Strange error in eapol_test
Rui Ribeiro
ruyrybeyro at gmail.com
Tue Jan 17 17:24:10 CET 2012
Hi list,
Still setting up a freeradius for eduroam -- internally it is working fine EAP, TTLS and al, however when proxying/connecting to the eduroam, everything seems ok in freeradius logs, however, eapol_test finishes with an error (WARNING: PMK mismatch -- MPPE keys OK: 0 mismatch: 1 FAILURE).
Although in this example I have a certificate expired on the other side, I also have another roaming accounting that also has the same behaviour, so it is not the cause, I think. Any hints?
I will send bellow eapol_test output and freeradius logs.
Best regards,
Rui
radius2:/opt/bin/eduroam# /opt/bin/eapol_test -c peap-mschapv2-roaming.conf -s passsssss
Reading configuration file 'peap-mschapv2-roaming.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=7):
65 64 75 72 6f 61 6d eduroam
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
anonymous_identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
password - hexdump_ascii(len=9):
72 30 61 6d 31 73 63 74 33 xxxxxxxxxxxx
phase2 - hexdump_ascii(len=16):
61 75 74 68 65 61 70 3d 4d 53 43 48 41 50 56 32 autheap=MSCHAPV2
Priority group 0
id=0 ssid='eduroam'
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:28963
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=23)
TX EAP -> RADIUS - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=144
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=25
Value: 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Attribute 80 (Message-Authenticator) length=18
Value: 6a 6b 09 f3 d6 fe 46 19 27 3d 6c 52 8b e4 d7 d8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 46 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=46
Attribute 79 (EAP-Message) length=8
Value: 01 01 00 06 19 21
Attribute 80 (Message-Authenticator) length=18
Value: e9 81 26 23 af d2 1d 4c 27 b9 8b 22 de 6f 4c 3e
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=40): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00
TLS: using phase1 config options
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=1)
EAP-PEAP: Using PEAP version 1
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 95 bytes pending from ssl_out
SSL: 95 bytes left to be sent out (of total 95 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=101)
TX EAP -> RADIUS - hexdump(len=101): 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=222
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=103
Value: 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00
Attribute 80 (Message-Authenticator) length=18
Value: f0 b0 e8 1c 6c 14 d7 5f 5c 8f 09 b2 d1 97 11 43
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1056 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1056
Attribute 79 (EAP-Message) length=255
Value: 01 02 03 f2 19 c1 00 00 06 7b 16 03 01 00 4a 02 00 00 46 03 01 4f 15 9d a5 99 7d 3a e2 a2 6d e1 67 75 9e 63 ff 0e b1 51 b0 1a 9a f1 54 39 b0 8d 0d e9 ca d2 a7 20 9d a9 c9 17 2f b2 10 0a 4a 20 1e 59 9a 2e 44 6f 43 1f cf d0 27 3f 48 40 55 68 72 ba b3 d6 1e d4 00 35 00 16 03 01 06 1e 0b 00 06 1a 00 06 17 00 03 3a 30 82 03 36 30 82 02 1e a0 03 02 01 02 02 01 09 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d 30 35 30 32 31 35 31 36 31 31 33 38 5a 17 0d 30 37 30 32 30 35 31 36 31 31 33 38 5a 30 81 83 31 1e 30 1c 06 03 55 04 03 13 15 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74 31 0f 30 0d 06 03 55 04 08 13 06 4c 69 73 62 6f 61
Attribute 79 (EAP-Message) length=255
