<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3059" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Gentlemen, I could use your help.</DIV>
<DIV> </DIV>
<DIV>I have a number of wireless devices that use FreeRADIUS to authenticate back to eDirectory with success while using Cisco's supplicant. The Cisco ADU (Aironet Desktop Utility) is configured with 802.1x PEAP (EAP-MSCHAP V2). For various reasons, I really need to make it work with the Microsoft supplicant. The Cisco docs indicate that it is possible to disable the use of their ADU to configure the WLAN card and use the Microsoft Wireless Configuration Manager in Windows XP. I would like to keep the same 802.1x authentication type, PEAP (EAP-MSCHAP V2).</DIV>
<DIV> </DIV>
<DIV>I have followed Cisco's detailed docs on this change of configuration and I am not getting any success. RADIUSD log is below.</DIV>
<DIV> </DIV>
<DIV>I have spent too much time on this issue, can someone please point me in the right direction.</DIV>
<DIV>Thanks much,</DIV>
<DIV>Marc</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>—-----------------------------------------------------RADIUSD LOG—-----------------------------------------------------</DIV>
<DIV>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=222, length=184<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x0209000f01554f48492d3430363238<BR> Message-Authenticator = 0x8881c69556fbec1f966ab6b8081d75ec<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 38<BR> modcall[authorize]: module "preprocess" returns ok for request 38<BR> modcall[authorize]: module "chap" returns noop for request 38<BR> modcall[authorize]: module "mschap" returns noop for request 38<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 38<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 38<BR> rlm_eap: EAP packet type response id 9 length 15<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 38<BR>modcall: group authorize returns updated for request 38<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 38<BR> rlm_eap: EAP Identity<BR> rlm_eap: processing type tls<BR> rlm_eap_tls: Initiate<BR> rlm_eap_tls: Start returned 1<BR> modcall[authenticate]: module "eap" returns handled for request 38<BR>modcall: group authenticate returns handled for request 38<BR>Sending Access-Challenge of id 222 to 192.168.242.4:32768<BR> EAP-Message = 0x010a00061920<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x4dda1f635e420966fc8dbbcc69dda607<BR>Finished request 38<BR>Going to the next request<BR>--- Walking the entire request list ---<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=223, length=267<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x020a005019800000004616030100410100003d0301462f5a5fd08496fa6f73faf534b5d9dfc37bd2c6669a9574fa88e6335c8ad88a00001600040005000a000900640062000300060013001200630100<BR> State = 0x4dda1f635e420966fc8dbbcc69dda607<BR> Message-Authenticator = 0x9018d1e50a6f18bc6b57d69c25671a00<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 39<BR> modcall[authorize]: module "preprocess" returns ok for request 39<BR> modcall[authorize]: module "chap" returns noop for request 39<BR> modcall[authorize]: module "mschap" returns noop for request 39<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 39<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 39<BR> rlm_eap: EAP packet type response id 10 length 80<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 39<BR>modcall: group authorize returns updated for request 39<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 39<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length Included<BR> eaptls_verify returned 11<BR> (other): before/accept initialization<BR> TLS_accept: before/accept initialization<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello<BR> TLS_accept: SSLv3 read client hello A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello<BR> TLS_accept: SSLv3 write server hello A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 098e], Certificate<BR> TLS_accept: SSLv3 write certificate A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<BR> TLS_accept: SSLv3 write server done A<BR> TLS_accept: SSLv3 flush data<BR> TLS_accept:error in SSLv3 read client certificate A<BR>In SSL Handshake Phase<BR>In SSL Accept mode<BR> eaptls_process returned 13<BR> rlm_eap_peap: EAPTLS_HANDLED<BR> modcall[authenticate]: module "eap" returns handled for request 39<BR>modcall: group authenticate returns handled for request 39<BR>Sending Access-Challenge of id 223 to 192.168.242.4:32768<BR> EAP-Message = 0x010b040a19c0000009eb160301004a020000460301462eb1d736542a8a4df2f4f3a5844ef939143c291aee6778ea4f87a6236ebf88207d4d3e0a6f3cce6751337b109c3c125ed04ea100b962d594018546de179773b4000400160301098e0b00098a0009870004e5308204e1308203c9a003020102020102300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e<BR> EAP-Message = 0x170d3036313031303137343732365a170d3037313031303137343732365a3081a6310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653120301e060355040313176f6869736c6573312e6f747461776168656172742e63613123302106092a864886f70d010901161461646d696e406f747461776168656172742e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100bd9e19cc9f7510ee7a3170729413a3724cdf9b4355<BR> EAP-Message = 0x500a711649144df5caee883e099d4229e52a023ee71fbad5fa7c91cd8374529160801c6323e357e3a313610c4ed3266e7d305015f0686e4cab8e2839099d7a36f5412774232e115fdbbace6238601a88ec0eb12134da278895a504f479bfeee87aa2ac9c50a9e387ae89fdfb6b6b0dc01abe0ea4f77b2a3e606b60c9c6be6d8b688ab34989c93f27240c43ba7b4e0ae8f42ad6b179411de526fcafe7fc75f257fdb551ec16d23876010e4cb5c0ea83c37be6ddaca2c455ab7b89ded92786d7cd1cb4bcf851f78845a4bd923293b50c86d8ac54f316ac3cd9917aadc265881e2b5ae30a1220d0798d2944930203010001a382014b308201473009060355<BR> EAP-Message = 0x1d1304023000303006096086480186f842010d04231621596153542047656e65726174656420536572766572204365727469666963617465301106096086480186f8420101040403020640300b0603551d0f040403020520301d0603551d0e0416041470bf34961e35fdf4aaf4dcaee9a7e137e2652ec030819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e73746974<BR> EAP-Message = 0x7574653111300f060355040313086f6869736c657331<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x0d45f794c16d885a70ce95b2f9482a78<BR>Finished request 39<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=224, length=193<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x020b00061900<BR> State = 0x0d45f794c16d885a70ce95b2f9482a78<BR> Message-Authenticator = 0x52561bab2e8c9afa9b6d07292146a53b<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 40<BR> modcall[authorize]: module "preprocess" returns ok for request 40<BR> modcall[authorize]: module "chap" returns noop for request 40<BR> modcall[authorize]: module "mschap" returns noop for request 40<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 40<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 40<BR> rlm_eap: EAP packet type response id 11 length 6<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 40<BR>modcall: group authorize returns updated for request 40<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 40<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Received EAP-TLS ACK message<BR> rlm_eap_tls: ack handshake fragment handler<BR> eaptls_verify returned 1<BR> eaptls_process returned 13<BR> rlm_eap_peap: EAPTLS_HANDLED<BR> modcall[authenticate]: module "eap" returns handled for request 40<BR>modcall: group authenticate returns handled for request 40<BR>Sending Access-Challenge of id 224 to 192.168.242.4:32768<BR> EAP-Message = 