FR2 EAP-PEAP proxy does not saving attributes
Daniil L. Kharoun
daniil at chics.ru
Thu Sep 17 07:45:53 CEST 2009
Required to authorize wireless users by the protocol EAP-PEAP, but,
unfortunately, the radius of the billing system can not EAP-PEAP. Installed
freeradius 2.1.6 in proxy mode. Freeradius terminates the tunnel TLS, and
requests the radius of the billing system goes on algorithm mschapv2.
Problem - freeradius does not save or pass additional attributes of an access
point, obtained from the radius of the billing system (attributes for
example - WISPr-Bandwidth-Max-Up and WISPr-Bandwidth-Max-Down). How to
solve
the problem?
192.168.145.42 - WiFi Access Point
192.168.151.59 - radius billing system
192.168.151.36 - freeradius
eap.conf:
eap {
default_eap_type = mschapv2
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
max_sessions = 2048
tls {
certdir = ${confdir}/certs
cadir = ${confdir}/certs
private_key_file = /etc/ssl/hotspot.pem
certificate_file = /etc/ssl/hotspot.pem
CA_file
= /etc/ssl/Equifax_Secure_Certificate_Authority.cer
dh_file = ${certdir}/dh
random_file = ${certdir}/random
cipher_list = "DEFAULT"
make_cert_command = "${certdir}/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = no
virtual_server = "proxy-inner-tunnel"
}
mschapv2 {
}
}
proxy-inner-tunnel:
server proxy-inner-tunnel {
authorize {
update control {
# You should update this to be one of your realms.
Proxy-To-Realm := "BILLING"
}
}
authenticate {
eap
}
post-proxy {
eap
}
}
proxy.conf:
realm BILLING {
authhost = 192.168.151.59:1812
secret = secretkey
}
DEBUG:
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=222,
length=118
User-Name = "10"
EAP-Message = 0x02620007013130
Message-Authenticator = 0xe38b290e654269d95defc60fb7831415
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 98 length 7
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 222 to 192.168.145.42 port 45920
EAP-Message =
0x0163001c1a01630017106ec1f0ae862c6445e9a4584a08ab62ef3130
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a30789c9ac02fc8e14eb27c4dd
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=223,
length=135
User-Name = "10"
State = 0x07ead3a30789c9ac02fc8e14eb27c4dd
EAP-Message = 0x026300060319
Message-Authenticator = 0x9525673c0e27ecccf1ac9f6ce46db721
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 99 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 223 to 192.168.145.42 port 45920
EAP-Message = 0x016400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a3068ecaac02fc8e14eb27c4dd
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=224,
length=209
User-Name = "10"
State = 0x07ead3a3068ecaac02fc8e14eb27c4dd
EAP-Message =
0x0264005019800000004616030100410100003d03014ab1b8781e54c0ed2319fa36048467e14e8ea2e75c7ffc26ce5bc8860fc7397d00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x10d075914cfb960691940025bac92d35
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 100 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 03e1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 224 to 192.168.145.42 port 45920
EAP-Message =
0x0165040019c00000041e160301002a0200002603014ab1b87373b948ae5201edc20184e227a46dd17a260533ac0ec56e0395439f4e0000040016030103e10b0003dd0003da0003d7308203d33082033ca0030201020203094f70300d06092a864886f70d0101040500305a310b3009060355040613025553311c301a060355040a1313457175696661782053656375726520496e632e312d302b06035504031324457175696661782053656375726520476c6f62616c2065427573696e6573732043412d31301e170d3038303930343132333033355a170d3130303930353132333033355a3081be310b3009060355040613025255311a301806035504
EAP-Message =
0x0a1311686f7473706f742e7769666937342e727531133011060355040b130a475437393434363732313131302f060355040b1328536565207777772e726170696473736c2e636f6d2f7265736f75726365732f637073202863293038312f302d060355040b1326446f6d61696e20436f6e74726f6c2056616c696461746564202d20526170696453534c285229311a301806035504031311686f7473706f742e7769666937342e727530820122300d06092a864886f70d01010105000382010f003082010a0282010100c21b59eddbf221b2c2d09e7b8155902fc8aea111de5a1dfa8c79d4e72964fd058ed12a4d03dcd933cf09317670a6114251979b
