Wi-Fi MAC OSX occascionally fails

John Teasley ollieteasley at gmail.com
Tue Feb 9 23:56:57 CET 2016


Hello,

I am new to the list as well. However, "Sending Access-Accept of id 102 to
192.168.1.29 port 56313" shows all is good. Have you tried checking the
logs on the client and server to see what happens when your connection
drops? What you posted above shows that you got authorized and
authenticated to me. I am sure some others on here may be able to help more
though.

One note, when I was debugging on a linux client I had to check the
supplicant AND system logs. I am sure you could get some information on the
MacOSx daemon that handles the supplicant authorize / authentication
pieces. Watching both server and client at the same time may prove helpful.



Ollie Teasley
Linux Administrator
ISMELL.SHOES, LLC


On Tue, Feb 9, 2016 at 4:46 PM, Doug Berman <dougberman at gmail.com> wrote:

> I'm new to freeradius.  I have a simple setup on ubuntu 14.04.  I don't
> have SQL and simply have a user configured in the users file.  The user is
> me - dougberman.  I also have a ubiquiti access point which I've configured
> as a client to the radius server.  What's frustrating is sometimes I'm able
> to use 802.1x EAP/PEAP just fine on my MAC and other times, it fails.  I've
> looked through the radius debug and I can't find anything that stands out
> that calls my attention.   Snipits for the file "users" and "clients.conf"
> and the debug is below. Any help would be greatly appreciated.
>
> users:
>
> dougberman Cleartext-Password := "foo123"
>
> clients.conf
>
> client 192.168.1.29 {
>
> secret          = network
>
> shortname       = routergw
>
> nastype         = other
>
> }
> Please let me know if you have any additional questions.
>
> doug at db-dell:~$ sudo freeradius -X
> [sudo] password for doug:
> FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26
> 2015 at 14:47:03
> Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
> PARTICULAR PURPOSE.
> You may redistribute copies of FreeRADIUS under the terms of the
> GNU General Public License v2.
> Starting - reading configuration files ...
> including configuration file /etc/freeradius/radiusd.conf
> including configuration file /etc/freeradius/proxy.conf
> including configuration file /etc/freeradius/clients.conf
> including files in directory /etc/freeradius/modules/
> including configuration file /etc/freeradius/modules/smbpasswd
> including configuration file /etc/freeradius/modules/ippool
> including configuration file /etc/freeradius/modules/expr
> including configuration file /etc/freeradius/modules/pap
> including configuration file /etc/freeradius/modules/passwd
> including configuration file
> /etc/freeradius/modules/sqlcounter_expire_on_login
> including configuration file /etc/freeradius/modules/otp
> including configuration file /etc/freeradius/modules/expiration
> including configuration file /etc/freeradius/modules/detail.example.com
> including configuration file /etc/freeradius/modules/preprocess
> including configuration file /etc/freeradius/modules/exec
> including configuration file /etc/freeradius/modules/mac2vlan
> including configuration file /etc/freeradius/modules/files
> including configuration file /etc/freeradius/modules/attr_rewrite
> including configuration file /etc/freeradius/modules/dynamic_clients
> including configuration file /etc/freeradius/modules/perl
> including configuration file /etc/freeradius/modules/krb5
> including configuration file /etc/freeradius/modules/checkval
> including configuration file /etc/freeradius/modules/etc_group
> including configuration file /etc/freeradius/modules/mac2ip
> including configuration file /etc/freeradius/modules/smsotp
> including configuration file /etc/freeradius/modules/inner-eap
> including configuration file /etc/freeradius/modules/sradutmp
> including configuration file /etc/freeradius/modules/always
> including configuration file /etc/freeradius/modules/detail.log
> including configuration file /etc/freeradius/modules/attr_filter
> including configuration file /etc/freeradius/modules/rediswho
