EAP problem

David Peterson davidp at wirelessconnections.net
Fri Jul 27 21:26:34 CEST 2012


I have a new server giving me fits and I cannot figure out what the heck I
did wrong:

FreeRADIUS Version 3.0.0, for host x86_64-unknown-linux-gnu, built on Jul 27
2012 at 08:55:21
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.

Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/sqlippool
including configuration file /usr/local/etc/raddb/sql/postgresql/ippool.conf
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/eap
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/sql
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
main {
 security {
        allow_core_dumps = no
 }
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
        name = "radiusd"
        prefix = "/usr/local"
        localstatedir = "/usr/local/var"
        sbindir = "/usr/local/sbin"
        logdir = "/usr/local/var/log/radius"
        run_dir = "/usr/local/var/run/radiusd"
        libdir = "/usr/local/lib"
        radacctdir = "/usr/local/var/log/radius/radacct"
        hostname_lookups = no
        max_request_time = 30
        cleanup_delay = 5
        max_requests = 1024
        pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
        checkrad = "/usr/local/sbin/checkrad"
        debug_level = 0
        proxy_requests = yes
 log {
        stripped_names = no
        auth = no
        auth_badpass = no
        auth_goodpass = no
 }
 security {
        max_attributes = 200
        reject_delay = 1
        status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 realm cueband.com {
 }
radiusd: #### Loading Clients ####
 client localhost {
        ipaddr = 127.0.0.1
        require_message_authenticator = no
        secret = "testing123"
        nastype = "other"
        proto = "*"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
  exec {
        wait = no
        input_pairs = "request"
        shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
 Module: Linked to module rlm_expiration
 Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
  expiration {
        reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
  logintime {
        reply-message = "You are calling outside your allowed timespan  "
        minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_mschap
 Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
  mschap {
        use_mppe = yes
        require_encryption = no
        require_strong = no
        with_ntdomain_hack = no
        allow_retry = yes
  }
 Module: Linked to module rlm_eap
 Module: Instantiating module "eap" from file
/usr/local/etc/raddb/modules/eap
  eap {
        default_eap_type = "mschapv2"
        timer_expire = 60
        ignore_unknown_eap_types = no
        cisco_accounting_username_bug = no
        max_sessions = 4096
  }
 Module: Linked to sub-module rlm_eap_md5
 Module: Instantiating eap-md5
 Module: Linked to sub-module rlm_eap_pwd
 Module: Instantiating eap-pwd
   pwd {
        group = 19
        fragment_size = 1020
        server_id = "theserver at example.com"
        virtual_server = "inner-tunnel"
   }
 Module: Linked to sub-module rlm_eap_leap
 Module: Instantiating eap-leap
 Module: Linked to sub-module rlm_eap_gtc
 Module: Instantiating eap-gtc
   gtc {
        challenge = "Password: "
        auth_type = "PAP"
   }
 Module: Linked to sub-module rlm_eap_tls
 Module: Instantiating eap-tls
   tls {
        tls = "tls-common"
   }
   tls-config tls-common {
        rsa_key_exchange = no
        dh_key_exchange = yes
        rsa_key_length = 512
        dh_key_length = 512
        verify_depth = 0
        CA_path = "/usr/local/etc/raddb/certs"
        pem_file_type = yes
        private_key_file = "/usr/local/etc/raddb/certs/server.pem"
        certificate_file = "/usr/local/etc/raddb/certs/server.pem"
        CA_file = "/usr/local/etc/raddb/certs/ca.pem"
        private_key_password = "whatever"
        dh_file = "/usr/local/etc/raddb/certs/dh"
        random_file = "/usr/local/etc/raddb/certs/random"
        fragment_size = 1024
        include_length = yes
        check_crl = no
        cipher_list = "DEFAULT"
        make_cert_command = "/usr/local/etc/raddb/certs/bootstrap"
        ecdh_curve = "prime256v1"
    cache {
        enable = yes
        lifetime = 24
        max_entries = 255
    }
    verify {
    }
    ocsp {
        enable = no
        override_cert_url = yes
        url = "http://127.0.0.1/ocsp/"
        use_nonce = yes
        timeout = 0
        softfail = yes
    }
   }
 Module: Linked to sub-module rlm_eap_ttls
 Module: Instantiating eap-ttls
   ttls {
        tls = "tls-common"
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        virtual_server = "inner-tunnel"
        include_length = yes
   }
 debug: Using cached TLS configuration from previous invocation
 Module: Linked to sub-module rlm_eap_peap
 Module: Instantiating eap-peap
   peap {
        tls = "tls-common"
        default_eap_type = "mschapv2"
        copy_request_to_tunnel = yes
        use_tunneled_reply = yes
        proxy_tunneled_request_as_eap = yes
        virtual_server = "inner-tunnel"
        soh = no
   }
 debug: Using cached TLS configuration from previous invocation
 Module: Linked to sub-module rlm_eap_mschapv2
 Module: Instantiating eap-mschapv2
   mschapv2 {
        with_ntdomain_hack = no
        send_error = no
   }
 Module: Checking authorize {...} for more modules to load
 Module: Linked to module rlm_preprocess
 Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
  preprocess {
        huntgroups = "/usr/local/etc/raddb/huntgroups"
        hints = "/usr/local/etc/raddb/hints"
        with_ascend_hack = no
        ascend_channels_per_line = 23
        with_ntdomain_hack = no
        with_specialix_jetstream_hack = no
        with_cisco_vsa_hack = no
        with_alvarion_vsa_hack = no
