Yet another multiple SSID setup question
Nick Kartsioukas
lists.freeradius at change.nightwind.net
Fri Jul 29 02:17:05 CEST 2011
Ok, I've gotten a little bit further with setting up my multiple SSID
stuff. I'm still working with just the test SSID, trying to get
PEAP/MSCHAP working, but running into problems with the inner virtual
server and would appreciate any further help. It's failing on the inner
tunnel with an error that it has no value specified for the auth type,
but shouldn't that be set by the eap module?
eap.conf excerpt (left out the rest which is mostly default):
eap eap_cuesta {
default_eap_type = peap
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel-cuesta"
}
}
default:
authorize {
preprocess
auth_log
rewrite_called_station_id
switch Called-Station-Ssid {
case "test" {
eap_cuesta
}
}
}
authenticate {
Auth-Type eap_cuesta {
eap_cuesta
}
}
inner tunnel:
authorize {
suffix
eap_cuesta {
ok = return
}
}
authenticate {
mschap_cuesta
}
debug output:
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=198,
length=199
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message =
0x02010019016e6963686f6c61735f6b61727473696f756b6173
Message-Authenticator = 0x87ae80681a5d9a1624592e7a03d518a5
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 0: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 1 length 25
[eap_cuesta] No EAP Start, assuming it's an on-going EAP conversation
++++[eap_cuesta] returns updated
+++- case test returns updated
++- switch Called-Station-Ssid returns updated
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] EAP Identity
[eap_cuesta] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap_cuesta] returns handled
Sending Access-Challenge of id 198 to 10.32.33.1 port 32769
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320b2b565e0f7fc7d47ec4907c
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=199,
length=297
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message =
0x0202006919800000005f160301005a0100005603014e31f9240f214a33a4bd8894295f89f2485c8de4a5fe951c8925b53d8640840300002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
State = 0x0b294f320b2b565e0f7fc7d47ec4907c
Message-Authenticator = 0xb42fd305fcad5be40bd0f9e95ee3af9c
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 1: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 2 length 105
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 0c9e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[peap] TLS_accept: SSLv3 write key exchange A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 199 to 10.32.33.1 port 32769
EAP-Message =
0x0103040019c000000ef416030100310200002d03014e31f929e568bac3df95f77c2bb87c50d07a91af1d409cd407608d6426344028000039010005ff010001001603010c9e0b000c9a000c970003fa308203f6308202dea003020102021022fe7e14527a08952ff9ef9c52bf4145300d06092a864886f70d0101050500303c310b300906035504061302555331153013060355040a130c5468617774652c20496e632e311630140603550403130d5468617774652053534c204341301e170d3131303532353030303030305a170d3132303632303233353935395a30818e310b3009060355040613025553311330110603550408130a43616c69666f72
EAP-Message =
0x6e6961311830160603550407140f53616e204c756973204f626973706f31173015060355040a140e43756573746120436f6c6c656765311a3018060355040b1411436f6d7075746572205365727669636573311b301906035504031412776562617574682e6375657374612e65647530820122300d06092a864886f70d01010105000382010f003082010a02820101009f15ff8560f97eecdd587411089166fd4cb7912243e7ef749efa0042711c51a4760be3f12c8040b732c74d9fd61f98488856931be1c7a7e9dd4cde8ea880ff6c987d616f105b53364b27954b50fd0c819aea713f6c79f207f74608ea6e8dc078bf1933468da308aac820d20db5
EAP-Message =
0xbd6ec9241984e03b8b89498b7900460a68cc0fb3862c48cf373ec61bf8b00d164f8ac3a6de689e02791e6ca962f9ff240ebb1454aa5faf851adf5a8fa4165dda1dc9088dde24eece774a5b5a1378516c775a7adc9ebba4451ce521efdfc7a4a746bcf69f13fb849b1268ea08a9d4f848fea09c8f2b31254ee8539a4821b3bd80b8d0be8e038902862dc173f8a751ceadd698290203010001a381a030819d300c0603551d130101ff04023000303a0603551d1f04333031302fa02da02b8629687474703a2f2f7376722d6f762d63726c2e7468617774652e636f6d2f5468617774654f562e63726c301d0603551d250416301406082b06010505070301
EAP-Message =
0x06082b06010505070302303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d300d06092a864886f70d0101050500038201010045eaf219ea3a1fa6c09d0ee57c85150014266321401baa5bd7c2d4dc9cbbcb2f2185f79aafc84002be5d69fa756a90e3c86e939a126e52264eec048b2e504766202bc98b579d9e5ea1282ba64fff433703df9f516dbd70061663c1dda87a77e2b322c7a41e92fe95230f640dd325fa507e2cfd866f0fd38c1c669f172bbd7da6f5cd68e9ec7bd4b14f1f1c84fe7eb04d53323b3363e8885ac0245a9cc10f764c08005c645236691b98cd7e