Value: 31 0b 30 09 06 03 55 04 06 13 02 50 54 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 31 0d 30 0b 06 03 55 04 0a 13 04 46 43 43 4e 31 14 30 12 06 03 55 04 0b 13 0b 54 65 6c 65 6d 61 74 69 63 6f 73 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 3e 40 c6 96 ba 2d 59 73 54 f1 dc af ac 4b 6f c9 7b dd 38 cd 22 8f 08 b5 a1 f8 93 59 87 59 e5 4e 94 50 b8 c4 06 21 72 fe 5f dc 3b d1 d8 a4 fe f2 00 94 42 96 21 4c ae 25 44 d7 bc 9a 55 2f 46 8a 32 ca f7 a7 30 b0 63 df 20 2b c0 a0 ef f2 7d d8 dd 24 ec 2a 4b 21 2b a9 f7 d2 a6 01 17 0c 43 fc e3 41 ad 68 91 2b 82 7d 41 4c 5e be 05 db 1b 1f ce ad 3d 68 aa bb e4 bc fa 4a 60 a2 d8 36 e4 10 5e 87 32 df fc 77 84 e5 c0
Attribute 79 (EAP-Message) length=255
Value: 0b dc b9 58 19 11 1e 89 b8 1c da 83 e9 bd 6d 73 10 5d 24 34 ed 27 72 53 aa 68 87 24 a9 24 ed c1 3d 2a 37 17 2e d3 0f af 40 81 26 07 6d 88 9b 1a fc 72 d6 f6 eb fc 14 c1 6f fe 0b 61 80 bc 94 cd 86 c0 e8 f8 1c dc 76 2f f8 6f 88 04 fb 80 b9 b7 72 74 73 fb aa 27 4d 01 e9 99 de e3 29 81 e8 ed bb b9 b1 a6 89 03 cf 0c a6 f6 1a 2c 96 0b 0a 4a 79 bb c7 c4 1e 1d 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 c5 6c ce 4f 56 41 ec 0b 80 6b 37 6e 95 95 3b 6e 9a a0 b2 4e 18 5d 4e bd 38 8c 28 72 ab ec bc 27 c7 4d 34 5d 4e 3e be d7 25 14 64 97 e9 fd 00 e0 fb f6 d0 ec bf 05 12 17 45 2a 67 c1 4e 97 f3 00 75 7d ea f0 3a 24 d8 d8 39 88 95 8c 01 59 bd 30 27 05 c8 52 3a
Attribute 79 (EAP-Message) length=253
Value: 0a 97 b9 21 4b a6 3b fb 06 f7 92 98 98 56 fe 53 ec 6f b9 97 93 b3 5e 8d fc 75 98 47 77 a6 78 53 77 58 dd 5c 52 7a 9d ae 2c 77 33 9c cb 61 a7 1c 3a 22 ac 54 03 1a 36 99 1b b5 82 83 27 69 a4 a9 65 6a f1 8a 04 f4 10 53 e0 e5 9f 91 0d bc 70 82 61 d7 49 e3 cc cc ef 86 1d 6b 44 53 6e 90 16 d7 8b 22 47 2e 7d 53 b3 0e 1f 24 01 0f ce 86 4e 12 6a b4 fb 54 53 b5 99 1a a9 d6 77 dc 66 d8 04 c0 da 9a 12 27 5d 38 eb c4 d7 ac 2c 86 93 a9 12 e4 9d 13 4f 01 73 1b 16 ec 39 f5 3b ff d2 c0 78 4e 44 3b 59 f9 dd 71 8e d1 3b f2 50 00 02 d7 30 82 02 d3 30 82 01 bb a0 03 02 01 02 02 09 00 cf 11 a4 0b 54 c2 30 de 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d
Attribute 80 (Message-Authenticator) length=18
Value: dc 80 67 84 43 16 0e b0 a4 ae e3 24 a7 dc 77 3c
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0xc1
SSL: TLS Message Length: 1659
SSL: Need 659 bytes more input data
SSL: Building ACK (type=25 id=2 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 02 00 06 19 01
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=127
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02 02 00 06 19 01
Attribute 80 (Message-Authenticator) length=18
Value: 6b 8c 7e b6 90 e5 56 8f fb 63 df c3 5a 6b 75 8e
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 709 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=709
Attribute 79 (EAP-Message) length=255
Value: 01 03 02 99 19 01 30 35 30 32 31 35 31 34 34 35 31 39 5a 17 0d 30 36 30 32 31 35 31 34 34 35 31 39 5a 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ce 05 f6 73 da ef 56 db 29 f8 b2 71 5f 3d 95 05 f0 db 08 d7 da d1 5b f7 c1 2e 34 96 e2 ce 99 91 54 18 3e 50 62 ef 8a fe 1c f2 44 97 e2 32 81 ad 74 ed 31 d7 b4 5c 33 3c 21 2a c8 54 e2 49 03 8b 25 f9 39 81 cb f8 24 37 e7 90 a9 ef 7d 51 0b c5 a9 10 1f 50 50 d1 bd 32 d4 03 b9 0e 4f 93 0b ad 3f 3c e7 bc c3 7b 30 21 b3 bc 34 ec 80 c1 09 fb e5 dd 2f 07 dc fe f8 38 3c aa 36 9b 77 7b 64 4f 29 b7 f2 09 31 6b c8 19 60 db 25 dd 19 ce 05 25 87 85 bd d4 07 56 cb 05
Attribute 79 (EAP-Message) length=255
Value: db ba f4 08 97 fa 98 fe d6 86 8c 40 78 f3 49 48 d7 c3 97 24 95 11 e2 dd af 1f 0c b0 3f 13 e8 51 1d a7 42 fb 46 16 ac 9f ad 9b 9e 61 3b 05 e2 50 9c fd a2 12 b4 96 43 c9 93 c0 5f c1 db e5 b5 23 d0 b4 b3 3b a3 de b6 00 d0 f8 f6 cb cf 32 e4 12 63 b8 17 07 d9 2e 5e 80 71 cd 18 59 f2 7c 09 4d 67 eb be 6e 3c 07 9f 75 02 03 01 00 01 a3 10 30 0e 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 11 3b 6f b8 cb 0a 39 42 78 f3 5a 5d 11 8c b9 87 70 78 00 08 0a 36 33 a4 d0 65 8d 86 f0 00 e4 6a 7e aa d5 13 6a fe cb 91 0f 5d 65 17 fe 36 87 8c 5f 81 24 8f 38 85 61 db 0f 02 7e b2 1c 26 03 7b af 28 41 2a 08 85 ff fc 8e d6 4d 92 7b 9d f2 6a c3 9f 00 02 bb 06 73 35 63 10 61 47 5f 64 2e 66 a3 36 6a f1 4c a9 55 97 37 c0