> including configuration file /etc/freeradius/modules/replicate
> including configuration file /etc/freeradius/modules/cui
> including configuration file /etc/freeradius/modules/unix
> including configuration file /etc/freeradius/modules/mschap
> including configuration file /etc/freeradius/modules/counter
> including configuration file /etc/freeradius/modules/ntlm_auth
> including configuration file /etc/freeradius/modules/acct_unique
> including configuration file /etc/freeradius/modules/linelog
> including configuration file /etc/freeradius/modules/realm
> including configuration file /etc/freeradius/modules/pam
> including configuration file /etc/freeradius/modules/radutmp
> including configuration file /etc/freeradius/modules/sql_log
> including configuration file /etc/freeradius/modules/ldap
> including configuration file /etc/freeradius/modules/redis
> including configuration file /etc/freeradius/modules/opendirectory
> including configuration file /etc/freeradius/modules/logintime
> including configuration file /etc/freeradius/modules/digest
> including configuration file /etc/freeradius/modules/policy
> including configuration file /etc/freeradius/modules/detail
> including configuration file /etc/freeradius/modules/echo
> including configuration file /etc/freeradius/modules/chap
> including configuration file /etc/freeradius/modules/wimax
> including configuration file /etc/freeradius/modules/soh
> including configuration file /etc/freeradius/eap.conf
> including configuration file /etc/freeradius/policy.conf
> including files in directory /etc/freeradius/sites-enabled/
> including configuration file /etc/freeradius/sites-enabled/inner-tunnel
> including configuration file /etc/freeradius/sites-enabled/default
> main {
>         user = "freerad"
>         group = "freerad"
>         allow_core_dumps = no
> }
> including dictionary file /etc/freeradius/dictionary
> main {
>         name = "freeradius"
>         prefix = "/usr"
>         localstatedir = "/var"
>         sbindir = "/usr/sbin"
>         logdir = "/var/log/freeradius"
>         run_dir = "/var/run/freeradius"
>         libdir = "/usr/lib/freeradius"
>         radacctdir = "/var/log/freeradius/radacct"
>         hostname_lookups = no
>         max_request_time = 30
>         cleanup_delay = 5
>         max_requests = 1024
>         pidfile = "/var/run/freeradius/freeradius.pid"
>         checkrad = "/usr/sbin/checkrad"
>         debug_level = 0
>         proxy_requests = yes
>  log {
>         stripped_names = no
>         auth = yes
>         auth_badpass = yes
>         auth_goodpass = yes
>  }
>  security {
>         max_attributes = 200
>         reject_delay = 1
>         status_server = yes
>  }
> }
> radiusd: #### Loading Realms and Home Servers ####
>  proxy server {
>         retry_delay = 5
>         retry_count = 3
>         default_fallback = no
>         dead_time = 120
>         wake_all_if_all_dead = no
>  }
>  home_server localhost {
>         ipaddr = 127.0.0.1
>         port = 1812
>         type = "auth"
>         secret = "testing123"
>         response_window = 20
>         max_outstanding = 65536
>         require_message_authenticator = yes
>         zombie_period = 40
>         status_check = "status-server"
>         ping_interval = 30
>         check_interval = 30
>         num_answers_to_alive = 3
>         num_pings_to_alive = 3
>         revive_interval = 120
>         status_check_timeout = 4
>   coa {
>         irt = 2
>         mrt = 16
>         mrc = 5
>         mrd = 30
>   }
>  }
>  home_server_pool my_auth_failover {
>         type = fail-over
>         home_server = localhost
>  }
>  realm example.com {
>         auth_pool = my_auth_failover
>  }
>  realm LOCAL {
>  }
> radiusd: #### Loading Clients ####
>  client localhost {
>         ipaddr = 127.0.0.1
>         require_message_authenticator = no
>         secret = "testing123"
>         nastype = "other"
>  }
>  client 192.168.1.29 {
>         require_message_authenticator = no
>         secret = "network"
>         shortname = "routergw"
>         nastype = "other"
>  }
> radiusd: #### Instantiating modules ####