  }
 Module: Linked to module rlm_wimax
 Module: Instantiating module "wimax" from file
/usr/local/etc/raddb/modules/wimax
  wimax {
        delete_mppe_keys = yes
  }
 Module: Linked to module rlm_sql
 Module: Instantiating module "sql" from file
/usr/local/etc/raddb/modules/sql
  sql {
        driver = "rlm_sql_mysql"
        server = "10.50.0.10"
        port = ""
        login = "root"
        password = "unl0ck"
        radius_db = "radius"
        read_groups = yes
        sqltrace = no
        sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
        readclients = yes
        deletestalesessions = yes
        sql_user_name = "%{User-Name}"
        default_user_profile = ""
        nas_query = "SELECT id, nasname, shortname, type, secret, server
FROM nas"
        authorize_check_query = "SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id"
        authorize_reply_query = "SELECT id, username, attribute, value, op
FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER
BY id"
        authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op           FROM radgroupcheck           WHERE groupname =
'%{Sql-Group}'           ORDER BY id"
        authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op           FROM radgroupreply           WHERE groupname =
'%{Sql-Group}'           ORDER BY id"
        accounting_onoff_query = "UPDATE radacct SET acctstoptime       =
'%S', acctsessiontime    =  unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay      =  %{%{Acct-Delay-Time}:-0}
WHERE acctstoptime IS NULL AND nasipaddress      =  '%{NAS-IP-Address}' AND
acctstarttime     <= '%S'"
        accounting_update_query = "           UPDATE radacct           SET
framedipaddress = '%{Framed-IP-Address}',              acctsessiontime     =
'%{Acct-Session-Time}',              acctinputoctets     =
'%{%{Acct-Input-Gigawords}:-0}'  << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets    =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}'           WHERE acctsessionid =
'%{Acct-Session-Id}'           AND username        = '%{SQL-User-Name}'
AND nasipaddress    = '%{NAS-IP-Address}'"
        accounting_update_query_alt = "           INSERT INTO radacct
(acctsessionid,    acctuniqueid,      username,              realm,
nasipaddress,      nasportid,              nasporttype,      acctstarttime,
acctsessiontime,              acctauthentic,    connectinfo_start,
acctinputoctets,              acctoutputoctets, calledstationid,
callingstationid,              servicetype,      framedprotocol,
framedipaddress,              acctstartdelay,   xascendsessionsvrkey)
VALUES             ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}',              DATE_SUB('%S',
INTERVAL (%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}',              '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}'
<< 32 |              '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',              '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query = "           INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,              realm,
nasipaddress,     nasportid,              nasporttype,      acctstarttime,
acctstoptime,              acctsessiontime,  acctauthentic,
connectinfo_start,              connectinfo_stop, acctinputoctets,
acctoutputoctets,              calledstationid,  callingstationid,
acctterminatecause,              servicetype,      framedprotocol,
framedipaddress,              acctstartdelay,   acctstopdelay,
xascendsessionsvrkey)           VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', NULL,              '0', '%{Acct-Authentic}',
'%{Connect-Info}',              '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0', '%{X-Ascend-Session-Svr-Key}')"
        accounting_start_query_alt = "           UPDATE radacct SET
acctstarttime     = '%S',              acctstartdelay    =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_start =
'%{Connect-Info}'           WHERE acctsessionid  = '%{Acct-Session-Id}'
AND username         = '%{SQL-User-Name}'           AND nasipaddress     =
'%{NAS-IP-Address}'"
        accounting_stop_query = "           UPDATE radacct SET
acctstoptime       = '%S',              acctsessiontime    =
'%{Acct-Session-Time}',              acctinputoctets    =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              acctoutputoctets   =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}',              acctterminatecause =
'%{Acct-Terminate-Cause}',              acctstopdelay      =
'%{%{Acct-Delay-Time}:-0}',              connectinfo_stop   =
'%{Connect-Info}'           WHERE acctsessionid   = '%{Acct-Session-Id}'
AND username          = '%{SQL-User-Name}'           AND nasipaddress      =
'%{NAS-IP-Address}'"
        accounting_stop_query_alt = "           INSERT INTO radacct
(acctsessionid, acctuniqueid, username,              realm, nasipaddress,
nasportid,              nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress,              acctstartdelay,
acctstopdelay)           VALUES             ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',              '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}',              DATE_SUB('%S',                  INTERVAL
(%{%{Acct-Session-Time}:-0} +                  %{%{Acct-Delay-Time}:-0})
SECOND),              '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}',              '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',              '%{%{Acct-Output-Gigawords}:-0}'
<< 32 |              '%{%{Acct-Output-Octets}:-0}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}',              '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',              '0',
'%{%{Acct-Delay-Time}:-0}')"
        group_membership_query = "SELECT groupname           FROM
radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER
BY priority"
        simul_count_query = ""
        simul_verify_query = "SELECT radacctid, acctsessionid, username,
nasipaddress, nasportid, framedipaddress,
callingstationid, framedprotocol                                FROM radacct
WHERE username = '%{SQL-User-Name}'                                AND
acctstoptime IS NULL"
        postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate)                           VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
        safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to root at 10.50.0.10:/radius
rlm_sql (sql): Initialising connection pool
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Opening additional connection (0)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (0)
rlm_sql (sql): Executing query
rlm_sql (sql): Read entry nasname=10.50.4.2,shortname=Geauga
AZ0,secret=unl0ck
rlm_sql (sql): Adding client 10.50.4.2 (Geauga AZ0, server=<none>) to
clients list
rlm_sql (sql): Read entry nasname=10.50.3.2,shortname=Geauga
AZ120,secret=unl0ck
rlm_sql (sql): Adding client 10.50.3.2 (Geauga AZ120, server=<none>) to
clients list
rlm_sql (sql): Read entry nasname=10.50.2.2,shortname=Geauga
AZ240,secret=unl0ck
rlm_sql (sql): Adding client 10.50.2.2 (Geauga AZ240, server=<none>) to
clients list
rlm_sql (sql): Released connection (0)
rlm_sql (sql): Closing idle connection (0): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (0)
 Module: Checking preacct {...} for more modules to load
 Module: Linked to module rlm_acct_unique
 Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
  acct_unique {
        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
  }
 Module: Checking accounting {...} for more modules to load
 Module: Linked to module rlm_detail
 Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
  detail {
        detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
        header = "%t"
        detailperm = 384
        dirperm = 493
        locking = no
        log_packet_header = no
  }
 Module: Linked to module rlm_unix
 Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
  unix {
        radwtmp = "/usr/local/var/log/radius/radwtmp"
  }
 Module: Linked to module rlm_radutmp
 Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
  radutmp {
        filename = "/usr/local/var/log/radius/radutmp"
        username = "%{User-Name}"
        case_sensitive = yes
        check_with_nas = yes
        perm = 384
        callerid = yes
  }
 Module: Linked to module rlm_sql_log
 Module: Instantiating module "sql_log" from file
/usr/local/etc/raddb/modules/sql_log
  sql_log {
        path = "/usr/local/var/log/radius/radacct/sql-relay"
        Post-Auth = "INSERT INTO radpostauth                     (username,
pass, reply, authdate) VALUES                        ('%{User-Name}',
'%{User-Password:-Chap-Password}',             '%{reply:Packet-Type}',
'%S');"
        sql_user_name = "%{%{User-Name}:-DEFAULT}"
        utf8 = no
        safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
  }
 Module: Linked to module rlm_attr_filter
 Module: Instantiating module "attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
  attr_filter attr_filter.accounting_response {
        attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
        key = "%{User-Name}"
        relaxed = no
  }
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
  attr_filter attr_filter.access_reject {
        attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
        key = "%{User-Name}"
        relaxed = no
  }
 } # modules
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
 modules {
 Module: Checking authenticate {...} for more modules to load
 Module: Linked to module rlm_pap
 Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
  pap {
        encryption_scheme = "auto"
        auto_header = no
  }
 Module: Linked to module rlm_chap
 Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
 Module: Checking authorize {...} for more modules to load
 Module: Checking session {...} for more modules to load
 Module: Checking post-proxy {...} for more modules to load
 Module: Checking post-auth {...} for more modules to load
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
        type = "auth"
        ipaddr = *
        port = 0
        max_pps = 0
}
listen {
        type = "acct"
        ipaddr = *
        port = 0
        max_pps = 0
}
listen {
        type = "control"
 listen {
        socket = "/usr/local/var/run/radiusd/radiusd.sock"
 }
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Opening new proxy address * port 1814
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=10,
length=274
        User-Name =
"{am=1}{sm=1}396139FCA3777664EE26C1EC0FFFBFF2 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d3339363133394643413337373736363445453236
4331454330464646424646324063756562616e642e636f6d
        Message-Authenticator = 0xd3e9283d07c41fc0d964b697a06bcbd0
(0) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(0)   group authorize {
(0)  - entering group authorize {...}
(0)   [preprocess] = ok
(0)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(0)   [wimax] = ok
(0) eap : EAP packet type response id 1 length 61
(0) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0)   [eap] = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   group authenticate {
(0)  - entering group authenticate {...}
(0) eap : EAP Identity
(0) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(0)   [eap] = handled
Sending Access-Challenge of id 10 to 10.50.4.2 port 49154
        EAP-Message =
0x010200521a0102004d10e477a9dde07ba9f3550c4c7c181cd79d7b616d3d317d7b736d3d31
7d33393631333946434133373737363634454532364331454330464646424646324063756562
616e642e636f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x534198ee534382198a827a734ef513ce
(0) Finished request 0.
