IPs will not be assigned
subcode
subcode at gmx.de
Thu Apr 28 17:00:10 CEST 2011
Hi freeRadius users,
My goal is a hotspot for a coffee. My freeRadius is on Debian and the Access
Point is an Vodafone WLAN Router. All Function of the Vodafone Router are
disabled. Only Network Security WPA/WPA2 and Authentication: 802.1X, Server
IP: 192.168.2.1, Server Port: 1812, Secret Key: testing123
If I try to authenticated with an Apple Mac, I get the access but no IP, so
I don't have Internet.
What I'm doing wrong ??
#radiusd -X
FreeRADIUS Version 2.1.11, for host i686-pc-linux-gnu, built on Apr 21 2011
at 12:50:54
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
name = "freeradius"
prefix = "/usr/local"
localstatedir = "/usr/local/var"
sbindir = "/usr/local/sbin"
logdir = "/usr/local/var/log/radius"
run_dir = "/usr/local/var/run/freeradius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/usr/local/var/run/freeradius/freeradius.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client 127.0.0.1 {
require_message_authenticator = no
secret = "testing123"
shortname = "localhost"
}
client 192.168.2.1/32 {
require_message_authenticator = no
secret = "testing123"
shortname = "freeRadius"
}
client 192.168.2.88/32 {
require_message_authenticator = no
secret = "testing123"
shortname = "hotspotAP"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "reply_log" from file
/usr/local/etc/raddb/modules/detail.log
detail reply_log {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating module "auth_log" from file
/usr/local/etc/raddb/modules/detail.log
detail auth_log {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_ippool
Module: Instantiating module "lowpool" from file
/usr/local/etc/raddb/modules/ippool
ippool lowpool {
session-db = "/usr/local/etc/raddb/db.lowippool"
ip-index = "/usr/local/etc/raddb/db.lowipindex"
key = "%{NAS-IP-Address} %{NAS-Port}"
range-start = 192.168.188.1
range-stop = 192.168.188.254
netmask = 255.255.255.0
cache-size = 800
override = no
maximum-timeout = 0
}
Module: Instantiating module "attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/freeradius/freeradius.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/freeradius/freeradius.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
#################################################
When I try to login:
rad_recv: Access-Request packet from host 192.168.2.88 port 34881, id=2,
length=138
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202000801626f6f
Message-Authenticator = 0x4876fa4982588ed7ba6c175a60f6aecc
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry boo at line 1
[files] users: Matched entry DEFAULT at line 35
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.2.88 port 34881
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f215552d1be5738f4b0d4f875
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34882, id=3,
length=312
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f215552d1be5738f4b0d4f875
EAP-Message =
0x020300a419800000009a16030100950100009103014db97e5e76dd74cc559d116c7bccdcde68f8641490c1b88691a8348d1de835bc000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
Message-Authenticator = 0xff8ee300743754d4ec87a5705ca5ff3b
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 164
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 154
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0095], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.2.88 port 34882
EAP-Message =
0x0104040019c00000089b160301002a0200002603014db97d1e1856dc1db102cdb60379334359c350fd3494b03f5a58ce2f8b1ff0de00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message =
0x301e170d3131303432313131313832395a170d3132303432303131313832395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ba7b934ea499f2b2736373422c0982838ae11220f4fba107355d9c302ee14d5bb343fd018fa6bf0f482adad0498cfb111b39cf2ad9ac6b8e5aa6ba3965a5
EAP-Message =
0x51be869a298f1e32fabe2638588fb0ff7503365037a4f58b97302a4ee9b7499adc9bfdc9b15f845cb4344bb4d886699f35cdd25fc96197738b42c09b465b760ab59580f13fa763c44888cc809aefe02d885c2cc00d245a8364604212b497d00b1456906c0b2628fa6ab1a23f44bd4e38fc75953985c3e5f4776013d6cb52a45351871872b78e223bb1518d7ce70f38aa0aaf85b0668ee2a82925755b78d54bd4ff0deb5c0000554a7d2bbac1398a892e77a67244a194caf00700ca2cc1f5c01c05ef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010087a0f914b4773f8893
EAP-Message =