0x010c04061940820100301f0603551d1104183016811461646d696e406f747461776168656172742e636130090603551d1204023000300d06092a864886f70d01010505000382010100b2eb4b296d4d38a8f0eca582b092107e24976a83c5b6068922d3348769521e0a4b57f3e843d50c851db4ad541f6342beea24a6467e73a53fae3be20573bf824b87ce49a1dc946dfc2ecb2579136eff8464c5d5f4266cc9dbde9ad6766007960ed23c7a47cd05ddea1bbfcf494af0af491e273729a6f52aa172d7e7ba09741280098d4ce25d2c951733bf9a56647a247040d11781025175e1da1cc5b546e8deb8c71bbc52e521e0b38006447eee72c4d6c31192b2<BR> EAP-Message = 0x47b9ef622eb5c5162e8f13fb856bf31e447f2a3ca9f32b77eb99ab60fad53474c452a8749d06fcce810f7855c5340edeb4b5f77ce880e780565c0b60fd3d2f60ca91b2ba676191090fc7e5f400049c3082049830820380a003020102020100300d06092a864886f70d01010505003072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c657331301e170d3036313030323139313331335a170d3136303932393139<BR> EAP-Message = 0x313331335a3072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733130820122300d06092a864886f70d01010105000382010f003082010a0282010100e050a5f7f6204276dce3df6c20ddc3cf195f382301b3c374408ce528cd5ef3d4931ccaa304b9105b09377d3cf3b3489665496581c1c2b4b95ae785fe925f203eb266ac65e1d9a463cde7f7befe5f843d5cff41b4cea891cf8918cfd0634d2806e31a4f<BR> EAP-Message = 0x7b2d4e8dd26cae6b4ba5418df21a65073208af5afe60ff565d0616a37493a1cfc94899ccd85fed161653736d0addd1a4e267112f08f81506243ab63f9700a5529e22967dac11a2b8ffa1f3239f784ecc5299d8c31d6d159386aceb39b32f29d6cb784249f234baab3b1845e418bd2df18b71f801d80787f17fddfed27494885eda51d2c05e29a5ad33330920cdd040d13e2c54c432d29667a3ef2f9c4d0203010001a382013730820133300f0603551d130101ff040530030101ff302c06096086480186f842010d041f161d596153542047656e657261746564204341204365727469666963617465301106096086480186f842010104040302010630<BR> EAP-Message = 0x0b0603551d0f040403020106301d0603551d<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0xa69c23be214cea213ab71772ec162e3e<BR>Finished request 40<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=225, length=193<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x020c00061900<BR> State = 0xa69c23be214cea213ab71772ec162e3e<BR> Message-Authenticator = 0xaa8de108a0eecfcde92e4c62ed858be4<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 41<BR> modcall[authorize]: module "preprocess" returns ok for request 41<BR> modcall[authorize]: module "chap" returns noop for request 41<BR> modcall[authorize]: module "mschap" returns noop for request 41<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 41<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 41<BR> rlm_eap: EAP packet type response id 12 length 6<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 41<BR>modcall: group authorize returns updated for request 41<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 41<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Received EAP-TLS ACK message<BR> rlm_eap_tls: ack handshake fragment handler<BR> eaptls_verify returned 1<BR> eaptls_process returned 13<BR> rlm_eap_peap: EAPTLS_HANDLED<BR> modcall[authenticate]: module "eap" returns handled for request 41<BR>modcall: group authenticate returns handled for request 41<BR>Sending Access-Challenge of id 225 to 192.168.242.4:32768<BR> EAP-Message = 0x010d01f119000e041604144998ca048e04b60db2fb700a2b3716b300fcb77930819c0603551d2304819430819180144998ca048e04b60db2fb700a2b3716b300fcb779a176a4743072310b30090603550406130243413110300e060355040813074f6e746172696f310f300d060355040713064f7474617761312d302b060355040a1324556e6976657273697479206f66204f747461776120486561727420496e737469747574653111300f060355040313086f6869736c65733182010030090603551d110402300030090603551d1204023000300d06092a864886f70d010105050003820101009a6086c121e9b175d4b9c5e9406243685a58250199<BR> EAP-Message = 