Waking up in 0.3 seconds.
Waking up in 4.6 seconds.
(0) Cleaning up request packet ID 10 with timestamp +4
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=11,
length=274
        User-Name =
"{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d4641434644344237454241343238443146413739
3430323545343743413446354063756562616e642e636f6d
        Message-Authenticator = 0x8822db580daa6714b72a1b28a3d08079
(1) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(1)   group authorize {
(1)  - entering group authorize {...}
(1)   [preprocess] = ok
(1)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(1)   [wimax] = ok
(1) eap : EAP packet type response id 1 length 61
(1) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(1)   [eap] = ok
(1) Found Auth-Type = EAP
(1) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(1)   group authenticate {
(1)  - entering group authenticate {...}
(1) eap : EAP Identity
(1) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(1)   [eap] = handled
Sending Access-Challenge of id 11 to 10.50.4.2 port 49154
        EAP-Message =
0x010200521a0102004d1022f39aa355b7811088ab8a1bc0b211007b616d3d317d7b736d3d31
7d46414346443442374542413432384431464137393430323545343743413446354063756562
616e642e636f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x03a9feba03abe4620c7aa45ec6c0be35
(1) Finished request 1.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=12,
length=237
        User-Name =
"{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x03a9feba03abe4620c7aa45ec6c0be35
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message = 0x020200060315
        Message-Authenticator = 0x88fbeb571ec0612d6935910202c5f3cd
(2) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(2)   group authorize {
(2)  - entering group authorize {...}
(2)   [preprocess] = ok
(2)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(2)   [wimax] = ok
(2) eap : EAP packet type response id 2 length 6
(2) eap : No EAP Start, assuming it's an on-going EAP conversation
(2)   [eap] = updated
(2) sql :       expand: %{User-Name} ->
{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com
(2) sql : sql_set_user escaped user -->
'{am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
rlm_sql (sql): Opening additional connection (1)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (1)
(2) sql :       expand: SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM radcheck
WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7DFACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
ORDER BY id
rlm_sql (sql): Executing query
(2) sql :       expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7DFACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com'
ORDER BY priority
rlm_sql (sql): Executing query
rlm_sql (sql): Released connection (1)
rlm_sql (sql): Closing idle connection (1): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (1)
(2) sql : User {am=1}{sm=1}FACFD4B7EBA428D1FA794025E47CA4F5 at cueband.com not
found
(2)   [sql] = notfound
(2)   [expiration] = noop
(2)   [logintime] = noop
(2) Found Auth-Type = EAP
(2) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(2)   group authenticate {
(2)  - entering group authenticate {...}
(2) eap : Request found, released from the list
(2) eap : EAP NAK
(2) eap : EAP-NAK asked for EAP-Type/ttls
(2) eap : processing type ttls
(2) ttls : Flushing SSL sessions (of #0)
(2) ttls : Initiate
(2) ttls : Start returned 1
(2)   [eap] = handled
Sending Access-Challenge of id 12 to 10.50.4.2 port 49154
        EAP-Message = 0x010300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x03a9feba02aaeb620c7aa45ec6c0be35
(2) Finished request 2.
Waking up in 0.2 seconds.
Waking up in 4.5 seconds.
