autz-type according ldap server

cd christophedeze at wanadoo.fr
Tue Feb 2 15:02:23 CET 2010


I have a little problem
but I think it's because autz-type is badly configured
I have 2 ldaps (ldap_peda and ldap_admin)
users account works fine on each servers

but machine accounts work only on ldap_peda

when a computer boot 
freeradius logs says 
+++[ldap_admin] returns ok 
[...]
++[ldap_peda] returns notfound
(it s normal)

but it says Sending Access-Accept with autz-type ldap_peda and not ldap_admin

So machine is in the wrong vlan 

What do I miss ?



my users file
#### IT S FOR MACHINE ACCOUNT AUTH
DEFAULT Autz-Type := ldap_peda
Tunnel-Type=VLAN,
Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=20,
Reply-Message="ok_hostpeda"

DEFAULT Autz-Type := ldap_admin
Tunnel-Type=VLAN,
Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=10,
Reply-Message="ok_hostadmin"


#### IT S FOR USERS ACCOUNT AUTH
DEFAULT ldap_peda-Ldap-Group=="Eleves"
Tunnel-Type=VLAN,
Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=20,
Reply-Message="okeleves"

DEFAULT ldap_peda-Ldap-Group=="professeurs"
Tunnel-Type=VLAN,
Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=20,
Reply-Message="okprofs"

DEFAULT ldap_admin-Ldap-Group=="administratifs"
Tunnel-Type=VLAN,
Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=10,
Reply-Message="admin"