0x513347d581ba358ed6c64ac14e2782da6d6e9b40df6221c2d25e1eb785004c49bb4bb8c8889c417db67e00082324108726a295dd3121c67ddd83d7453726ce22abd2887e7ab93f829566a259347004b581a21e96db42ee57c3f29ede27882370daf38a45c331dd3c7f37a3d8c3740dd5e3ff107bd9b50dd2a9c3f18b550962f9ce5d4dda747c13b135a888f7db26648c436102b4393b7ec907d1cfaa04fac70f244c677442ea413bddd490cf144e38604f9bacbe91b9b7eb23ecf768048d71d23976d9899db5267d4f6f0ea00897c1642c3a4f70d8e21f2f04285554faa174ce6971cc6986e7c87f56ce2016030100040e000000<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x66033bb93efe19bc2d9927ae35020a1c<BR>Finished request 41<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=226, length=509<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x020d0140198000000136160301010610000102010086e0f9ad658ba724bdd476c7d85b8546179334b45eb22fbbdd454326aa5ac1d00e73314dd9f1d1062acb9cb6a7a52017d219aed52f301eecdd6cc9ecaa430687a8506d5133313796465869536c861713fc98b50c7e4fc4e2e049bae00a01c919f33a9992fdb17c6c01efcb6ecb9fdfa076a46cc353164b53da2794ed7629cfc550488076a11513bdb0ce38361b61159bf5c62a93c6f322ff0d7f10c11b42c76be143fa2d7ce697b917df9948758e41f0fde6fefc636a5174b0f7fed1133e911cad334551be4fed1a9e8a2ea891d53f2bb5480c36ab18f17e454edb9b363dca569106885aefc2f07b<BR> EAP-Message = 0x54693c4cc6fc46d497033ae13a2bd4232717955983f96bab1403010001011603010020855695767ea53d5e8315327a5db64cf94eecbd1e8dc21c668149e5249ab54709<BR> State = 0x66033bb93efe19bc2d9927ae35020a1c<BR> Message-Authenticator = 0x780254fe75985fe63ca23fedb0cb7bbb<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 42<BR> modcall[authorize]: module "preprocess" returns ok for request 42<BR> modcall[authorize]: module "chap" returns noop for request 42<BR> modcall[authorize]: module "mschap" returns noop for request 42<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 42<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 42<BR> rlm_eap: EAP packet type response id 13 length 253<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 42<BR>modcall: group authorize returns updated for request 42<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 42<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length Included<BR> eaptls_verify returned 11<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange<BR> TLS_accept: SSLv3 read client key exchange A<BR> rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]<BR> rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished<BR> TLS_accept: SSLv3 read finished A<BR> rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]<BR> TLS_accept: SSLv3 write change cipher spec A<BR> rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished<BR> TLS_accept: SSLv3 write finished A<BR> TLS_accept: SSLv3 flush data<BR> (other): SSL negotiation finished successfully<BR>SSL Connection Established<BR> eaptls_process returned 13<BR> rlm_eap_peap: EAPTLS_HANDLED<BR> modcall[authenticate]: module "eap" returns handled for request 42<BR>modcall: group authenticate returns handled for request 42<BR>Sending Access-Challenge of id 226 to 192.168.242.4:32768<BR> EAP-Message = 0x010e0031190014030100010116030100204c6f7e2f074eaf9fff787a15e29a6d0d4cca30295d1d5f9fde2ca041aa17f6b6<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x7b3a5e790f37b4700e491742dbc7cf95<BR>Finished request 42<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220<BR> User-Name = "UOHI-40628"<BR> Calling-Station-Id = "00-40-96-B1-43-BB"<BR> Called-Station-Id = "00-15-2C-49-E0-B0:UOHISSID2"<BR> NAS-Port = 1<BR> NAS-IP-Address = 192.168.242.4<BR> NAS-Identifier = "UOHIWLAN2"<BR> Vendor-14179-Attr-1 = 0x00000002<BR> Service-Type = Framed-User<BR> Framed-MTU = 1300<BR> NAS-Port-Type = Wireless-802.11<BR> Tunnel-Type:0 = VLAN<BR> Tunnel-Medium-Type:0 = IEEE-802<BR> Tunnel-Private-Group-Id:0 = "23"<BR> EAP-Message = 0x020e00211980000000171503010012aab9a07fd9c55ae9bc2a0bd0e1128b5157f7<BR> State = 0x7b3a5e790f37b4700e491742dbc7cf95<BR> Message-Authenticator = 0xa502333e39b077923bc35b03b4aaec26<BR> Processing