freeradius working with radtest but not with WIFI
Nawar Al Tarazi
nawar.tarazi at contentful.com
Fri Jul 26 17:40:02 CEST 2019
Hello All,
I'm trying to setup freeradius, i have a problem , I can connect with
radtest, but when trying to connect to wifi, i can't get connection ,
although the log says everything is good, but here is a log for one wifi
try, Thank you :
(0) Received Access-Request Id 82 from 192.168.1.7:46948 to
192.168.1.27:1812 length 245
(0) User-Name = "oktaradius at contentful.com"
(0) NAS-IP-Address = 192.168.1.7
(0) NAS-Identifier = "F09FC2307B82DFB616DF"
(0) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(0) Connect-Info = "CONNECT 0Mbps 802.11b"
(0) Acct-Session-Id = "F4E3DF614E08A6E7"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027074
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message =
0x0253001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(0) Message-Authenticator = 0x2ef3105f9641fcc5dcb511bc9002a8b8
(0) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) authorize {
(0) update control {
(0) Proxy-To-Realm := LOCAL
(0) } # update control = noop
(0) eap: Peer sent EAP Response (code 2) ID 83 length 30
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_tls to process data
(0) eap_tls: Initiating new EAP-TLS session
(0) eap_tls: Setting verify mode to require certificate from client
(0) eap_tls: [eaptls start] = request
(0) eap: Sending EAP Request (code 1) ID 84 length 6
(0) eap: EAP session adding &reply:State = 0x8e5e79f88e0a7437
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(0) Sent Access-Challenge Id 82 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(0) EAP-Message = 0x015400060d20
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x8e5e79f88e0a7437fcc8affbd9e63c1c
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 83 from 192.168.1.7:46948 to
192.168.1.27:1812 length 241
(1) User-Name = "oktaradius at contentful.com"
(1) NAS-IP-Address = 192.168.1.7
(1) NAS-Identifier = "F09FC2307B82DFB616DF"
(1) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(1) Connect-Info = "CONNECT 0Mbps 802.11b"
(1) Acct-Session-Id = "F4E3DF614E08A6E7"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027074
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x025400080319152b
(1) State = 0x8e5e79f88e0a7437fcc8affbd9e63c1c
(1) Message-Authenticator = 0xbfebf90757d8720c073964a1a576290f
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(1) authorize {
(1) update control {
(1) Proxy-To-Realm := LOCAL
(1) } # update control = noop
(1) eap: Peer sent EAP Response (code 2) ID 84 length 8
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [pap] = noop
(1) if (User-Password) {
(1) if (User-Password) -> FALSE
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(1) authenticate {
(1) eap: Expiring EAP session with state 0x8e5e79f88e0a7437
(1) eap: Finished EAP session with state 0x8e5e79f88e0a7437
(1) eap: Previous EAP request found for state 0x8e5e79f88e0a7437, released
from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: Initiating new EAP-TLS session
(1) eap_peap: [eaptls start] = request
(1) eap: Sending EAP Request (code 1) ID 85 length 6
(1) eap: EAP session adding &reply:State = 0x8e5e79f88f0b6037
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(1) Sent Access-Challenge Id 83 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(1) EAP-Message = 0x015500061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x8e5e79f88f0b6037fcc8affbd9e63c1c
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 84 from 192.168.1.7:46948 to
192.168.1.27:1812 length 394
(2) User-Name = "oktaradius at contentful.com"
(2) NAS-IP-Address = 192.168.1.7
(2) NAS-Identifier = "F09FC2307B82DFB616DF"
(2) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(2) Connect-Info = "CONNECT 0Mbps 802.11b"
(2) Acct-Session-Id = "F4E3DF614E08A6E7"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027074
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x025500a119800000009716030100920100008e03035d3b1e54818c4033c2e450ebed8065da3524ab162a0e233ad0c618af5ac5652500002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00
(2) State = 0x8e5e79f88f0b6037fcc8affbd9e63c1c
(2) Message-Authenticator = 0xcdd72bf2423fa3e01d52be23c7023adf
(2) session-state: No cached attributes
(2) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(2) authorize {
(2) update control {
(2) Proxy-To-Realm := LOCAL
(2) } # update control = noop
(2) eap: Peer sent EAP Response (code 2) ID 85 length 161
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(2) authenticate {
(2) eap: Expiring EAP session with state 0x8e5e79f88f0b6037
(2) eap: Finished EAP session with state 0x8e5e79f88f0b6037
(2) eap: Previous EAP request found for state 0x8e5e79f88f0b6037, released
from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: Continuing EAP-TLS
(2) eap_peap: Peer indicated complete TLS record size will be 151 bytes
(2) eap_peap: Got complete TLS record (151 bytes)
(2) eap_peap: [eaptls verify] = length included
(2) eap_peap: (other): before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: TLS_accept: before SSL initialization
(2) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092]
(2) eap_peap: TLS_accept: SSLv3/TLS read client hello
(2) eap_peap: >>> send TLS 1.2 [length 003d]
(2) eap_peap: TLS_accept: SSLv3/TLS write server hello
(2) eap_peap: >>> send TLS 1.2 [length 08d3]
(2) eap_peap: TLS_accept: SSLv3/TLS write certificate
(2) eap_peap: >>> send TLS 1.2 [length 014d]
(2) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(2) eap_peap: >>> send TLS 1.2 [length 0004]
(2) eap_peap: TLS_accept: SSLv3/TLS write server done
(2) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server
done
(2) eap_peap: In SSL Handshake Phase
(2) eap_peap: In SSL Accept mode
(2) eap_peap: [eaptls process] = handled
(2) eap: Sending EAP Request (code 1) ID 86 length 1004
(2) eap: EAP session adding &reply:State = 0x8e5e79f88c086037
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(2) Sent Access-Challenge Id 84 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(2) EAP-Message =
0x015603ec19c000000a75160303003d020000390303f4db561afcd51050dfe561afa580cdeba858176c028582f714c957d4f7bb5ebc00c030000011ff01000100000b0004030001020017000016030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d0101
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x8e5e79f88c086037fcc8affbd9e63c1c
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 85 from 192.168.1.7:46948 to
192.168.1.27:1812 length 239
(3) User-Name = "oktaradius at contentful.com"
(3) NAS-IP-Address = 192.168.1.7
(3) NAS-Identifier = "F09FC2307B82DFB616DF"
(3) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(3) Connect-Info = "CONNECT 0Mbps 802.11b"
(3) Acct-Session-Id = "F4E3DF614E08A6E7"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027074
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x025600061900
(3) State = 0x8e5e79f88c086037fcc8affbd9e63c1c
(3) Message-Authenticator = 0xc74b5d9b530183fb982c98cf1cb61978
(3) session-state: No cached attributes
(3) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(3) authorize {
(3) update control {
(3) Proxy-To-Realm := LOCAL
(3) } # update control = noop
(3) eap: Peer sent EAP Response (code 2) ID 86 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(3) authenticate {
(3) eap: Expiring EAP session with state 0x8e5e79f88c086037