>  instantiate {
>  Module: Linked to module rlm_exec
>  Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
>   exec {
>         wait = no
>         input_pairs = "request"
>         shell_escape = yes
>   }
>  Module: Linked to module rlm_expr
>  Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
>  Module: Linked to module rlm_expiration
>  Module: Instantiating module "expiration" from file
> /etc/freeradius/modules/expiration
>   expiration {
>         reply-message = "Password Has Expired  "
>   }
>  Module: Linked to module rlm_logintime
>  Module: Instantiating module "logintime" from file
> /etc/freeradius/modules/logintime
>   logintime {
>         reply-message = "You are calling outside your allowed timespan  "
>         minimum-timeout = 60
>   }
>  }
> radiusd: #### Loading Virtual Servers ####
> server { # from file /etc/freeradius/radiusd.conf
>  modules {
>   Module: Creating Auth-Type = digest
>   Module: Creating Post-Auth-Type = REJECT
>  Module: Checking authenticate {...} for more modules to load
>  Module: Linked to module rlm_pap
>  Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
>   pap {
>         encryption_scheme = "auto"
>         auto_header = no
>   }
>  Module: Linked to module rlm_chap
>  Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
>  Module: Linked to module rlm_mschap
>  Module: Instantiating module "mschap" from file
> /etc/freeradius/modules/mschap
>   mschap {
>         use_mppe = yes
>         require_encryption = no
>         require_strong = no
>         with_ntdomain_hack = no
>         allow_retry = yes
>   }
>  Module: Linked to module rlm_digest
>  Module: Instantiating module "digest" from file
> /etc/freeradius/modules/digest
>  Module: Linked to module rlm_unix
>  Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
>   unix {
>         radwtmp = "/var/log/freeradius/radwtmp"
>   }
>  Module: Linked to module rlm_eap
>  Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
>   eap {
>         default_eap_type = "md5"
>         timer_expire = 60
>         ignore_unknown_eap_types = no
>         cisco_accounting_username_bug = no
>         max_sessions = 4096
>   }
>  Module: Linked to sub-module rlm_eap_md5
>  Module: Instantiating eap-md5
>  Module: Linked to sub-module rlm_eap_leap
>  Module: Instantiating eap-leap
>  Module: Linked to sub-module rlm_eap_gtc
>  Module: Instantiating eap-gtc
>    gtc {
>         challenge = "Password: "
>         auth_type = "PAP"
>    }
>  Module: Linked to sub-module rlm_eap_tls
>  Module: Instantiating eap-tls
>    tls {
>         rsa_key_exchange = no
>         dh_key_exchange = yes
>         rsa_key_length = 512
>         dh_key_length = 512
>         verify_depth = 0
>         CA_path = "/etc/freeradius/certs"
>         pem_file_type = yes
>         private_key_file = "/etc/freeradius/certs/server.key"
>         certificate_file = "/etc/freeradius/certs/server.pem"
>         CA_file = "/etc/freeradius/certs/ca.pem"
>         private_key_password = "whatever"
>         dh_file = "/etc/freeradius/certs/dh"
>         random_file = "/dev/urandom"
>         fragment_size = 1024
>         include_length = yes
>         check_crl = no
>         cipher_list = "DEFAULT"
>         make_cert_command = "/etc/freeradius/certs/bootstrap"
>         ecdh_curve = "prime256v1"
>     cache {
>         enable = no
>         lifetime = 24
>         max_entries = 255
>     }
>     verify {
>     }
>     ocsp {
>         enable = no
>         override_cert_url = yes
>         url = "http://127.0.0.1/ocsp/"
>     }
>    }
>  Module: Linked to sub-module rlm_eap_ttls
>  Module: Instantiating eap-ttls
>    ttls {
>         default_eap_type = "md5"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         virtual_server = "inner-tunnel"
>         include_length = yes
>    }
>  Module: Linked to sub-module rlm_eap_peap
>  Module: Instantiating eap-peap
>    peap {
>         default_eap_type = "mschapv2"
>         copy_request_to_tunnel = no
>         use_tunneled_reply = no
>         proxy_tunneled_request_as_eap = yes
>         virtual_server = "inner-tunnel"
>         soh = no