(1) Cleaning up request packet ID 11 with timestamp +19
(2) Cleaning up request packet ID 12 with timestamp +19
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0x03a9feba02aaeb62 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=13,
length=274
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x0201003d017b616d3d317d7b736d3d317d3934413433353634334330303244413345353446
3344393737394331464537304063756562616e642e636f6d
        Message-Authenticator = 0x3ddf39952f63cae6374be72419a86f1e
(3) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(3)   group authorize {
(3)  - entering group authorize {...}
(3)   [preprocess] = ok
(3)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(3)   [wimax] = ok
(3) eap : EAP packet type response id 1 length 61
(3) eap : EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(3)   [eap] = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(3)   group authenticate {
(3)  - entering group authenticate {...}
(3) eap : EAP Identity
(3) eap : processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
(3)   [eap] = handled
Sending Access-Challenge of id 13 to 10.50.4.2 port 49154
        EAP-Message =
0x010200521a0102004d10bb0df969f618f1ce068b882685a6b16f7b616d3d317d7b736d3d31
7d39344134333536343343303032444133453534463344393737394331464537304063756562
616e642e636f6d
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c19508927ccef9d983eb1b684
(3) Finished request 3.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=14,
length=237
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c19508927ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message = 0x020200060315
        Message-Authenticator = 0xdf93d27137571334ab88b524c3a48c2e
(4) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(4)   group authorize {
(4)  - entering group authorize {...}
(4)   [preprocess] = ok
(4)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(4)   [wimax] = ok
(4) eap : EAP packet type response id 2 length 6
(4) eap : No EAP Start, assuming it's an on-going EAP conversation
(4)   [eap] = updated
(4) sql :       expand: %{User-Name} ->
{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com
(4) sql : sql_set_user escaped user -->
'{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
rlm_sql (sql): Opening additional connection (2)
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql (sql): Reserved connection (2)
(4) sql :       expand: SELECT id, username, attribute, value, op
FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER
BY id -> SELECT id, username, attribute, value, op           FROM radcheck
WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7D94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
ORDER BY id
rlm_sql (sql): Executing query
(4) sql :       expand: SELECT groupname           FROM radusergroup
WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT
groupname           FROM radusergroup           WHERE username =
'=7Bam=3D1=7D=7Bsm=3D1=7D94A435643C002DA3E54F3D9779C1FE70 at cueband.com'
ORDER BY priority
rlm_sql (sql): Executing query
rlm_sql (sql): Released connection (2)
rlm_sql (sql): Closing idle connection (2): Too many free connections (1 >
0)
rlm_sql (sql): Closing connection (2)
(4) sql : User {am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com not
found
(4)   [sql] = notfound
(4)   [expiration] = noop
(4)   [logintime] = noop
(4) Found Auth-Type = EAP
(4) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(4)   group authenticate {
(4)  - entering group authenticate {...}
(4) eap : Request found, released from the list
(4) eap : EAP NAK
(4) eap : EAP-NAK asked for EAP-Type/ttls
(4) eap : processing type ttls
(4) ttls : Initiate
(4) ttls : Start returned 1
(4)   [eap] = handled
Sending Access-Challenge of id 14 to 10.50.4.2 port 49154
        EAP-Message = 0x010300061520
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c18518627ccef9d983eb1b684
(4) Finished request 4.
Waking up in 0.2 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=15,
length=319
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c18518627ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x0203005815800000004e16030100490100004503014e4a68271cb3efd28c7ffd6cb2d5a69e
02c7835c4f6293c615d9eced05ab3a1700001e00390038003500160013000a00330032002f00
15001200090014001100080100
        Message-Authenticator = 0x94c9d5d50fa8ae9231510126cdcbd0a8
(5) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(5)   group authorize {
(5)  - entering group authorize {...}
(5)   [preprocess] = ok
(5)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(5)   [wimax] = ok
(5) eap : EAP packet type response id 3 length 88
(5) eap : Continuing tunnel setup.
(5)   [eap] = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(5)   group authenticate {
(5)  - entering group authenticate {...}
(5) eap : Request found, released from the list
(5) eap : EAP/ttls
(5) eap : processing type ttls
(5) ttls : Authenticate
(5) ttls : processing EAP-TLS
  TLS Length 78
(5) ttls : Length Included
(5) ttls : eaptls_verify returned 11
(5) ttls :     (other): before/accept initialization
(5) ttls :     TLS_accept: before/accept initialization
(5) ttls : <<< TLS 1.0 Handshake [length 0049], ClientHello
(5) ttls :     TLS_accept: SSLv3 read client hello A
(5) ttls : >>> TLS 1.0 Handshake [length 004a], ServerHello
(5) ttls :     TLS_accept: SSLv3 write server hello A
(5) ttls : >>> TLS 1.0 Handshake [length 085e], Certificate
(5) ttls :     TLS_accept: SSLv3 write certificate A
(5) ttls : >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
(5) ttls :     TLS_accept: SSLv3 write key exchange A
(5) ttls : >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
(5) ttls :     TLS_accept: SSLv3 write server done A
(5) ttls :     TLS_accept: SSLv3 flush data
(5) ttls :     TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
(5) ttls : eaptls_process returned 13
(5)   [eap] = handled
Sending Access-Challenge of id 15 to 10.50.4.2 port 49154
        EAP-Message =
0x010403ec15c000000acd160301004a0200004603015012ea53cce022a5de5d29899ab62086
5e0b6e626f469622254c0e50eb26ce08204cf09e9c9f327a21bd3f49610525905b42346e067b
3d1f254b14331103397e81003900160301085e0b00085a0008570003a6308203a23082028aa0
03020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652
310f300d060355040813065261646975733112301006035504071309536f6d65776865726531
153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d01090116
1161646d696e406578616d706c652e636f6d3126302406035504
        EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d31
32303732373132353731395a170d3133303732373132353731395a307c310b30090603550406
13024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c
6520496e632e312330210603550403131a4578616d706c652053657276657220436572746966
69636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f
6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100be15f401
8757bc2f4b8f997f0a1e9d1ca5dc41fcfd0eb2b787eee7a3ebe5
        EAP-Message =
0x21573525464944eab09b4ffe0337dcbd756fb653290d7665b5fd49130292b9398948b72fc7
10eda687e3fefb84f601a95504c4da1b4b905e13d942af2a415422bf2a7c08ce134b099cd075
bdb85739fbc3e8133fef94631116eb03a78c6b658adf2a244e40e371a74dfd5bcade5f98d0c2
f85e44c1084e012e7ad72a1344aa7600f22c9fe2a90a14d5c52623bd4397bdbfa7a383dfb8f0
23de8e0ccb25c81eabed2d5a8ea3853b9a3afbd538bf3c7fbd2cf48962bef7e3da3924b11892
c7b0c422647fb1a11ca55df5634be49c74b581869d1d9dfb28c982ad07613d51194075d6e502
03010001a317301530130603551d25040c300a06082b06010505
        EAP-Message =
0x070301300d06092a864886f70d010105050003820101007f104aa64a39f7411fcc53af2182
ad8801983e5ce15768e9a4adc9fae77d3eb5c37b601ee0481abb014cfaf2c660a1d0711b81b5
0d325fdd1de77e7bea774a879fbbd4127019ce73a86d729f38e75fedbc09f96dfcbf49b824c5
2e7b3d5652a78421afc9caf2c197d0e6c9cd653c5828a12a87d9cc131871b941f8cda86a594b
8e1d08a16d2fa0f8912199d936fb59ac2bf50e0cd8a0390279aac75d04e9619ce5cfd35f6301
f89691b32f904b48a73714e48fe9ac157cd3540167ae31786cd2eb9a598f4941e499ce798c42
748c445ff91c88c423cba1d29ce7f3062ca1
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c1b568627ccef9d983eb1b684
(5) Finished request 5.
