Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded LDAP ldap: server = "localhost" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=admin,o=uah,c=es" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "clave" ldap: basedn = "ou=radius,o=uah,c=es" ldap: filter = "(cn=%u)" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "{clear}" ldap: password_attribute = "(null)" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS User-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x8113370 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = yes eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "/etc/raddb/certs/" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/vpn.crusa.com.pem" tls: certificate_file = "/etc/raddb/certs/vpn.crusa.com.pem" tls: CA_file = "/etc/raddb/certs/ca.pem" tls: private_key_password = "claveclave" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "radius_user" sql: password = "radiuspass" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'" sql: accounting_update_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')" sql: accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" sql: accounting_start_query_alt = "UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query = "UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}'" sql: accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')" sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to radius_user@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Listening on proxy *:1814 Ready to process requests. rad_recv: Access-Request packet from host 10.0.0.11:1812, id=138, length=84 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" EAP-Message = 0x023e000b016d6f62696c65 Message-Authenticator = 0x362fa760e942a62b4137dd87c2050deb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 0 rlm_eap: EAP packet type response id 62 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=admin,o=uah,c=es/clave to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Requiring client certificate rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 138 to 10.0.0.11:1812 EAP-Message = 0x013f00060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=139, length=197 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x468de1ca8a58a4399a5f6a4d5b4e06fd EAP-Message = 0x023f006a0d8000000060160301005b01000057030142ca471887c23c7bfa361947c335437e2f9064b45923ead412ecbdbdf714facc00003000390038003500160013000a00330032002f0066000500040065006400630062006000150012000900140011000800030100 Message-Authenticator = 0xb84784150e58662d6a5ba31ee84b2c38 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 1 rlm_eap: EAP packet type response id 63 length 106 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0f5d], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 028d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 008b], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 139 to 10.0.0.11:1812 EAP-Message = 0x0140040a0dc0000012d3160301004a02000046030142ca47103b6ec22bb85f823c2dbe1a1fcb34a1f90fd18d67f0600d3c6dd27604205eaeb780b5d405762f45033c0bfc225df3ca49fad8f0970e6d04933680e09f230039001603010f5d0b000f59000f560007b5308207b130820599a003020102020108300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561 EAP-Message = 0x682e6573301e170d3035303730353037333233315a170d3039303632343037333233315a3053310b3009060355040613026573310c300a060355040a130375616831123010060355040b1309536572766963696f73311630140603550403130d76706e2e63727573612e636f6d310a3008060355040513013830820222300d06092a864886f70d01010105000382020f003082020a0282020100d927d5b772acfac528068527ab36f4d2928efcf0c67c25db1deb04811215603b1abcef6e09ce8715a4672b40826fa8b0b634315ef9750c6a2d3b1192edf9553a0e0b814d8bbb94fda431346aa559a4fbd70983a93c4977ed821dcd904d00bc20383085 EAP-Message = 