0x21b931488032bfb518299226902cedb21008a8ba2360ec495cd1dfcee1cee13427005c00d359b1058fc50522a3eb71863d94eec6b2516fd9d457103328c7d1b702f9e436a80db57227ac13aa87729be0d276943a9b8e5909751c55e15f07a040be10383a9694e51b14425d4272338807fc8a01230323f19b616816902a4ae373ded5851950d17ecd6a41c7147c304cdf5afba9a8fd56c74693a218bda99ffd577bc791670ae3702af2d854535ff0c193ffe3259443cb4a222d2a613f465c560843a1f9c7fa98b874e22c81dc6e93c6a1ed8479f7615c4638310f6134ee34009e6be8a53e19ec7dbaf144a08457026ec4642f90e8e3e99f0004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f205252d1be5738f4b0d4f875
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34883, id=4,
length=154
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f205252d1be5738f4b0d4f875
EAP-Message = 0x020400061900
Message-Authenticator = 0xccf21f87cc15a1696d8dcee766ed27fb
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.2.88 port 34883
EAP-Message =
0x010503fc194000abc71f33573e3fde300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303432313131313832395a170d3132303432303131313832395a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a2d198e35bf353e8a6b75d29e1cea897998fdacf40b9328cf84a7ff6ca0d03d3ee11864836b4f43a7cfb4b06cdd2d9e4a4b0f4e93f6ecac75a63229e53dff975dfa2e18b44c49c5bfbc9cdab97ca9d2215908ec6dc0cf041b02202424f4dceaf331f85a9bcda3c7db89a5f0a46b8e1
EAP-Message =
0x965131641bc6a7402647041af554d0f0105f86614f35f1849b00a6a9f068ab233d25a2a2e42e5c7f04be27386de260ea1608c69aa57c4bbf107a5ef765835a36f77c02ebddad36f49733886f98c62a00fd66ebdd67118a9652cd9fe63303b8ea4d85a4b4eeeaa1434f81d10270ab02700d1dbf73313f930d79c3fb05e6fbcf17d2206b55806368897c5d84cae3d215dd8b0203010001a381fb3081f8301d0603551d0e04160414752dd439d6e5377b7ec304e788fb9a1dc7c6c6683081c80603551d230481c03081bd8014752dd439d6e5377b7ec304e788fb9a1dc7c6c668a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900abc71f33573e3fde300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100017d1dd439df54d86d72b4d890d1a3f25cd5382e6f4464fbae1e922b3e48c041d6fbfbf759b89e8b65f7ab37ac5c0f7806c5a21ef8946eb13dc40739face77fb6015b46197254fba2cc42e202b699be9ab6b
EAP-Message = 0x94f19ec8c3e9828c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f235352d1be5738f4b0d4f875
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34884, id=5,
length=154
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f235352d1be5738f4b0d4f875
EAP-Message = 0x020500061900
Message-Authenticator = 0x0737e559ac7aca02525f81a36a74ff09
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.2.88 port 34884
EAP-Message =
0x010600b51900a4d2aa9097ff1df73961157c8680b7d2d222fa071ad58b9fca37a8a973d37fd64e99856c900bee026b84ee5cf875aa97036dda3b3fe893dbe469f5954c1efe1fbf0b579d3a8c50b2b56fc312c956f9a676a0ff9062bcb3430cb5fe6a344855261a4ac3c3a35b4fac6c197a2868adde65e595adc8aab2091b9793e9d9cec0698fbee4029caecf271efedea75de52f7f064f3c4e78f5f4632ea06342417f5f54295d67749f1a1a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f225052d1be5738f4b0d4f875
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34885, id=6,
length=407
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
State = 0x21564b2f225052d1be5738f4b0d4f875
EAP-Message =
0x0206015019800000014616030101061000010201006ca46f309f60a272907b09742bbd6100ff1d97597bc5a6ba73d3600812ff5b85589637985667847f7c3da60ef6cd233db473a7100ce780a9515d9c2415e7ef02ed7769ccbf0e209887d8692aa307d3ce6c2b8acfd1695ac9e27ccca4b2f15589e3bb3ac84c957221144a69890bdde0be8f6839089e216a59d0336247bcc851b508774114bb5e122dec2da2924afa5d7103ac50fc694eed3ae1655d361c2d34d6b092bd2cf4066cf3e442f5092fd73f0d04a6b37d9d46cc2d7e7205e29302821b920352dd74dcaa2f5c6df2dbaf164a2cea2cab0b13b1c8aa5973a75d71209525b4350441b349575f
EAP-Message =
0x609eababb6acaac76f6919caba347c9564a944d571c47e361403010001011603010030e0f817eccd6b1e3d3dbb4a155b54615f54e28d57e1ed59f028ffbe79f74bbaa05cc8389a4c225f8f680df2db29ade738
Message-Authenticator = 0x7bbe6e979530ef41b057bc2375596b5d
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.2.88 port 34885
EAP-Message =
0x0107004119001403010001011603010030ce12d6807d88bab2980e98b0f283310fee7d98d752c5b6e402e42e470eee21cca886ddf5e8e52d9b875365d199bad24c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f255152d1be5738f4b0d4f875
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34886, id=7,
length=154
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f255152d1be5738f4b0d4f875
EAP-Message = 0x020700061900
Message-Authenticator = 0xf2bdb6c7a41e68097e6a008123ae0f00
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.2.88 port 34886