(3) eap: Finished EAP session with state 0x8e5e79f88c086037
(3) eap: Previous EAP request found for state 0x8e5e79f88c086037, released
from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: Continuing EAP-TLS
(3) eap_peap: Peer ACKed our handshake fragment
(3) eap_peap: [eaptls verify] = request
(3) eap_peap: [eaptls process] = handled
(3) eap: Sending EAP Request (code 1) ID 87 length 1000
(3) eap: EAP session adding &reply:State = 0x8e5e79f88d096037
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(3) Sent Access-Challenge Id 85 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(3) EAP-Message =
0x015703e819401243396539a2f1ad1b6a17603569def5a0794b3af441b40273fd27a0361b18742b5e898d798d94b85c2aaa4ede14cfe7c5f7406c7d5eb178bc1e609fbfefb1920ce1f720d4bbd7ea7e4c91a2b00004e8308204e4308203cca003020102020900c803dae017bc13c5300d06092a864886f7
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x8e5e79f88d096037fcc8affbd9e63c1c
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 86 from 192.168.1.7:46948 to
192.168.1.27:1812 length 239
(4) User-Name = "oktaradius at contentful.com"
(4) NAS-IP-Address = 192.168.1.7
(4) NAS-Identifier = "F09FC2307B82DFB616DF"
(4) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(4) Connect-Info = "CONNECT 0Mbps 802.11b"
(4) Acct-Session-Id = "F4E3DF614E08A6E7"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027074
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x025700061900
(4) State = 0x8e5e79f88d096037fcc8affbd9e63c1c
(4) Message-Authenticator = 0xdc9c44ffb0df21479896a1ef75f141dc
(4) session-state: No cached attributes
(4) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(4) authorize {
(4) update control {
(4) Proxy-To-Realm := LOCAL
(4) } # update control = noop
(4) eap: Peer sent EAP Response (code 2) ID 87 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(4) authenticate {
(4) eap: Expiring EAP session with state 0x8e5e79f88d096037
(4) eap: Finished EAP session with state 0x8e5e79f88d096037
(4) eap: Previous EAP request found for state 0x8e5e79f88d096037, released
from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: Continuing EAP-TLS
(4) eap_peap: Peer ACKed our handshake fragment
(4) eap_peap: [eaptls verify] = request
(4) eap_peap: [eaptls process] = handled
(4) eap: Sending EAP Request (code 1) ID 88 length 695
(4) eap: EAP session adding &reply:State = 0x8e5e79f88a066037
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(4) Sent Access-Challenge Id 86 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(4) EAP-Message =
0x015802b719000101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010093b7088d1eca7efc8d6342f26a50a6514cb1333be0b8cce368e35f
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x8e5e79f88a066037fcc8affbd9e63c1c
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 87 from 192.168.1.7:46948 to
192.168.1.27:1812 length 369
(5) User-Name = "oktaradius at contentful.com"
(5) NAS-IP-Address = 192.168.1.7
(5) NAS-Identifier = "F09FC2307B82DFB616DF"
(5) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(5) Connect-Info = "CONNECT 0Mbps 802.11b"
(5) Acct-Session-Id = "F4E3DF614E08A6E7"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027074
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message =
0x0258008819800000007e160303004610000042410455710645a086fa673b5651856435b29c766c56652862fd0d21dfd62e82d5da59671e9b36caf9cb6bb56a9a993f06dd9e3c68167322641401350a4c9765bb8d02140303000101160303002882a691998eb92a952bace837313d29a1bd6ecfef475925
(5) State = 0x8e5e79f88a066037fcc8affbd9e63c1c
(5) Message-Authenticator = 0x45dc3d64eb736878b8deb4327f70ae0a
(5) session-state: No cached attributes
(5) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) authorize {
(5) update control {
(5) Proxy-To-Realm := LOCAL
(5) } # update control = noop
(5) eap: Peer sent EAP Response (code 2) ID 88 length 136
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) authenticate {
(5) eap: Expiring EAP session with state 0x8e5e79f88a066037
(5) eap: Finished EAP session with state 0x8e5e79f88a066037
(5) eap: Previous EAP request found for state 0x8e5e79f88a066037, released
from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: Continuing EAP-TLS
(5) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(5) eap_peap: Got complete TLS record (126 bytes)
(5) eap_peap: [eaptls verify] = length included
(5) eap_peap: TLS_accept: SSLv3/TLS write server done
(5) eap_peap: <<< recv TLS 1.2 [length 0046]
(5) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(5) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(5) eap_peap: <<< recv TLS 1.2 [length 0010]
(5) eap_peap: TLS_accept: SSLv3/TLS read finished
(5) eap_peap: >>> send TLS 1.2 [length 0001]
(5) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(5) eap_peap: >>> send TLS 1.2 [length 0010]
(5) eap_peap: TLS_accept: SSLv3/TLS write finished
(5) eap_peap: (other): SSL negotiation finished successfully
(5) eap_peap: SSL Connection Established
(5) eap_peap: [eaptls process] = handled
(5) eap: Sending EAP Request (code 1) ID 89 length 57
(5) eap: EAP session adding &reply:State = 0x8e5e79f88b076037
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(5) Sent Access-Challenge Id 87 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(5) EAP-Message =
0x01590039190014030300010116030300288508974cf000d696909a31bf90d9f19ddb9d0def8129361cb73755088827c94a02615ac39ed09a64
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x8e5e79f88b076037fcc8affbd9e63c1c
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 88 from 192.168.1.7:46948 to
192.168.1.27:1812 length 239
(6) User-Name = "oktaradius at contentful.com"
(6) NAS-IP-Address = 192.168.1.7
(6) NAS-Identifier = "F09FC2307B82DFB616DF"
(6) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(6) Connect-Info = "CONNECT 0Mbps 802.11b"
(6) Acct-Session-Id = "F4E3DF614E08A6E7"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027074
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message = 0x025900061900
(6) State = 0x8e5e79f88b076037fcc8affbd9e63c1c
(6) Message-Authenticator = 0x9730e87ff8802c126443c327dc21a5f4
(6) session-state: No cached attributes
(6) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) authorize {
(6) update control {
(6) Proxy-To-Realm := LOCAL
(6) } # update control = noop
(6) eap: Peer sent EAP Response (code 2) ID 89 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) authenticate {
(6) eap: Expiring EAP session with state 0x8e5e79f88b076037
(6) eap: Finished EAP session with state 0x8e5e79f88b076037
(6) eap: Previous EAP request found for state 0x8e5e79f88b076037, released
from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: Continuing EAP-TLS
(6) eap_peap: Peer ACKed our handshake fragment. handshake is finished
(6) eap_peap: [eaptls verify] = success
(6) eap_peap: [eaptls process] = success
(6) eap_peap: Session established. Decoding tunneled attributes
(6) eap_peap: PEAP state TUNNEL ESTABLISHED
(6) eap: Sending EAP Request (code 1) ID 90 length 40
(6) eap: EAP session adding &reply:State = 0x8e5e79f888046037
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(6) Sent Access-Challenge Id 88 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(6) EAP-Message =
0x015a00281900170303001d8508974cf000d697a71a53aaa45991383e25d9a758b07f5792b7018b30
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x8e5e79f888046037fcc8affbd9e63c1c
(6) Finished request
Waking up in 4.9 seconds.