0x5fdbc51fa9c91cba73888d82df7cdbfefcec916d49f7d5f430298f9795f1fc835e6688d5ef4d7f5c22b987f83b42b5ddb99a8fed95b695d7acefd0a79ef21d62a7b211f28004c0d4e767e0d8dd807decc526753c2455c26f85d8250756e3ef2fb644362ff368931886a43d1bd14b7586815c18ced78dfef63726e2e132069ca3fb875cd1fbe0303cbc4f49da841c942b01b78ad0274e1f47c68003fd73a54c954e80e5a87916e17d79feb2060cabf50c26fd001e69c9f442e5c17fc23ea63ed1bef65e85a3edac10ec046e571224eda51252e577430f6742597891861e8dc498b0c84a0e462b824222c3550daeb7e122c5d87e1bc18abef75e508f1c22 EAP-Message = 0xa4b8598a59470934d8e874b0fe4fdb043515d7443d1e3194856eb3d344b164b8615a448c632c0c5cc4ad2d2cb3eddc4fa459cd0b278d70990d3d63f91094aae5ec1da53207dc6e23111203d7e17e4f6e2e9276927949e6c1b884068408c9ba19dc2ccd6162e66540464d883684369698d6d5cd0568eb87a4cb28fb4aef09fd968fcc62b729f1e27dde5bdd8b7f67e084bbd8409eee64cd7f2b852198fb0607350203010001a38202693082026530090603551d1304023000305c0603551d2004553053300706052a0303ce0a300606042a030305300606042a030306300606042a030307303006042a0303083028302606082b06010505070201161a68 EAP-Message = 0x7474703a2f2f796f64612e6175742e7561682e65732f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x87945d41551fdf29b9808e0bf93b1364 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=140, length=97 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x87945d41551fdf29b9808e0bf93b1364 EAP-Message = 0x024000060d00 Message-Authenticator = 0x12b77eb84f2a1926f8492d0219f6a117 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 2 rlm_eap: EAP packet type response id 64 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 140 to 10.0.0.11:1812 EAP-Message = 0x0141040a0dc0000012d3637073301106096086480186f8420101040403020640300b0603551d0f0404030205e0302006096086480186f842010d0413161156504e20536572766572206f6620756168301d0603551d0e041604142756c50196c3a0f1208f8327c67a89e6ec92d7cf3081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d EAP-Message = 0x010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301e0603551d1104173015811376706e2d61646d696e4063727573612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075 EAP-Message = 0x622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201000fd7e8dc029bbaf321ce6c6bba6d8315107f9e045cc6d8f82c3dbd32e8cdddcfa0d7123c13031c9e53ef74edd6f5f6a94beb3ae1bd20c96eafd1c069ad45a16375006fa3bdfe1fc39c7ef97defb2c7ea56e08dcc59bc0f40d69d6bea1ed19a8d144fbd14a7c0572b05e54c72c52b439df6e4c0e911eccb8c0c8cb7afc3b9c8bdd6d1d7041813215ac33ac9d45e73b368032fd4c192978ca63a1c3aa1cd344a04d4129e0d10cd7d9c018f929ff7ce212a93935342d6e2569dff805432a09e3831e08e7442b6d4235b982a4f8356935e343ff2f62e98fcb3cd25b8 EAP-Message = 0x9e439b062cbd79a6c9b8f99e8fc59a64224ad24ddf354b88604d296c54d13836ecc9a06e34d69b34298c0d334b682f8254e0c12ec9baff810ccac69e3427a50fdd8ec695aa960f8d60fcc55eaa5caed8e5ce34b25c0de26afec723977b3c6553057b66c5f6a35a279bc674b084aa7997aad22bc9c67e75ecce529c3ffd5a1be5fdb6a271d84df05a170c2de1a2e30fe505aec06a8fcf0e49811539c8e4f72325bc46d6fb89903fa5416a38668d04c71ed79c40e2f8c75b3f026fb1e7366449a1fe183ce7e34e5916b080a72a29bad7a67c8e9389ea01a70ddb4f3e2cf1d103b3d29d8993c91f0ae8dc9b690733ba153bba5248dfb72aec4aa21adfcf81 EAP-Message = 0x80725ad754035e7b3fcac22ee583c19032270f922f2e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8de1f909e4a87c97855957e5253bae2c Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=141, length=97 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x8de1f909e4a87c97855957e5253bae2c EAP-Message = 0x024100060d00 Message-Authenticator = 0x840fbc4d13b0a07288c5d1659371118d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 3 rlm_eap: EAP packet type response id 65 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 141 to 10.0.0.11:1812 EAP-Message = 0x0142040a0dc0000012d38995578e1bbdef93336eea9b3086ea58767c4800079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a13037561 EAP-Message = 0x68310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851e287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3 EAP-Message = 