Attribute 79 (EAP-Message) length=161
Value: a2 74 62 41 2c a6 e6 06 74 a1 b0 c4 c8 d0 d4 78 a3 b4 55 26 84 97 46 93 fb ad 38 70 bf ef 25 9a d1 ab 68 3d 6d 50 fa 35 4e 14 02 5b b3 81 e2 2f a7 26 49 dc 33 fa 76 dc 12 52 6e 46 9e fe 39 df 0c 24 ae f5 96 a8 46 4b 3e 5a b1 47 67 44 b5 fb eb 6c 42 7d 66 3f 8e b1 bc 10 49 9b 1d b4 28 b7 7c 59 0a 00 a1 e9 f0 85 c5 a7 db 25 f6 52 1e 8c 93 93 9b 25 f7 d8 ff 90 02 4e 93 fd c0 4a 56 54 83 76 3e 78 60 b3 59 56 a6 81 08 75 c4 51 b3 6d cb 40 e5 c0 1c 5a 16 03 01 00 04 0e 00 00 00
Attribute 80 (Message-Authenticator) length=18
Value: b7 46 fb 5b cb 21 63 7d d7 f0 c0 55 4d e5 8f 1d
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=665) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=665) - Flags 0x01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=19 (self signed certificate in certificate chain) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes at fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes at fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes at fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes at fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes at fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes at fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes at fccn.pt/O=FCCN/OU=Telematicos'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes at fccn.pt/O=FCCN/OU=Telematicos'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes at fccn.pt/O=FCCN/OU=Telematicos'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes at fccn.pt/O=FCCN/OU=Telematicos'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 326 bytes pending from ssl_out
SSL: 326 bytes left to be sent out (of total 326 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=332)
TX EAP -> RADIUS - hexdump(len=332): 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=455
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=255
Value: 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be
Attribute 79 (EAP-Message) length=81
Value: 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e
Attribute 80 (Message-Authenticator) length=18
Value: b9 1f da af 64 06 b0 73 3b 7f 91 e9 48 3e e6 57
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 109 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=109
Attribute 79 (EAP-Message) length=71
Value: 01 04 00 45 19 81 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 e2 76 e3 ef cd bf 27 37 9f ac dd a9 33 78 d6 b5 8b 06 72 00 7a 0e ff dc e0 79 0f 2f 37 ac 3d d9 a8 10 e3 4b 17 93 2a 35 28 a4 37 c3 3f da 12 c5
Attribute 80 (Message-Authenticator) length=18
Value: d4 c1 65 3a f0 b2 e1 80 ce bb f0 8d 86 ff 54 17
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.16 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=69) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x81
SSL: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No Application Data included
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78 5a 3c 4b 88 19 71 fe c1 7e c4 a5 04 5c c0 25 36 fe a7 ca a2 b6 33 97 eb e8 f7 e5 f7 04 9a 1e 9f
SSL: Building ACK (type=25 id=4 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 01
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=127
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02 04 00 06 19 01
Attribute 80 (Message-Authenticator) length=18
Value: b9 a8 9d dd 12 bd ae f0 a7 70 5a 26 e2 64 9d c4
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 83 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=83
Attribute 79 (EAP-Message) length=45
Value: 01 05 00 2b 19 01 17 03 01 00 20 d2 ab 6c 49 63 f5 00 3a bf bf d7 fe 09 fb 32 f9 45 5f ef 30 c3 69 aa 7c 25 93 6f bf d3 bd 09 3a
