2fef92ab5db2200001600040005000a000900640062000300060013001200630100
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065cdfc3973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate 
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 154 to 10.112.250.68 port 1645
 EAP-Message = 
0x0103040019c00000092e160301002a02000026030149bf736738a1795e83e117ee5d27d262d6f7af42b18f18a9925a94c6d2d1d3000000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
 EAP-Message = 
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
 EAP-Message = 
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
 EAP-Message = 
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
 EAP-Message = 0x28079b2e590993d13d8ea1c9
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065ccfd3973f250f474980ad2ad
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=155, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xd0131129f48c7f344a6d29179fc4adba
 EAP-Message = 0x020300061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065ccfd3973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 155 to 10.112.250.68 port 1645
 EAP-Message = 
0x010403fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
 EAP-Message = 
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
 EAP-Message = 
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
 EAP-Message = 
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
 EAP-Message = 0x6572746966696361
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065cffa3973f250f474980ad2ad
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=156, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x7a6f3b1b53834e2106f048f4218e8fdc
 EAP-Message = 0x020400061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065cffa3973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 156 to 10.112.250.68 port 1645
 EAP-Message = 
0x010501481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
 EAP-Message = 
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065cefb3973f250f474980ad2ad
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=157, 
length=574
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xab5bdc9d3518e5ff8322121b07cd24f1
 EAP-Message = 
0x0205014019800000013616030101061000010201001e7cd090ff71bf192b8cdc4b91cd2b54c0934456f9e035acc7374c09873d855badaf066e3c9aac495ca867532f2bc0b14b291b2b518497991f12cdc908b2a6f18f23f636c2be3fea94c876feca9534fcb0279764c69b050d11e1963a8d93e64e83802927a7bb646fc2aa7126dbdb0903f2e400a1843921e97db7f31813a1504e79b2c1081c1faba8fa6fab41e426a2059ee10f14e75d991a00ea67d47c5bfc047d585b239c90a7548b3258b88c1e5aa38073ec9c957c01e379d0178001a4f251eac068b24ddf5cefa362116e0b68aa518da2d9cb214da11796cf49337fc6c5581e44c11173f10d79
 EAP-Message = 
0x5ba4e12506fad7fb811e6786855ef98f9f9fbd8c3f8140ac14030100010116030100208c79d5a0fe46df96051e904c0b9980fc6fb0ff0e4b181cec34f6d74da4f4a16f
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065cefb3973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 157 to 10.112.250.68 port 1645
 EAP-Message = 
0x0106003119001403010001011603010020b6916cdea4d91c27b28b16722d40ca38b7e83bc89a7936c95fdafc48c86d8883
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065c9f83973f250f474980ad2ad
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=158, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x44325309820ffa12b30c214d2694708d
 EAP-Message = 0x020600061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065c9f83973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 158 to 10.112.250.68 port 1645
 EAP-Message = 
0x010700201900170301001535401f02148f70a1bda51fa3b69abb7dc556d20673
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065c8f93973f250f474980ad2ad
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=159, 
length=290
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x3b372e42aa519786123f192e486d2982
 EAP-Message = 
0x020700261900170301001bab7b003deb0b93e4d5ce89d15660b21eefa1929c675a008d180777
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065c8f93973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
 EAP-Message = 0x0207000f015456505c703734303038
server  {
  PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 0x0207000f015456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 159 to 10.112.250.68 port 1645
 EAP-Message = 
0x0108003b19001703010030bef0b99fb4258235bc8654c2dae2d201c3530fd9ebaa29893a52f6ab129eb45585066c663582c6e0bc7b3f3be28205f8
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065cbf63973f250f474980ad2ad
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=160, 
length=344
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xfd2b892111c1f12c1e60fb4820524b78
 EAP-Message = 
0x0208005c1900170301005161f7025ea840d7f5823c98e467db708e6fbdfa2ce84fc8dddfdef59c419b2c1734b908b114fee270d140e76d2fdd604b262cf5018e4b3286cff5c09f0f50790b51047b0e94e5957bca3eda76c63f882238
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 State = 0xcdfe2065cbf63973f250f474980ad2ad
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
 EAP-Message = 
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
server  {
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 State = 0x8514698c851c73de6383db5f8319a5b1
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3472