0xa31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc75f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590d896e1c351afd3515a5200be219f3e854521b8d5c10f5cfe633975c1e38cf590d7cdf325d53239b88cd483764556dbda3bcb1e8280d01cd782ca228d925e5bec5e25065d7c62fed532145 EAP-Message = 0x87a49a051ad92f251a131324e4c646461c7b780b7e322403708a758df8d5711d3c609efa5b62f47bc1c4e42f7b38970d944198545cff44fccd58787fc6edbbbd243c0d876c1fe3db89a6fd76f1276faa7a4fddbb7ab54078d69ea6c11289fb032b6d0b58f293e2133dafc7565b9c54d68bcc78d8a2733af103969ba0a0f7b08d40030214f70203010001a38202223082021e300f0603551d130101ff040530030101ff301d0603551d0e0416041438870a2b2e63a58a8044a745ecb8a036446add563081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a EAP-Message = 0x060355040a1303756168310c300a060355040b130350 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x78ebcb20e451da232658604c0f20cec0 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=142, length=97 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x78ebcb20e451da232658604c0f20cec0 EAP-Message = 0x024200060d00 Message-Authenticator = 0x56e8c1640961c51340628c5e4113336e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 4 rlm_eap: EAP packet type response id 66 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module "sql" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 142 to 10.0.0.11:1812 EAP-Message = 0x0143040a0dc0000012d34b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5300b0603551d0f04040302010630190603551d1104123010810e706b69406175742e7561682e657330190603551d1204123010810e706b69406175742e7561682e6573301106096086480186f8420101040403020007303606096086480186f842010d042916277561682043657274696669636174696f6e20417574686f72697479204365727469666963617465303b0603551d1f0434 EAP-Message = 0x30323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d0101050500038202010042a0f8e04afcd107bbdd4e4d2f9765c612f5ec16f9f8d6a4b73b57c3fb718de633de0862e2bf869300ab2adb72595fd31ff1409f9d565699885cf00ee820c9 EAP-Message = 0xa1e64c6b67ace010c40df18456750a07b145d67ef13512ae0dbf3fde758be09c2c3e53fb24890868c7f22ad030a5d0f3df0bd634d9e8e8351d51964ca5df26e24aa3f4a74d830f4645e16ad411b156739767522b7244160969a904cf63891afc5ac9459d4cad8db8b64ca656ea782dd67d0ba6397c850b4ab544e0c24a0e066e3f266495e3e89b6eeef4bd7fe4fe1f9b05472a08a09b0588096467cd7a35d1fbfef138d32b11d5c368bcf55e19a951ef6296e9c965534778e5d7356ca2c53536dd81a7f468be9f3323f5fc04ab2573de0c558d6db2257dac688bd6328956f068b6aba10649848a3a26d5181c13404a392ae7029b3c9c2261fde9afdd99 EAP-Message = 0x07c79b8642e3c764fbb2585ebf009dbd9be1692ef28dfd564376b324d016cf56a726eae44bd2b55be01e8f4add1fcaca0af88f9f576d5099ae6f523a5090ad8e7890d41f50af3095126131bdcb16a5e803d66089a37635de14d5ec6f7c2da2e6c752a6b978fa84413f164ff43218a5a3cf03f94a712d31ee6fafec5ff5e168a08439faec58cab29c97d9f07b96b7cf2e47d55cfc3760f345ef0b0ea0fd9431cc96b9296ef90d4c375e3803485a5422300962a633a366278a1f7dae29c96a23d9e318e935160301028d0c0002890040eece0892a7684945d9c84b5e574665b987779aecd4cc5150e36eeed34818ffeacfac3c8b1e217cf21bec2fcae928 EAP-Message = 0x8c2cb604ad76c80fe5cfd0458b9b13b4f4b700010500 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x83a2b0b7088b72dae082b1c920aeb31a Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=143, length=97 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x83a2b0b7088b72dae082b1c920aeb31a EAP-Message = 0x024300060d00 Message-Authenticator = 0x9da3b46acde71c0446afcb85102c4734 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 5 rlm_eap: EAP packet type response id 67 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 143 to 10.0.0.11:1812 EAP-Message = 0x014402dd0d80000012d340b1872e42d5a34d28c71b1c5337514cabe48acfa781c1c3873e59590ba955cdb7ba278287c65e2a4f4dc06d7078c49c46dfa7ee92c48a94239096c330a5d2156a02004f20b4549575d48c8e4a388268cec8adbfc2828d20ceead9bdf7d06761896253534000448fbe3449c5333bf0b66540034c76fb0b8d6450122c9366b6fa5e86ee04726c33201290324dd27f0a533681c56e747b69db64a27e90fb993f98b0095903a9ac329cc211351fa23d20583db9e2121fb51d756a0767b941bfa647f949734c95ac726843df743b6d0b541b4926102dc83e710f9994e27e1e1b2ec76b3cd854b1525128213c8e97b0a285666588ee