>    }
>  Module: Linked to sub-module rlm_eap_mschapv2
>  Module: Instantiating eap-mschapv2
>    mschapv2 {
>         with_ntdomain_hack = no
>         send_error = no
>    }
>  Module: Checking authorize {...} for more modules to load
>  Module: Linked to module rlm_preprocess
>  Module: Instantiating module "preprocess" from file
> /etc/freeradius/modules/preprocess
>   preprocess {
>         huntgroups = "/etc/freeradius/huntgroups"
>         hints = "/etc/freeradius/hints"
>         with_ascend_hack = no
>         ascend_channels_per_line = 23
>         with_ntdomain_hack = no
>         with_specialix_jetstream_hack = no
>         with_cisco_vsa_hack = no
>         with_alvarion_vsa_hack = no
>   }
>  Module: Linked to module rlm_realm
>  Module: Instantiating module "suffix" from file
> /etc/freeradius/modules/realm
>   realm suffix {
>         format = "suffix"
>         delimiter = "@"
>         ignore_default = no
>         ignore_null = no
>   }
>  Module: Linked to module rlm_files
>  Module: Instantiating module "files" from file
> /etc/freeradius/modules/files
>   files {
>         usersfile = "/etc/freeradius/users"
>         acctusersfile = "/etc/freeradius/acct_users"
>         preproxy_usersfile = "/etc/freeradius/preproxy_users"
>         compat = "no"
>   }
>  Module: Checking preacct {...} for more modules to load
>  Module: Linked to module rlm_acct_unique
>  Module: Instantiating module "acct_unique" from file
> /etc/freeradius/modules/acct_unique
>   acct_unique {
>         key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port"
>   }
>  Module: Checking accounting {...} for more modules to load
>  Module: Linked to module rlm_detail
>  Module: Instantiating module "detail" from file
> /etc/freeradius/modules/detail
>   detail {
>         detailfile =
>
> "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
>         header = "%t"
>         detailperm = 384
>         dirperm = 493
>         locking = no
>         log_packet_header = no
>   }
>  Module: Linked to module rlm_radutmp
>  Module: Instantiating module "radutmp" from file
> /etc/freeradius/modules/radutmp
>   radutmp {
>         filename = "/var/log/freeradius/radutmp"
>         username = "%{User-Name}"
>         case_sensitive = yes
>         check_with_nas = yes
>         perm = 384
>         callerid = yes
>   }
>  Module: Linked to module rlm_attr_filter
>  Module: Instantiating module "attr_filter.accounting_response" from file
> /etc/freeradius/modules/attr_filter
>   attr_filter attr_filter.accounting_response {
>         attrsfile = "/etc/freeradius/attrs.accounting_response"
>         key = "%{User-Name}"
>         relaxed = no
>   }
>  Module: Checking session {...} for more modules to load
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  Module: Instantiating module "attr_filter.access_reject" from file
> /etc/freeradius/modules/attr_filter
>   attr_filter attr_filter.access_reject {
>         attrsfile = "/etc/freeradius/attrs.access_reject"
>         key = "%{User-Name}"
>         relaxed = no
>   }
>  } # modules
> } # server
> server inner-tunnel { # from file
> /etc/freeradius/sites-enabled/inner-tunnel
>  modules {
>  Module: Checking authenticate {...} for more modules to load
>  Module: Checking authorize {...} for more modules to load
>  Module: Checking session {...} for more modules to load
>  Module: Checking post-proxy {...} for more modules to load
>  Module: Checking post-auth {...} for more modules to load
>  } # modules
> } # server
> radiusd: #### Opening IP addresses and Ports ####
> listen {
>         type = "auth"
>         ipaddr = *
>         port = 0
> }
> listen {
>         type = "acct"
>         ipaddr = *
>         port = 0
> }
> listen {
>         type = "auth"
>         ipaddr = 127.0.0.1
>         port = 18120
> }
>  ... adding new socket proxy address * port 51461
> Listening on authentication address * port 1812
> Listening on accounting address * port 1813
> Listening on authentication address 127.0.0.1 port 18120 as server
> inner-tunnel
> Listening on proxy address * port 1814
> Ready to process requests.
