<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Arial;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Greetings
everyone,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>I’m
a brand new member and am hoping to find some help with a bizarre
problem. First, I’m not an expert when it comes to RADIUS. I
work for a school district and I inherited this setup from someone else who
left the district over a year ago. I have a fair understanding of how
certificates work, but I’m not an expert in that area either.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Here
is some background on our setup:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Network:
Mixture of Windows 2000/2003 and Novell NetWare 6.5 servers. FreeRADIUS
v1.1.0 is running on SuSE Linux Enterprise Server 10 SP2.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Wireless
infrastructure: We use Aruba wireless technology, with an <st1:place
w:st="on">Aruba</st1:place> 2400 controller at our district office and 3 school
sites (with more to come).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>FreeRADIUS
is configured to use LDAP authentication to eDirectory, and with EAP-TLS for
the wireless. Workstations use PEAP and are configured not to validate
server certificates.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Wireless
authentication happens by first logging in to a workstation and having Windows
then pass the credentials on to RADIUS and authenticating to eDirectory.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>I
will paste relevant portions of the debug output from “radiusd
–X” below. Here is a description of the bizarre problem:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>I
have 2 user accounts; let’s call them UserA and UserB. I have 2
laptops; let’s call them Laptop1 and Laptop2. Laptop1 (my laptop)
is a Gateway M465 with an Intel Pro/Wireless 3945ABG card. Laptop2 (one
of my user’s laptops) is a Dell Latitude XT with Dell Wireless 1490 Dual
Band WLAN mini-card. Both are Mini-PCI cards.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>UserA
(me) can successfully authenticate on both laptops. UserB can
successfully authenticate on Laptop1, but not on Laptop2. The fact that
UserA can successfully authenticate on both tells me it’s not a laptop
configuration issue, and the fact that UserB can successfully authenticate on
Laptop1 tell me it’s not a user account issue. Also, using
NTRadPing (or radtest on the RADIUS server itself), I can successfully
authenticate as both users, with or without the Windows DOMAIN\ in front.
That leaves me with nothing to go on. I will paste the relevant sections
of the debug outputs from each user on each laptop and point out where the errors
are. I have even gone so far as to set up FreeRADIUS from scratch on a
test Unix machine, with no luck.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>In
the debug output I’m pasting below, the only difference I can see between
Laptop1 and Laptop2 is that Laptop2 is passing credentials with the DOMAIN\ in
front, where Laptop1 is not. That in itself is odd, because both laptops
are joined to our Windows domain and both laptops’ users log in to the
domain. But in any case, that part doesn’t seem to be the problem,
because FreeRADIUS is stripping the DOMAIN\ part off when it passes the
authentication request on to eDirectory. I even got a 3<sup>rd</sup> user
and laptop in for testing, and the results were the same as with Laptop2
– UserA can authenticate successfully on Laptop3, but UserB and UserC
cannot authenticate on Laptop3.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>The
other strange thing is that if, on the XP client, I drill down in to the
properties for the wireless profile and un-check the “Automatically use
my Windows logon name and password” option, Windows will prompt me for
credentials, and then they will be accepted!<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Software-wise,
the only difference between Laptop1 and Laptop2 and 3 is that Laptop1 has
Service Pack 2 for XP, and the other two have SP3. But that still
doesn’t explain the fact that UserA can successfully authenticate on all
3 laptops.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Any
help will be greatly appreciated.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Debug
output from UserA authenticating on Laptop1:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rad_recv:
Access-Request packet from host 20.1.3.140:32958, id=219, length=236<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
User-Name = "UserA"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-IP-Address = 20.1.3.140<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port = 1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Identifier = "20.1.3.140"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port-Type = Wireless-802.11<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Calling-Station-Id = "0018DE9626C1"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Called-Station-Id = "000B8640C280"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Service-Type = Login-User<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Framed-MTU = 1100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message = 0x020a00261900170301001b14ecbd30fd1fe2c1fd3a31b577ef8f94002d7c99243e71e0e82f99<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
State = 0x3167f4c59e25cac9b6ac583bfa7fb3d0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Essid-Name = "STAFF"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Location-Id = "TestAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0xa1cbcfee4810f80e40407ef46b9d5d39<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authorize section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authorize for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "preprocess" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'UserA'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Added attribute Stripped-User-Name with value 'UserA'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "copy.user-name" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(host/.*)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
No match found for attribute Stripped-User-Name with value 'UserA'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "add-dollar-sign" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(.*[\/]+)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
No match found for attribute Stripped-User-Name with value 'UserA'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "strip-realm-name" returns ok for request
8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "chap" returns noop for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "mschap" returns noop for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No '@' in User-Name = "UserA", looking up realm NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "suffix" returns noop for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP packet type response id 10 length 38<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "eap" returns updated for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
users: Matched entry DEFAULT at line 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "files" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
- authorize<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing user authorization for UserA<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'(cn=UserA)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
't=pusd'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Checking Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Got Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing search in t=pusd, with filter (cn=UserA)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
Added the eDirectory password in check items<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
user UserA authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "ldap" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authorize (returns updated) for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rad_check_password: Found Auth-Type EAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
type "EAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authenticate section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authenticate for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Request found, released from the list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP/peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: processing type peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Authenticate<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: processing TLS<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_verify returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: Done initial handshake<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_process returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: EAPTLS_OK<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Session established. Decoding tunneled attributes.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Received EAP-TLV response.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Tunneled data is valid.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Success<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Freeing handler<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authenticate]: module "eap" returns ok for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authenticate (returns ok) for request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Sending
Access-Accept of id 219 to 20.1.3.140 port 32958<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
MS-MPPE-Recv-Key =
0xacee5bfc2803579cd0ff5f2b474927b528067e3bb6acb22a5439eaff089f62cb<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