EAP-Message = 0x392d91c72f546414996077fe904052d7dfbc8205575df979c53e6aedc56495baf548606c3a84cfade407959b832fe43222b432395eddd4990a3446df727de2fcd6ad433e5347f4419b13364399597f9e30948e118e43f55785a250d9e59c9786518a20ba2ca4bc3b6561a5556e4b71a867ab32946f93eeb6f85177ff0fd3fe6d962784c026457896a438c95dd702d85d2f981a2fdb726f048d71c3c1c901b658a94cf4c0bb5706e0a1e9c49606d7e39d107e39705e5736475fc1b5491a85913a883932d755b1ed27e244819c363c13d083efe45242ec2454dce61104a862ff1f411a9e4cc35b8428a8fb8ead440b34d5a29a897e87efa82f5ad91b9472 EAP-Message = 0x34ac50a8eede1098634f56cb0b73cad65e4e1b76efe23d5db1a2b1278a7a70501e5d8ba32564f9324de034ac8ffc23e0fd7b37b482244517c7453c08291b0609d89e9d7c92611dbf2e857025bd98896bb72e15160301008b0d0000830403040102007c007a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e65730e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8114badf17473ee2b9c1d2ac7940e28d Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=144, length=1597 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x8114badf17473ee2b9c1d2ac7940e28d EAP-Message = 0x024405d80dc000000efe1603010de80b000de4000de10006403082063c30820424a003020102020104300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303131333833345a170d3039303632383131333833345a304b310b3009060355040613026573310c300a060355040a13037561683110300e060355040b1307416c75 EAP-Message = 0x6d6e6f733110300e06035504031307436c69656e7465310a3008060355040513013430819f300d06092a864886f70d010101050003818d00308189028181009d475e9547b81afa9cfa087cef13d6e90dfaa1eef56fdef756fabdf8685ae8293f01f3c105e6c6ca1c14ac6cb4f92322deb00352b2842068d879c3683562883efa5eadddd275c269593afa9a5d8920b43d413118127213b8674a8837f97730d883f0c79fa54c06f67baf2a39a200106544fd498c58344b8bc20a9940ed10386d0203010001a38202803082027c30090603551d130402300030430603551d20043c303a300606042a030304303006042a0303053028302606082b06010505 EAP-Message = 0x070201161a687474703a2f2f796f64612e6175742e7561682e65732f637073301106096086480186f84201010404030205a0300b0603551d0f0404030205e030290603551d250422302006082b0601050507030206082b06010505070304060a2b060104018237140202302606096086480186f842010d0419161755736572204365727469666963617465206f6620756168301d0603551d0e0416041425c42b01ac77b1cd69ecb8fd105abdb37893f4c63081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355 EAP-Message = 0x040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5301d0603551d11041630148112636c69656e7465407072756562612e636f6d30190603551d1204123010810e706b69406175742e7561682e6573303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e EAP-Message = 0x65732f7075622f63726c2f636163726c2e63726c303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d010105050003820201005a416f2ab9d2911a2717c378f30c075c81b3aa7335897bea9dcf11aa23729c830263556297d9fbf4e36af0f230cd59df0e412530556a4c0bc3f9c608bbcb96785eef7aba9373654643be7661302978a43d3bb9e3a8235b23c121bb11dca9c0d866cea49f4adfe3d7f6dace21a3c88fee754d18db8c8123dac907f3d87fc47434a63d7ba9661f45f2088efdd1dbe420ed7c14c41f7af006dd EAP-Message = 0xd799d71a479e34d17ea091468dbe0f560e7a44ce6d74368bc9dcca4257935e03bb9d755e3a4e178875ca51a32e7019d207268191a812745e2e5cb4b91224776f9aef9f6397ac485da2cd24a0d1c25e02d1f2828a21cbc47c762f86aeb4b44a5af71f013ded4d3a54cba5a49851218577af1c2b90cd27f3b5065a409f3e2644a7425ed3dc17d15a630f860fcc216813bdb0acb2b507f5c8479b280a110eecb858f0ef077a76f14107742ea064e02045789ded712b3eb8aadd9c1209e10757f25e14b900e4e8a111616e66697366586bf57a6f5fa79845021bde33efec2dddc95f3529b3a04ea2b8 Message-Authenticator = 0x8b8598358880bd370a2468c64421fec9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 6 rlm_eap: EAP packet type response id 68 length 253 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS First Fragment of the message eaptls_verify returned 9 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 