(7) Received Access-Request Id 89 from 192.168.1.7:46948 to
192.168.1.27:1812 length 294
(7) User-Name = "oktaradius at contentful.com"
(7) NAS-IP-Address = 192.168.1.7
(7) NAS-Identifier = "F09FC2307B82DFB616DF"
(7) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(7) Connect-Info = "CONNECT 0Mbps 802.11b"
(7) Acct-Session-Id = "F4E3DF614E08A6E7"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027074
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message =
0x025a003d1900170303003282a691998eb92a966f0d81eac34e3e4935779ed2b220d2a00a184c329dab5b85aa3bb79f1e12c736377db8f54c344e0754ed
(7) State = 0x8e5e79f888046037fcc8affbd9e63c1c
(7) Message-Authenticator = 0xd57102506800bbb4f59d2688fbb14691
(7) session-state: No cached attributes
(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authorize {
(7) update control {
(7) Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 90 length 61
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Expiring EAP session with state 0x8e5e79f888046037
(7) eap: Finished EAP session with state 0x8e5e79f888046037
(7) eap: Previous EAP request found for state 0x8e5e79f888046037, released
from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: Continuing EAP-TLS
(7) eap_peap: [eaptls verify] = ok
(7) eap_peap: Done initial handshake
(7) eap_peap: [eaptls process] = ok
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(7) eap_peap: Identity - oktaradius at contentful.com
(7) eap_peap: Got inner identity 'oktaradius at contentful.com'
(7) eap_peap: Setting default EAP type for tunneled EAP session
(7) eap_peap: Got tunneled request
(7) eap_peap: EAP-Message =
0x025a001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(7) eap_peap: Setting User-Name to oktaradius at contentful.com
(7) eap_peap: Sending tunneled request to inner-tunnel
(7) eap_peap: EAP-Message =
0x025a001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(7) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(7) eap_peap: User-Name = "oktaradius at contentful.com"
(7) eap_peap: NAS-IP-Address = 192.168.1.7
(7) eap_peap: NAS-Identifier = "F09FC2307B82DFB616DF"
(7) eap_peap: Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(7) eap_peap: NAS-Port-Type = Wireless-802.11
(7) eap_peap: Service-Type = Framed-User
(7) eap_peap: Calling-Station-Id = "8C-85-90-C9-C4-A5"
(7) eap_peap: Connect-Info = "CONNECT 0Mbps 802.11b"
(7) eap_peap: Acct-Session-Id = "F4E3DF614E08A6E7"
(7) eap_peap: WLAN-Pairwise-Cipher = 1027076
(7) eap_peap: WLAN-Group-Cipher = 1027074
(7) eap_peap: WLAN-AKM-Suite = 1027073
(7) eap_peap: Framed-MTU = 1400
(7) Virtual server inner-tunnel received request
(7) EAP-Message =
0x025a001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = "oktaradius at contentful.com"
(7) NAS-IP-Address = 192.168.1.7
(7) NAS-Identifier = "F09FC2307B82DFB616DF"
(7) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(7) Connect-Info = "CONNECT 0Mbps 802.11b"
(7) Acct-Session-Id = "F4E3DF614E08A6E7"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027074
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(7) server inner-tunnel {
(7) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authorize {
(7) update control {
(7) Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 90 length 30
(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Peer sent packet with method EAP Identity (1)
(7) eap: Calling submodule eap_gtc to process data
(7) eap_gtc: EXPAND Password:
(7) eap_gtc: --> Password:
(7) eap: Sending EAP Request (code 1) ID 91 length 15
(7) eap: EAP session adding &reply:State = 0x79ff604279a466b1
(7) [eap] = handled
(7) } # authenticate = handled
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message = 0x015b000f0650617373776f72643a20
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x79ff604279a466b12b6ee87c9d8fbc5d
(7) eap_peap: Got tunneled reply code 11
(7) eap_peap: EAP-Message = 0x015b000f0650617373776f72643a20
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x79ff604279a466b12b6ee87c9d8fbc5d
(7) eap_peap: Got tunneled reply RADIUS code 11
(7) eap_peap: EAP-Message = 0x015b000f0650617373776f72643a20
(7) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(7) eap_peap: State = 0x79ff604279a466b12b6ee87c9d8fbc5d
(7) eap_peap: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 91 length 46
(7) eap: EAP session adding &reply:State = 0x8e5e79f889056037
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(7) Sent Access-Challenge Id 89 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(7) EAP-Message =
0x015b002e190017030300238508974cf000d69867da188125406fdc050d056f13a39d134e659fb120e7ffd0c25d79
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x8e5e79f889056037fcc8affbd9e63c1c
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 90 from 192.168.1.7:46948 to
192.168.1.27:1812 length 281
(8) User-Name = "oktaradius at contentful.com"
(8) NAS-IP-Address = 192.168.1.7
(8) NAS-Identifier = "F09FC2307B82DFB616DF"
(8) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(8) Connect-Info = "CONNECT 0Mbps 802.11b"
(8) Acct-Session-Id = "F4E3DF614E08A6E7"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027074
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x025b00301900170303002582a691998eb92a9706f4341ff93a53d4cd6ca39019fc858d356fcb744312c377435348a313
(8) State = 0x8e5e79f889056037fcc8affbd9e63c1c
(8) Message-Authenticator = 0x793c2aa91adf8352b4d78227013b2880
(8) session-state: No cached attributes
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authorize {
(8) update control {
(8) Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 91 length 48
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Expiring EAP session with state 0x79ff604279a466b1
(8) eap: Finished EAP session with state 0x8e5e79f889056037
(8) eap: Previous EAP request found for state 0x8e5e79f889056037, released
from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: Continuing EAP-TLS
(8) eap_peap: [eaptls verify] = ok
(8) eap_peap: Done initial handshake
(8) eap_peap: [eaptls process] = ok
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state phase2
(8) eap_peap: EAP method GTC (6)
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x025b001106426574415468657441313335
(8) eap_peap: Setting User-Name to oktaradius at contentful.com
(8) eap_peap: Sending tunneled request to inner-tunnel
(8) eap_peap: EAP-Message = 0x025b001106426574415468657441313335
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "oktaradius at contentful.com"
(8) eap_peap: State = 0x79ff604279a466b12b6ee87c9d8fbc5d
(8) eap_peap: NAS-IP-Address = 192.168.1.7
(8) eap_peap: NAS-Identifier = "F09FC2307B82DFB616DF"
(8) eap_peap: Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: Calling-Station-Id = "8C-85-90-C9-C4-A5"
(8) eap_peap: Connect-Info = "CONNECT 0Mbps 802.11b"
(8) eap_peap: Acct-Session-Id = "F4E3DF614E08A6E7"
(8) eap_peap: WLAN-Pairwise-Cipher = 1027076
(8) eap_peap: WLAN-Group-Cipher = 1027074
(8) eap_peap: WLAN-AKM-Suite = 1027073
(8) eap_peap: Framed-MTU = 1400
(8) Virtual server inner-tunnel received request
(8) EAP-Message = 0x025b001106426574415468657441313335
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "oktaradius at contentful.com"
(8) State = 0x79ff604279a466b12b6ee87c9d8fbc5d
(8) NAS-IP-Address = 192.168.1.7
(8) NAS-Identifier = "F09FC2307B82DFB616DF"
(8) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(8) Connect-Info = "CONNECT 0Mbps 802.11b"
(8) Acct-Session-Id = "F4E3DF614E08A6E7"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027074
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(8) server inner-tunnel {
(8) session-state: No cached attributes
(8) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authorize {
(8) update control {
(8) Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 91 length 17
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [eap] = updated
(8) [pap] = noop
(8) if (User-Password) {
(8) if (User-Password) -> FALSE
(8) } # authorize = updated
(8) Found Auth-Type = eap
(8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Expiring EAP session with state 0x79ff604279a466b1
(8) eap: Finished EAP session with state 0x79ff604279a466b1
(8) eap: Previous EAP request found for state 0x79ff604279a466b1, released
from the list
(8) eap: Peer sent packet with method EAP GTC (6)
(8) eap: Calling submodule eap_gtc to process data
(8) eap_gtc: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) eap_gtc: Auth-Type PAP {
rlm_ldap (ldap): Reserved connection (0)
(8) ldap: Login attempt by "oktaradius at contentful.com"
(8) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(8) ldap: --> (uid=oktaradius at contentful.com)
(8) ldap: Performing search in "ou=users,dc=contentful, dc=oktapreview,
dc=com" with filter "(uid=oktaradius at contentful.com)", scope "sub"
(8) ldap: Waiting for search result...
(8) ldap: User object found at DN "uid=oktaradius at contentful.com
,ou=users,dc=contentful,dc=oktapreview,dc=com"
(8) ldap: Waiting for bind result...