EAP-Message =
0x0108002b19001703010020d0cee21eb335a040d6bd754aa615cef1948b2cde3e3c7b2ccc5f13d671ebf9fb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f245e52d1be5738f4b0d4f875
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34887, id=8,
length=191
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f245e52d1be5738f4b0d4f875
EAP-Message =
0x0208002b19001703010020405e092a1d2516394fa461fb0ba74d4a16dbfbf28910f65768172f9cb7794a36
Message-Authenticator = 0xa812767590aef81207611d0a42284e50
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - boo
[peap] Got inner identity 'boo'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0208000801626f6f
server {
[peap] Setting User-Name to boo
Sending tunneled request
EAP-Message = 0x0208000801626f6f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "boo"
server inner-tunnel {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 8
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry boo at line 1
[files] users: Matched entry DEFAULT at line 35
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
EAP-Message = 0x0109001d1a010900181075bbc07ced4c612749e0e8e0386b7ee1626f6f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b052bf57b0c31153b0f177e7b600567
[peap] Got tunneled reply RADIUS code 11
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
EAP-Message = 0x0109001d1a010900181075bbc07ced4c612749e0e8e0386b7ee1626f6f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b052bf57b0c31153b0f177e7b600567
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 8 to 192.168.2.88 port 34887
EAP-Message =
0x0109003b190017030100301c4beaf4f10b88ae58ea76a9ad2005383cedae18fa55caea3b8800d4b505f75fd8f2f9f2b3045b6b4d1cf9f71389b0d4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f275f52d1be5738f4b0d4f875
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34888, id=9,
length=239
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f275f52d1be5738f4b0d4f875
EAP-Message =
0x0209005b190017030100503da01a62411430004d35d925f057c5b0e201cfdaf1e5355f65830c4cf9ba1248fd7204b918c71d5b10ac9b0790dafc5188b26cbc3f0669ffbc58986a3bb370549f1b0a8c5344993960f5641f973113ba
Message-Authenticator = 0x78c509cbc9fff3c74d8f6c9d85b30826
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 91
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x0209003e1a0209003931de52063462a94106e57f7099d8e0773f000000000000000063e989f957274b81934fa1ea116e083291dad00b70d09f3000626f6f
server {
[peap] Setting User-Name to boo
Sending tunneled request
EAP-Message =
0x0209003e1a0209003931de52063462a94106e57f7099d8e0773f000000000000000063e989f957274b81934fa1ea116e083291dad00b70d09f3000626f6f
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "boo"
State = 0x7b052bf57b0c31153b0f177e7b600567
server inner-tunnel {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 62
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry boo at line 1
[files] users: Matched entry DEFAULT at line 35
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] Creating challenge hash with username: boo
[mschap] Told to do MS-CHAPv2 for boo with NT-Password
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
EAP-Message =
0x010a00331a0309002e533d45313233383738423637303137354532443645443430354133413235374436333433344145343233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b052bf57a0f31153b0f177e7b600567
[peap] Got tunneled reply RADIUS code 11
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
EAP-Message =
0x010a00331a0309002e533d45313233383738423637303137354532443645443430354133413235374436333433344145343233
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7b052bf57a0f31153b0f177e7b600567
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 9 to 192.168.2.88 port 34888
EAP-Message =
0x010a005b190017030100509b93bf40fa19ae992fdfa3eae3312a4a932c5a88207d36acffc7806b19f955a09542dd5937a922b690d579406985db74cee8ebc94b5c2627588866c271d4325cce1fe1b440eaafc855a1565833055a0b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f265c52d1be5738f4b0d4f875
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34889, id=10,
length=191
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f265c52d1be5738f4b0d4f875
EAP-Message =
0x020a002b1900170301002053bcaf27a58802b86c8d5b6777ef0296385e5be23e396c40ed305ed77ea2e9b8
Message-Authenticator = 0x224760a4c0364af7397d0559fab335fd
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020a00061a03
server {