EAP-Message = 0x9e5989b2aa987714d0fddc68
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320a2a565e0f7fc7d47ec4907c
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=200,
length=198
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message = 0x020300061900
State = 0x0b294f320a2a565e0f7fc7d47ec4907c
Message-Authenticator = 0x2e92fa9ed958c953d95ae54113f28fdf
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 2: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 3 length 6
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 200 to 10.32.33.1 port 32769
EAP-Message =
0x010403fc19401ab7c901f7cacc5dc99ee49a03ad3f7add0082f5ef21975afb68b7b500c0410af294a94801ae63e82746f1e02a752b0a58318447d1c5e8042cfa73eeaaffc6404dc4c3a435fe9859790004703082046c30820354a00302010202104d5f2c3408b24c20cd6d507e244dc9ec300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f
EAP-Message =
0x72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3130303230383030303030305a170d3230303230373233353935395a303c310b300906035504061302555331153013060355040a130c5468617774652c20496e632e311630140603550403130d5468617774652053534c20434130820122300d06092a864886f70d01010105000382010f003082010a028201010099e4855b76497d2f05d8c5acc8c8a9d3dc98e6d734a62f0cf22226d8a3c9144c8f05a445e8140c5890051ab7c5c106a580afbb1d496b523488c359e7ef6bc427418c2b661dd0e0a3979819344b41d5
EAP-Message =
0x98d5c705ada2e4d7ed0cad4fc1b5b021fd3e5053b2c490d0d430676c9af10e74c4c2dc8ae897ffc992ae018a560a9832b00023ec901a60c3edbb3acb0f639f0d44c952e12596bfed5095897f5614b1b7611d1c078c3a2cf7ff80de3945d5af1ad178d8c7716aa319a7325021e9f20ea1c613034448d166a85257d711b4938be5999f5de77851e54df6b759b476b509374d0638137a1c08985cc4484acb52a0a9f8b19d8e7b79b0202f3c96a8116247bb110203010001a381fb3081f8303206082b0601050507010104263024302206082b060105050730018616687474703a2f2f6f6373702e7468617774652e636f6d30120603551d130101ff040830
EAP-Message =
0x060101ff02010030340603551d1f042d302b3029a027a0258623687474703a2f2f63726c2e7468617774652e636f6d2f5468617774655043412e63726c300e0603551d0f0101ff04040302010630280603551d110421301fa41d301b3119301706035504031310566572695369676e4d504b492d322d39301d0603551d0e04160414a7a283bb3445403dfcd5304f12b93ea1019ff6db301f0603551d230418301680147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d01010505000382010100802280e06cc89516d7572687f37234dbc67256273ed396f62e2591a53e3397a74be52ffb257d2f0761fa6f83744c4c537220
EAP-Message = 0xa47acf5151568188
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f32092d565e0f7fc7d47ec4907c
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=201,
length=198
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message = 0x020400061900
State = 0x0b294f32092d565e0f7fc7d47ec4907c
Message-Authenticator = 0x7038af0d4fd451feee45202ac75de030
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 3: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 4 length 6
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 201 to 10.32.33.1 port 32769
EAP-Message =
0x010503fc1940b06d1f362cc82bb18899c1fe44ab48517cd8f244642ad871a7fb1a2ff9198d34b223bfc44c551d8e44e8aa5d9add9ffd03c7ba24438d2d4744dbf6d898c8b2f9daefed295c6912fad123960fbf9c0df2794553379a562fe8571070f6ee890c49899ac123f5c22acc41cf22ab656eb794826d2f405f58deeb952ba672685219912aae759d4e92e6cade54ea18ab253ce664a6791f267d61ed7dd2e57155d893177c1438303cdf86e34cad49e39759ce1b9b2bcedc65d40b286b4e84465144f733082d589721ae0004243082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d0101050500
EAP-Message =
0x3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b13
EAP-Message =
0x1f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d
EAP-Message =
0x079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d0101050500038201010079
EAP-Message = 0x11c04bb391b6fcf0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f32082c565e0f7fc7d47ec4907c
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=202,
length=198
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message = 0x020500061900
State = 0x0b294f32082c565e0f7fc7d47ec4907c
Message-Authenticator = 0xa5ccd7e50332c38dca61f485a9f66168
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 4: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 5 length 6
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 202 to 10.32.33.1 port 32769
EAP-Message =
0x010603181900e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68
EAP-Message =