EAP-Message =
0xefb178907be72a83920a14a80924fd8dd99f0ed93143a8b8f3515c6caaf04a567a7608bf452fa4632cb87ce64088c938cfb6299e9dfb2f76b0316e6aae25123422a4417656a21a2bb2cc840f3d7b6dc800e7d8074517374ffe4e748db3e9200e8b7c686d51b64f245260e84d2cc53fbdee5fc1ddfc15abdb8aeed19c920136cdc68db83ab6ecbb3874e2583c2da213b67ddc1394329a82b0d5602d7e9fd1e07d4afac9c0453ed34ae44b7ca5f27bc42a62a71ed145885bc906ba94d7f0086ba7d1eb5803ec282ec530a55b06f70203010001a381bd3081ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414453f042356bf8c2f19f2
EAP-Message =
0x739089c71bb78487a81a303b0603551d1f043430323030a02ea02c862a687474703a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff04023000300d06092a864886f70d0101040500038181004a2a1f1e9ee05ed6c39653a22fe44ca0040da2fc8606d3554b6607e1d360c8c6822213ee20fa2d81d227d909d5796c0a43e0ae0b97e659fd97322708ef4084669c0ff27c3419b134b118e2aa72cab82e076f93aa60
EAP-Message = 0x62671f10333727cd338cd3cd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a3058fcaac02fc8e14eb27c4dd
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=225,
length=135
User-Name = "10"
State = 0x07ead3a3058fcaac02fc8e14eb27c4dd
EAP-Message = 0x026500061900
Message-Authenticator = 0x0891f11bfcde8025eb587ef050e6275d
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 101 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 225 to 192.168.145.42 port 45920
EAP-Message =
0x0166002e1900702f3a043f13f2d5e5aec143aa600f630c62aa96fdbf5e831ae59e7d9712a816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a3048ccaac02fc8e14eb27c4dd
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=226,
length=451
User-Name = "10"
State = 0x07ead3a3048ccaac02fc8e14eb27c4dd
EAP-Message =
0x0266014019800000013616030101061000010201004fb56d910fa42a14aa3c6eea33555362d8b39f1a2d77d313bdf079cf50ef4f71679689ec46c0b3577a595bab267f66fbb8b438340d0aceb29255a31a21f06c6fedc4cf0a1b21cb5598998789d459ba071492bb0c3dc88aa298175053356df80f427ad2174f0bd9ff49b1811923ac82e7bae0246f597e697174f90846bd2228ce7c309d62cedfb336b841cdc398ac39d961ee667a60fa8b090bb6aa7b4aa63a8508dbd4d274210bea74e32b96e2a8356eef15f8eac7589b875818656d1f45f5b9fc2afd37644ac93369f11a61c29d3048a906aa43f7edbb70944882868bc3f42581b063fe52f0667b
EAP-Message =
0x80eea00922809693b706592d39e0b15bb7041c28f500cae3140301000101160301002065aa79b35b69f62a83173f7ab8f5b5a8d32d26a88721a8ee678de11e2b491929
Message-Authenticator = 0xbbab16716509bef7bd587a9571871429
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 102 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 226 to 192.168.145.42 port 45920
EAP-Message =
0x01670031190014030100010116030100206aacab4436bbf44e492d852573dfe1266992043b58bbe3f8899aff0353065bc3
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a3038dcaac02fc8e14eb27c4dd
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=227,
length=135
User-Name = "10"
State = 0x07ead3a3038dcaac02fc8e14eb27c4dd
EAP-Message = 0x026700061900
Message-Authenticator = 0x8cacd03c12a16673a93fa5f29a008a9f
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 103 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 227 to 192.168.145.42 port 45920
EAP-Message =
0x01680020190017030100151f5ac40f4ba30f1f7a95c7e53868bb2f92829d3504
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a30282caac02fc8e14eb27c4dd
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=228,
length=159
User-Name = "10"
State = 0x07ead3a30282caac02fc8e14eb27c4dd
EAP-Message =
0x0268001e19001703010013c5e116d8769ea065b0481bac42772977282860
Message-Authenticator = 0x3a5e3bd0c1eda2cae9ba82bae0fa84c2
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 104 length 30
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - 10
[peap] Got tunneled request
EAP-Message = 0x02680007013130
server {
PEAP: Got tunneled identity of 10
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to 10