[peap] Setting User-Name to boo
Sending tunneled request
EAP-Message = 0x020a00061a03
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "boo"
State = 0x7b052bf57a0f31153b0f177e7b600567
server inner-tunnel {
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 10 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry boo at line 1
[files] users: Matched entry DEFAULT at line 35
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns ok
Login OK: [boo/<via Auth-Type = EAP>] (from client hotspotAP port 0 via TLS
tunnel)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[reply_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/192.168.2.88/reply-detail-20110428
[reply_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/reply-detail-20110428
[reply_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[reply_log] returns ok
} # server inner-tunnel
[peap] Got tunneled reply code 2
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x20a3e5676c77a165281a401a34715be3
MS-MPPE-Recv-Key = 0xcd5b9a0f61b4689c50b6135da431ca10
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "boo"
[peap] Got tunneled reply RADIUS code 2
Service-Type = Framed-User
Framed-IP-Address = 192.168.182.25
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
MS-MPPE-Send-Key = 0x20a3e5676c77a165281a401a34715be3
MS-MPPE-Recv-Key = 0xcd5b9a0f61b4689c50b6135da431ca10
EAP-Message = 0x030a0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "boo"
[peap] Tunneled authentication was successful.
[peap] SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 10 to 192.168.2.88 port 34889
EAP-Message =
0x010b002b19001703010020e67ea9a01196c47891598997b944844d8f4208aadc79901497e7418404c87379
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x21564b2f295d52d1be5738f4b0d4f875
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.2.88 port 34890, id=11,
length=191
User-Name = "boo"
NAS-IP-Address = 0.0.0.0
Called-Station-Id = "88-25-2C-AD-86-F2:EasyBox-AD86\000"
Calling-Station-Id = "00-26-08-ED-A8-99"
NAS-Port = 29
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
State = 0x21564b2f295d52d1be5738f4b0d4f875
EAP-Message =
0x020b002b19001703010020bc0e31f31297bb2ab862ef71e87d0173d659ab263723f83f80e3ab05ef3f0f07
Message-Authenticator = 0x068a9407a2d2daef5f3e4d9763f6af35
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/192.168.2.88/auth-detail-20110428
[auth_log] expand: %t -> Thu Apr 28 16:43:42 2011
++[auth_log] returns ok
++[mschap] returns noop
[suffix] No '@' in User-Name = "boo", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 11 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv success
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [boo/<via Auth-Type = EAP>] (from client hotspotAP port 29 cli
00-26-08-ED-A8-99)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[lowpool] Could not find Pool-Name attribute.
++[lowpool] returns noop
++[exec] returns noop
Sending Access-Accept of id 11 to 192.168.2.88 port 34890
MS-MPPE-Recv-Key =
0xa9247a3f9ba78f9650cb12fe6d5e296c4a0cdda99d3a66e0e2956ebeed60438c
MS-MPPE-Send-Key =
0xed10d0e4228c99f5dd75e8da1e5e94ee85960cdfc6a2c877ecce79948038a0b1
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "boo"
Finished request 9.
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 2 with timestamp +171
Cleaning up request 1 ID 3 with timestamp +171
Cleaning up request 2 ID 4 with timestamp +171
Cleaning up request 3 ID 5 with timestamp +171
Cleaning up request 4 ID 6 with timestamp +171
Cleaning up request 5 ID 7 with timestamp +171
Cleaning up request 6 ID 8 with timestamp +171
Cleaning up request 7 ID 9 with timestamp +171
Cleaning up request 8 ID 10 with timestamp +171
Cleaning up request 9 ID 11 with timestamp +171
Ready to process requests.
###############################################
user:
"boo" Cleartext-Password := "boo"
Service-Type = Framed-User,
Framed-IP-Address = 192.168.182.25,
Fall-Through = yes
"blu" Cleartext-Password := "blu"
Service-Type = Framed-User,
Fall-Through = yes
DEFAULT Pool-Name := "lowpool"
Fall-Through = Yes
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "CSLIP"
Framed-Protocol = SLIP,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Hint == "SLIP"
Framed-Protocol = SLIP
Can somebody help my?? Thanks in advance
--
View this message in context: http://freeradius.1045715.n5.nabble.com/IPs-will-not-be-assigned-tp4346701p4346701.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list