>
>
>
>
>
>
>
>
>
>
>
>
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=93,
> length=182
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message = 0x0286000f01646f75676265726d616e
>         Message-Authenticator = 0x1b7db57089969456fcff7f264214ac71
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 134 length 15
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry dougberman at line 3
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING: Auth-Type already set.  Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 93 to 192.168.1.29 port 56313
>         EAP-Message = 0x018700160410a6e7f7cc1f9ae919f16aac7710972bd9
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b925ac86dd5e2158f0b41dda7
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=94,
> length=193
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message = 0x028700080319152b
>         State = 0x92ddcc5b925ac86dd5e2158f0b41dda7
>         Message-Authenticator = 0x3d6957c95c9c9ba03aa0574e37d2019c
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 135 length 8
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry dougberman at line 3
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING: Auth-Type already set.  Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP NAK
> [eap] EAP-NAK asked for EAP-Type/peap
> [eap] processing type tls
> [tls] Initiate
> [tls] Start returned 1
> ++[eap] returns handled
> Sending Access-Challenge of id 94 to 192.168.1.29 port 56313
>         EAP-Message = 0x018800061920
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9355d56dd5e2158f0b41dda7
> Finished request 1.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=95,
> length=316
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x02880083198000000079160301007401000070030156ba68815990fdf76fe5ebc053ed7757fbde10eeeedd069c792855e3fc6abc2f00002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000
>         State = 0x92ddcc5b9355d56dd5e2158f0b41dda7
>         Message-Authenticator = 0x40f21a53503b308c46cb0d395acff087
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 136 length 131
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>   TLS Length 121
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap]     (other): before/accept initialization
> [peap]     TLS_accept: before/accept initialization
> [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello
> [peap]     TLS_accept: SSLv3 read client hello A
> [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello
> [peap]     TLS_accept: SSLv3 write server hello A
> [peap] >>> TLS 1.0 Handshake [length 02c2], Certificate
> [peap]     TLS_accept: SSLv3 write certificate A
> [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange
> [peap]     TLS_accept: SSLv3 write key exchange A
> [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> [peap]     TLS_accept: SSLv3 write server done A
> [peap]     TLS_accept: SSLv3 flush data
> [peap]     TLS_accept: Need to read more data: SSLv3 read client
> certificate A
> In SSL Handshake Phase
> In SSL Accept mode
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 95 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x0189040019c00000045e16030100390200003503013ebf7047410d7a1859b5bbbf2a9d9888ce6e37c03ba9f1614c3bb95e24f1484d00c01400000dff01000100000b00040300010216030102c20b0002be0002bb0002b8308202b43082019ca003020102020900b793aee3ac33bc49300d06092a864886f70d01010b050030123110300e0603550403130764622d64656c6c301e170d3136303230323136353033355a170d3236303133303136353033355a30123110300e0603550403130764622d64656c6c30820122300d06092a864886f70d01010105000382010f003082010a0282010100a3869b5f162e1e131968dc8d564b1d234e592c42f841
>         EAP-Message =
>
> 0xa1241e96afe0db33d6d261b72bc407b2644f64812dba426bbbb6b3231f94a6cddbd263def9ce4e1a43f2a6c264cb9d1b3b4d9f2eace7afc4c2cf1e4c55e307e888b87e55003c404005a0c1a8b58fb034a59d7588206f9b280f5b0174dd53b9d5b8f8227936f640d73af94d8bf255316ba21199b9a01a45b33639cfa1c1f5145fc139819c84376523c6959ae1d6eccad8aa74a7fef8550fca94758e9f6e1a822b93439edcc4655baef7d39725f7378a4d8456581a45628523a8310467e66fb7cde362cabb555c9ef8807421e87adf51b3fb850ee59e23dc0d15fa956ed25af53b6bd8a3b703c431601aad0203010001a30d300b30090603551d13040230
>         EAP-Message =
>
> 0x00300d06092a864886f70d01010b050003820101006dbcd92c80fb31226b1e11ba78acdbfe58ef27a40611e499d4e6bbe5b1bda08cadd47e713fa241ca04627c7b7e4d47704f57af194b910b99d72202d070e26e1cb36107b6d92615758f8c0202fb8a77c92e3654299280c99f26c4dc0216849ffce1062fe9a346d91a04489642f9172d6fcb10bae6f2616bccebb43a00e72d3dbbd519cd0c0a4028eb7a316be8a2777459784bdc6085c3ca16aa635c04e0af7f73060016ce702081b5633f2d3204f0c3ddc35afb0159d6658ac5446a970fa89a090983e361df96e61d39550455483d1514b861ec58e826e508944aea60afb69463aabcce9787295042
>         EAP-Message =
>
> 0xd8b7e3f8a0d0318c55eee88732d1368ef2e6bc69c6ce6351160301014b0c00014703001741040884dfbcda7aeb9916409f3bec34b77584692af6d8d300907b4b79520e0bc4f8c97ad01ceea451d317bc57f48c22cb559c9aa94ddb890830c7355b5dd52dcb9b01002e7f7507025b5ab68f95c1f13cb6a007148404af7c5b9ead6cf1ef3548ebc99f69cd53b61590fbfd42f89369a909680c394c5a40bf756975d1f6d653190435dc34dee4b29704293006d600fb7c67015129e05deab4796a06100aea38c739152b9b8c5dabf734ce8f474cdeabfe63e42032f0ac74fbe2d8a09c17ad55b14b7cd2d9ed043ee42f26ae7e5b28fb5869e6d576ddb54d94
>         EAP-Message = 0x2260d3c985a4fbc2debb2686
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9054d56dd5e2158f0b41dda7
> Finished request 2.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=96,
> length=191
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message = 0x028900061900
>         State = 0x92ddcc5b9054d56dd5e2158f0b41dda7
>         Message-Authenticator = 0x27b924da3c4bc62298b84cf45ee60d4d
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 137 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake fragment handler
> [peap] eaptls_verify returned 1
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 96 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018a006e1900d0186aabc9c735e04049ca34da2fa6662cc526354aced54cb41bf031aad5d36a846a299ab806fd96afabaa98d38cb74d2e6a91d979835114259e01d9ec687b5baec3220193694db1cdab30bf92501b4d349ad8a1310d81abf63b3b4b1857c016030100040e000000
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9157d56dd5e2158f0b41dda7
> Finished request 3.