Sending tunneled request
EAP-Message = 0x02680007013130
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "10"
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
server proxy-inner-tunnel {
+- entering group authorize {...}
++[control] returns notfound
} # server proxy-inner-tunnel
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Cancelling proxy to realm BILLING until the tunneled EAP session has
been established
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x0169001c1a0169001710d01d8df2bebb58a339c9c0b7d7caa2173130
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xed5f6a24ed3670cb0fe406473891ab01
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 228 to 192.168.145.42 port 45920
EAP-Message =
0x0169003319001703010028974ef70851394a0c9a4a9783c4e94ef4b3b55dd38ce01d825860cca95b3b17454b897a2b291d5659
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a30183caac02fc8e14eb27c4dd
Finished request 6.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=229,
length=213
User-Name = "10"
State = 0x07ead3a30183caac02fc8e14eb27c4dd
EAP-Message =
0x02690054190017030100490a8a2dceac8c7bf8f6ef0a654c42c8dadc887fc06747ec53c2b84f03ad4cab7787dd12fbde394d8c0a931f3fc632a4a14d834fcf2751b9d2cd8fd7e1795b4c02b858804be81e5dba50
Message-Authenticator = 0x8e1a99d600d67e4900cddbe680e0ea8d
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 105 length 84
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x0269003d1a0269003831082b6e438ecf27aae769335526e67a4300000000000000001fef103523937a5a401a1f294a3a15cca7aca61bfc5e5cce003130
server {
PEAP: Setting User-Name to 10
Sending tunneled request
EAP-Message =
0x0269003d1a0269003831082b6e438ecf27aae769335526e67a4300000000000000001fef103523937a5a401a1f294a3a15cca7aca61bfc5e5cce003130
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "10"
State = 0xed5f6a24ed3670cb0fe406473891ab01
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
server proxy-inner-tunnel {
+- entering group authorize {...}
++[control] returns notfound
} # server proxy-inner-tunnel
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Not-EAP proxy set. Not composing EAP
++[eap] returns handled
PEAP: Tunneled authentication will be proxied to BILLING
PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy.
[eap] Tunneled session will be proxied. Not doing EAP.
++[eap] returns handled
Sending Access-Request of id 210 to 192.168.151.59 port 1812
User-Name = "10"
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
MS-CHAP-Challenge = 0xd01d8df2bebb58a339c9c0b7d7caa217
MS-CHAP2-Response =
0x6930082b6e438ecf27aae769335526e67a4300000000000000001fef103523937a5a401a1f294a3a15cca7aca61bfc5e5cce
Proxy-State = 0x323239
Proxying request 7 to home server 192.168.151.59 port 1812
Sending Access-Request of id 210 to 192.168.151.59 port 1812
User-Name = "10"
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
MS-CHAP-Challenge = 0xd01d8df2bebb58a339c9c0b7d7caa217
MS-CHAP2-Response =
0x6930082b6e438ecf27aae769335526e67a4300000000000000001fef103523937a5a401a1f294a3a15cca7aca61bfc5e5cce
Proxy-State = 0x323239
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 192.168.151.59 port 1812, id=210,
length=190
Acct-Interim-Interval = 100
Vendor-14559-Attr-2 = 0x3746bdf7
WISPr-Bandwidth-Max-Up = 256000
WISPr-Bandwidth-Max-Down = 1024000
MS-CHAP2-Success =
0x69533d38364544453342343842363931353546304535343645363831414538304436454232373039384144
MS-MPPE-Recv-Key = 0xe7f1174e7beff1487910dc87d142d6e6
MS-MPPE-Send-Key = 0x57c39cbbbdb601ce38ef7909bd7f9e12
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Proxy-State = 0x323239
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
[eap] Passing reply from proxy back into the tunnel.
server proxy-inner-tunnel {
[eap] Passing reply back for EAP-MS-CHAP-V2
+- entering group post-proxy {...}
[eap] Doing post-proxy callback
rlm_eap_mschapv2: Passing reply from proxy back into the tunnel 0x8178f00 2.
rlm_eap_mschapv2: Authentication succeeded.
