eapol_test to windows NPS server
Munroe Sollog
mus3 at lehigh.edu
Fri Aug 16 19:04:57 CEST 2019
I am trying to do benchmarking between windows NPS and FreeRADIUS. I want
to use eapol_test to compare response times. Here is the eapol_test
command I run:
eapol_test -c eapoltest.conf -a 128.180.0.201 -scisco99 -M00:0a:cd:31:6c:b4
-N4:x:0x80B40A0A -o radiuscert.out
And here is the output I get from eapol_test. The windows NPS server is
currently production and is configured to support PEAP and MSCHAPv2, but I
don't know why eapol_test won't succeed.
Here is the output from eapol_test:
Reading configuration file 'eapoltest.conf'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=6):
6c 65 68 69 67 68 lehigh
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00
00
identity - hexdump_ascii(len=6):
78 31 39 61 31 39 x19a19
password - hexdump_ascii(len=8):
** ** ** ** ** ** ** ** *********
phase2 - hexdump_ascii(len=16):
61 75 74 68 65 61 70 3d 4d 53 43 48 41 50 56 32 autheap=MSCHAPV2
Priority group 0
id=0 ssid='lehigh'
Authentication server 128.180.0.201:1812
RADIUS local address: 128.180.10.10:33379
ENGINE: Loading dynamic engine
ENGINE: Loading dynamic engine
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=112 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=6):
78 31 39 61 31 39 x19a19
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=11)
TX EAP -> RADIUS - hexdump(len=11): 02 70 00 0b 01 78 31 39 61 31 39
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=6): 78 31 39 61
31 39
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=126
Attribute 1 (User-Name) length=8
Value: 'x19a19'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-0A-CD-31-6C-B4'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 4 (NAS-IP-Address) length=6
Value: 128.180.10.10
Attribute 79 (EAP-Message) length=13
Value: 0270000b01783139613139
Attribute 80 (Message-Authenticator) length=18
Value: 2cb6acbe8e4307370336c32d6317e232
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 90 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=90
Attribute 27 (Session-Timeout) length=6
Value: 30
Attribute 79 (EAP-Message) length=8
Value: 017100061920
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: a4b113411c1213c4c4aac3932f16ed43
STA 00:0a:cd:31:6c:b4: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=113 len=6) from RADIUS server:
EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=113 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Status notification: accept proposed method (param=PEAP)
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=128): 00 00 00 00 04 00 00 00 00 00 00
00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00
12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 17
00 00 00 00 00 00 00 32 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00
00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00
00 00 00 00 00 34 00 00 00 00 00 00 00 35 00 00 00
TLS: using phase1 config options
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-PEAP: Start (server ver=0, own ver=1)
EAP-PEAP: Using PEAP version 0
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 0f 09 6c 9f 91 c0 23
81 53 11 27 f5 91 6c 3e c2 ce 09 b2 96 6c 74 09 dc d2 ea 60 9b 80 04 01 6e
00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28
00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00
3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c
00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00
28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01
05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x557648f9d820
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 71 00 c2 19 80 00 00 00 b8 16 03 01
00 b3 01 00 00 af 03 03 0f 09 6c 9f 91 c0 23 81 53 11 27 f5 91 6c 3e c2 ce
09 b2 96 6c 74 09 dc d2 ea 60 9b 80 04 01 6e 00 00 38 c0 2c c0 30 00 9f cc
a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a
c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01
00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19
00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08
08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02
04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=347
Attribute 1 (User-Name) length=8
Value: 'x19a19'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-0A-CD-31-6C-B4'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 4 (NAS-IP-Address) length=6