FreeRADIUS Version 2.1.7, for host i486-pc-linux-gnu, built on Oct 5 2009 at 14:59:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. 
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A 
PARTICULAR PURPOSE. 
You may redistribute copies of FreeRADIUS under the terms of the 
GNU General Public License v2. 
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/control-socket
group = freerad
user = freerad
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
virtual_server = "inner-tunnel"
}
client 192.168.10.254 {
require_message_authenticator = no
secret = "momo"
shortname = "Nortel"
nastype = "other"
virtual_server = "inner-tunnel"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
}
Module: Linked to module rlm_ldap
Module: Instantiating ldap_admin
ldap ldap_admin {
server = "192.168.10.2"
port = 389
password = ""
identity = ""
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "o=gouv,c=fr"
filter = "(uid=%{mschap:User-Name})"
base_filter = "(objectclass=radiusprofile)"
password_attribute = "user-Password"
auto_header = no
access_attr = "uid"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 15
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = yes
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap_admin-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap_admin-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap_admin
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
conns: 0x8176838
Module: Instantiating ldap_peda
ldap ldap_peda {
server = "192.168.20.2"
port = 389
password = ""
identity = ""
net_timeout = 1
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "o=gouv,c=fr"
filter = "(uid=%{mschap:User-Name})"
base_filter = "(objectclass=radiusprofile)"
password_attribute = "user-Password"
auto_header = no
access_attr = "uid"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter = "(&(objectClass=posixGroup)(memberUid=%{mschap:User-Name}))"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 15
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = yes
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Creating new attribute ldap_peda-Ldap-Group
rlm_ldap: Registering ldap_groupcmp for ldap_peda-Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap_peda
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP userPassword mapped to RADIUS Cleartext-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
conns: 0x8177e58
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "mschapv2"
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/ssl/certs/eole.key"
certificate_file = "/etc/ssl/certs/eole.crt"
CA_file = "/etc/ssl/certs/ca.crt"
dh_file = "/etc/ssl/dh"
random_file = "/dev/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server {
modules {
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=239, length=122
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xf9beb36136492c7928eb9131e2fb21ca
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
EAP-Message = 0x020b001201686f73742f70632d61646d696e
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 11 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.20.2:389, authentication 0
rlm_ldap: bind as / to 192.168.20.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.10.2:389, authentication 0
rlm_ldap: bind as / to 192.168.10.2:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 239 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x010c00271a010c002210d92b9fd31dccad929fdb3f2ca05a6646686f73742f70632d61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25aff54b96dea318012fe73d9
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=240, length=128
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x21826287328e18d53b013ad8b9b196f1
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25aff54b96dea318012fe73d9
EAP-Message = 0x020c00060319
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 12 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 240 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x010d00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25bfe57b96dea318012fe73d9
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=241, length=202
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x6939b9798b27d12e96581c83e621324d
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25bfe57b96dea318012fe73d9
EAP-Message = 0x020d005019800000004616030100410100003d03014b6829d4ba7efe234d701d03c5952b9eb8ead51c8105eb946369aacc24e8430000001600040005000a000900640062000300060013001200630100
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 13 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] (other): before/accept initialization 
[peap] TLS_accept: before/accept initialization 
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello 
[peap] TLS_accept: SSLv3 read client hello A 
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello 
[peap] TLS_accept: SSLv3 write server hello A 
[peap] >>> TLS 1.0 Handshake [length 0914], Certificate 
[peap] TLS_accept: SSLv3 write certificate A 
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone 
[peap] TLS_accept: SSLv3 write server done A 
[peap] TLS_accept: SSLv3 flush data 
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase 
In SSL Accept mode 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 241 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x010e040019c000000951160301002a0200002603014b68298c6d7075b0b54fb873ef9fa975135522b70e535ab172d2d7a99533d73e0000040016030109140b00091000090d0004af308204ab30820393a003020102020120300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d31333031303431