(8) ldap: Bind successful
(8) ldap: Bind as user
"uid=oktaradius at contentful.com,ou=users,dc=contentful,dc=oktapreview,dc=com"
was successful
rlm_ldap (ldap): Released connection (0)
Need 5 more connections to reach 10 spares
rlm_ldap (ldap): Opening additional connection (5), 1 of 27 pending slots
used
rlm_ldap (ldap): Connecting to ldap://contentful.ldap.oktapreview.com:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(8) [ldap] = ok
(8) } # Auth-Type PAP = ok
(8) eap: Sending EAP Success (code 3) ID 91 length 4
(8) eap: Freeing handler
(8) [eap] = ok
(8) } # authenticate = ok
(8) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) EAP-Message = 0x035b0004
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) User-Name = "oktaradius at contentful.com"
(8) eap_peap: Got tunneled reply code 2
(8) eap_peap: EAP-Message = 0x035b0004
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: User-Name = "oktaradius at contentful.com"
(8) eap_peap: Got tunneled reply RADIUS code 2
(8) eap_peap: EAP-Message = 0x035b0004
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: User-Name = "oktaradius at contentful.com"
(8) eap_peap: Tunneled authentication was successful
(8) eap_peap: SUCCESS
(8) eap_peap: Saving tunneled attributes for later
(8) eap: Sending EAP Request (code 1) ID 92 length 46
(8) eap: EAP session adding &reply:State = 0x8e5e79f886026037
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(8) Sent Access-Challenge Id 90 from 192.168.1.27:1812 to 192.168.1.7:46948
length 0
(8) EAP-Message =
0x015c002e190017030300238508974cf000d699b2e5906ac3d4547d7f9db95aae8fe5d3e02fe12dd77ac882fbbf97
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x8e5e79f886026037fcc8affbd9e63c1c
(8) Finished request
Waking up in 3.0 seconds.
Waking up in 3.0 seconds.
(0) Cleaning up request packet ID 82 with timestamp +39
(1) Cleaning up request packet ID 83 with timestamp +39
(2) Cleaning up request packet ID 84 with timestamp +39
(3) Cleaning up request packet ID 85 with timestamp +39
(4) Cleaning up request packet ID 86 with timestamp +39
(5) Cleaning up request packet ID 87 with timestamp +39
(6) Cleaning up request packet ID 88 with timestamp +39
(7) Cleaning up request packet ID 89 with timestamp +39
Waking up in 6.8 seconds.
(8) Cleaning up request packet ID 90 with timestamp +39
Ready to process requests
(9) Received Access-Request Id 91 from 192.168.1.7:40573 to
192.168.1.27:1812 length 245
(9) User-Name = "oktaradius at contentful.com"
(9) NAS-IP-Address = 192.168.1.7
(9) NAS-Identifier = "F09FC2307B82DFB616DF"
(9) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(9) Connect-Info = "CONNECT 0Mbps 802.11b"
(9) Acct-Session-Id = "F4E3DF614E08A6E7"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027074
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x02ff001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(9) Message-Authenticator = 0x6814d8a702b65f36ca7679d3c30d6abf
(9) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authorize {
(9) update control {
(9) Proxy-To-Realm := LOCAL
(9) } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 255 length 30
(9) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap: Peer sent packet with method EAP Identity (1)
(9) eap: Calling submodule eap_tls to process data
(9) eap_tls: Initiating new EAP-TLS session
(9) eap_tls: Setting verify mode to require certificate from client
(9) eap_tls: [eaptls start] = request
(9) eap: Sending EAP Request (code 1) ID 0 length 6
(9) eap: EAP session adding &reply:State = 0x45a1b60045a1bb20
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(9) Sent Access-Challenge Id 91 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(9) EAP-Message = 0x010000060d20
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x45a1b60045a1bb203cf58ce5a6130bac
(9) Finished request
Waking up in 4.9 seconds.
(10) Received Access-Request Id 92 from 192.168.1.7:40573 to
192.168.1.27:1812 length 241
(10) User-Name = "oktaradius at contentful.com"
(10) NAS-IP-Address = 192.168.1.7
(10) NAS-Identifier = "F09FC2307B82DFB616DF"
(10) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(10) Connect-Info = "CONNECT 0Mbps 802.11b"
(10) Acct-Session-Id = "F4E3DF614E08A6E7"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027074
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) EAP-Message = 0x020000080319152b
(10) State = 0x45a1b60045a1bb203cf58ce5a6130bac
(10) Message-Authenticator = 0xd26c1062637c92beeaf01d2c1b916ad1
(10) session-state: No cached attributes
(10) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(10) authorize {
(10) update control {
(10) Proxy-To-Realm := LOCAL
(10) } # update control = noop
(10) eap: Peer sent EAP Response (code 2) ID 0 length 8
(10) eap: No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) [pap] = noop
(10) if (User-Password) {
(10) if (User-Password) -> FALSE
(10) } # authorize = updated
(10) Found Auth-Type = eap
(10) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(10) authenticate {
(10) eap: Expiring EAP session with state 0x8e5e79f886026037
(10) eap: Finished EAP session with state 0x45a1b60045a1bb20
(10) eap: Previous EAP request found for state 0x45a1b60045a1bb20, released
from the list
(10) eap: Peer sent packet with method EAP NAK (3)
(10) eap: Found mutually acceptable type PEAP (25)
(10) eap: Calling submodule eap_peap to process data
(10) eap_peap: Initiating new EAP-TLS session
(10) eap_peap: [eaptls start] = request
(10) eap: Sending EAP Request (code 1) ID 1 length 6
(10) eap: EAP session adding &reply:State = 0x45a1b60044a0af20
(10) [eap] = handled
(10) } # authenticate = handled
(10) Using Post-Auth-Type Challenge
(10) Post-Auth-Type sub-section not found. Ignoring.
(10) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(10) Sent Access-Challenge Id 92 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(10) EAP-Message = 0x010100061920
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x45a1b60044a0af203cf58ce5a6130bac
(10) Finished request
Waking up in 4.9 seconds.
(11) Received Access-Request Id 93 from 192.168.1.7:40573 to
192.168.1.27:1812 length 394
(11) User-Name = "oktaradius at contentful.com"
(11) NAS-IP-Address = 192.168.1.7
(11) NAS-Identifier = "F09FC2307B82DFB616DF"
(11) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(11) NAS-Port-Type = Wireless-802.11
(11) Service-Type = Framed-User
(11) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(11) Connect-Info = "CONNECT 0Mbps 802.11b"
(11) Acct-Session-Id = "F4E3DF614E08A6E7"
(11) WLAN-Pairwise-Cipher = 1027076
(11) WLAN-Group-Cipher = 1027074
(11) WLAN-AKM-Suite = 1027073
(11) Framed-MTU = 1400
(11) EAP-Message =
0x020100a119800000009716030100920100008e03035d3b1e7215b3678f88d097ae9174a206a45b0ff2c31450ec4417b02c0a38eec800002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00
(11) State = 0x45a1b60044a0af203cf58ce5a6130bac
(11) Message-Authenticator = 0x594cea32c50ad57f863d8a9ec6948b2e
(11) session-state: No cached attributes
(11) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(11) authorize {
(11) update control {
(11) Proxy-To-Realm := LOCAL
(11) } # update control = noop
(11) eap: Peer sent EAP Response (code 2) ID 1 length 161
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) } # authorize = ok
(11) Found Auth-Type = eap
(11) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(11) authenticate {
(11) eap: Expiring EAP session with state 0x8e5e79f886026037
(11) eap: Finished EAP session with state 0x45a1b60044a0af20
(11) eap: Previous EAP request found for state 0x45a1b60044a0af20, released
from the list
(11) eap: Peer sent packet with method EAP PEAP (25)
(11) eap: Calling submodule eap_peap to process data
(11) eap_peap: Continuing EAP-TLS
(11) eap_peap: Peer indicated complete TLS record size will be 151 bytes
(11) eap_peap: Got complete TLS record (151 bytes)
(11) eap_peap: [eaptls verify] = length included
(11) eap_peap: (other): before SSL initialization
(11) eap_peap: TLS_accept: before SSL initialization
(11) eap_peap: TLS_accept: before SSL initialization
(11) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092]
(11) eap_peap: TLS_accept: SSLv3/TLS read client hello
(11) eap_peap: >>> send TLS 1.2 [length 003d]
(11) eap_peap: TLS_accept: SSLv3/TLS write server hello
(11) eap_peap: >>> send TLS 1.2 [length 08d3]
(11) eap_peap: TLS_accept: SSLv3/TLS write certificate
(11) eap_peap: >>> send TLS 1.2 [length 014d]
(11) eap_peap: TLS_accept: SSLv3/TLS write key exchange
(11) eap_peap: >>> send TLS 1.2 [length 0004]
(11) eap_peap: TLS_accept: SSLv3/TLS write server done
(11) eap_peap: TLS_accept: Need to read more data: SSLv3/TLS write server
done
(11) eap_peap: In SSL Handshake Phase
(11) eap_peap: In SSL Accept mode
(11) eap_peap: [eaptls process] = handled
(11) eap: Sending EAP Request (code 1) ID 2 length 1004
(11) eap: EAP session adding &reply:State = 0x45a1b60047a3af20
(11) [eap] = handled
(11) } # authenticate = handled
(11) Using Post-Auth-Type Challenge
(11) Post-Auth-Type sub-section not found. Ignoring.