144 to 10.0.0.11:1812 EAP-Message = 0x014500060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15011ed049f30b857ce6683156d2b2b9 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=145, length=1597 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x15011ed049f30b857ce6683156d2b2b9 EAP-Message = 0x024505d80d40ab681293018df1f9594ec6cd73460d2eaa9ee53294dbc1ccc979aa7fa3ee1ade3de6ec5669814f25957e487620ab054f159c7fc7c9bff2f5f55bdb5a59950157d334d520a8764f9f39f5c97915552cd1f7c4721e62aafb240780478ef5ad4ea9b073ff39a6d0551d4e4b9a43421c763d8437403f645f05fa92c00ef13a4f99fdbd00079b308207973082057fa003020102020900ae7948d122becdf5300d06092a864886f70d01010505003078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f726964616420646520436572746966696361 EAP-Message = 0x63696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573301e170d3035303633303037353330335a170d3039303632393037353330335a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e657330820222300d06092a864886f70d01010105000382020f003082020a0282020100ccbe20115cdf3ea4f05c53e08ee11409c425f851 EAP-Message = 0xe287b73f501d5809e9040059dbd95d83c316b9642820eb61e7804e0c76b5a7534d64e732be24bfe872b5e4a8b3991c18c61deb9e58e5dd43937812028a2d721e6311c9228cd977f71ab77979f3785c784adb8630b1559e3bb9f4dbf66f7cd3da2b32da2bc13ea816a3e3a31c4b10b0457bc21780f4881c5dc30f49bf6aba7280412e6d45945de61837ef0de9af80f4778593f92d1e8c29440b8444f77dd57cbc907c393832f4e23e5855d83e63d459deaca7e154a09aa3654c945ec5648e07d67612aaddd5f777b1e6d02e9f467a29d9938f5acd34f120e6d0730b921e2f42e27f87a63589fa3120273e4388d69189ddf4995d1f0be2868eb92e981cc7 EAP-Message = 0x5f44b526317671e633875e40182a7c592a9ad55a00a4c08d591419942e5a590d896e1c351afd3515a5200be219f3e854521b8d5c10f5cfe633975c1e38cf590d7cdf325d53239b88cd483764556dbda3bcb1e8280d01cd782ca228d925e5bec5e25065d7c62fed53214587a49a051ad92f251a131324e4c646461c7b780b7e322403708a758df8d5711d3c609efa5b62f47bc1c4e42f7b38970d944198545cff44fccd58787fc6edbbbd243c0d876c1fe3db89a6fd76f1276faa7a4fddbb7ab54078d69ea6c11289fb032b6d0b58f293e2133dafc7565b9c54d68bcc78d8a2733af103969ba0a0f7b08d40030214f70203010001a38202223082021e30 EAP-Message = 0x0f0603551d130101ff040530030101ff301d0603551d0e0416041438870a2b2e63a58a8044a745ecb8a036446add563081aa0603551d230481a230819f801438870a2b2e63a58a8044a745ecb8a036446add56a17ca47a3078310b3009060355040613026573310c300a060355040a1303756168310c300a060355040b1303504b49312e302c060355040313254175746f72696461642064652043657274696669636163696f6e204175746f6d6174696361311d301b06092a864886f70d010901160e706b69406175742e7561682e6573820900ae7948d122becdf5300b0603551d0f04040302010630190603551d1104123010810e706b6940617574 EAP-Message = 0x2e7561682e657330190603551d1204123010810e706b69406175742e7561682e6573301106096086480186f8420101040403020007303606096086480186f842010d042916277561682043657274696669636174696f6e20417574686f72697479204365727469666963617465303b0603551d1f043430323030a02ea02c862a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c303906096086480186f8420104042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c3039 Message-Authenticator = 0xc5d316d802ac60ec275aff67c255312d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 7 rlm_eap: EAP packet type response id 69 length 253 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns ok for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: More fragments to follow eaptls_verify returned 10 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 145 to 10.0.0.11:1812 EAP-Message = 0x014600060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x60952358c960e539d5816741349ddde1 Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.0.11:1812, id=146, length=965 User-Name = "mobile" NAS-IP-Address = 10.0.0.11 Calling-Station-Id = "00-0E-35-5D-B5-25" State = 0x60952358c960e539d5816741349ddde1 EAP-Message = 