EAP-Message = 0x35303632365a30818d310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573312630240603550403131d70662d616d6f6e2e30373231353732542e61632d6e616e7465732e667230820122300d06092a864886f70d01010105000382010f003082010a0282010100e4bed7c951596527195184c10821f2095377a90e673796557a48c155e02114854d78ef0a554f4508f9b65fabbbe13c41f336035031036c0406d1cfa48959aa70e6bbe935fa99
EAP-Message = 0x376c3784bbadd7617ab8ce3379b7b067a632c25ccbe005fcfc04e88fe73f53256aa16ee313b08ad0db3e843ab8c459e476f2e5d85779ccab883841a4b410efafa984bb03f2ae66f9bbdccc438edbf28b9ae2d2bfb99c72e37b6e9f43efec87f622bd64f50f281c42738a4d534b0588436d7bc05e2ebfd286f9f5202ca4ebd88d0b483f513f601ef41c0372e57e025264814e7c26d5cd550c14ceca6f04267766408a69cd9774a86d377dc39319419639f0ae531f64e65077ee310203010001a382012630820122300c0603551d130101ff04023000301d0603551d0e04160414d9d4f8e696b1018db9607d864c473313ecd52e533081ac0603551d2304
EAP-Message = 0x81a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300b0603551d0f0404030205a0301106096086480186f8420101040403020640302406096086480186f842010d04171615436572746966696361742073656c66207369676e65300d06092a864886f70d01010505000382
EAP-Message = 0x010100738b52410508dfb265
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee258fd57b96dea318012fe73d9
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=242, length=128
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xfb36b01671119b3c8b0224e2688bb6e0
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee258fd57b96dea318012fe73d9
EAP-Message = 0x020e00061900
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 14 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 242 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x010f03fc19401182ca5390bea1fe88313c924d092dbd0cb475424af8c336fe26053d412f47c50fe19c560b380240cd0ffc099b2d1389efe8138320b9c39ff976bb256aa135220112ce2dcbda12a62d121874632f586a639ab589de66aab22d0c8be6b3038ef720750df0fc4a49d65fd28ac02cf66774b954084b383d2be00517d663023aee762e237709c22dfad7be540c986d88fb9e0cd1d07723dc5a1b86bac13bfc40ce7d6b640ab880491b96a5069e353e781586f8a1ed77c86e94b7eadb0ed3319ae20ace6a378133a7022b2080796dd1c122ac1f4a5c2e7257cdbff34956e38db82ab83ce720e860c087888c09c792fb0cd761cc6bf95f8d82ae
EAP-Message = 0x000458308204543082033ca003020102020900f600a779ca4a31f2300d06092a864886f70d0101050500307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c6520284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e301e170d3130303130343135303632365a170d3133303130343135303632365a307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65
EAP-Message = 0x20284d454e455352293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c98d21324f37ff11d786d7c35d535d59aae2514ae1b9d0647cde3fb9f700505a1d945695c686888f85f5b36c083bee7d99d29dab7444ce49efa4a9802fa14565b1778f676baf779694fe8167ea4e3cf7cd350219e755c5389f981290b31d0414e7967d7f05b92bfbd52f188754f8a47e193638cf68927ca3c8bc307c860f3ef36b39bd3d10117cbe53837e3c60390357cb55a73c6f4b44
EAP-Message = 0x8ea1a5c9b451094d5c02f5e2e482071c7950df080d1f3644f47d9a7aefd6958e5eb5ebf2f93bdf1d65901ea2a3b9b110d16b808ef34a7c3374bb7263d077f063734d63b186b29928e17ef698ed7e4b2841387fc844cb07cc7eb4fd39de3ebc8e4fe0cf2eca4d1b93510203010001a381dc3081d930090603551d1304023000301d0603551d0e04160414323a4970ba53cf9fff2b2ce5436dd64e036b4cf73081ac0603551d230481a43081a18014323a4970ba53cf9fff2b2ce5436dd64e036b4cf7a17ea47c307a310b3009060355040613024652312f302d060355040a13264d696e69737465726520456475636174696f6e204e6174696f6e616c65
EAP-Message = 0x20284d454e455352
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee259fc57b96dea318012fe73d9
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=243, length=128
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xd8c323cc1c5dca53fdc26144184a55df
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee259fc57b96dea318012fe73d9
EAP-Message = 0x020f00061900
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 15 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 243 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x0110016b1900293111300f060355040b1308303732313537325431123010060355040b130961632d6e616e746573311330110603550403130a43412d70662d616d6f6e820900f600a779ca4a31f2300d06092a864886f70d0101050500038201010042fb00de5ab000702d477a4af2d066894ac9481a89afd607a8e4f870038ca1f2e4c2ccba76f8c8db937ccc0c1607694dc7316a32ac04f88035c99b3802c40e6af4381339b21229c22e4bab13c4c0d12039f5030c932283e00dd5855df9a1c8172e257e3a41ad6928431aeb93813578cf9208816cd75e3306b3a31e175f3f6fe054317296231e4d53ca9fd6879b03330265e555633dd78100c55681
EAP-Message = 0xdc1181d3cf04302e58287bbf7cbbd102ddceeb821787e736217180fd90a1f0690e40338cfa058c84dae4404611e2a04aebf9a5f09c28f3bba02bc2663707c320ff8f40f9b3f6455f1a683d5c2e9b67a4cdf327665ebcd7e24afd894e826f76f5125763470e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25ee357b96dea318012fe73d9
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=244, length=444
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x9d064c122b5956c73615d6349ffcd178
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25ee357b96dea318012fe73d9
EAP-Message = 0x02100140198000000136160301010610000102010099e22fbe4a05d936accfcc683fd55f8b40700b04e65e3b78c86f9117140b263c154c7e549b412e66757099dcbb13dfb218779e04be85a67c741dddf6330b8873c677c47b0afbe278d88c68cfa0943459b196f5e12e02ed21271f9dbaa3289de2ce776cf3da2e30eea71308f185b2e7d4dbdd2ed4fc59316384ed6fa408dc96ec0a212a99cd89692a92b12717206fb0a3a0e8b9c70106f6840256733976809d3edb569081ba70d4bcaf6f65d6784eb7d457297c263f549c34f7f8db3f55eae388f086290d5bde0840af663c86a181464e1cc22b035e1434614f23ed4fc54ac3e39a404a2c71b3f0d3