(11) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(11) Sent Access-Challenge Id 93 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(11) EAP-Message =
0x010203ec19c000000a75160303003d020000390303af8f364d831067979b542ea739eaa440ab008d66ab057417430d84bddc45b08600c030000011ff01000100000b0004030001020017000016030308d30b0008cf0008cc0003de308203da308202c2a003020102020101300d06092a864886f70d0101
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x45a1b60047a3af203cf58ce5a6130bac
(11) Finished request
Waking up in 4.9 seconds.
(12) Received Access-Request Id 94 from 192.168.1.7:40573 to
192.168.1.27:1812 length 239
(12) User-Name = "oktaradius at contentful.com"
(12) NAS-IP-Address = 192.168.1.7
(12) NAS-Identifier = "F09FC2307B82DFB616DF"
(12) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(12) NAS-Port-Type = Wireless-802.11
(12) Service-Type = Framed-User
(12) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(12) Connect-Info = "CONNECT 0Mbps 802.11b"
(12) Acct-Session-Id = "F4E3DF614E08A6E7"
(12) WLAN-Pairwise-Cipher = 1027076
(12) WLAN-Group-Cipher = 1027074
(12) WLAN-AKM-Suite = 1027073
(12) Framed-MTU = 1400
(12) EAP-Message = 0x020200061900
(12) State = 0x45a1b60047a3af203cf58ce5a6130bac
(12) Message-Authenticator = 0x7de649bfa0533526fa345816cd065d6a
(12) session-state: No cached attributes
(12) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12) authorize {
(12) update control {
(12) Proxy-To-Realm := LOCAL
(12) } # update control = noop
(12) eap: Peer sent EAP Response (code 2) ID 2 length 6
(12) eap: Continuing tunnel setup
(12) [eap] = ok
(12) } # authorize = ok
(12) Found Auth-Type = eap
(12) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12) authenticate {
(12) eap: Expiring EAP session with state 0x8e5e79f886026037
(12) eap: Finished EAP session with state 0x45a1b60047a3af20
(12) eap: Previous EAP request found for state 0x45a1b60047a3af20, released
from the list
(12) eap: Peer sent packet with method EAP PEAP (25)
(12) eap: Calling submodule eap_peap to process data
(12) eap_peap: Continuing EAP-TLS
(12) eap_peap: Peer ACKed our handshake fragment
(12) eap_peap: [eaptls verify] = request
(12) eap_peap: [eaptls process] = handled
(12) eap: Sending EAP Request (code 1) ID 3 length 1000
(12) eap: EAP session adding &reply:State = 0x45a1b60046a2af20
(12) [eap] = handled
(12) } # authenticate = handled
(12) Using Post-Auth-Type Challenge
(12) Post-Auth-Type sub-section not found. Ignoring.
(12) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(12) Sent Access-Challenge Id 94 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(12) EAP-Message =
0x010303e819401243396539a2f1ad1b6a17603569def5a0794b3af441b40273fd27a0361b18742b5e898d798d94b85c2aaa4ede14cfe7c5f7406c7d5eb178bc1e609fbfefb1920ce1f720d4bbd7ea7e4c91a2b00004e8308204e4308203cca003020102020900c803dae017bc13c5300d06092a864886f7
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x45a1b60046a2af203cf58ce5a6130bac
(12) Finished request
Waking up in 4.9 seconds.
(13) Received Access-Request Id 95 from 192.168.1.7:40573 to
192.168.1.27:1812 length 239
(13) User-Name = "oktaradius at contentful.com"
(13) NAS-IP-Address = 192.168.1.7
(13) NAS-Identifier = "F09FC2307B82DFB616DF"
(13) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(13) NAS-Port-Type = Wireless-802.11
(13) Service-Type = Framed-User
(13) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(13) Connect-Info = "CONNECT 0Mbps 802.11b"
(13) Acct-Session-Id = "F4E3DF614E08A6E7"
(13) WLAN-Pairwise-Cipher = 1027076
(13) WLAN-Group-Cipher = 1027074
(13) WLAN-AKM-Suite = 1027073
(13) Framed-MTU = 1400
(13) EAP-Message = 0x020300061900
(13) State = 0x45a1b60046a2af203cf58ce5a6130bac
(13) Message-Authenticator = 0xc28f2af0b0b0b49e5b2414cf69a55d65
(13) session-state: No cached attributes
(13) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(13) authorize {
(13) update control {
(13) Proxy-To-Realm := LOCAL
(13) } # update control = noop
(13) eap: Peer sent EAP Response (code 2) ID 3 length 6
(13) eap: Continuing tunnel setup
(13) [eap] = ok
(13) } # authorize = ok
(13) Found Auth-Type = eap
(13) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(13) authenticate {
(13) eap: Expiring EAP session with state 0x8e5e79f886026037
(13) eap: Finished EAP session with state 0x45a1b60046a2af20
(13) eap: Previous EAP request found for state 0x45a1b60046a2af20, released
from the list
(13) eap: Peer sent packet with method EAP PEAP (25)
(13) eap: Calling submodule eap_peap to process data
(13) eap_peap: Continuing EAP-TLS
(13) eap_peap: Peer ACKed our handshake fragment
(13) eap_peap: [eaptls verify] = request
(13) eap_peap: [eaptls process] = handled
(13) eap: Sending EAP Request (code 1) ID 4 length 695
(13) eap: EAP session adding &reply:State = 0x45a1b60041a5af20
(13) [eap] = handled
(13) } # authenticate = handled
(13) Using Post-Auth-Type Challenge
(13) Post-Auth-Type sub-section not found. Ignoring.
(13) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(13) Sent Access-Challenge Id 95 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(13) EAP-Message =
0x010402b719000101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b0500038201010093b7088d1eca7efc8d6342f26a50a6514cb1333be0b8cce368e35f
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x45a1b60041a5af203cf58ce5a6130bac
(13) Finished request
Waking up in 4.9 seconds.