0x024603640d0006096086480186f8420103042c162a687474703a2f2f6f626977616e2e6175742e7561682e65732f7075622f63726c2f636163726c2e63726c300d06092a864886f70d0101050500038202010042a0f8e04afcd107bbdd4e4d2f9765c612f5ec16f9f8d6a4b73b57c3fb718de633de0862e2bf869300ab2adb72595fd31ff1409f9d565699885cf00ee820c9a1e64c6b67ace010c40df18456750a07b145d67ef13512ae0dbf3fde758be09c2c3e53fb24890868c7f22ad030a5d0f3df0bd634d9e8e8351d51964ca5df26e24aa3f4a74d830f4645e16ad411b156739767522b7244160969a904cf63891afc5ac9459d4cad8db8b64ca6 EAP-Message = 0x56ea782dd67d0ba6397c850b4ab544e0c24a0e066e3f266495e3e89b6eeef4bd7fe4fe1f9b05472a08a09b0588096467cd7a35d1fbfef138d32b11d5c368bcf55e19a951ef6296e9c965534778e5d7356ca2c53536dd81a7f468be9f3323f5fc04ab2573de0c558d6db2257dac688bd6328956f068b6aba10649848a3a26d5181c13404a392ae7029b3c9c2261fde9afdd9907c79b8642e3c764fbb2585ebf009dbd9be1692ef28dfd564376b324d016cf56a726eae44bd2b55be01e8f4add1fcaca0af88f9f576d5099ae6f523a5090ad8e7890d41f50af3095126131bdcb16a5e803d66089a37635de14d5ec6f7c2da2e6c752a6b978fa84413f164f EAP-Message = 0xf43218a5a3cf03f94a712d31ee6fafec5ff5e168a08439faec58cab29c97d9f07b96b7cf2e47d55cfc3760f345ef0b0ea0fd9431cc96b9296ef90d4c375e3803485a5422300962a633a366278a1f7dae29c96a23d9e318e93516030100461000004200408e5d65cd23ea632c288f89fdc017613240c8791a4dcace0d6b6e55783dc7db94cb9b717f6687cf2dab64966aba2388383665750bac618fe5652beeb4ba1af93316030100860f00008200801d48acea0d6d3335e2dc0ba0b51c0945f1e142e3af5a743d42efe9cfe53fbfc59a6e22d5be597788917c2575292e1a623612229cca4395bbc28eb494a9ff8c036f4f6dbd554b0c7666e5d250338f EAP-Message = 0x720647843d80125169fa1fea2a4cf59511da7c7cfc768b88188107033e7fdc7f6491fbd5084fbff1b102260ef4847c81a9e214030100010116030100302a8a7334eaa46ebabd33a1663113ab211dda71bdb26041325de1a11576c410e73b9812ad71e298f238b80452094c7652 Message-Authenticator = 0x86535dbf2d2b52864402b8f0e5619942 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "mobile", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 users: Matched entry DEFAULT at line 185 users: Matched entry mobile at line 227 modcall[authorize]: module "files" returns ok for request 8 rlm_eap: EAP packet type response id 70 length 253 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 radius_xlat: 'mobile' rlm_sql (sql): sql_set_user escaped user --> 'mobile' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'mobile' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): User mobile not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'mobile' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 1 modcall[authorize]: module "sql" returns ok for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for mobile radius_xlat: '(cn=mobile)' radius_xlat: 'ou=radius,o=uah,c=es' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=radius,o=uah,c=es, with filter (cn=mobile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'mobile' auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0de8], Certificate chain-depth=1, error=0 --> User-Name = mobile --> BUF-Name = Autoridad de Certificacion Automatica --> subject = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki@aut.uah.es --> issuer = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki@aut.uah.es --> verify return:1 chain-depth=0, error=0 --> User-Name = mobile --> BUF-Name = Cliente --> subject = /C=es/O=uah/OU=Alumnos/CN=Cliente/serialNumber=4 --> issuer = /C=es/O=uah/OU=PKI/CN=Autoridad de Certificacion Automatica/emailAddress=pki@aut.uah.es --> verify return:1 TLS_accept: SSLv3 read client certificate A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], CertificateVerify TLS_accept: SSLv3 read certificate verify A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 146 to 10.0.0.11:1812 EAP-Message = 0x014700450d800000003b14030100010116030100306e143f76c8cc466fb5bd2e30eae300820b579ca7d08e6c086fbf2ea0c05a80ab19014fa8ebec699fd9beb87723a81225 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x15ef8e9ca16373521a0d577ee1ced6ba Finished request 8 Going to the next request Waking up in 6 seconds...