Waking up in 0.1 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=16,
length=237
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c1b568627ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message = 0x020400061500
        Message-Authenticator = 0x50bbf63701339da3751b0969f39e75ff
(6) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(6)   group authorize {
(6)  - entering group authorize {...}
(6)   [preprocess] = ok
(6)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(6)   [wimax] = ok
(6) eap : EAP packet type response id 4 length 6
(6) eap : Continuing tunnel setup.
(6)   [eap] = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(6)   group authenticate {
(6)  - entering group authenticate {...}
(6) eap : Request found, released from the list
(6) eap : EAP/ttls
(6) eap : processing type ttls
(6) ttls : Authenticate
(6) ttls : processing EAP-TLS
(6) ttls : Received TLS ACK
(6) ttls : Received TLS ACK
(6) ttls : ACK handshake fragment handler
(6) ttls : eaptls_verify returned 1
(6) ttls : eaptls_process returned 13
(6)   [eap] = handled
Sending Access-Challenge of id 16 to 10.50.4.2 port 49154
        EAP-Message =
0x010503ec15c000000acdb86f4a892e7341ac83b4d73f079f9b7bc84f5bf9b2b36de758714f
dd1128197b5a840004ab308204a73082038fa0030201020209009f2d7ada256cb590300d0609
2a864886f70d0101050500308193310b3009060355040613024652310f300d06035504081306
5261646975733112301006035504071309536f6d65776865726531153013060355040a130c45
78616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d
706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520
417574686f72697479301e170d3132303732373132353731395a
        EAP-Message =
0x170d3133303732373132353731395a308193310b3009060355040613024652310f300d0603
55040813065261646975733112301006035504071309536f6d65776865726531153013060355
040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e
406578616d706c652e636f6d312630240603550403131d4578616d706c652043657274696669
6361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f00
3082010a0282010100cfac03ee20e4ce9bdc0bd0a8138dcf8f6dd0a6cc7223212941e9637389
97c7804c8285dc1c6e118a8110d859c9115ac7632a3bf6ce899b
        EAP-Message =
0xdd5c0ecd12235a8bd509535b9d5a84728637c6e034ceff030ddf41d755fc87ad1573d20de7
9706f928cb3991f3f000c309b268d63517a7152351ddcdb0374c4d425b7dc79aaa54e04b824a
e46c96debf4c67eb4f7644dfdd8d1b5f69e4abb512f60ac79b56687c096553bfb607384a82f0
40d00438e4448115ae8000f53994076a1a009b8c39961f200dd05fe6e89c8c694c8989d46e1b
393598a21f2c470b5f73b143730a631b2772402c6081b54f9725963cc2bef9642030ce9b1848
0ba7ef13a68535469f94f5370203010001a381fb3081f8301d0603551d0e041604144eb70ed6
4e9941f34a7066a80dccbede358df58f3081c80603551d230481
        EAP-Message =
0xc03081bd80144eb70ed64e9941f34a7066a80dccbede358df58fa18199a48196308193310b
3009060355040613024652310f300d0603550408130652616469757331123010060355040713
09536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06
092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403
131d4578616d706c6520436572746966696361746520417574686f726974798209009f2d7ada
256cb590300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100
35808c266c4978a7eb629101e5d27c6dbb11
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c1a578627ccef9d983eb1b684
(6) Finished request 6.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=17,
length=237
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c1a578627ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message = 0x020500061500
        Message-Authenticator = 0xfa070be428a7e0f31c1fb4c68760b4cf
(7) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(7)   group authorize {
(7)  - entering group authorize {...}
(7)   [preprocess] = ok
(7)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(7)   [wimax] = ok
(7) eap : EAP packet type response id 5 length 6
(7) eap : Continuing tunnel setup.