(14) Received Access-Request Id 96 from 192.168.1.7:40573 to
192.168.1.27:1812 length 369
(14) User-Name = "oktaradius at contentful.com"
(14) NAS-IP-Address = 192.168.1.7
(14) NAS-Identifier = "F09FC2307B82DFB616DF"
(14) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(14) NAS-Port-Type = Wireless-802.11
(14) Service-Type = Framed-User
(14) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(14) Connect-Info = "CONNECT 0Mbps 802.11b"
(14) Acct-Session-Id = "F4E3DF614E08A6E7"
(14) WLAN-Pairwise-Cipher = 1027076
(14) WLAN-Group-Cipher = 1027074
(14) WLAN-AKM-Suite = 1027073
(14) Framed-MTU = 1400
(14) EAP-Message =
0x0204008819800000007e160303004610000042410489af273349ec0aff39ef9b564988ef3fcc4972fb8903571c2dd74944f09cb378d5cd184f17c90f37cbfd46fcbcf3f592510e4aaa79bd7af5e85b9cfeb6fe18f91403030001011603030028809cad750f6dbea104571008c2ec8a3004448fddd75f8d
(14) State = 0x45a1b60041a5af203cf58ce5a6130bac
(14) Message-Authenticator = 0x1619952b015d109a3971e25afe8d6c71
(14) session-state: No cached attributes
(14) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(14) authorize {
(14) update control {
(14) Proxy-To-Realm := LOCAL
(14) } # update control = noop
(14) eap: Peer sent EAP Response (code 2) ID 4 length 136
(14) eap: Continuing tunnel setup
(14) [eap] = ok
(14) } # authorize = ok
(14) Found Auth-Type = eap
(14) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(14) authenticate {
(14) eap: Expiring EAP session with state 0x8e5e79f886026037
(14) eap: Finished EAP session with state 0x45a1b60041a5af20
(14) eap: Previous EAP request found for state 0x45a1b60041a5af20, released
from the list
(14) eap: Peer sent packet with method EAP PEAP (25)
(14) eap: Calling submodule eap_peap to process data
(14) eap_peap: Continuing EAP-TLS
(14) eap_peap: Peer indicated complete TLS record size will be 126 bytes
(14) eap_peap: Got complete TLS record (126 bytes)
(14) eap_peap: [eaptls verify] = length included
(14) eap_peap: TLS_accept: SSLv3/TLS write server done
(14) eap_peap: <<< recv TLS 1.2 [length 0046]
(14) eap_peap: TLS_accept: SSLv3/TLS read client key exchange
(14) eap_peap: TLS_accept: SSLv3/TLS read change cipher spec
(14) eap_peap: <<< recv TLS 1.2 [length 0010]
(14) eap_peap: TLS_accept: SSLv3/TLS read finished
(14) eap_peap: >>> send TLS 1.2 [length 0001]
(14) eap_peap: TLS_accept: SSLv3/TLS write change cipher spec
(14) eap_peap: >>> send TLS 1.2 [length 0010]
(14) eap_peap: TLS_accept: SSLv3/TLS write finished
(14) eap_peap: (other): SSL negotiation finished successfully
(14) eap_peap: SSL Connection Established
(14) eap_peap: [eaptls process] = handled
(14) eap: Sending EAP Request (code 1) ID 5 length 57
(14) eap: EAP session adding &reply:State = 0x45a1b60040a4af20
(14) [eap] = handled
(14) } # authenticate = handled
(14) Using Post-Auth-Type Challenge
(14) Post-Auth-Type sub-section not found. Ignoring.
(14) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(14) Sent Access-Challenge Id 96 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(14) EAP-Message =
0x0105003919001403030001011603030028d50708081d6cd0f58618ff3be735cc543b658761fdbcb9c916f17f8e5c75ea2d052c68aa9d948577
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x45a1b60040a4af203cf58ce5a6130bac
(14) Finished request
Waking up in 4.9 seconds.
(15) Received Access-Request Id 97 from 192.168.1.7:40573 to
192.168.1.27:1812 length 239
(15) User-Name = "oktaradius at contentful.com"
(15) NAS-IP-Address = 192.168.1.7
(15) NAS-Identifier = "F09FC2307B82DFB616DF"
(15) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(15) NAS-Port-Type = Wireless-802.11
(15) Service-Type = Framed-User
(15) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(15) Connect-Info = "CONNECT 0Mbps 802.11b"
(15) Acct-Session-Id = "F4E3DF614E08A6E7"
(15) WLAN-Pairwise-Cipher = 1027076
(15) WLAN-Group-Cipher = 1027074
(15) WLAN-AKM-Suite = 1027073
(15) Framed-MTU = 1400
(15) EAP-Message = 0x020500061900
(15) State = 0x45a1b60040a4af203cf58ce5a6130bac
(15) Message-Authenticator = 0x90b0f463f5ece750c76938493bef73e4
(15) session-state: No cached attributes
(15) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(15) authorize {
(15) update control {
(15) Proxy-To-Realm := LOCAL
(15) } # update control = noop
(15) eap: Peer sent EAP Response (code 2) ID 5 length 6
(15) eap: Continuing tunnel setup
(15) [eap] = ok
(15) } # authorize = ok
(15) Found Auth-Type = eap
(15) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(15) authenticate {
(15) eap: Expiring EAP session with state 0x8e5e79f886026037
(15) eap: Finished EAP session with state 0x45a1b60040a4af20
(15) eap: Previous EAP request found for state 0x45a1b60040a4af20, released
from the list
(15) eap: Peer sent packet with method EAP PEAP (25)
(15) eap: Calling submodule eap_peap to process data
(15) eap_peap: Continuing EAP-TLS
(15) eap_peap: Peer ACKed our handshake fragment. handshake is finished
(15) eap_peap: [eaptls verify] = success
(15) eap_peap: [eaptls process] = success
(15) eap_peap: Session established. Decoding tunneled attributes
(15) eap_peap: PEAP state TUNNEL ESTABLISHED
(15) eap: Sending EAP Request (code 1) ID 6 length 40
(15) eap: EAP session adding &reply:State = 0x45a1b60043a7af20
(15) [eap] = handled
(15) } # authenticate = handled
(15) Using Post-Auth-Type Challenge
(15) Post-Auth-Type sub-section not found. Ignoring.
(15) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(15) Sent Access-Challenge Id 97 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(15) EAP-Message =
0x010600281900170303001dd50708081d6cd0f6eebf0296c3de40ed139ef68f1f5f6d24dca9580567
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) State = 0x45a1b60043a7af203cf58ce5a6130bac
(15) Finished request
Waking up in 4.9 seconds.
