freeradius using linux user passwd
Julian Macassey
julian at tele.com
Tue Jul 9 00:10:31 CEST 2013
On 2013-07-08 at 22:16, Matthew Newton (mcn4 at leicester.ac.uk) wrote:
> On Mon, Jul 08, 2013 at 01:49:47PM -0700, Julian Macassey wrote:
> > I have a Netgear WiFi router set up for WPA2 Enterprise.
> > It is pointed at a freeradius server. I am trying to use the
> > username and password of that server to authenticate. It fails
> > consistenty with:
> >
> > [pap] WARNING! No "known good" password found for the user.
> > Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request:
> > Rejecting the user
> > Failed to authenticate the user.
>
> It looks like you've removed 'eap' from your default server
> configuration. As WPA uses eap, you won't get far without it.
So, I put it back in. I took it out earlier as 1. I
couldn't connect with it. 2. My understanding from reading the
docs was that pap alone would do the job.
>
> However, if you want to authenticate using the system
> (/etc/passwd or shadow) database, then the only EAP type that's
> going to work is EAP-TTLS/PAP.
Now it, and everything else, seems to be there.
> Windows older than Win8 don't
> support that without a 3rd party supplicant, which is a barrier
> for many people wanting to use it, so most dont.
>
> In short the most likely things you want to do after adding eap
> back in again are to use either a database with cleartext
> passwords in it or use mschap (NTLM hash) passwords.
I'm just trying to do a bog standard username and
password for OS X and Linux users on laptops - Plus the
ubiquitous smartphones of course. I have no Microsoft gear on the
LAN.
Here is my latest output:
FreeRADIUS Version 2.1.10, for host x86_64-pc-linux-gnu, built on Sep 24 2012 at 17:58:57
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/plumgrid-radius1/plumgrid-radius1.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "d1sc0verplum"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "d1sc0verplum"
nastype = "other"
}
client 10.1.1.211 {
ipaddr = 10.1.1.211
require_message_authenticator = no
secret = "d1sc0verplum"
shortname = "wifi"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/freeradius/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=124, length=162
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0222000e0165766572677265656e
Message-Authenticator = 0x971cc295e4f37b509240d5450ed9c594
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 34 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 124 to 10.1.1.211 port 35032
EAP-Message = 0x012300160410eaaba32e48f9a3cff74043ca97a6cd70
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950894d891fe1477c70ff2bf2308
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=125, length=172
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022300060319
State = 0x94fb950894d891fe1477c70ff2bf2308
Message-Authenticator = 0x31a90e82ac4971b87149b06a414c6f94
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 35 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 125 to 10.1.1.211 port 35032
EAP-Message = 0x012400061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950895df8cfe1477c70ff2bf2308
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=126, length=298
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0224008419800000007a160301007501000071030151db3692ab24ff2974fadd30e7f746344f43d23b57876c584d2f4bbcffe21a77000036c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00320033003800390016001301000012000a00080006001700180019000b00020100
State = 0x94fb950895df8cfe1477c70ff2bf2308
Message-Authenticator = 0x1035bc59d348c3f030a370357439e1ab
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 36 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 126 to 10.1.1.211 port 35032
EAP-Message = 0x0125040019c00000089b160301002a02000026030151db366edec4cd37c2c9de7c70687423e7985701f5c9f226faf8876b2da0a6e400002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3133303730383139333834305a170d3134303730383139333834305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e0af0a8d6daefc6d3dfa2aeb1e1c8b372d649a84366dbc6fc1272eaa48b8b2ca7538485aa97f1dc687ac0ce85af6e20f4edef1f0a13269a46e9747bff07e