EAP-Message = 0x22a99e4af56b9ca63a6dab50062bb096e513852043326d0a14030100010116030100204948fe1d6f1b3ecde1765601ef11cfd1936905e4f4948312a68781a0739e2666
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 16 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11 
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange 
[peap] TLS_accept: SSLv3 read client key exchange A 
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] 
[peap] <<< TLS 1.0 Handshake [length 0010], Finished 
[peap] TLS_accept: SSLv3 read finished A 
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] 
[peap] TLS_accept: SSLv3 write change cipher spec A 
[peap] >>> TLS 1.0 Handshake [length 0010], Finished 
[peap] TLS_accept: SSLv3 write finished A 
[peap] TLS_accept: SSLv3 flush data 
[peap] (other): SSL negotiation finished successfully 
SSL Connection Established 
[peap] eaptls_process returned 13 
[peap] EAPTLS_HANDLED
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 244 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x01110031190014030100010116030100203700812b24e375749201076da0bd9b4c462587b2d818f14a726c9beb33feeb45
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25fe257b96dea318012fe73d9
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=245, length=128
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xb9d8ae0e08e37f9d172f8e0eda4b780c
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25fe257b96dea318012fe73d9
EAP-Message = 0x021100061900
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 17 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3 
[peap] eaptls_process returned 3 
[peap] EAPTLS_SUCCESS
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 245 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x0112002019001703010015b30cb528421556a6b7595ed3761ee6c1aaebee96dc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25ce157b96dea318012fe73d9
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=246, length=163
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xfe515d2dd1c0562720460ac87f8684ae
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25ce157b96dea318012fe73d9
EAP-Message = 0x021200291900170301001e8f577a77f3936128a808f14d17c3fb56dd053088ce04a8319e069b68bc4e
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 18 length 41
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - host/pc-admin
[peap] Got tunneled request
EAP-Message = 0x0212001201686f73742f70632d61646d696e
server inner-tunnel {
PEAP: Got tunneled identity of host/pc-admin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/pc-admin
Sending tunneled request
EAP-Message = 0x0212001201686f73742f70632d61646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/pc-admin"
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
NAS-Port = 10
Framed-MTU = 1490
Calling-Station-Id = "00-0C-29-F7-CC-A0"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 18 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fb3bf1f5fa0a5401b55155387e6016c
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x011300271a01130022103abcb825a9f3a4a3ef8a850d3573308d686f73742f70632d61646d696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fb3bf1f5fa0a5401b55155387e6016c
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 246 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x0113003e190017030100337504bfcfdd2686dec869ab4dc942775c76ad373a4014d7994c954b743803351ee1570e54043d7b3a6432bf116c45b3e40b9ce9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee25de057b96dea318012fe73d9
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=247, length=217
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x34be6f17afd410895671a689cdaa2ace
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee25de057b96dea318012fe73d9
EAP-Message = 0x0213005f19001703010054d9a59f27d7f3fd8667cf9248bddcc6d8335f836aacc87e5567c1c17962874c425a7e3b8a0e137606a9f01fec1c5f6381f4382d502c02eb469d8a2a73513c55f2ab6a1834e641162955910e9fd80293782b4fc76b
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 19 length 95
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e
server inner-tunnel {
PEAP: Setting User-Name to host/pc-admin
Sending tunneled request
EAP-Message = 0x021300481a021300433186b47cb64903955b806163bb51c35db8000000000000000041a2daf3776d80fcf8208f4fe0e697184864cb49983d513800686f73742f70632d61646d696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/pc-admin"
State = 0x5fb3bf1f5fa0a5401b55155387e6016c
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
NAS-Port = 10
Framed-MTU = 1490
Calling-Station-Id = "00-0C-29-F7-CC-A0"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 19 length 72
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] Found NT-Password
[mschap] Told to do MS-CHAPv2 for host/pc-admin with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success 
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fb3bf1f5ea7a5401b55155387e6016c
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x011400331a0313002e533d30453146453344413437333434303035434445323936383045394344354246303233344539384235
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5fb3bf1f5ea7a5401b55155387e6016c
[peap] Got tunneled Access-Challenge
