Can't autenticate on ldap with PEAP
Oscar Pacheco
scar_86 at cucea.udg.mx
Fri Sep 18 21:00:01 CEST 2009
Sorry I forgot to attach the debug text
Hi we can't authenticate using ldap on eap/mschapv2, the user exists
in the ldap database and with the radtest utility sends a ok reply.
Here is a part of the debug using the -X option when we try to validate a
user using windows xp:
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=112, length=131
Message-Authenticator = 0x97c28e8ab9f6a7d26ea3e131759aed76
User-Name = "scar_86"
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
EAP-Message = 0x0201000c01736361725f3836
Framed-MTU = 1000
Called-Station-Id = "0001F4-78-67-60\0003"
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 3
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 1 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 112 to 148.202.51.160 port 1086
EAP-Message = 0x01020016041062a23d2fafcccc69bfa5a9915148bb77
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675ba77f2bbd4b5703aa9944e60
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=113, length=143
Message-Authenticator = 0x8a6eaa3b0522878674c5affe97f6dc2d
User-Name = "scar_86"
State = 0xba75f675ba77f2bbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message = 0x020200060319
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 4
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 113 to 148.202.51.160 port 1086
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675bb76efbbd4b5703aa9944e60
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=114, length=217
Message-Authenticator = 0x5274d88c238f6343c10fa80d4a490641
User-Name = "scar_86"
State = 0xba75f675bb76efbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message =
0x0203005019800000004616030100410100003d03014ab3d5986ba9727b25a00ded65d5d2b8b03f5302a4e89049e1db65d516731d7e00001600040005000a000900640062000300060013001200630100
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 5
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 114 to 148.202.51.160 port 1086
EAP-Message =
0x010403e419c00000089b160301002a0200002603014ab3d5cfbadbd984c6353c5eb2d828e9c532075d74fbd895175d4cd88295355500000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3039303931343134353235365a170d3130303931343134353235365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b8ffbd15e46e10f5ea8b63bddfaa551e55dcbf1e0801757fb9607ec0513fb58fd56980e37ee722a8d0d98b5fa960c5cf7c0ef3e2ca2f8f4e66b4d75b5565
EAP-Message =
0xd4f982870e4e57e23bcabc42de0d6356e7b0014fed8a1446f2f70fef84ba952b86947688324b5500cf71bf95a5c187772abbd78351a2cc120ef9236607516271cfcb4a94e7b1d77f18d54dca0ccc63bfef1f9ab2c0dd89dbb1d94c5f8b5e0f73d042ada31aea777be2d351cb6d61a08521146e508af10f167c8eb5e530db7ac79207dbbc00100c913e2e659b740ccebb2ee21722103d3bd92b51625b047cfcb89c6d62008f72e04269ea5b39b95a83ef3fe8e72d5feab53aadc1c38f132eec057a7f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010074ad95c7e8b4b77637
EAP-Message =
0xd175b7d0b58d35142f3d9e9847f5e52e0b7aca9f887737ecd70f7a92c1bcf8666e501b1f3b9f4616b1bd7b2a0d47e382ad138db2333e099f637ab73c22fb37138908d7d967e3af2ee49a30d1230dda53d7cdd1103652eb2324ad79726f71effd975bf401806e1e72c70dec2a672ed7ea769cd3120658b2897d6b75a9d370ae8af2651972d663ed13e28a437d3d73e6cdadde2b4776bab27368fa43b41e51fd835118b1f5af5d20be2b4a32812464ea54c345927d17a845ad1cab21159e52477b5d62357a484f673cb012711cbcdfd25ddd7a44c3706079ac0cea6e8c37ca3deea3344f717e8a27106c737a3348
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675b871efbbd4b5703aa9944e60
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=115, length=143
Message-Authenticator = 0x67f3bfd91c67c4afa33b73803a9e3eaf
User-Name = "scar_86"
State = 0xba75f675b871efbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message = 0x020400061900
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 6
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 115 to 148.202.51.160 port 1086
EAP-Message =
0x010503e01940f212386f08a5ab720cd90004ab308204a73082038fa003020102020900eb2e03c2a13fe16e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303931343134353235365a170d3130303931343134353235365a308193310b3009060355040613
EAP-Message =
0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ca744131bbd5fc261d372728741022a981a5c538b1a5f109aadd62dfa26690d1a3f09a78335d354881e24fd1e42a2b4ca47b70084fd33f833b13c5717e5bb73b5e5543261e1b7ef63b8d1a612a3f54d63dccb5
EAP-Message =