(16) Received Access-Request Id 98 from 192.168.1.7:40573 to
192.168.1.27:1812 length 294
(16) User-Name = "oktaradius at contentful.com"
(16) NAS-IP-Address = 192.168.1.7
(16) NAS-Identifier = "F09FC2307B82DFB616DF"
(16) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(16) NAS-Port-Type = Wireless-802.11
(16) Service-Type = Framed-User
(16) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(16) Connect-Info = "CONNECT 0Mbps 802.11b"
(16) Acct-Session-Id = "F4E3DF614E08A6E7"
(16) WLAN-Pairwise-Cipher = 1027076
(16) WLAN-Group-Cipher = 1027074
(16) WLAN-AKM-Suite = 1027073
(16) Framed-MTU = 1400
(16) EAP-Message =
0x0206003d19001703030032809cad750f6dbea296105b25d092639083e9f94364d1542cb7346480cd940bb4db72582cbab017c3eb64fcd418b590f53045
(16) State = 0x45a1b60043a7af203cf58ce5a6130bac
(16) Message-Authenticator = 0x30f9a4cf8ef936618752f4c9cde86cca
(16) session-state: No cached attributes
(16) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(16) authorize {
(16) update control {
(16) Proxy-To-Realm := LOCAL
(16) } # update control = noop
(16) eap: Peer sent EAP Response (code 2) ID 6 length 61
(16) eap: Continuing tunnel setup
(16) [eap] = ok
(16) } # authorize = ok
(16) Found Auth-Type = eap
(16) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(16) authenticate {
(16) eap: Expiring EAP session with state 0x8e5e79f886026037
(16) eap: Finished EAP session with state 0x45a1b60043a7af20
(16) eap: Previous EAP request found for state 0x45a1b60043a7af20, released
from the list
(16) eap: Peer sent packet with method EAP PEAP (25)
(16) eap: Calling submodule eap_peap to process data
(16) eap_peap: Continuing EAP-TLS
(16) eap_peap: [eaptls verify] = ok
(16) eap_peap: Done initial handshake
(16) eap_peap: [eaptls process] = ok
(16) eap_peap: Session established. Decoding tunneled attributes
(16) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(16) eap_peap: Identity - oktaradius at contentful.com
(16) eap_peap: Got inner identity 'oktaradius at contentful.com'
(16) eap_peap: Setting default EAP type for tunneled EAP session
(16) eap_peap: Got tunneled request
(16) eap_peap: EAP-Message =
0x0206001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(16) eap_peap: Setting User-Name to oktaradius at contentful.com
(16) eap_peap: Sending tunneled request to inner-tunnel
(16) eap_peap: EAP-Message =
0x0206001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(16) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(16) eap_peap: User-Name = "oktaradius at contentful.com"
(16) eap_peap: NAS-IP-Address = 192.168.1.7
(16) eap_peap: NAS-Identifier = "F09FC2307B82DFB616DF"
(16) eap_peap: Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(16) eap_peap: NAS-Port-Type = Wireless-802.11
(16) eap_peap: Service-Type = Framed-User
(16) eap_peap: Calling-Station-Id = "8C-85-90-C9-C4-A5"
(16) eap_peap: Connect-Info = "CONNECT 0Mbps 802.11b"
(16) eap_peap: Acct-Session-Id = "F4E3DF614E08A6E7"
(16) eap_peap: WLAN-Pairwise-Cipher = 1027076
(16) eap_peap: WLAN-Group-Cipher = 1027074
(16) eap_peap: WLAN-AKM-Suite = 1027073
(16) eap_peap: Framed-MTU = 1400
(16) Virtual server inner-tunnel received request
(16) EAP-Message =
0x0206001e016f6b746172616469757340636f6e74656e7466756c2e636f6d
(16) FreeRADIUS-Proxied-To = 127.0.0.1
(16) User-Name = "oktaradius at contentful.com"
(16) NAS-IP-Address = 192.168.1.7
(16) NAS-Identifier = "F09FC2307B82DFB616DF"
(16) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(16) NAS-Port-Type = Wireless-802.11
(16) Service-Type = Framed-User
(16) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(16) Connect-Info = "CONNECT 0Mbps 802.11b"
(16) Acct-Session-Id = "F4E3DF614E08A6E7"
(16) WLAN-Pairwise-Cipher = 1027076
(16) WLAN-Group-Cipher = 1027074
(16) WLAN-AKM-Suite = 1027073
(16) Framed-MTU = 1400
(16) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(16) server inner-tunnel {
(16) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(16) authorize {
(16) update control {
(16) Proxy-To-Realm := LOCAL
(16) } # update control = noop
(16) eap: Peer sent EAP Response (code 2) ID 6 length 30
(16) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(16) [eap] = ok
(16) } # authorize = ok
(16) Found Auth-Type = eap
(16) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(16) authenticate {
(16) eap: Peer sent packet with method EAP Identity (1)
(16) eap: Calling submodule eap_gtc to process data
(16) eap_gtc: EXPAND Password:
(16) eap_gtc: --> Password:
(16) eap: Sending EAP Request (code 1) ID 7 length 15
(16) eap: EAP session adding &reply:State = 0x3a620f0e3a650909
(16) [eap] = handled
(16) } # authenticate = handled
(16) } # server inner-tunnel
(16) Virtual server sending reply
(16) EAP-Message = 0x0107000f0650617373776f72643a20
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) State = 0x3a620f0e3a6509095b1e601543adb3d7
(16) eap_peap: Got tunneled reply code 11
(16) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
(16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(16) eap_peap: State = 0x3a620f0e3a6509095b1e601543adb3d7
(16) eap_peap: Got tunneled reply RADIUS code 11
(16) eap_peap: EAP-Message = 0x0107000f0650617373776f72643a20
(16) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(16) eap_peap: State = 0x3a620f0e3a6509095b1e601543adb3d7
(16) eap_peap: Got tunneled Access-Challenge
(16) eap: Sending EAP Request (code 1) ID 7 length 46
(16) eap: EAP session adding &reply:State = 0x45a1b60042a6af20
(16) [eap] = handled
(16) } # authenticate = handled
(16) Using Post-Auth-Type Challenge
(16) Post-Auth-Type sub-section not found. Ignoring.
(16) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(16) Sent Access-Challenge Id 98 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(16) EAP-Message =
0x0107002e19001703030023d50708081d6cd0f7081aeb7d5b48735ede48e96b552ab53673ac37d4aa7fe1f7caadd0
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) State = 0x45a1b60042a6af203cf58ce5a6130bac
(16) Finished request
Waking up in 4.9 seconds.
(17) Received Access-Request Id 99 from 192.168.1.7:40573 to
192.168.1.27:1812 length 281
(17) User-Name = "oktaradius at contentful.com"
(17) NAS-IP-Address = 192.168.1.7
(17) NAS-Identifier = "F09FC2307B82DFB616DF"
(17) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(17) NAS-Port-Type = Wireless-802.11
(17) Service-Type = Framed-User
(17) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(17) Connect-Info = "CONNECT 0Mbps 802.11b"
(17) Acct-Session-Id = "F4E3DF614E08A6E7"
(17) WLAN-Pairwise-Cipher = 1027076
(17) WLAN-Group-Cipher = 1027074
(17) WLAN-AKM-Suite = 1027073
(17) Framed-MTU = 1400
(17) EAP-Message =
0x0207003019001703030025809cad750f6dbea3f1a1f30ac18a7a24bba1605a37789e2b425d90c1973b4210e9111e2b40
(17) State = 0x45a1b60042a6af203cf58ce5a6130bac
(17) Message-Authenticator = 0x9fd2a36dd28c1f5e53e1c8e60cfc589e
(17) session-state: No cached attributes
(17) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) authorize {
(17) update control {
(17) Proxy-To-Realm := LOCAL
(17) } # update control = noop
(17) eap: Peer sent EAP Response (code 2) ID 7 length 48
(17) eap: Continuing tunnel setup
(17) [eap] = ok
(17) } # authorize = ok
(17) Found Auth-Type = eap
(17) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) authenticate {