> Going to the next request
> Waking up in 4.9 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=97,
> length=329
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x028a00901980000000861603010046100000424104ed317958262830a28c7e9283edbaf1f7c7439d456d2c06cb00a5e5301e69df241e3fa5282eec3182f7e1c1e962b2f0ac489e5828674581cedf4c07ed5ac68995140301000101160301003076d6347b1cbf07357530ccbb54e9b4c471868ff69a5139386b13eb2eb9dcb07eea053e1cfb0b7fbb62bfcebf33a9a72d
>         State = 0x92ddcc5b9157d56dd5e2158f0b41dda7
>         Message-Authenticator = 0xccec4c85154a5cfbc7b753f7d4f6f5c4
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 138 length 144
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
>   TLS Length 134
> [peap] Length Included
> [peap] eaptls_verify returned 11
> [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
> [peap]     TLS_accept: SSLv3 read client key exchange A
> [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
> [peap] <<< TLS 1.0 Handshake [length 0010], Finished
> [peap]     TLS_accept: SSLv3 read finished A
> [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
> [peap]     TLS_accept: SSLv3 write change cipher spec A
> [peap] >>> TLS 1.0 Handshake [length 0010], Finished
> [peap]     TLS_accept: SSLv3 write finished A
> [peap]     TLS_accept: SSLv3 flush data
> [peap]     (other): SSL negotiation finished successfully
> SSL Connection Established
> [peap] eaptls_process returned 13
> [peap] EAPTLS_HANDLED
> ++[eap] returns handled
> Sending Access-Challenge of id 97 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018b00411900140301000101160301003051771428cfdf26c2c47df977b644bbc43c768bfd7c7edeea3e42b9c3befb5e8ad128a499452858b8052b39a413b6e959
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9656d56dd5e2158f0b41dda7
> Finished request 4.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=98,
> length=191
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message = 0x028b00061900
>         State = 0x92ddcc5b9656d56dd5e2158f0b41dda7
>         Message-Authenticator = 0x11d4a4db9060a2cdfc52cb51bd1d7a9c
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 139 length 6
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] Received TLS ACK
> [peap] ACK handshake is finished
> [peap] eaptls_verify returned 3
> [peap] eaptls_process returned 3
> [peap] EAPTLS_SUCCESS
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state TUNNEL ESTABLISHED
> ++[eap] returns handled
> Sending Access-Challenge of id 98 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018c002b19001703010020a923eee39f2cc0b51d1cf16ffa14f000d5698841775ce1d5c2bc8a4f9fbc2885
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9751d56dd5e2158f0b41dda7
> Finished request 5.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=99,
> length=228
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x028c002b19001703010020cb258867342bee4a0d40637b5f7b1ecb8816b573d24a41522e0a1cfd83d6d36b
>         State = 0x92ddcc5b9751d56dd5e2158f0b41dda7
>         Message-Authenticator = 0xa819497f034aff31cd5bc5f7a2c4dba5
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 140 length 43
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state WAITING FOR INNER IDENTITY
> [peap] Identity - dougberman
> [peap] Got inner identity 'dougberman'
> [peap] Setting default EAP type for tunneled EAP session.