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 247 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x0114004a1900170301003fcaee9ba310faf92efca265d1525ab6435017cd256d841401359551ef19eb8dab39eaa87f35a8c2e079554a0291898d709de59a87219a6217fbd3e57f456337
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee252e757b96dea318012fe73d9
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=248, length=151
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0xd0a4155dd2819c7764b212492c148338
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee252e757b96dea318012fe73d9
EAP-Message = 0x0214001d19001703010012207c339d428fdb827f4aef0d36ae8ae833ad
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 20 length 29
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x021400061a03
server inner-tunnel {
PEAP: Setting User-Name to host/pc-admin
Sending tunneled request
EAP-Message = 0x021400061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "host/pc-admin"
State = 0x5fb3bf1f5ea7a5401b55155387e6016c
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
NAS-Port = 10
Framed-MTU = 1490
Calling-Station-Id = "00-0C-29-F7-CC-A0"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 20 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
WARNING: Empty section. Using default return values.
} # server inner-tunnel
[peap] Got tunneled reply code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x03140004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "host/pc-admin"
[peap] Got tunneled reply RADIUS code 2
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x03140004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "host/pc-admin"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
[peap] Saving tunneled attributes for later
++[eap] returns handled
} # server inner-tunnel
Sending Access-Challenge of id 248 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
EAP-Message = 0x011500261900170301001bf941565a3183097d130c6f900ea8d2b7449ccb3bdcccf59f96527b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5af34ee253e657b96dea318012fe73d9
Finished request 9.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.10.254 port 1024, id=249, length=160
NAS-IP-Address = 10.172.253.110
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Message-Authenticator = 0x50f80e51813b38b0aa944eba89d37efa
NAS-Port = 10
Framed-MTU = 1490
User-Name = "host/pc-admin"
Calling-Station-Id = "00-0C-29-F7-CC-A0"
State = 0x5af34ee253e657b96dea318012fe73d9
EAP-Message = 0x021500261900170301001be0562040c9bb550ba6720c9d0826df79e9fc5b58f7427160c7c9ad
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 21 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
[files] users: Matched entry DEFAULT at line 207
++[files] returns ok
++- entering group {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_peda] returns notfound
[ldap_admin] performing user authorization for host/pc-admin
[ldap_admin] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_admin] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
[ldap_admin] checking if remote access for host/pc-admin is allowed by uid
[ldap_admin] No default NMAS login sequence
[ldap_admin] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password == 0x3637444441324243414646313035424333373446304245434641463733333430
[ldap_admin] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the user is configured correctly?
[ldap_admin] user host/pc-admin authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_admin] returns ok
++- group returns ok
++[expiration] returns noop
++[logintime] returns noop
Using Autz-Type ldap_peda
+- entering group ldap_peda {...}
[ldap_peda] performing user authorization for host/pc-admin
[ldap_peda] expand: (uid=%{mschap:User-Name}) -> (uid=pc-admin$)
[ldap_peda] expand: o=gouv,c=fr -> o=gouv,c=fr
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in o=gouv,c=fr, with filter (uid=pc-admin$)
rlm_ldap: object not found
[ldap_peda] search failed
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap_peda] returns notfound
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7 
[peap] Done initial handshake
[peap] eaptls_process returned 7 
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[peap] Using saved attributes from the original Access-Accept
[eap] Freeing handler
++[eap] returns ok
WARNING: Empty section. Using default return values.
} # server inner-tunnel
Sending Access-Accept of id 249 to 192.168.10.254 port 1024
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "20"
Reply-Message = "ok_hostpeda"
User-Name = "host/pc-admin"
MS-MPPE-Recv-Key = 0x4cb00c191ad9ce2d5913f5218594324f3017e7efd7d209aa14b6b56b6a520f1a
MS-MPPE-Send-Key = 0x48f134131000bba5b3f590233bc0e3d08e7d99b8f8806bb99b484ede6ce0b0b2
EAP-Message = 0x03150004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 10.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 239 with timestamp +40
Cleaning up request 1 ID 240 with timestamp +40
Cleaning up request 2 ID 241 with timestamp +40
Cleaning up request 3 ID 242 with timestamp +40
Cleaning up request 4 ID 243 with timestamp +40
Cleaning up request 5 ID 244 with timestamp +40
Cleaning up request 6 ID 245 with timestamp +40
Cleaning up request 7 ID 246 with timestamp +40
Cleaning up request 8 ID 247 with timestamp +40
Cleaning up request 9 ID 248 with timestamp +40
Cleaning up request 10 ID 249 with timestamp +40
Ready to process requests.





More information about the Freeradius-Users mailing list