0x160301020d0c0002090080a9ee3b7f4679d9a63fc5c7ae4dbfcc3388f359e11e7598ae7784d0ef1f39c9598b3eff3f3249f7be4198cf531149687b04183a2d01159f84572866d9d1e2ec0bf2b3799d9df5be606f42f8d39afbb16e6fc3848ca68b31bb76574697c42b752ba909a223db09a7cccd97105a1de3ba2a240e137549a9a6db21ef457a60e8d6e3000102008043cb33a3b1cdf98c5ab7b3c39483884af9742947f5349014ae4612e8ca8ba0ede7346cc8ea9057e2964c7c0394d66871fe8ddf19091951225dc524d1c3f9c2130430ecc8790876dbe9586d1aefabc4abe2868e21668d312752b01fb18446da25caf2ced8f132034e5c4515a318
EAP-Message =
0x1c7d0a3da1a99d2a9a2cac50d36bc5f593904401006ffdb2596d189b15e46f3f0a75563852262db7822590734ca847da281a8624dc5b13781f897f57ffe3dc81571fe13dac5f66e6a9d82197a7bde78fca4bfa1260d53293a36bab00a73ee04c916cefcb731134083364202b650718dca794508f87fd2702bb91312ac9fe107ca5b3a7bd16306484febffe8aabba817e8beff80c0ac7d202774b6d60633a090d79d10b4a5f785bf404de6f2a3ba3dad650031da95c57bc924ff9448145a2826c959aabf647cf7be3ec163d302d436a212a25e0252dd03e20d04719cf847c59d683ad3e012491ace7577fdeec54f8e55c95e1607e31f6f7487e6209e57c
EAP-Message =
0x8c9aab9075f52827454acb4b1951b439e90cb50eff23a8b316030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320f2f565e0f7fc7d47ec4907c
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=203,
length=400
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message =
0x020600d01980000000c6160301008610000082008005dbc3a800670febecbc396824a12d948cd3887f69a8abecfc2962525cb1db3633db4800c9c33e0998d294c0eb38d5773f2d2afa903d943b890a08a041cef8aefd8a878843662729465cb4a02ee4b3cf76407452ac601db3be4141488e9394573b7fba681af73f8f4704d75f332066a3960c92c12f6895ffbe0e5731c342f47414030100010116030100306f54f713f087e86982f8f7f3fceb803cc0bb18eaf1c99e8734236472d4125c2dcd5f5057aa4ebde24b3d99117b6204a3
State = 0x0b294f320f2f565e0f7fc7d47ec4907c
Message-Authenticator = 0xd6db6f6ff4793a2a9552443d0c1018fc
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 5: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 6 length 208
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
TLS Length 198
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 203 to 10.32.33.1 port 32769
EAP-Message =
0x0107004119001403010001011603010030a520e40b259dcc9b6416a1dc42c0454203a7ce25ac040965d79794192f8f4990a53a7e7827cff79d19f3e23d37c5f070
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320e2e565e0f7fc7d47ec4907c
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=204,
length=198
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message = 0x020700061900
State = 0x0b294f320e2e565e0f7fc7d47ec4907c
Message-Authenticator = 0x3ace0154fcc3dfd6a22384253086e96c
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 6: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 7 length 6
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap_cuesta] returns handled
Sending Access-Challenge of id 204 to 10.32.33.1 port 32769
EAP-Message =
0x0108002b1900170301002023db883d4ddfbb778ec1c2f88473ad61f77e1faa53690b0d2aad50f8ecef0f1f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320d21565e0f7fc7d47ec4907c
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=205,
length=288
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message =
0x02080060190017030100202fbc79a4613fd76d1b1c4d0fae93b5530714b3e6784db42a7a2bb2191737617c17030100308be6456e767b69e1ec34612bfe4ebc6a007760953ea2284e02808c255510149933cf2f23b45dec6bcedf8d178ed00b7f
State = 0x0b294f320d21565e0f7fc7d47ec4907c
Message-Authenticator = 0xde78a8e7f10ee56b76ea62acab556a34
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 7: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 8 length 96
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - nicholas_kartsioukas
[peap] Got inner identity 'nicholas_kartsioukas'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message =
0x02080019016e6963686f6c61735f6b61727473696f756b6173
server {
PEAP: Setting User-Name to nicholas_kartsioukas
Sending tunneled request
EAP-Message =
0x02080019016e6963686f6c61735f6b61727473696f756b6173
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "nicholas_kartsioukas"
server inner-tunnel-cuesta {
# Executing section authorize from file
/etc/freeradius/sites-enabled/inner-tunnel-cuesta
+- entering group authorize {...}
[suffix] No '@' in User-Name = "nicholas_kartsioukas", looking up realm
NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap_cuesta] EAP packet type response id 8 length 25
[eap_cuesta] No EAP Start, assuming it's an on-going EAP conversation
++[eap_cuesta] returns updated
Found Auth-Type = eap_cuesta
WARNING: Unknown value specified for Auth-Type. Cannot perform
requested action.
# Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel-cuesta
Failed to authenticate the user.
Login incorrect: [nicholas_kartsioukas] (from client slo-wlc1 port 0 via
TLS tunnel)
} # server inner-tunnel-cuesta
[peap] Got tunneled reply code 3
[peap] Got tunneled reply RADIUS code 3
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap_cuesta] returns handled
Sending Access-Challenge of id 205 to 10.32.33.1 port 32769
EAP-Message =
0x0109003b19001703010030eed98c4e756051a6bcfa877bc402b7a66dbcfd377539ec2525c8be1b68e81296d95bcc73b2851fa0b869992b96267a02
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0b294f320c20565e0f7fc7d47ec4907c
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.32.33.1 port 32769, id=206,
length=288
User-Name = "nicholas_kartsioukas"
Calling-Station-Id = "00-23-4e-ba-6b-f4"
Called-Station-Id = "00-1a-a2-c1-2c-30:test"
NAS-Port = 29
NAS-IP-Address = 10.32.33.1
NAS-Identifier = "slo-wlc-1"
Airespace-Wlan-Id = 5
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "17"
EAP-Message =
0x02090060190017030100205762d0e03fb36ee2fa0e68100aa03ea51fdd5123673a53883bab1e33589271e2170301003017185ab8d719ac8095844ae637222aa99b57146fe368f29df8c216ed92cf66f34f9942e3982106d6908a8cc74bbc5358
State = 0x0b294f320c20565e0f7fc7d47ec4907c
Message-Authenticator = 0x2a41d17611a097fe5a4625d5848853cb
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.32.33.1/auth-detail-20110728
[auth_log] expand: %t -> Thu Jul 28 17:04:57 2011
++[auth_log] returns ok
++- entering policy rewrite_called_station_id {...}
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
? Evaluating (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++? if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> TRUE
+++- entering if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001aa2c12c30
expand: %{7} -> test
++++[request] returns ok
+++- if (Called-Station-Id =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
returns ok
+++ ... skipping else for request 8: Preceding "if" was taken
++- policy rewrite_called_station_id returns ok
++- entering switch Called-Station-Ssid {...}
+++- entering case test {...}
[eap_cuesta] EAP packet type response id 9 length 96
[eap_cuesta] Continuing tunnel setup.
++++[eap_cuesta] returns ok
+++- case test returns ok
++- switch Called-Station-Ssid returns ok
Found Auth-Type = eap_cuesta
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group eap_cuesta {...}
[eap_cuesta] Request found, released from the list
[eap_cuesta] EAP/peap
[eap_cuesta] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject
(again.)
[peap] *** This means you need to read the PREVIOUS messages in the
debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will
tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap_cuesta] Handler failed in EAP/peap
[eap_cuesta] Failed in EAP select
++[eap_cuesta] returns invalid
Failed to authenticate the user.
Login incorrect: [nicholas_kartsioukas] (from client slo-wlc1 port 29
cli 00-23-4e-ba-6b-f4)
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} ->
nicholas_kartsioukas
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 206 to 10.32.33.1 port 32769
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
More information about the Freeradius-Users
mailing list