Attribute 80 (Message-Authenticator) length=18
Value: 66 d1 f4 59 59 7d 90 59 67 c6 df 28 8b cc 82 ef
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=43) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x01
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 00 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=0 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=96)
TX EAP -> RADIUS - hexdump(len=96): 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=217
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=98
Value: 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81
Attribute 80 (Message-Authenticator) length=18
Value: 11 4a 60 a4 56 bc 8f 75 e7 c3 23 88 57 ba ea d7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 131 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=131
Attribute 79 (EAP-Message) length=93
Value: 01 06 00 5b 19 01 17 03 01 00 50 b8 e4 19 3b 90 e3 a5 c7 32 0f a8 d4 15 dd 4d 7b 47 a3 84 0a cf 4a d7 02 45 5d c9 48 18 6e ff 4d 1c 58 ce 6a ce 9d bb a2 7c de 87 20 99 2c c8 68 e7 e7 31 d0 98 92 47 d9 a8 8a 88 e6 5f 59 1d 5e 2c a5 e5 ae 0c 61 47 e6 ee bf aa e8 dd bd d3 49
Attribute 80 (Message-Authenticator) length=18
Value: 38 d0 0a 86 1a 73 ed 22 31 4a 56 f0 d9 02 93 3b
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=91) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=91) - Flags 0x01
EAP-PEAP: received 85 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 01 01 00 2f 1a 01 01 00 2a 10 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74
EAP-PEAP: received Phase 2: code=1 identifier=1 length=47
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 1 mschapv2_id 1
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=21):
72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 rad-cv-testes.fc
63 6e 2e 70 74 cn.pt
EAP-MSCHAPV2: Generating Challenge Response
MSCHAPV2: Identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
MSCHAPV2: Username - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
MSCHAPV2: auth_challenge - hexdump(len=16): 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb
MSCHAPV2: peer_challenge - hexdump(len=16): 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c
MSCHAPV2: username - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte at roam.fccn.
70 74 pt
MSCHAPV2: password - hexdump_ascii(len=9):
72 30 61 6d 31 73 63 74 33 xxxxxxxx
MSCHAPV2: NT Response - hexdump(len=24): cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16
MSCHAPV2: Auth Response - hexdump(len=20): d9 ff 32 e7 61 1a f9 d4 0b ed a5 60 ed b2 ac 43 9c 58 4f 94
MSCHAPV2: Master Key - hexdump(len=16): ab b4 d5 57 32 57 f2 f2 42 b0 1a 13 20 27 fc e8
EAP-MSCHAPV2: TX identifier 1 mschapv2_id 1 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=77): 02 01 00 4d 1a 02 01 00 48 31 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c 00 00 00 00 00 00 00 00 cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16 00 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
SSL: 154 bytes left to be sent out (of total 154 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=160)
TX EAP -> RADIUS - hexdump(len=160): 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=281
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=162
Value: 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28
Attribute 80 (Message-Authenticator) length=18
Value: 86 77 d9 31 f7 ec dd 73 aa 83 1e 2e d1 6c 70 27
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 147 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=147
Attribute 79 (EAP-Message) length=109