 NAS-Port-Id = "3472"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap]  expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap]  expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap]  mschap2: 33
[mschap] 
 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=665a186a2744c21d
[mschap] 
 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=5fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 160 to 10.112.250.68 port 1645
 EAP-Message = 
0x0109004a1900170301003f6145ec30002debef77be6fabe99fbe76b3510591ae8dfd4bb27523dbefd8970ce673f9bcd55ac41603f5163ef61aaba69c074a5cb60d0c7b9c23856fe47a96
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xcdfe2065caf73973f250f474980ad2ad
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 153 with timestamp +11
Cleaning up request 1 ID 154 with timestamp +11
Cleaning up request 2 ID 155 with timestamp +11
Cleaning up request 3 ID 156 with timestamp +11
Cleaning up request 4 ID 157 with timestamp +11
Cleaning up request 5 ID 158 with timestamp +11
Cleaning up request 6 ID 159 with timestamp +12
Cleaning up request 7 ID 160 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=161, 
length=249
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xe228fa4baf34109d516a99e37534a781
 EAP-Message = 0x0202000f015456505c703734303038
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication 
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.112.250.68 port 1645
 Session-Timeout = 3600
 EAP-Message = 0x010300061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a576992b17b71cf6b836ab72
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=162, 
length=332
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xa4c8094461a7f9af463251323caf79f6
 EAP-Message = 
0x0203005019800000004616030100410100003d030149bf7385ae4924e8192fd3dfa74c41b19ad157988c44e52d14e99da996adc3b400001600040005000a000900640062000300060013001200630100
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a576992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate 
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.112.250.68 port 1645
 EAP-Message = 
0x0104040019c00000092e160301002a02000026030149bf738605a363453e465ca291b4794959af9290b7601d1a37417a2b497a03ce0000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
 EAP-Message = 
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
 EAP-Message = 
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
 EAP-Message = 
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
 EAP-Message = 0x28079b2e590993d13d8ea1c9
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a471992b17b71cf6b836ab72
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=163, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xb6ff7161df8db2ae677dcebd84a53b85
 EAP-Message = 0x020400061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a471992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.112.250.68 port 1645
 EAP-Message = 
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
 EAP-Message = 
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
 EAP-Message = 
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
 EAP-Message = 
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
 EAP-Message = 0x6572746966696361
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a770992b17b71cf6b836ab72
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=164, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xdfe51030a315137a4132e7287254ce08
 EAP-Message = 0x020500061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a770992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.112.250.68 port 1645
 EAP-Message = 
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
 EAP-Message = 
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a673992b17b71cf6b836ab72
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=165, 
length=574
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xb4de6a4ff4348463155fd850059775a1
 EAP-Message = 
0x0206014019800000013616030101061000010201004f4ae73fe1be7d30acfd1cb5a4389a1f9de8785911af2ca4fdb8ac00d7945565c11a43c810a30f76a3b167c95717b0639300061a901da1ce8b6485c461c3ddd413b691826bd1a9ab56a73fc38e61a1f518098a6ee597295239cb068fb70703755917e1b67fa3e66c52e8833ba3becb330065fefe7ed93bf5f653033cdaa015d1d9746f839c7e39e23b050406a51e6ea5f0e391fe57e0e4d8358aec30dd9a908155cc500ea2bc3d16da296bf140206575d391fea4c6380e799cd5f7fb51bf6c5c5bfa34c9eaac8be334db2c36fc30e59d5b9ebf0d0bfa358e6336d72762f47e063298fe22ce1d23bf
 EAP-Message = 
0xfaad05baf0aa757cc3496a509087ec213d36bcdec3745d601403010001011603010020f1de6fa684e1822b016ea76bf478b7332fb9d7178ba963452ee3a0d0ef1c2170
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a673992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.112.250.68 port 1645
 EAP-Message = 
0x010700311900140301000101160301002007a07f19ed77680ef286f39db5f72d84904e2ce4f18605a26a891c830f788118
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a172992b17b71cf6b836ab72
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=166, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xba106d6ac81c2ab2d2af33203af59dfb
 EAP-Message = 0x020700061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a172992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.112.250.68 port 1645
 EAP-Message = 
0x0108002019001703010015d29cdc6fce0a9cafb6f20924de3208174b6df7b2f1
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a07d992b17b71cf6b836ab72