EAP-Message = 0x25aa3372093de129a21dd65a9805254a6202a608d25bb720daa93c20e642ef960ea5ec7b056e12cbd5cc67e1244d0a91e4cf83a6bbb3f876d6b8f066562c7589b124e7e272d08e70aad01ce342f18495c33b5e1e883a65fbc95173198fcefc8b25e375855ef28475541922d285e61c5ee953c0484cf909bfb2cbf0ccd71f6d5a10d57fc3e60d6d2d653cd7de2141b36f9496a83bbaf06c85debb6e452b84546e63314075c5ecd5675b2d318c18a3c1d676f1ff78e9a40c8c29151cdda0f541d8f9fb0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010050d81d2de1440f8bc8
EAP-Message = 0x77a488be467952d2cfc2ec90173c8b5f096f489918bf4a8bdf86e55dc8d5d710b163340fe89373518b49d1fb7d96c25a9d48d99e7c72cf968ca5b3fbac58c650929f331d60650303bde6f7bd4636a7b0e567f251ee11f17908d5101c33a276ce9f446bd3ff2b4030f4b98c108d28a737ac4142a25e4557ed0a6f019dd6f7b73c77d0287d71ac7bc0d93ef1dce30251ef80457e61e22ad7e0f15c80ffa604d5cf1aad8a880c5f15c5a4248d2f292db14e029e9ac38482983f328c3ec21fd7ab5474689ac5975033f834b517bf78052563cc905d17aa52f0834c5047040890eb24552a0ee791b2839e6b88c5feeb9e8f586d5391b13322860004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950896de8cfe1477c70ff2bf2308
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=127, length=172
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022500061900
State = 0x94fb950896de8cfe1477c70ff2bf2308
Message-Authenticator = 0xa5dd14379b6c04a6d4f9e4c2ac6e79a1
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 37 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 127 to 10.1.1.211 port 35032
EAP-Message = 0x012603fc194000f4d32f255cc0c348300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133303730383139333834305a170d3134303730383139333834305a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100eb807f1fd3cdb98ff7b2f777a95978d266049d6ab32321fd58a94fb0d52aa634ba90594211a99af6ffe7113bc15cf5fdbdc8bdf2c8ecd8d078fae7408a76f3816e725527c3606804cea0ced3ec70bbefd219ca812106414220c3134a998dadcf0b5529c14465df968b674ec4fd0a9a
EAP-Message = 0x35a2d186c881b8fae5a72795edfee73b2a9f1674de1016c4f6fb26f658301c9bebeacc53a727313f787f03e0b98bb50925e08c71d0f70f0bed575758cde31c77cf34867f59fb04e042e442f278b6c44cdf991ed6a295799e923cb0c97b1097f9814b06b4c5c31d945c8b983837307777d343360fa5118fec602a3579cb0056737a2b850a3fa7d05baa6ca2b408d04a1a7b0203010001a381fb3081f8301d0603551d0e04160414d8240032936cdc231d88499a7eed6216431c60263081c80603551d230481c03081bd8014d8240032936cdc231d88499a7eed6216431c6026a18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f4d32f255cc0c348300c0603551d13040530030101ff300d06092a864886f70d010105050003820101000b45b9ef3e89cff871a8afa66317465b27b832e27e470d88f657f81e6158a709600426240e2a8de1b2416644959f1dbe63e3f1c09a850213fad8c569191b22e178b5c08f9a4398ab81375f9e812186e00753
EAP-Message = 0xd2ca375f069b9b31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950897dd8cfe1477c70ff2bf2308
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=128, length=172
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022600061900
State = 0x94fb950897dd8cfe1477c70ff2bf2308
Message-Authenticator = 0xa875cace5dda858e41ea71c11bad415c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 38 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 128 to 10.1.1.211 port 35032
EAP-Message = 0x012700b519002782cf9825b84ae3e45b9cbc6882857730a54c1b56ae56c0395d529f545d8b605b210dbfd0985cde611bb8c55142f3113d2b5b6017ff5d972a579d0426036134e10aafdc036195223a3c16d25fe9d181b1007ccf2dd7f8588d0436fb1123222754e59d4f7ac6daa05e17d2407d8426181d55b23f3c8b4aaf178ae754b80273464aa76fa3f814f3f3492ef248d0a83a17a763da5cb5d022fcb0e7c4cf54c04580a222ad3eea0116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950890dc8cfe1477c70ff2bf2308
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=129, length=504