Value: 01 07 00 6b 19 01 17 03 01 00 60 ae fd e3 9e 5c dd 3b 31 86 ec 76 d8 ea a8 d0 e5 f7 9a f7 6e 58 61 20 48 60 a5 bf 5b ef bd ca b2 e7 de 66 31 49 3a 3a d1 ee e9 ab 01 67 72 5c 0d 03 cf 59 c1 ed 8f 69 21 63 00 c7 19 60 b7 4b 64 2f fd 89 61 81 5f 57 8e b9 fa 59 41 ff 7c 09 01 c4 51 11 62 dd 81 5e f3 57 d1 c3 b3 05 a9 09 be
Attribute 80 (Message-Authenticator) length=18
Value: 21 f5 36 e6 26 05 7c 36 4a 58 96 ad 96 bd 9e 12
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.08 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=107) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=107) - Flags 0x01
EAP-PEAP: received 101 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=61): 01 02 00 3d 1a 03 01 00 38 53 3d 44 39 46 46 33 32 45 37 36 31 31 41 46 39 44 34 30 42 45 44 41 35 36 30 45 44 42 32 41 43 34 33 39 43 35 38 34 46 39 34 20 4d 3d 73 75 63 63 65 73 73
EAP-PEAP: received Phase 2: code=1 identifier=2 length=61
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 2 mschapv2_id 1
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=9):
4d 3d 73 75 63 63 65 73 73 M=success
EAP-MSCHAPV2: Authentication succeeded
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 02 00 06 1a 03
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=80)
TX EAP -> RADIUS - hexdump(len=80): 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=201
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=82
Value: 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38
Attribute 80 (Message-Authenticator) length=18
Value: ec 20 4b 31 88 04 44 92 f6 14 da f8 2e 49 7c 8e
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 83 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=83
Attribute 79 (EAP-Message) length=45
Value: 01 08 00 2b 19 01 17 03 01 00 20 f4 80 cb 7c 9b 7b 52 c1 c8 1d b2 ce fd cc 8b b7 37 ad a5 86 04 db b5 ad ed f2 3a 93 fe 48 7b 11
Attribute 80 (Message-Authenticator) length=18
Value: 30 50 52 80 65 07 9c 63 55 6e ea 2d 85 8f 05 8e
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=43) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x01
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 08 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=8 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 08 00 0b 21 80 03 00 02 00 01
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=80)
TX EAP -> RADIUS - hexdump(len=80): 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=201
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=82
Value: 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7
Attribute 80 (Message-Authenticator) length=18
Value: 2f db bf 8d 3f 07 fd 8a 21 e6 a5 10 25 31 af 43
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 180 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=8 length=180
Attribute 79 (EAP-Message) length=6
Value: 03 08 00 04
Attribute 80 (Message-Authenticator) length=18
Value: 24 b5 20 6c e8 0f e1 3f 56 82 bb ce 26 f2 54 d2
Attribute 1 (User-Name) length=20
Value: 'iscte at roam.fccn.pt'
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 10 34 80 75 a6 7d 39 0e 6d eb 0d dd c6 f8 d6 37 d3 27 95 f6 21 d9 1c 5a 28 94 a9 70 d0 48 b2 08 9a 6a 69 79 63 7c 0f 6b 11 9a 07 39 78 ab a0 c8 08 82 4a fc
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 11 34 8d 18 62 8a 92 c9 d6 f9 31 5c 70 1e 82 24 ee e0 a3 b4 ea 12 aa c5 98 08 43 23 b1 95 f7 8e f6 2c 9b 50 7c f8 02 76 c3 84 98 4b 7d 4b 46 37 2f 3f a7 d6
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.05 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): fe 03 b8 a7 4c c7 a2 64 85 b4 ef 6d d8 ef d9 58 b3 eb 6c f6 0f 2c c7 25 38 0e c3 24 8b 72 0a ef
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48
decapsulated EAP packet (code=3 id=8 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78
WARNING: PMK mismatch
PMK from AS - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
FREERADIUS -X LOGS
…………………………….