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=167, 
length=290
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x2705336f241836f6b24f00b588e13b73
 EAP-Message = 
0x020800261900170301001b1ad7c2bfa6dd0cf866701399664bc207fa635e0dda7be377e9f3e9
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a07d992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
 EAP-Message = 0x0208000f015456505c703734303038
server  {
  PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 0x0208000f015456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.112.250.68 port 1645
 EAP-Message = 
0x0109003b19001703010030567f55f1c932102a7393dd1788f03f0c56caa83abba0a9dea8ae9efd076672556c04f662912c3a591557a46d00dc0bb9
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a37c992b17b71cf6b836ab72
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=168, 
length=344
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x51f11715a3fd4e4b3f4f60e94f2ec217
 EAP-Message = 
0x0209005c190017030100516108e772ad1a8697bd98eb78aa5a6ddd1ce48bbd3f5806b8976c07e1d8075fbf2b446ac911cf3d9c32dc87a9fbbb74fc4e78f278669f21845f60bb2396bc4a9fbb911b08264853bb1eb7692701c52caa07
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 State = 0xa5758044a37c992b17b71cf6b836ab72
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
 EAP-Message = 
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
server  {
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 State = 0x52cdb58652c4af523153f09f4bdf6cdf
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3473
 NAS-Port-Id = "3473"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap]  expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap]  expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap]  mschap2: fb
[mschap] 
 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3fd187592f201e30
[mschap] 
 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=a3a3783202886260550809a31b871ef23053c43001e5ac32
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.112.250.68 port 1645
 EAP-Message = 
0x010a004a1900170301003f7cf22b3d3b98defde4a8507f1d8a31afc97dcbeb2dbfee786dfafacde6932185a0d25b034e2adea0a020d3893597c210a797cc4a9ebc8cd55def9c36429564
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xa5758044a27f992b17b71cf6b836ab72
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 8 ID 161 with timestamp +42
Cleaning up request 9 ID 162 with timestamp +42
Cleaning up request 10 ID 163 with timestamp +42
Cleaning up request 11 ID 164 with timestamp +42
Cleaning up request 12 ID 165 with timestamp +42
Cleaning up request 13 ID 166 with timestamp +42
Cleaning up request 14 ID 167 with timestamp +42
Cleaning up request 15 ID 168 with timestamp +42
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=169, 
length=249
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x3be0e1f7c4bdcd75667064f66e9619ce
 EAP-Message = 0x0202000f015456505c703734303038
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.  Authentication 
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.112.250.68 port 1645
 Session-Timeout = 3600
 EAP-Message = 0x010300061920
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=170, 
length=332
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xbf6cb6e421103d910c3c82c82f88bd5f
 EAP-Message = 
0x0203005019800000004616030100410100003d030149bf739e913e31e053095a9e843be3c58f034a298848371dd1c09614cd391e4f00001600040005000a000900640062000300060013001200630100
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap]     (other): before/accept initialization
[peap]     TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap]     TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap]     TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap]     TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap]     TLS_accept: SSLv3 write server done A
[peap]     TLS_accept: SSLv3 flush data
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate 
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.112.250.68 port 1645
 EAP-Message = 
0x0104040019c00000092e160301002a02000026030149bf739fccc26f0bff62d4adf8845c4e97faa5044de6a40cbc6a3d141df295460000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
 EAP-Message = 
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
 EAP-Message = 
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
 EAP-Message = 
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
 EAP-Message = 0x28079b2e590993d13d8ea1c9
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=171, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x5bd29e753b5b6c6911fe48ea4d2bfa97
 EAP-Message = 0x020400061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.112.250.68 port 1645
 EAP-Message = 
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
 EAP-Message = 
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
 EAP-Message = 
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
 EAP-Message = 
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
 EAP-Message = 0x6572746966696361
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=172, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x899989aaeffc2cf16fbb292d1c60c2d1
 EAP-Message = 0x020500061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 172 to 10.112.250.68 port 1645