(7)   [eap] = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(7)   group authenticate {
(7)  - entering group authenticate {...}
(7) eap : Request found, released from the list
(7) eap : EAP/ttls
(7) eap : processing type ttls
(7) ttls : Authenticate
(7) ttls : processing EAP-TLS
(7) ttls : Received TLS ACK
(7) ttls : Received TLS ACK
(7) ttls : ACK handshake fragment handler
(7) ttls : eaptls_verify returned 1
(7) ttls : eaptls_process returned 13
(7)   [eap] = handled
Sending Access-Challenge of id 17 to 10.50.4.2 port 49154
        EAP-Message =
0x01060313158000000acd58f51ec582b80339e1b6e4840c26464b17b59fd9be0f60822d0d5a
ae008d36d7088a20489e421786f0359fd2e268ceafa3bf9c07bbf1c2e9267fdb99690d3d2f13
3235d56cf9583252b353b79cca2c57dbe3ca644f175bb48df9389d3575979cef123841f22597
956732f89380db12983f038ae0d7b7d4cbe8adac83af314936a2c318ea702c17cf0749d916d0
750a5af92a40a8419f9444ba0da4604878fd7094eaddf055aedcf748443c1f293bacd4e4d297
c6f5c6bf09039fdd9f6f570a24532a162a2688be5e16ad62f6050d4091be7d0a5c933c653802
3ac87145d6a53bf81dbb0246e3f745dca39b773e5b160301020d
        EAP-Message =
0x0c0002090080937241455120e5f86723331c043ae3551d357c209fb557cb58312d1b1583a9
1e018e4955d2f2891568f6490d44dab517976062592a362a6857f2578ef2d1865e469f97f7dc
2b8b1fa0a1fed25aac2ccee0160f3369a80a73d70958c736f3eb6a0d59a74e8414372a5b2963
8a7e74e2875188d3f4280aa8633ac3ecac606c8abb00010200800198b440f8e9d92975289bc5
b020fe363603f57a4d9edf3e3627b137e0c60ba81756694410d0b588f253221c1b09b34d32a8
402a77d2b83eea0fc6551c1ef056f4d7b0db870f4a4fb6fc4a6e140dd6faaca5d1948255fa0f
1dbc352adfa2eb6585b5a2c0ae3dc2a738aa4ee53950dfe1bd40
        EAP-Message =
0x368f69b0b921b6e14f7be84725b60100193202fd650f77df635b926ddebc6b0acf680a5ff5
454f8560c920e0ed1437ede5982e783fc5c1ab38cec26a2379ff7595fef27e4db5aee82b9523
31fd604d86daf606276006464defb8b06ff3e76ca02800f4a3401b803dca6ae97459add32448
d59fbd344f8dc8bb6622a97cf8cabfb6f6827eb10c8df775e5ffe8752747eff36249120770dd
48d2c885d7f93caff347d9baad490b640e45240629fc317a4cfae657cec634ac2809f214c984
fff2e9d6d8fff9ca019bf88aa997fd0cdaa3d726c3efa983167f925e3c40be1eeb9a2121b465
605dea0d6371adecf2d270321a2b30d427c848e94a37a00fbeef
        EAP-Message =
0xab2f2f04cb1feffc067e581402bb2bf5913ea116030100040e000000
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c1d548627ccef9d983eb1b684
(7) Finished request 7.
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=18,
length=439
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c1d548627ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x020600d01580000000c616030100861000008200804601ed4cea7a4fbf3ea936bb190447aa
79e902f76bd9ca26bf56b5002c860bb7514513debe0262889773db19e9fde0637c596e9f8e95
c758e5572d94b816837ff33624babf64a1e49b10391c78c7d0429098de0483b093fdc72b16e8
efe20271ceb0c635de78bf1d6676197e9132e558accb96c43accde388dc47be89ee22b401403
0100010116030100308113e5ba633d23953215f260177dec8b25a61b3db96c29b3986c88e2c4
ed89e87c5f2bdc224e78ade7702668167ba5a6
        Message-Authenticator = 0xf1cb9dcb23d2730fdd71275b451e332d
(8) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(8)   group authorize {
(8)  - entering group authorize {...}
(8)   [preprocess] = ok
(8)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(8)   [wimax] = ok
(8) eap : EAP packet type response id 6 length 208
(8) eap : Continuing tunnel setup.