Value: 128.180.10.10
Attribute 79 (EAP-Message) length=196
Value:
027100c21980000000b816030100b3010000af03030f096c9f91c02381531127f5916c3ec2ce09b2966c7409dcd2ea609b8004016e000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: 8ef1902078ef0fe0e80ba5f6043c626f
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1490 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1490
Attribute 27 (Session-Timeout) length=6
Value: 30
Attribute 79 (EAP-Message) length=255
Value:
0172057419c000000d651603010d600200005103015d56e120e60c72bdb7acc0194d9151d8bb5ddf3a82da654a33d81d75be0abf5220343700008de6f94e11d5f0b4c49eb6e2a665b943043e52a5914d94e81d06c935c01400000900170000ff010001000b000bae000bab0006d1308206cd308205b5a003020102020900db1a19314917ce76300d06092a864886f70d01010b05003081b4310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e312d302b060355040b1324687474703a2f2f636572
Attribute 79 (EAP-Message) length=255
Value:
74732e676f64616464792e636f6d2f7265706f7369746f72792f313330310603550403132a476f2044616464792053656375726520436572746966696361746520417574686f72697479202d204732301e170d3139303730383135313033355a170d3231303730383135313033355a30433121301f060355040b1318446f6d61696e20436f6e74726f6c2056616c696461746564311e301c06035504031315726164697573322e63632e6c65686967682e65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100c9408040cf62e327123e2664416a14df9cc3c8f11c1e0d513d14af37e490fe0135616f542f6e1f31
Attribute 79 (EAP-Message) length=255
Value:
57f55eb00549515e1dcd22bff3e4584bf7f38dece2f37764a801deeb1edeac623ad6b9991a89acda55584ffc03327bc03c5fa0bea7a68f25535c6fefddf8c396ce4899d62eb626478bace12899b66d18660bd403f808545b4925f19c1d2fe6c8b6fc7a5d79cb49d9008dd8de5e84015fcda755e17d34c0c0a5610d62640d218c122d56a7ff60e0bc954b9576f9010483daee9ee85545cbe25068e5465e4e62461d573cbee2f167c2b4c03b093610b7719136f332701cacd981c1ce8e637b5fc79fdd4f33d9966c0408f56e17daf617678185f18b37d49ef30203010001a38203503082034c300c0603551d130101ff04023000301d0603551d25041630
Attribute 79 (EAP-Message) length=255
Value:
1406082b0601050507030106082b06010505070302300e0603551d0f0101ff0404030205a030380603551d1f0431302f302da02ba0298627687474703a2f2f63726c2e676f64616464792e636f6d2f676469673273312d313232322e63726c305d0603551d20045630543048060b6086480186fd6d010717013039303706082b06010505070201162b687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f3008060667810c010201307606082b06010505070101046a3068302406082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f304006082b06010505
Attribute 79 (EAP-Message) length=255
Value:
0730028634687474703a2f2f6365727469666963617465732e676f64616464792e636f6d2f7265706f7369746f72792f67646967322e637274301f0603551d2304183016801440c2bd278ecc348330a233d7fb6cb3f0b42c80ce303b0603551d11043430328215726164697573322e63632e6c65686967682e65647582197777772e726164697573322e63632e6c65686967682e656475301d0603551d0e04160414847ddc2ce7a9ad4595209491a1bb48a2691031123082017d060a2b06010401d6790204020482016d048201690167007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000016bd222fc1e0000
Attribute 79 (EAP-Message) length=133
Value:
040300473045022100d9b721a659b1c9814364e1e4925044630ad56e8e5a1f19745f5fdee4c89453320220172d5b5271f2bb0411c80e9f8ed181f146609260b2701236936a26c41549e7e5007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016bd22301f100000403004730450221009eb2
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: 2103eb7edcd69a5da7c7dfdc5fc4df10
STA 00:0a:cd:31:6c:b4: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=114 len=1396) from RADIUS server:
EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=114 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1396) - Flags 0xc0
SSL: TLS Message Length: 3429
SSL: Need 2043 bytes more input data
SSL: Building ACK (type=25 id=114 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x557648f8b1d0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 72 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=159
Attribute 1 (User-Name) length=8
Value: 'x19a19'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-0A-CD-31-6C-B4'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 4 (NAS-IP-Address) length=6
Value: 128.180.10.10
Attribute 79 (EAP-Message) length=8
Value: 027200061900
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: 1d80fce9f3c7b0301b3c786f0be6911f