 EAP-Message = 
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
 EAP-Message = 
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
Finished request 19.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=173, 
length=574
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x8cfa2e92c1c9550959ecb56811542921
 EAP-Message = 
0x02060140198000000136160301010610000102010057de7fce03ef2b8da4e5b4a105a4938396646061d6bf4486715999c867fc99da6069907e919d977bfac45d0d866bed53b3c13df4acc7dbcf1f7de7e8e57c93656969653b30d7e96f85a8e4122e1997a86e43cfd9039e445be035d2434f9ad1f44261415ccd9c125d686ba6de81672a600dae2d4a067bc8198ea5e9a5055e0fc2f2e605e29c39af8e97ee074e666b9bdc52166efbc09204d164498d78ae57083eed44122760b6eb502fc7d24ea6184b9cf0d7a61b180116f437ce830d8df884ac7f2cda98c7ba4f234a5f160935eed729268888b8c83c23b360886bcfe0653fb9ced420787dd421ea
 EAP-Message = 
0x841df0bb7038200cdf994122a71503bf9e1794d4f88ea851140301000101160301002040d928941d205e02f0ac96dd252e0e9e806618aff68a50fd862e43bed90802a6
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
  TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]     TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]     TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap]     TLS_accept: SSLv3 write finished A
[peap]     TLS_accept: SSLv3 flush data
[peap]     (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 173 to 10.112.250.68 port 1645
 EAP-Message = 
0x0107003119001403010001011603010020acaa165528e5d93a321a708cf754e35cca549e7643dfef26ac19d55ccbeb412c
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
Finished request 20.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=174, 
length=258
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0xa7fab4ed557ac954fe15e673b18d8597
 EAP-Message = 0x020700061900
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 174 to 10.112.250.68 port 1645
 EAP-Message = 
0x010800201900170301001566c7f1fc2634b5b865e8288393a6cbc7af0a1d9880
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
Finished request 21.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=175, 
length=290
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x87b7cd805492d90012ee6fe3840fbe74
 EAP-Message = 
0x020800261900170301001b8c1f3e834415347b60d0401abab425d2419ebc2ca5a39c71617b70
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
 EAP-Message = 0x0208000f015456505c703734303038
server  {
  PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
  PEAP: Setting default EAP type for tunneled EAP session.
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 0x0208000f015456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 175 to 10.112.250.68 port 1645
 EAP-Message = 
0x0109003b19001703010030d6bbeeb624eae82978780dceba30ccf11d56eb19b12b72bef613865766c35f15dfe3a9861a6227996556d195699cfb17
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=176, 
length=344
 User-Name = "XXXXXXXX\\XXXXXXXX"
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 Message-Authenticator = 0x34211457b4aa30443e0504e440f2edaf
 EAP-Message = 
0x0209005c1900170301005119ca998b681a059cc2e26e22eb36b08ee9a8122b45113dc28fac5da0ff4cabccdfa8310120f9c7e9f836c48018cabcf1ac6a50aa7080793c5cd352ea5939b1ce08ba92b090626e199f46b847df9c026bfd
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
 EAP-Message = 
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
server  {
  PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
 EAP-Message = 
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
 FreeRADIUS-Proxied-To = 127.0.0.1
 User-Name = "XXXXXXXX\\XXXXXXXX"
 State = 0x070b039c0702199a3e8b7d3fe7983ece
 Framed-MTU = 1400
 Called-Station-Id = "0024.148d.8271"
 Calling-Station-Id = "001c.bf4a.53f8"
 Cisco-AVPair = "ssid=XXXXXXXX"
 WISPr-Location-Name = "XXXXXXXX"
 Service-Type = Login-User
 NAS-Port-Type = Wireless-802.11
 NAS-Port = 3474
 NAS-Port-Id = "3474"
 NAS-IP-Address = 10.112.250.68
 NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap]  expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap]  expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap]  mschap2: eb
[mschap] 
 expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba92db7b369561bd
[mschap] 
 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c6bf5111c616439e7175f41b9924336435d4d9446152b20c
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
 Session-Timeout = 3600
 EAP-Message = 
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 176 to 10.112.250.68 port 1645
 EAP-Message = 
0x010a004a1900170301003f01156130446ebb52b406e3df036bca41381aa01ab7af3b1de37099bc1e1e348cf7745608f1e03fd226d5e92f44622ca20a02c09289e4fb9aa04f9211b285cc
 Message-Authenticator = 0x00000000000000000000000000000000
 State = 0xe0dfc443e7d5dd5bdcf2e1539bf5f4d5
Finished request 23.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 16 ID 169 with timestamp +67
Cleaning up request 17 ID 170 with timestamp +67
Cleaning up request 18 ID 171 with timestamp +67
Cleaning up request 19 ID 172 with timestamp +67
Cleaning up request 20 ID 173 with timestamp +67
Cleaning up request 21 ID 174 with timestamp +67
Cleaning up request 22 ID 175 with timestamp +67
Cleaning up request 23 ID 176 with timestamp +67
Ready to process requests.

Any ideas?

Thanks in advance,
Mateusz





More information about the Freeradius-Users mailing list