> [peap] Got tunneled request
>         EAP-Message = 0x028c000f01646f75676265726d616e
> server  {
> [peap] Setting User-Name to dougberman
> Sending tunneled request
>         EAP-Message = 0x028c000f01646f75676265726d616e
>         FreeRADIUS-Proxied-To = 127.0.0.1
>         User-Name = "dougberman"
> server inner-tunnel {
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 140 length 15
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry dougberman at line 3
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING: Auth-Type already set.  Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type mschapv2
> rlm_eap_mschapv2: Issuing Challenge
> ++[eap] returns handled
> } # server inner-tunnel
> [peap] Got tunneled reply code 11
>         EAP-Message =
> 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x5d67d9ca5deac34260158bcb9468438e
> [peap] Got tunneled reply RADIUS code 11
>         EAP-Message =
> 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x5d67d9ca5deac34260158bcb9468438e
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 99 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018d004b190017030100403e35c354c1073da27a14fa74c477928588301022d6aa6729b79c2c51db2b89c586ccf0c9150c592bfb9baf3193a83b1ffcb36c7c5ba5cc229517777d3f55aaea
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9450d56dd5e2158f0b41dda7
> Finished request 6.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=100,
> length=292
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x028d006b19001703010060b70fa486d6bf4f875fa9d7a8eff48b27b87641cb505b84508bee2669019dbbd0922ac4bc2d51e1328401f694e79d98cdf6281c38477138810e2746ab8b4329ded060d04b7629f3cb6f6e9457e4b58aac2428f9bccd602dd3530269fd6b03f42a
>         State = 0x92ddcc5b9450d56dd5e2158f0b41dda7
>         Message-Authenticator = 0xdc449b545b1129a38bfcb7608bae4c17
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 141 length 107
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state phase2
> [peap] EAP type mschapv2
> [peap] Got tunneled request
>         EAP-Message =
>
> 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e
> server  {
> [peap] Setting User-Name to dougberman
> Sending tunneled request
>         EAP-Message =
>
> 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e
>         FreeRADIUS-Proxied-To = 127.0.0.1
>         User-Name = "dougberman"
>         State = 0x5d67d9ca5deac34260158bcb9468438e
> server inner-tunnel {
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 141 length 69
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry dougberman at line 3
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING: Auth-Type already set.  Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [mschapv2] # Executing group from file
> /etc/freeradius/sites-enabled/inner-tunnel
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] Creating challenge hash with username: dougberman
> [mschap] Told to do MS-CHAPv2 for dougberman with NT-Password
> [mschap] adding MS-CHAPv2 MPPE keys
> ++[mschap] returns ok
> MSCHAP Success
> ++[eap] returns handled
> } # server inner-tunnel
> [peap] Got tunneled reply code 11
>         EAP-Message =
>
> 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x5d67d9ca5ce9c34260158bcb9468438e
> [peap] Got tunneled reply RADIUS code 11
>         EAP-Message =
>
> 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x5d67d9ca5ce9c34260158bcb9468438e
> [peap] Got tunneled Access-Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 100 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018e005b1900170301005030ee1789504ddef9c1333bbbc515a4784b2406050e883f87944bfd86e9914bc042b515b70f6cffecc16ae6e5fa393b8aeafc75a806b671e879445bf989d593d173e0fdb136426e1b31adc231b40ddb5d
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9553d56dd5e2158f0b41dda7
> Finished request 7.
> Going to the next request
> Waking up in 4.8 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=101,
> length=228
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x028e002b190017030100201be8fd3e17dc6f89b2d40e30b05f30f1f77d27a450388d2c1198ef568e1d8505
>         State = 0x92ddcc5b9553d56dd5e2158f0b41dda7
>         Message-Authenticator = 0x46a8247ff6dca44292a4bd7086ebef15
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 142 length 43
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state phase2
> [peap] EAP type mschapv2
> [peap] Got tunneled request
>         EAP-Message = 0x028e00061a03
> server  {
> [peap] Setting User-Name to dougberman
> Sending tunneled request
>         EAP-Message = 0x028e00061a03
>         FreeRADIUS-Proxied-To = 127.0.0.1
>         User-Name = "dougberman"
>         State = 0x5d67d9ca5ce9c34260158bcb9468438e
> server inner-tunnel {
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authorize {...}
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[control] returns noop
> [eap] EAP packet type response id 142 length 6
> [eap] No EAP Start, assuming it's an on-going EAP conversation
> ++[eap] returns updated
> [files] users: Matched entry dougberman at line 3
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING: Auth-Type already set.  Not setting to PAP
> ++[pap] returns noop
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/mschapv2
> [eap] processing type mschapv2
> [eap] Freeing handler
> ++[eap] returns ok
> Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw port 0
> via TLS tunnel)
>   WARNING: Empty post-auth section.  Using default return values.