(8)   [eap] = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(8)   group authenticate {
(8)  - entering group authenticate {...}
(8) eap : Request found, released from the list
(8) eap : EAP/ttls
(8) eap : processing type ttls
(8) ttls : Authenticate
(8) ttls : processing EAP-TLS
  TLS Length 198
(8) ttls : Length Included
(8) ttls : eaptls_verify returned 11
(8) ttls : <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
(8) ttls :     TLS_accept: SSLv3 read client key exchange A
(8) ttls : <<< TLS 1.0 ChangeCipherSpec [length 0001]
(8) ttls : <<< TLS 1.0 Handshake [length 0010], Finished
(8) ttls :     TLS_accept: SSLv3 read finished A
(8) ttls : >>> TLS 1.0 ChangeCipherSpec [length 0001]
(8) ttls :     TLS_accept: SSLv3 write change cipher spec A
(8) ttls : >>> TLS 1.0 Handshake [length 0010], Finished
(8) ttls :     TLS_accept: SSLv3 write finished A
(8) ttls :     TLS_accept: SSLv3 flush data
  SSL: adding session
4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 to cache
(8) ttls :     (other): SSL negotiation finished successfully
SSL Connection Established
(8) ttls : eaptls_process returned 13
(8)   [eap] = handled
Sending Access-Challenge of id 18 to 10.50.4.2 port 49154
        EAP-Message =
0x0107004515800000003b1403010001011603010030570f9a8f3128c5efe3ab40fedb710a6a
98b4a758734a6f041228fc595846a4271cd9fab4385458fcc226338fb0b91a15
        Message-Authenticator = 0x00000000000000000000000000000000
        State = 0x1952930c1c558627ccef9d983eb1b684
(8) Finished request 8.
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 10.50.4.2 port 49154, id=19,
length=423
        User-Name =
"{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com"
        NAS-IP-Address = 10.50.4.2
        NAS-Port-Type = Wireless-802.16
        NAS-Port = 1
        Calling-Station-Id = "\254\201\022\027\217\352"
        NAS-Identifier = "010010010000032000"
        WiMAX-GMT-Timezone-offset = 0
        Framed-MTU = 1490
        Service-Type = Framed-User
        State = 0x1952930c1c558627ccef9d983eb1b684
        WiMAX-Release = "1.0"
        WiMAX-Accounting-Capabilities = IP-Session-Based
        WiMAX-BS-Id = 0x303130303130303130303030303332303030
        EAP-Message =
0x020700c015001703010020b101f024e95005e369d9c5d192382a8d453c5e51c9af2d15d2a8
b755743b33d3170301009021437256763846c6c051ca099d0357cea3821edb948ba156193791
20f1b97521bb987a775214f1564df6ffbb3f01fd4476a5319bbe7ce4fd1dd8a93abd57cb28b6
b8aed2f37753ede1783589002e0404d1a4247525b941b14d6708f0988df41511758749c51d52
9423167e100ab43bab6991c786266a10f5dd03324930afb09ae3020edcc6a9ac7a77eed51b44
0c88a8
        Message-Authenticator = 0xbfaf7a1a3a19e84106b8191119a83fcc
(9) # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
(9)   group authorize {
(9)  - entering group authorize {...}
(9)   [preprocess] = ok
(9)   [mschap] = noop
rlm_wimax: Fixing WiMAX binary Calling-Station-Id to ac-81-12-17-8f-ea
(9)   [wimax] = ok
(9) eap : EAP packet type response id 7 length 192
(9) eap : Continuing tunnel setup.
(9)   [eap] = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(9)   group authenticate {
(9)  - entering group authenticate {...}
(9) eap : Request found, released from the list
(9) eap : EAP/ttls
(9) eap : processing type ttls
(9) ttls : Authenticate
(9) ttls : processing EAP-TLS
(9) ttls : eaptls_verify returned 7
(9) ttls : Done initial handshake
(9) ttls : eaptls_process returned 7
(9) ttls : Session established.  Proceeding to decode tunneled attributes.
(9) ttls : Tunneled attribute 1 is too short (1 < 12) to contain anything
useful.
  SSL: Removing session
4cf09e9c9f327a21bd3f49610525905b42346e067b3d1f254b14331103397e81 from the
cache
(9) eap : Handler failed in EAP/ttls
(9) eap : Failed in EAP select
(9)   [eap] = invalid
(9) Failed to authenticate the user.
(9) Using Post-Auth-Type Reject
(9) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(9)   group REJECT {
(9)  - entering group REJECT {...}
(9) attr_filter.access_reject :         expand: %{User-Name} ->
{am=1}{sm=1}94A435643C002DA3E54F3D9779C1FE70 at cueband.com
(9) attr_filter.access_reject : Matched entry DEFAULT at line 11
(9)   [attr_filter.access_reject] = updated
(9) Finished request 9.
Waking up in 0.2 seconds.
Waking up in 0.1 seconds.
Waking up in 0.6 seconds.
(9) Sending delayed reject
Sending Access-Reject of id 19 to 10.50.4.2 port 49154
        EAP-Message = 0x04070004
        Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2.3 seconds.
(3) Cleaning up request packet ID 13 with timestamp +35
(4) Cleaning up request packet ID 14 with timestamp +35
(5) Cleaning up request packet ID 15 with timestamp +36




More information about the Freeradius-Users mailing list