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022701501980000001461603010106100001020100c34bcc8150e8c8d5df12bbb80fd474cd3541f104956c0a438880de306033f69b478baa473580203c8499c31a7696ee0640d9b49307584bc907426690c4aacec6dde59994969dd93861aa249957489bf442134cebff66b0e0200f68e290a5f5111ea29b2b9409b6d82d6e53e97da5b37dca907b4fd7f73735a88d389d9df20deeda155d5998aa72932a472c55c34b91cd14cd9760c508943eb9f2e20aedf401640e1b6613992855834d3169fb5de01dd7d6634d0163126b778fec6ef22de0f85a540c52160b78b65b08958cb7b9b4a7169dc63073ae9ea18c935394f7da46d070263e3b8358f2ee5e
EAP-Message = 0x761de73dae90a1133563dc06945541a2f926b698bc9452a214030100010116030100302e635bbd4d8afdd87c7f67adc20550f334617b7ff417dc15a1687d5174470c8553d5eac5386b92aa8957feea182b2488
State = 0x94fb950890dc8cfe1477c70ff2bf2308
Message-Authenticator = 0xe3e2f1c119248b200ce367aac3727971
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 39 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 129 to 10.1.1.211 port 35032
EAP-Message = 0x01280041190014030100010116030100307df7b3495e22ef9c1dac0bcee7feda3c496009b5055839a35f54be624426631b66c03a43ab68fe2fe26e5a2c4ad81bf2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950891d38cfe1477c70ff2bf2308
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=130, length=172
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022800061900
State = 0x94fb950891d38cfe1477c70ff2bf2308
Message-Authenticator = 0xdff25c2e931ec03c6571ba44c0c343b8
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 40 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 130 to 10.1.1.211 port 35032
EAP-Message = 0x0129002b1900170301002081d7d9527f298efa1fe2231ab7767690726678787b1ef906df809acbf19a2b41
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950892d28cfe1477c70ff2bf2308
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=131, length=209
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x0229002b19001703010020f32c0d57ca9e9aeff37fc8e25aeac15f766362c5390e6d333f1a35d7dc2a0124
State = 0x94fb950892d28cfe1477c70ff2bf2308
Message-Authenticator = 0x93edbb3fa37b4fb8c8f583facdff2dfd
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 41 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - evergreen
[peap] Got inner identity 'evergreen'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0229000e0165766572677265656e
server {
PEAP: Setting User-Name to evergreen
Sending tunneled request
EAP-Message = 0x0229000e0165766572677265656e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "evergreen"
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 41 length 14
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x012a00231a012a001e1062b1047c531ad557fbce1ca39300531e65766572677265656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84873f8084ad259f85a24a928585c30e
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x012a00231a012a001e1062b1047c531ad557fbce1ca39300531e65766572677265656e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x84873f8084ad259f85a24a928585c30e
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 131 to 10.1.1.211 port 35032
EAP-Message = 0x012a004b19001703010040d12bb79ef84b4d6d33940e5cc65b6ec0585ac6bc5479eb1555d14d8e7ba7972cf374e37a10a705189fb909b87c7393afa40cf81fc8ba7a2fb389a2bd31ce20eb
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb950893d18cfe1477c70ff2bf2308
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=132, length=273
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022a006b190017030100605c5d176dec06ee45d4d4daea33e4792577914d7f804e26739832d61290734264dfa9782f30b23e386765a8f19001936f8c66dcd2ea2f02eb4364ef8daaae2b46cfaba84893effe6c4e4e677d568bbf64a8a79dbe0bf171f00d4d118821d8494a
State = 0x94fb950893d18cfe1477c70ff2bf2308
Message-Authenticator = 0xaae8e93ec4baedb57226f5857fbeefcf
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 42 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x022a00441a022a003f314218e8aafbcedebcaa680a818e2c69530000000000000000cb6a372ed7a55bc851177ce70298c4a87bf9075a371534c40065766572677265656e
server {
PEAP: Setting User-Name to evergreen
Sending tunneled request