the authorize section of radiusd.conf<BR>modcall: entering group authorize for request 43<BR> modcall[authorize]: module "preprocess" returns ok for request 43<BR> modcall[authorize]: module "chap" returns noop for request 43<BR> modcall[authorize]: module "mschap" returns noop for request 43<BR> rlm_realm: No <A href="mailto:'@'">'@'</A> in User-Name = "UOHI-40628", looking up realm NULL<BR> rlm_realm: No such realm "NULL"<BR> modcall[authorize]: module "suffix" returns noop for request 43<BR>rlm_ldap: - authorize<BR>rlm_ldap: performing user authorization for UOHI-40628<BR>radius_xlat: '(&(objectClass=inetOrgPerson)(cn=UOHI-40628))'<BR>radius_xlat: 'o=OHICO'<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: performing search in o=OHICO, with filter (&(objectClass=inetOrgPerson)(cn=UOHI-40628))<BR>rlm_ldap: checking if remote access for UOHI-40628 is allowed by dialupAccess<BR>rlm_ldap: Added the eDirectory password in check items<BR>rlm_ldap: looking for check items in directory...<BR>rlm_ldap: looking for reply items in directory...<BR>rlm_ldap: user UOHI-40628 authorized to use remote access<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[authorize]: module "ldap" returns ok for request 43<BR> rlm_eap: EAP packet type response id 14 length 33<BR> rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<BR> modcall[authorize]: module "eap" returns updated for request 43<BR>modcall: group authorize returns updated for request 43<BR> rad_check_password: Found Auth-Type EAP<BR>auth: type "EAP"<BR> Processing the authenticate section of radiusd.conf<BR>modcall: entering group authenticate for request 43<BR> rlm_eap: Request found, released from the list<BR> rlm_eap: EAP/peap<BR> rlm_eap: processing type peap<BR> rlm_eap_peap: Authenticate<BR> rlm_eap_tls: processing TLS<BR>rlm_eap_tls: Length Included<BR> eaptls_verify returned 11<BR> eaptls_process returned 7<BR> rlm_eap_peap: EAPTLS_OK<BR> rlm_eap_peap: Session established. Decoding tunneled attributes.<BR> rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal access_denied<BR>TLS Alert read:fatal:access denied<BR>rlm_eap_peap: No data inside of the tunnel.<BR> rlm_eap: Handler failed in EAP/peap<BR> rlm_eap: Failed in EAP select<BR> modcall[authenticate]: module "eap" returns invalid for request 43<BR>modcall: group authenticate returns invalid for request 43<BR>auth: Failed to validate the user.<BR> Processing the post-auth section of radiusd.conf<BR>modcall: entering group Post-Auth-Type for request 43<BR>rlm_ldap: ldap_get_conn: Checking Id: 0<BR>rlm_ldap: ldap_get_conn: Got Id: 0<BR>rlm_ldap: eDirectory account policy check failed.<BR>rlm_ldap: NDS error: failed authentication (-669)<BR>rlm_ldap: ldap_release_conn: Release Id: 0<BR> modcall[post-auth]: module "ldap" returns reject for request 43<BR>modcall: group Post-Auth-Type returns reject for request 43<BR>Delaying request 43 for 1 seconds<BR>Finished request 43<BR>Going to the next request<BR>Waking up in 6 seconds...<BR>rad_recv: Access-Request packet from host 192.168.242.4:32768, id=227, length=220<BR>Sending Access-Reject of id 227 to 192.168.242.4:32768<BR> EAP-Message = 0x040e0004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> Reply-Message = "NDS error: failed authentication (-669)"<BR>--- Walking the entire request list ---<BR>Waking up in 3 seconds...<BR>--- Walking the entire request list ---<BR>Cleaning up request 38 ID 222 with timestamp 462eb1d7<BR>Cleaning up request 39 ID 223 with timestamp 462eb1d7<BR>Cleaning up request 40 ID 224 with timestamp 462eb1d7<BR>Cleaning up request 41 ID 225 with timestamp 462eb1d7<BR>Cleaning up request 42 ID 226 with timestamp 462eb1d7<BR>Cleaning up request 43 ID 227 with timestamp 462eb1d7<BR>Nothing to do. Sleeping until we see a request.</DIV></BODY></HTML>