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1490 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1490
Attribute 27 (Session-Timeout) length=6
Value: 30
Attribute 79 (EAP-Message) length=255
Value:
017305741940b52c901b66f2d9c920718f5f912326aa49501111291c82967c022baec34f022010edd6a465d62d5c897ee16abdbe3b6e0afa95de34d5b59370f4f279593503710075004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016bd22306cb0000040300463044022047a3daf3f686baf1d5788b2dc97cbf2894675bbb2bf5c839f56a7d06b2a6c630022003b93b96a997d3ddedd0a12f556962df88cc0eb12c75a7502dabf7cccb51fb64300d06092a864886f70d01010b0500038201010069c9c7d22bd68c0b555ba812f31bec37387304905cbdf2cd4e4c1986f7de5fe0f4ecbf8f5101bca7570966b7
Attribute 79 (EAP-Message) length=255
Value:
b235c5b65f067351749998e6de7a0e1c783bf2dc264e663671f727e3695236802be428bfde7f53e12550fc747f3b98a5a14ec51d1f404cb39b58f9951d4d796a66647ea3c2a9e6c6ddd9db775964157946128074d0a99d10f645b6bfb48558213ab50e82064f8966a6288d00881d7156b04636ce248d3131357169bed8c3b431e91690373816c6681e8c35963577052f0c767b6001d4ee682dc508c4fe9a716041349227a9dbf403415cc71a0cc567c25b9fd9ac9957a8725c441e5f8d91282a4ffb67ca9a40d6ff57ec05266aadefb406fcff250004d4308204d0308203b8a003020102020107300d06092a864886f70d01010b0500308183310b3009
Attribute 79 (EAP-Message) length=255
Value:
0603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e3131302f06035504031328476f20446164647920526f6f7420436572746966696361746520417574686f72697479202d204732301e170d3131303530333037303030305a170d3331303530333037303030305a3081b4310b30090603550406130255533110300e060355040813074172697a6f6e61311330110603550407130a53636f74747364616c65311a3018060355040a1311476f44616464792e636f6d2c20496e632e312d302b060355040b1324
Attribute 79 (EAP-Message) length=255
Value:
687474703a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f313330310603550403132a476f2044616464792053656375726520436572746966696361746520417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100b9e0cb10d4af76bdd49362eb3064b881086cc304d962178e2fff3e65cf8fce62e63c521cda16454b55ab786b63836290ce0f696c99c81a148b4ccc4533ea88dc9ea3af2bfe80619d7957c4cf2ef43f303c5d47fc9a16bcc3379641518e114b54f828bed08cbef030381ef3b026f86647636dde7126478f384753d1461db4e3dc00ea45
Attribute 79 (EAP-Message) length=255
Value:
acbdbc71d9aa6f00dbdbcd303a794f5f4c47f81def5bc2c49d603bb1b24391d8a4334eeab3d6274fad258aa5c6f4d5d0a6ae7405645788b54455d42d2a3a3ef8b8bde9320a029464c4163a50f14aaee77933af0c20077fe8df0439c269026c6352fa77c11bc87487c8b993185054354b694ebc3bd3492e1fdcc1d252fb0203010001a382011a30820116300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e0416041440c2bd278ecc348330a233d7fb6cb3f0b42c80ce301f0603551d230418301680143a9a8507106728b6eff6bd05416e20c194da0fde303406082b06010505070101042830263024
Attribute 79 (EAP-Message) length=133
Value:
06082b060105050730018618687474703a2f2f6f6373702e676f64616464792e636f6d2f30350603551d1f042e302c302aa028a0268624687474703a2f2f63726c2e676f64616464792e636f6d2f6764726f6f742d67322e63726c30460603551d20043f303d303b0604551d20003033303106082b0601050507020116256874747073
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: 9b73dee8d8442c870905f76592671b56
STA 00:0a:cd:31:6c:b4: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=115 len=1396) from RADIUS server:
EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=115 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1396) - Flags 0x40
SSL: Need 653 bytes more input data
SSL: Building ACK (type=25 id=115 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
eapRespData=0x557648f8b1d0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 73 00 06 19 00
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=159
Attribute 1 (User-Name) length=8
Value: 'x19a19'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-0A-CD-31-6C-B4'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 4 (NAS-IP-Address) length=6
Value: 128.180.10.10
Attribute 79 (EAP-Message) length=8
Value: 027300061900
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: 023c8597c71c082a795527eeb03816b0
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 747 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=747
Attribute 27 (Session-Timeout) length=6
Value: 30
Attribute 79 (EAP-Message) length=255
Value:
0174029319003a2f2f63657274732e676f64616464792e636f6d2f7265706f7369746f72792f300d06092a864886f70d01010b05000382010100087e6c9310c838b896a9904bffa15f4f04ef6c3e9c8806c9508fa673f757311bbebce42fdbf8bad35be0b4e7e679620e0ca2d76a637331b5f5a848a43b082da25d90d7b47c254f115630c4b6449d7b2c9de55ee6ef0c61aabfe42a1bee849eb8837dc143ce44a713700d911ff4c813ad8360d9d872a873241eb5ac220eca17896258441bab892501000fcdc41b62db51b4d30f512a9bf4bc73fc76ce36a4cdd9d82ceaae9bf52ab290d14d75188a3f8a4190237d5b4bfea403589b46b2c3606083f87d
Attribute 79 (EAP-Message) length=255
Value:
5041cec2a190c3bbef022fd21554ee4415d90aaea78a33edb12d763626dc04eb9ff7611f15dc876fee469628ada1267d0a09a72e04a38dbcf8bc0430010c00014703001741048e3db331e536504aec9207f9a32799a86cf01092f7cf39ae0f315fe4a629677164d32f1bb19f4a53e039fb49959dcdec612f8e601a959c5de7b65edee9ac3ccc0100a1aa947ff0002fc9a8e89c6d66d9f94c9123ff13e5fd9d273cc63aa734e0f9b4d10da2108dc993b979c01ee44c217c99d7e5ef34e0fcb1a972e158f8adac61669fc71e54c664274a67368aa750aac42d22fc48b0208b08c84d1894f785d6088b0fc2ec151a53b0366ebbe9aa87c6d34ebe81ab63d8
Attribute 79 (EAP-Message) length=155
Value:
a39b7e2b3cef1b12bdbd3ab4a44eeab2eec6ab00a923eb6579931a68dad9accaf188660b6c242bdaeb9359c4d3dc2d45f0f6693a8d8ff4c407779cfe4dbf20d6a3a9f63249326e36a6e84bc1a1b6e710c26de0ea22dfc77482249c4183826dd9b83bf0b03ca91e008d67fed62b824b75f665269cface044320f3835ab6b717076ebe0add91329942c264d10d0000060301024000000e000000
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: b0baa8d2a81b7522920e43e349afaeaf
STA 00:0a:cd:31:6c:b4: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=116 len=659) from RADIUS server:
EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=116 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=659) - Flags 0x00
OpenSSL: RX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 0d 60
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=85): 02 00 00 51 03 01 5d 56 e1 20 e6 0c 72
bd b7 ac c0 19 4d 91 51 d8 bb 5d df 3a 82 da 65 4a 33 d8 1d 75 be 0a bf 52
20 34 37 00 00 8d e6 f9 4e 11 d5 f0 b4 c4 9e b6 e2 a6 65 b9 43 04 3e 52 a5
91 4d 94 e8 1d 06 c9 35 c0 14 00 00 09 00 17 00 00 ff 01 00 01 00
OpenSSL: TX ver=0x0 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 15 03 03 00 02
OpenSSL: TX ver=0x303 content_type=21 (alert/)
OpenSSL: Message - hexdump(len=2): 02 46
SSL: (where=0x4008 ret=0x246)
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:protocol version
EAP: Status notification: local TLS alert (param=protocol version)
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in error
OpenSSL: openssl_handshake - SSL_connect error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol
SSL: 7 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: Failed - tls_out available to report error (len=7)
SSL: 7 bytes left to be sent out (of total 7 bytes)
EAP-PEAP: TLS processing failed
EAP: method process -> ignore=FALSE methodState=DONE decision=FAIL
eapRespData=0x557648f9e7b0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=17)
TX EAP -> RADIUS - hexdump(len=17): 02 74 00 11 19 80 00 00 00 07 15 03 03
00 02 02 46
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=170
Attribute 1 (User-Name) length=8
Value: 'x19a19'
Attribute 31 (Calling-Station-Id) length=19
Value: '00-0A-CD-31-6C-B4'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 4 (NAS-IP-Address) length=6
Value: 128.180.10.10
Attribute 79 (EAP-Message) length=19
Value: 0274001119800000000715030300020246
Attribute 24 (State) length=38
Value:
375c0381000001370001020080b400c9000000000000000000000000000000047a7d2b22
Attribute 80 (Message-Authenticator) length=18
Value: c826882f085d2a5983dc4e4fd5a9e419
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 44 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=3 (Access-Reject) identifier=4 length=44
Attribute 79 (EAP-Message) length=6
Value: 04740004
Attribute 80 (Message-Authenticator) length=18
Value: 02902649d29f2e66e84dc0142a3e2e71
STA 00:0a:cd:31:6c:b4: Received RADIUS packet matched with a pending
request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=4 id=116 len=4) from RADIUS server: EAP
Failure
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: Status notification: completion (param=failure)
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=0
EAPOL: EAP key not available
EAPOL: EAP Session-Id not available
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
--
Munroe Sollog
Senior Network Engineer
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list