0x3d0ca12858308eda1b24093e535d19843d1a42bd23aedf52f8200907d7cab23f41685884cc742e1919dd5327a6933d4fd2dcbd49490ba887be9869f4a2da8425765045b66e66cdc0e587dfe8c4030fb526d6aab3f94d36d7644e31f373239760b0ae6bac4bb0047199faa55e05613b74a79ab92389bc14f801683489324aed4a1327b8f8f108172624eca5a87ec4ef408a178cec6d606238ee1c3cc6ade04fe3dea8b70708c54c81e171a732290203010001a381fb3081f8301d0603551d0e0416041431033064bcc1be510209bca4145c6e0be66af8473081c80603551d230481c03081bd801431033064bcc1be510209bca4145c6e0be66af847a181
EAP-Message =
0x99a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900eb2e03c2a13fe16e300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003bf05821afecf65b925c8399ae640dda397577f3658d220ab66c8cb2874530979d6d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675b970efbbd4b5703aa9944e60
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=116, length=143
Message-Authenticator = 0x1a8b5245a61bc3d7981b6f501b7f9b97
User-Name = "scar_86"
State = 0xba75f675b970efbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message = 0x020500061900
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 7
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 116 to 148.202.51.160 port 1086
EAP-Message =
0x010600ed1900301f5365506830c461df3d539d96513b34043d4d9bf09f2572f8a837297e2abf9328fb0e39ef920f6d72b1be2a3ad75de80140e5afe0d8d8f629556cbc7860cc61f2a211059ac95524261e59a467719a9dbf6ebb4def56d3d8972d162940ec42dc62f43eb6b6da99839875c198df22b91d88f877359867d550edf9ed3095fde1092a2b82bac94d22959a5a2875683b868e5ed6e84ddf836c4bb73ab88aca0030093e419bde2ddcb8103f7a2598cf1d185c1ab016e09695f5744b6946fe666ca73ce3558a0139291c43bf9124721ba91437c71cf3e6fb8643c981169ddee116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675be73efbbd4b5703aa9944e60
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=117, length=459
Message-Authenticator = 0x8581437b3f6d5238fbbd62f1e64038f2
User-Name = "scar_86"
State = 0xba75f675be73efbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message =
0x020601401980000001361603010106100001020100aee803b843f7db475fc87e0bf494c4257cbd206d8df31756119b04823c902bc2622aad590eb1bf052120c439501799b14672a942abdefd5223a6217fb5b28112cd938d5d9c999386117774ca26d73588d6dd26bbe0541963da972977c178be62b0312fc5fadf3f950ffcd535be76495ec857791edfd008fea7f0266681e5da7201ca77f9b83e2e6830179e450a9dcc23a67f8a2790152fc277a4e5a52f6e3d7be56bc72e1eedcd1619388599f9cdc451305f3fa3e1f26d171c274f2609a09c00dc74a219cf7a019a701bcd3c60e995ad1c586642570ecc6dd77f95f90192ce3e5fe2cd053efe0a05
EAP-Message =
0x320c64d018122709341135434c259d41f0cf3e2ddf2113a11403010001011603010020ee256a74c55ea3574ada47b6a0747a226d1f0678fc6d114901798dd959c35738
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 8
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 117 to 148.202.51.160 port 1086
EAP-Message =
0x0107003119001403010001011603010020a53c9687739240bbeeb29a74e27519f5b614c5b10b4915514c03b35069e3d665
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675bf72efbbd4b5703aa9944e60
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=118, length=143
Message-Authenticator = 0x66e1f9efe9a786e05ac9074cd0b9683a
User-Name = "scar_86"
State = 0xba75f675bf72efbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message = 0x020700061900
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 9
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 118 to 148.202.51.160 port 1086
EAP-Message =
0x01080020190017030100151222976e703d88d92884f88872bdbb57e5387883e2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675bc7defbbd4b5703aa9944e60
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=119, length=172
Message-Authenticator = 0x50c118893598a2a236cfe6f3239d6078
User-Name = "scar_86"
State = 0xba75f675bc7defbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message =
0x02080023190017030100188983ca8bcfe1a0798b214163d4b3d647ae3711f4590efe66
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 10
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 8 length 35
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - scar_86
[peap] Got tunneled request
EAP-Message = 0x0208000c01736361725f3836
server {
PEAP: Got tunneled identity of scar_86
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to scar_86
Sending tunneled request
EAP-Message = 0x0208000c01736361725f3836
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "scar_86"
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
NAS-Port-Id = "fe.0.1"
server {
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 11
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 8 length 12
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server