radius2:~# freeradius -X
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/f_ticks
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/status
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 256000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 0
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 1
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
realm iscte.pt {
authhost = LOCAL
accthost = LOCAL
}
realm teste.iscte.pt {
authhost = LOCAL
accthost = LOCAL
}
realm ~.*\.iscte\.intranet {
}
realm ~.*\.iul\.intra {
}
realm ~.*\.iscte\.pt {
}
realm NULL {
}
realm DEFAULT {
nostrip
ldflag = round_robin
authhost = 193.136.192.43:1812
accthost = 193.136.192.43:1813
secret = testeradiusfccn2
}
realm DEFAULT {
ldflag = round_robin
authhost = 193.136.192.44:1812
accthost = 193.136.192.44:1813
secret = testeradiusfccn2
} # realm DEFAULT
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxxx"
nastype = "other"
}
client 193.136.188.36 {
ipaddr = 193.136.188.36
netmask = 32
require_message_authenticator = no
secret = "xxxxxxxx"
nastype = "other"
}
client 10.10.66.18/32 {
ipaddr = 10.10.66.18
netmask = 32
require_message_authenticator = no
secret = "wdsiscte"
shortname = "nut"
nastype = "other"
}
client 10.10.65.0/24 {
require_message_authenticator = no
secret = "xxxxxxxx"
shortname = "rede1_aps"
nastype = "cisco"
}
client 10.10.66.0/24 {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "rede2_aps"
nastype = "cisco"
}
client 10.10.32.35/32 {
require_message_authenticator = no
secret = "xxxxxxxxxxx"
shortname = "syslog"
nastype = "other"
}
client 193.136.192.43 {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "proxyNacional1"
}
client 193.136.192.44 {
require_message_authenticator = no
secret = "xxxxxxxxxx"
shortname = "proxyNacional2"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server status { # from file /etc/freeradius/sites-enabled/status
modules {
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/freeradius/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
} # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --domain=IUL --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "mschap"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "xxxxxxxxxx"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
[/etc/freeradius/users]:6 WARNING! Check item "Stripped-User-Name" found in reply item list for user "DEFAULT". This attribute MUST go on the first line with the other check items
[/etc/freeradius/users]:35 WARNING! Changing 'Reply-Message =' to 'Reply-Message ==' for comparing RADIUS attribute in check item list for user DEFAULT
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking pre-proxy {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "reply_log" from file /etc/freeradius/modules/detail.log
detail reply_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
ldap {
server = "10.10.32.14"
port = 389
password = "xxxxxxxx"
identity = "CN=xxxxxxxx,CN=Users,DC=xxxxx,DC=xxxxx"
net_timeout = 10
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "cn=Users,dc=wiscte,dc=wfarm"
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
rebind = yes
groupname_attribute = "sAMAccountName"
groupmembership_filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
groupmembership_attribute = "memberOf"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = no
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x8f50208
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log
detail auth_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_counter
Module: Instantiating module "daily" from file /etc/freeradius/modules/counter
counter daily {
filename = "/etc/freeradius/db.daily"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Session-Time"
counter-name = "Daily-Session-Time"
check-name = "Max-Daily-Session"
reply-name = "Session-Timeout"
allowed-servicetype = "Framed-User"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Session-Time is number 11276
rlm_counter: Current Time: 1326816675 [2012-01-17 16:11:15], Next reset 1326844800 [2012-01-18 00:00:00]
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Instantiating module "sradutmp" from file /etc/freeradius/modules/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 420
callerid = no
}
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "pre_proxy_log" from file /etc/freeradius/modules/detail.log
detail pre_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/etc/freeradius/attrs.pre-proxy"
key = "%{Realm}"
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "post_proxy_log" from file /etc/freeradius/modules/detail.log
detail post_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/etc/freeradius/attrs"
key = "%{Realm}"
}
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_linelog
Module: Instantiating module "f_ticks" from file /etc/freeradius/modules/f_ticks
linelog f_ticks {
filename = "syslog"
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "acct"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "status"
ipaddr = *
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxxxx"
}
client admin2 {
ipaddr = 193.136.188.36
require_message_authenticator = no
secret = "xxxxxxxxx"
}
client syslog {
ipaddr = 10.10.32.35
require_message_authenticator = no
secret = "xxxxxxxxx"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 1812
}
listen {
type = "acct"
ipaddr = 127.0.0.1
port = 1813
}
Listening on authentication address 193.136.188.36 port 1812
Listening on accounting interface eth0 address 193.136.188.36 port 1813
Listening on status address * port 18120 as server status
Listening on authentication address 127.0.0.1 port 1812 as server inner-tunnel
Listening on accounting address 127.0.0.1 port 1813 as server inner-tunnel
Listening on proxy address 193.136.188.36 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=0, length=144
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x6a6b09f3d6fe4619273d6c528be4d7d8
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 102 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 0 to home server 193.136.192.44 port 1812
Sending Access-Request of id 102 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=102, length=49
EAP-Message = 0x010100061921
Message-Authenticator = 0x9d3192b332a0c590e6d83c3b4e3380bf
Proxy-State = 0x30