> # Executing section post-auth from file
> /etc/freeradius/sites-enabled/inner-tunnel
> } # server inner-tunnel
> [peap] Got tunneled reply code 2
>         MS-MPPE-Encryption-Policy = 0x00000001
>         MS-MPPE-Encryption-Types = 0x00000006
>         MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5
>         MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b
>         EAP-Message = 0x038e0004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         User-Name = "dougberman"
> [peap] Got tunneled reply RADIUS code 2
>         MS-MPPE-Encryption-Policy = 0x00000001
>         MS-MPPE-Encryption-Types = 0x00000006
>         MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5
>         MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b
>         EAP-Message = 0x038e0004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         User-Name = "dougberman"
> [peap] Tunneled authentication was successful.
> [peap] SUCCESS
> ++[eap] returns handled
> Sending Access-Challenge of id 101 to 192.168.1.29 port 56313
>         EAP-Message =
>
> 0x018f002b19001703010020ab867b4420a3e8381d1fb52ab0437b2b5e0d6ecafe8b94ff523ab58c67518e61
>         Message-Authenticator = 0x00000000000000000000000000000000
>         State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7
> Finished request 8.
> Going to the next request
> Waking up in 4.7 seconds.
> rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=102,
> length=228
>         User-Name = "dougberman"
>         NAS-IP-Address = 192.168.1.29
>         NAS-Identifier = "0418d69afea9"
>         NAS-Port = 0
>         Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure"
>         Calling-Station-Id = "AC-BC-32-86-B0-73"
>         Framed-MTU = 1400
>         NAS-Port-Type = Wireless-802.11
>         Connect-Info = "CONNECT 0Mbps 802.11b"
>         EAP-Message =
>
> 0x028f002b1900170301002098ec17e74b4b916aacfd9f48e67e31dbc65f7338ad6075a4925b3a6f08651023
>         State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7
>         Message-Authenticator = 0xd8837e97e73a64990b77c80afc0e216b
> # Executing section authorize from file
> /etc/freeradius/sites-enabled/default
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> ++[digest] returns noop
> [suffix] No '@' in User-Name = "dougberman", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [eap] EAP packet type response id 143 length 43
> [eap] Continuing tunnel setup.
> ++[eap] returns ok
> Found Auth-Type = EAP
> # Executing group from file /etc/freeradius/sites-enabled/default
> +- entering group authenticate {...}
> [eap] Request found, released from the list
> [eap] EAP/peap
> [eap] processing type peap
> [peap] processing EAP-TLS
> [peap] eaptls_verify returned 7
> [peap] Done initial handshake
> [peap] eaptls_process returned 7
> [peap] EAPTLS_OK
> [peap] Session established.  Decoding tunneled attributes.
> [peap] Peap state send tlv success
> [peap] Received EAP-TLV response.
> [peap] Success
> [eap] Freeing handler
> ++[eap] returns ok
> Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw port 0
> cli AC-BC-32-86-B0-73)
> # Executing section post-auth from file
> /etc/freeradius/sites-enabled/default
> +- entering group post-auth {...}
> ++[exec] returns noop
> Sending Access-Accept of id 102 to 192.168.1.29 port 56313
>         MS-MPPE-Recv-Key =
> 0xda5ed9ef3092b9a8fb76b36b44aa72c53d6b80932c372a17f6019f83ceb9119e
>         MS-MPPE-Send-Key =
> 0x67917a24c63ab8ed67f9308f77f21b44fff8686a1ccb03f22baf8b29acb9b2cc
>         EAP-Message = 0x038f0004
>         Message-Authenticator = 0x00000000000000000000000000000000
>         User-Name = "dougberman"
> Finished request 9.
> Going to the next request
> Waking up in 4.7 seconds.
> Cleaning up request 0 ID 93 with timestamp +9
> Cleaning up request 1 ID 94 with timestamp +9
> Cleaning up request 2 ID 95 with timestamp +9
> Cleaning up request 3 ID 96 with timestamp +9
> Waking up in 0.1 seconds.
> Cleaning up request 4 ID 97 with timestamp +9
> Cleaning up request 5 ID 98 with timestamp +9
> Cleaning up request 6 ID 99 with timestamp +9
> Cleaning up request 7 ID 100 with timestamp +9
> Cleaning up request 8 ID 101 with timestamp +9
> Cleaning up request 9 ID 102 with timestamp +9
> Ready to process requests.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list