EAP-Message = 0x022a00441a022a003f314218e8aafbcedebcaa680a818e2c69530000000000000000cb6a372ed7a55bc851177ce70298c4a87bf9075a371534c40065766572677265656e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "evergreen"
State = 0x84873f8084ad259f85a24a928585c30e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 42 length 68
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: evergreen
[mschap] Told to do MS-CHAPv2 for evergreen with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "*E=691 R=1"
EAP-Message = 0x042a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "*E=691 R=1"
EAP-Message = 0x042a0004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 132 to 10.1.1.211 port 35032
EAP-Message = 0x012b002b19001703010020ff10092adaa9fdacb79530b044899aabc8899262b7ae726656391f88a3911b25
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x94fb95089cd08cfe1477c70ff2bf2308
Finished request 8.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=133, length=209
User-Name = "evergreen"
NAS-IP-Address = 192.168.1.1
NAS-Port = 0
Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
Calling-Station-Id = "00-1F-5B-C1-AB-24"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11b"
EAP-Message = 0x022b002b190017030100208e327eb0489d3827eac9d59af7e4e298ae6cfbb307128bdf4eac86347d5a3c3f
State = 0x94fb95089cd08cfe1477c70ff2bf2308
Message-Authenticator = 0x46ed47a21c5bc33ea610f9f3583bc9cb
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[digest] returns noop
[suffix] No '@' in User-Name = "evergreen", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 43 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> evergreen
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 133 to 10.1.1.211 port 35032
EAP-Message = 0x042b0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.7 seconds.
Cleaning up request 0 ID 124 with timestamp +42
Cleaning up request 1 ID 125 with timestamp +42
Cleaning up request 2 ID 126 with timestamp +42
Cleaning up request 3 ID 127 with timestamp +42
Cleaning up request 4 ID 128 with timestamp +42
Cleaning up request 5 ID 129 with timestamp +42
Cleaning up request 6 ID 130 with timestamp +43
Cleaning up request 7 ID 131 with timestamp +43
Cleaning up request 8 ID 132 with timestamp +43
Waking up in 1.0 seconds.
Cleaning up request 9 ID 133 with timestamp +43
Ready to process requests.
>
> > rad_recv: Access-Request packet from host 10.1.1.211 port 35032, id=73, length=162
> > User-Name = "evergreen"
> > NAS-IP-Address = 192.168.1.1
> > NAS-Port = 0
> > Called-Station-Id = "28-C6-8E-A4-2B-6A:plum-radius"
> > Calling-Station-Id = "00-1F-5B-C1-AB-24"
> > Framed-MTU = 1400
> > NAS-Port-Type = Wireless-802.11
> > Connect-Info = "CONNECT 0Mbps 802.11b"
> > EAP-Message = 0x02b1000e0165766572677265656e
> > Message-Authenticator = 0x6f0e884ab22ca3b623c88cb2a8bab823
> > # Executing section authorize from file /etc/freeradius/sites-enabled/default
> > +- entering group authorize {...}
> > ++[preprocess] returns ok
> > ++[digest] returns noop
> > [suffix] No '@' in User-Name = "evergreen", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > ++[unix] returns notfound
> > ++[files] returns noop
> > ++[expiration] returns noop
> > ++[logintime] returns noop
> > [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
> > ++[pap] returns noop
> > ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user
> > Failed to authenticate the user.
> > Using Post-Auth-Type Reject
> > # Executing group from file /etc/freeradius/sites-enabled/default
> > +- entering group REJECT {...}
> > [attr_filter.access_reject] expand: %{User-Name} -> evergreen
> > attr_filter: Matched entry DEFAULT at line 11
> > ++[attr_filter.access_reject] returns updated
> > Delaying reject of request 0 for 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > Sending delayed reject for request 0
> > Sending Access-Reject of id 73 to 10.1.1.211 port 35032
> > Waking up in 4.9 seconds.
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
http://www.fightforthefuture.org/#
More information about the Freeradius-Users
mailing list