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 0 to 127.0.0.1 port 28963
EAP-Message = 0x010100061921
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=1, length=222
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0xf0b0e81c6c14d75f5c8f09b2d1971143
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 88 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Proxying request 1 to home server 193.136.192.44 port 1812
Sending Access-Request of id 88 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=88, length=1059
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0xeae477a143ccf9b691e2096ea5103711
Proxy-State = 0x31
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 1 to 127.0.0.1 port 28963
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=2, length=127
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x6b8c7eb690e5568ffb63dfc35a6b758e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 52 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Proxying request 2 to home server 193.136.192.43 port 1812
Sending Access-Request of id 52 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=52, length=712
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0xd1399986b0591af190302a3c02203cab
Proxy-State = 0x32
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 2 to 127.0.0.1 port 28963
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=3, length=455
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0xb91fdaaf6406b0733b7f91e9483ee657
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 153 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Proxying request 3 to home server 193.136.192.44 port 1812
Sending Access-Request of id 153 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=153, length=112
EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5
Message-Authenticator = 0x37c8aa8ca78cbde6982e905ea1ba80d0
Proxy-State = 0x33
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 3 to 127.0.0.1 port 28963
EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=4, length=127
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0xb9a89ddd12bdaef0a7705a26e2649dc4
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 43 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Proxying request 4 to home server 193.136.192.43 port 1812
Sending Access-Request of id 43 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=43, length=86
EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a
Message-Authenticator = 0x410568e4497fe7939e091ac47ed1ed0e
Proxy-State = 0x34
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 4 to 127.0.0.1 port 28963
EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=5, length=217
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x114a60a456bc8f75e7c3238857baead7
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 56 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Proxying request 5 to home server 193.136.192.43 port 1812
Sending Access-Request of id 56 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=56, length=134
EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349
Message-Authenticator = 0x68749e4c5e76f8af20c589c4cd89f1e3
Proxy-State = 0x35
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 5 to 127.0.0.1 port 28963
EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=6, length=281
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x8677d931f7ecdd73aa831e2ed16c7027
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 9 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Proxying request 6 to home server 193.136.192.43 port 1812
Sending Access-Request of id 9 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=9, length=150
EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be
Message-Authenticator = 0x60351fa43a0b55f031e4eafd0c37dc69
Proxy-State = 0x36
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 6 to 127.0.0.1 port 28963
EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=7, length=201
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0xec204b3188044492f614daf82e497c8e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 79 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Proxying request 7 to home server 193.136.192.44 port 1812
Sending Access-Request of id 79 to 193.136.192.44 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=79, length=86
EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11
Message-Authenticator = 0x9af5db8ede876b1959f0d34034ab8531
Proxy-State = 0x37
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 7 to 127.0.0.1 port 28963
EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=8, length=201
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x2fdbbf8d3f07fd8a21e6a5102531af43
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte at roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 172 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Proxying request 8 to home server 193.136.192.43 port 1812
Sending Access-Request of id 172 to 193.136.192.43 port 1812
User-Name = "iscte at roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 193.136.192.43 port 1812, id=172, length=183
EAP-Message = 0x03080004
Message-Authenticator = 0x6edc227038f16b2d8a8ca2bd26310465
User-Name = "iscte at roam.fccn.pt"
MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef
MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48
Proxy-State = 0x38
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [iscte at roam.fccn.pt/<no User-Password attribute>] (from client localhost port 0 cli 02-00-00-00-00-01)
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[reply_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117
[reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117
[reply_log] expand: %t -> Tue Jan 17 16:11:17 2012
++[reply_log] returns ok
++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) )
?? Evaluating (Realm == "iscte.pt" ) -> FALSE
?? Evaluating (Realm == "teste.iscte.pt" ) -> FALSE
++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) ) -> FALSE
} # server inner-tunnel
Sending Access-Accept of id 8 to 127.0.0.1 port 28963
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "iscte at roam.fccn.pt"
MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef
MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
^C
radius2:~#
More information about the Freeradius-Users
mailing list