[peap] Got tunneled reply code 11
EAP-Message =
0x010900211a0109001c10fd6aa46fcf6fd8477fe5c56c175259a6736361725f3836
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b4b38406b42229cebefc546f28a70e2
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010900211a0109001c10fd6aa46fcf6fd8477fe5c56c175259a6736361725f3836
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b4b38406b42229cebefc546f28a70e2
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 119 to 148.202.51.160 port 1086
EAP-Message =
0x010900381900170301002d280f4794bebf85c808822dbb97fdb82eb964aad6315923b1af106bd42548cf5f38bec30a0447d17afa47874749
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675bd7cefbbd4b5703aa9944e60
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=120, length=226
Message-Authenticator = 0xc33c461c0140487835c2c631aab41e3c
User-Name = "scar_86"
State = 0xba75f675bd7cefbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message =
0x020900591900170301004e26bf32671101588790902b779d47bd74ccb4f5c3cdd6a20230797c28f01ea3bb2bedcf144334514f2d1e2bcb0a71206c8d3a97cdd060bff11f6a7335ee80c45bff2cf10b16f27b7155905a23a0fd
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 12
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 9 length 89
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020900421a0209003d31100c22dd7513471362d5c79a479f3e890000000000000000d0bb4f51f243ed0e2d84a9dd7a850f273f760b25ee6304bd00736361725f3836
server {
PEAP: Setting User-Name to scar_86
Sending tunneled request
EAP-Message =
0x020900421a0209003d31100c22dd7513471362d5c79a479f3e890000000000000000d0bb4f51f243ed0e2d84a9dd7a850f273f760b25ee6304bd00736361725f3836
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "scar_86"
State = 0x6b4b38406b42229cebefc546f28a70e2
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
NAS-Port-Id = "fe.0.1"
server {
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 13
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 9 length 66
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Told to do MS-CHAPv2 for scar_86 with NT-Password
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect: [scar_86] (from client switch port 1 cli
00-1E-0B-3C-06-73 via TLS tunnel)
} # server
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 120 to 148.202.51.160 port 1086
EAP-Message =
0x010a00261900170301001b9dbb2123ee77d681a5d849eb35d1d86e12a35273c62292acb1f7a7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xba75f675b27fefbbd4b5703aa9944e60
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 148.202.51.160 port 1086,
id=121, length=175
Message-Authenticator = 0xa04268f26dadb9311c67440e9df3c553
User-Name = "scar_86"
State = 0xba75f675b27fefbbd4b5703aa9944e60
NAS-IP-Address = 148.202.51.160
NAS-Port = 1
NAS-Port-Type = Ethernet
Calling-Station-Id = "00-1E-0B-3C-06-73"
Called-Station-Id = "00-01-F4-78-67-60"
Framed-MTU = 1000
EAP-Message =
0x020a00261900170301001bbe6175faee9b978716a66a81f0fdbf6207d115d97dbbd8e384c381
NAS-Port-Id = "fe.0.1"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "scar_86", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files] users: Matched entry DEFAULT at line 154
++[files] returns ok
++- entering policy redundant {...}
[ldap2] performing user authorization for scar_86
[ldap2] WARNING: Deprecated conditional expansion ":-". See "man unlang"
for details
[ldap2] expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=scar_86)
[ldap2] expand: ou=People,o=cucea.udg.mx,dc=udg,dc=mx ->
ou=People,o=cucea.udg.mx,dc=udg,dc=mx
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=People,o=cucea.udg.mx,dc=udg,dc=mx, with
filter (uid=scar_86)
request done: ld 0x801266700 msgid 14
[ldap2] Added User-Password = O9ax5ASRUbt17FDIxcrA3s9fEBiHRM5APQxHew== in
check items
[ldap2] looking for check items in directory...
[ldap2] looking for reply items in directory...
[ldap2] user scar_86 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap2] returns ok
++- policy redundant returns ok
++[mschap] returns noop
++[chap] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
[eap] EAP packet type response id 10 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = LDAP
Found Auth-Type = EAP
Warning: Found 2 auth-types on request for user 'scar_86'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [scar_86] (from client switch port 1 cli
00-1E-0B-3C-06-73)
Delaying reject of request 18 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
More information about the Freeradius-Users
mailing list