MSCHAP Success
++[eap] returns ok
} # server proxy-inner-tunnel
[eap] Final reply from tunneled session code 11
Acct-Interim-Interval = 100
Vendor-14559-Attr-2 = 0x3746bdf7
WISPr-Bandwidth-Max-Up = 256000
WISPr-Bandwidth-Max-Down = 1024000
Proxy-State = 0x323239
EAP-Message =
0x016a00331a0369002e533d38364544453342343842363931353546304535343645363831414538304436454232373039384144
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xed5f6a24ec3570cb0fe406473891ab01
[eap] Got reply 11
[eap] Got tunneled reply RADIUS code 11
Acct-Interim-Interval = 100
Vendor-14559-Attr-2 = 0x3746bdf7
WISPr-Bandwidth-Max-Up = 256000
WISPr-Bandwidth-Max-Down = 1024000
Proxy-State = 0x323239
EAP-Message =
0x016a00331a0369002e533d38364544453342343842363931353546304535343645363831414538304436454232373039384144
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xed5f6a24ec3570cb0fe406473891ab01
[eap] Got tunneled Access-Challenge
[eap] Saving tunneled attributes for later
[eap] Reply was handled
++[eap] returns ok
Sending Access-Challenge of id 229 to 192.168.145.42 port 45920
EAP-Message =
0x016a004a1900170301003fd2ea6e8b90e35bd3dc79e64ecc7ae61cd620a7629fd3abf26723951ef19cfefbc3902e8c6b69247948560d9d5a2ffd957aaccfc6275fbeb408f6b9298c0b63
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a30080caac02fc8e14eb27c4dd
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=230,
length=158
User-Name = "10"
State = 0x07ead3a30080caac02fc8e14eb27c4dd
EAP-Message =
0x026a001d1900170301001205f944ba8b8681891372395b7988718791f7
Message-Authenticator = 0x650b5766f4853772e7afc56471b7a0a0
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 106 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x026a00061a03
server {
PEAP: Setting User-Name to 10
Sending tunneled request
EAP-Message = 0x026a00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "10"
State = 0xed5f6a24ec3570cb0fe406473891ab01
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
server proxy-inner-tunnel {
+- entering group authorize {...}
++[control] returns notfound
} # server proxy-inner-tunnel
[peap] Got tunneled reply code 0
PEAP: Calling authenticate in order to initiate tunneled EAP session.
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
[peap] Got tunneled reply RADIUS code 2
EAP-Message = 0x036a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "10"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 230 to 192.168.145.42 port 45920
EAP-Message =
0x016b00261900170301001b6e683e898fecffe435a9ac6da18b14d763fce8469753e75845e608
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x07ead3a30f81caac02fc8e14eb27c4dd
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.145.42 port 45920, id=231,
length=167
User-Name = "10"
State = 0x07ead3a30f81caac02fc8e14eb27c4dd
EAP-Message =
0x026b00261900170301001b460a94724013aed47c0d5d4baf51a28b8e327f5dc38f3c4f8409eb
Message-Authenticator = 0xc6f562fa8c5e6f07251406f048927499
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 107 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
[eap] Freeing handler
++[eap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 231 to 192.168.145.42 port 45920
User-Name = "10"
MS-MPPE-Recv-Key =
0x95cd48dc452bb7ea093e2a2945d4337a6112847f9ac1dafce280a27713ec34ca
MS-MPPE-Send-Key =
0x34066a293d5a0f0f5269014040f41bc79d125807510bc15bf99f75e7e3307977
EAP-Message = 0x036b0004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Accounting-Request packet from host 192.168.145.42 port 45920,
id=232, length=131
Acct-Status-Type = Start
User-Name = "10"
Calling-Station-Id = "00:17:9A:0A:54:F1"
Called-Station-Id = "00:15:6D:AD:1E:D7"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-Port-Id = "00000000"
NAS-IP-Address = 192.168.145.42
NAS-Identifier = "DreamWiFi"
Framed-IP-Address = 192.168.40.19
Acct-Session-Id = "4ab1b87300000000"
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =
192.168.145.42,NAS-IP-Address = 192.168.145.42,Acct-Session-Id
= "4ab1b87300000000",User-Name = "10"'
[acct_unique] Acct-Unique-Session-ID = "1e54eedf8186ab47".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting {...}
[detail]
expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/192.168.145.42/detail-20090917
[detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radacct/192.168.145.42/detail-20090917
[detail] expand: %t -> Thu Sep 17 10:17:55 2009
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/radutmp -> /var/log/radutmp
[radutmp] expand: %{User-Name} -> 10
++[radutmp] returns ok
[attr_filter.accounting_response] expand: %{User-Name} -> 10
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 232 to 192.168.145.42 port 45920
Finished request 10.
--
Best regards, Daniil Kharun
More information about the Freeradius-Users
mailing list