(17) eap: Expiring EAP session with state 0x8e5e79f886026037
(17) eap: Finished EAP session with state 0x45a1b60042a6af20
(17) eap: Previous EAP request found for state 0x45a1b60042a6af20, released
from the list
(17) eap: Peer sent packet with method EAP PEAP (25)
(17) eap: Calling submodule eap_peap to process data
(17) eap_peap: Continuing EAP-TLS
(17) eap_peap: [eaptls verify] = ok
(17) eap_peap: Done initial handshake
(17) eap_peap: [eaptls process] = ok
(17) eap_peap: Session established. Decoding tunneled attributes
(17) eap_peap: PEAP state phase2
(17) eap_peap: EAP method GTC (6)
(17) eap_peap: Got tunneled request
(17) eap_peap: EAP-Message = 0x0207001106426574415468657441313335
(17) eap_peap: Setting User-Name to oktaradius at contentful.com
(17) eap_peap: Sending tunneled request to inner-tunnel
(17) eap_peap: EAP-Message = 0x0207001106426574415468657441313335
(17) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(17) eap_peap: User-Name = "oktaradius at contentful.com"
(17) eap_peap: State = 0x3a620f0e3a6509095b1e601543adb3d7
(17) eap_peap: NAS-IP-Address = 192.168.1.7
(17) eap_peap: NAS-Identifier = "F09FC2307B82DFB616DF"
(17) eap_peap: Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(17) eap_peap: NAS-Port-Type = Wireless-802.11
(17) eap_peap: Service-Type = Framed-User
(17) eap_peap: Calling-Station-Id = "8C-85-90-C9-C4-A5"
(17) eap_peap: Connect-Info = "CONNECT 0Mbps 802.11b"
(17) eap_peap: Acct-Session-Id = "F4E3DF614E08A6E7"
(17) eap_peap: WLAN-Pairwise-Cipher = 1027076
(17) eap_peap: WLAN-Group-Cipher = 1027074
(17) eap_peap: WLAN-AKM-Suite = 1027073
(17) eap_peap: Framed-MTU = 1400
(17) Virtual server inner-tunnel received request
(17) EAP-Message = 0x0207001106426574415468657441313335
(17) FreeRADIUS-Proxied-To = 127.0.0.1
(17) User-Name = "oktaradius at contentful.com"
(17) State = 0x3a620f0e3a6509095b1e601543adb3d7
(17) NAS-IP-Address = 192.168.1.7
(17) NAS-Identifier = "F09FC2307B82DFB616DF"
(17) Called-Station-Id = "F0-9F-C2-32-7B-82:Seko"
(17) NAS-Port-Type = Wireless-802.11
(17) Service-Type = Framed-User
(17) Calling-Station-Id = "8C-85-90-C9-C4-A5"
(17) Connect-Info = "CONNECT 0Mbps 802.11b"
(17) Acct-Session-Id = "F4E3DF614E08A6E7"
(17) WLAN-Pairwise-Cipher = 1027076
(17) WLAN-Group-Cipher = 1027074
(17) WLAN-AKM-Suite = 1027073
(17) Framed-MTU = 1400
(17) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(17) server inner-tunnel {
(17) session-state: No cached attributes
(17) # Executing section authorize from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) authorize {
(17) update control {
(17) Proxy-To-Realm := LOCAL
(17) } # update control = noop
(17) eap: Peer sent EAP Response (code 2) ID 7 length 17
(17) eap: No EAP Start, assuming it's an on-going EAP conversation
(17) [eap] = updated
(17) [pap] = noop
(17) if (User-Password) {
(17) if (User-Password) -> FALSE
(17) } # authorize = updated
(17) Found Auth-Type = eap
(17) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) authenticate {
(17) eap: Expiring EAP session with state 0x8e5e79f886026037
(17) eap: Finished EAP session with state 0x3a620f0e3a650909
(17) eap: Previous EAP request found for state 0x3a620f0e3a650909, released
from the list
(17) eap: Peer sent packet with method EAP GTC (6)
(17) eap: Calling submodule eap_gtc to process data
(17) eap_gtc: # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) eap_gtc: Auth-Type PAP {
rlm_ldap (ldap): Closing connection (1): Hit idle_timeout, was idle for 72
seconds
rlm_ldap (ldap): Closing connection (2): Hit idle_timeout, was idle for 71
seconds
rlm_ldap (ldap): Closing connection (3): Hit idle_timeout, was idle for 70
seconds
rlm_ldap (ldap): Closing connection (4): Hit idle_timeout, was idle for 69
seconds
rlm_ldap (ldap): You probably need to lower "min"
rlm_ldap (ldap): Reserved connection (0)
(17) ldap: Login attempt by "oktaradius at contentful.com"
(17) ldap: Waiting for bind result...
(17) ldap: Bind successful
(17) ldap: EXPAND (uid=%{%{Stripped-User-Name}:-%{User-Name}})
(17) ldap: --> (uid=oktaradius at contentful.com)
(17) ldap: Performing search in "ou=users,dc=contentful, dc=oktapreview,
dc=com" with filter "(uid=oktaradius at contentful.com)", scope "sub"
(17) ldap: Waiting for search result...
(17) ldap: User object found at DN "uid=oktaradius at contentful.com
,ou=users,dc=contentful,dc=oktapreview,dc=com"
(17) ldap: Waiting for bind result...
(17) ldap: Bind successful
(17) ldap: Bind as user
"uid=oktaradius at contentful.com,ou=users,dc=contentful,dc=oktapreview,dc=com"
was successful
rlm_ldap (ldap): Released connection (0)
Need 1 more connections to reach min connections (3)
rlm_ldap (ldap): Opening additional connection (6), 1 of 30 pending slots
used
rlm_ldap (ldap): Connecting to ldap://contentful.ldap.oktapreview.com:636
rlm_ldap (ldap): Waiting for bind result...
rlm_ldap (ldap): Bind successful
(17) [ldap] = ok
(17) } # Auth-Type PAP = ok
(17) eap: Sending EAP Success (code 3) ID 7 length 4
(17) eap: Freeing handler
(17) [eap] = ok
(17) } # authenticate = ok
(17) # Executing section post-auth from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) } # server inner-tunnel
(17) Virtual server sending reply
(17) EAP-Message = 0x03070004
(17) Message-Authenticator = 0x00000000000000000000000000000000
(17) User-Name = "oktaradius at contentful.com"
(17) eap_peap: Got tunneled reply code 2
(17) eap_peap: EAP-Message = 0x03070004
(17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(17) eap_peap: User-Name = "oktaradius at contentful.com"
(17) eap_peap: Got tunneled reply RADIUS code 2
(17) eap_peap: EAP-Message = 0x03070004
(17) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(17) eap_peap: User-Name = "oktaradius at contentful.com"
(17) eap_peap: Tunneled authentication was successful
(17) eap_peap: SUCCESS
(17) eap_peap: Saving tunneled attributes for later
(17) eap: Sending EAP Request (code 1) ID 8 length 46
(17) eap: EAP session adding &reply:State = 0x45a1b6004da9af20
(17) [eap] = handled
(17) } # authenticate = handled
(17) Using Post-Auth-Type Challenge
(17) Post-Auth-Type sub-section not found. Ignoring.
(17) # Executing group from file
/etc/freeradius/3.0/sites-enabled/inner-tunnel
(17) Sent Access-Challenge Id 99 from 192.168.1.27:1812 to 192.168.1.7:40573
length 0
(17) EAP-Message =
0x0108002e19001703030023d50708081d6cd0f8afcb22e0f8e0332255e42661c24882389b0d4b344c5bc5d07a9ece
(17) Message-Authenticator = 0x00000000000000000000000000000000
(17) State = 0x45a1b6004da9af203cf58ce5a6130bac
(17) Finished request
Waking up in 2.6 seconds.
(9) Cleaning up request packet ID 91 with timestamp +69
(10) Cleaning up request packet ID 92 with timestamp +69
(11) Cleaning up request packet ID 93 with timestamp +69
(12) Cleaning up request packet ID 94 with timestamp +69
(13) Cleaning up request packet ID 95 with timestamp +69
(14) Cleaning up request packet ID 96 with timestamp +69
(15) Cleaning up request packet ID 97 with timestamp +69
(16) Cleaning up request packet ID 98 with timestamp +69
Waking up in 2.2 seconds.
(17) Cleaning up request packet ID 99 with timestamp +69
Ready to process requests
what do you think ?
--
Nawar Al Tarazi
IT Working Student
nawar.tarazi at contentful.com
+4915787991702
www.contentful.com
More information about the Freeradius-Users
mailing list