MS-MPPE-Send-Key =
0xc74619156767ed997ea2729c106a9339a89b919857e4bf804d0aeb8d3f7c8455<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message = 0x030a0004<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
User-Name = "UserA"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Finished
request 8<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Going
to the next request<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Waking
up in 6 seconds...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>---
Walking the entire request list ---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 0 ID 210 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 1 ID 212 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 2 ID 213 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 3 ID 214 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 4 ID 215 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 7 ID 216 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 5 ID 217 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 6 ID 218 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 8 ID 219 with timestamp 48481cbd<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Nothing
to do. Sleeping until we see a request.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Debug
output from UserB authenticating on Laptop1 looks the same, so I will skip
posting it due to message size limits.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Debug
output from UserA authenticating on Laptop2 is the same as on Laptop1, so I
won’t paste it here either.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Debug
output from UserB authenticating on Laptop2:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rad_recv:
Access-Request packet from host 20.1.3.140:32958, id=243, length=307<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
User-Name = "DOMAIN\\UserB"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-IP-Address = 20.1.3.140<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port = 2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Identifier = "20.1.3.140"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port-Type = Wireless-802.11<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Calling-Station-Id = "001FE105CE94"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Called-Station-Id = "000B8640C280"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Service-Type = Login-User<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Framed-MTU = 1100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message = 0x020700631900170301005829c9dcbbb4696aec2f16239d4758e609a7c5e8134ec07054e82abd940b225525b8c4af125b0fd0e3075ea216e190fe99ea4b1ab41b495eb6302d1ec3093d645d827da48ec5b4edba302bb21c8e6f17721a3aab9d313924ca<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
State = 0x6f3c13804ea9765ef5dfa905d68a4808<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Essid-Name = "STAFF"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Location-Id = "TestAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0xaabdf4b276bf583e2e7373c80b31cf41<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authorize section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authorize for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "preprocess" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Added attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "copy.user-name" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(host/.*)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
No match found for attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "add-dollar-sign" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(.*[\/]+)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Changed value for attribute Stripped-User-Name from 'DOMAIN\\UserB' to 'UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "strip-realm-name" returns ok for request
6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "chap" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "mschap" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No '@' in User-Name = "DOMAIN\UserB", looking up realm
NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "suffix" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP packet type response id 7 length 99<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "eap" returns updated for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
users: Matched entry DEFAULT at line 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "files" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
- authorize<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing user authorization for DOMAIN\UserB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'(cn=UserB)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
't=pusd'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Checking Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Got Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing search in t=pusd, with filter (cn=UserB)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
Added the eDirectory password in check items<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
user DOMAIN\UserB authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "ldap" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authorize (returns updated) for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rad_check_password: Found Auth-Type EAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
type "EAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authenticate section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authenticate for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Request found, released from the list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP/peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: processing type peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Authenticate<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: processing TLS<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_verify returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: Done initial handshake<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_process returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: EAPTLS_OK<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Session established. Decoding tunneled attributes.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: EAP type mschapv2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Tunneled data is valid.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
PEAP: Setting User-Name to DOMAIN\UserB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
PEAP: Adding old state with 89 6c<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authorize section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authorize for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "preprocess" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Added attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "copy.user-name" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(host/.*)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
No match found for attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "add-dollar-sign" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(.*[\/]+)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Changed value for attribute Stripped-User-Name from 'DOMAIN\\UserB' to 'UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "strip-realm-name" returns ok for request
6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "chap" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "mschap" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No '@' in User-Name = "DOMAIN\UserB", looking up realm
NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "suffix" returns noop for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP packet type response id 7 length 76<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "eap" returns updated for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
users: Matched entry DEFAULT at line 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "files" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
- authorize<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing user authorization for DOMAIN\UserB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'(cn=UserB)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
't=pusd'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Checking Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Got Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing search in t=pusd, with filter (cn=UserB)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
Added the eDirectory password in check items<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
user DOMAIN\UserB authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "ldap" returns ok for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authorize (returns updated) for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rad_check_password: Found Auth-Type EAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
type "EAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authenticate section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authenticate for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Request found, released from the list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP/mschapv2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: processing type mschapv2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authenticate section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group MS-CHAP for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>(This
appears to be where the problem is)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_mschap: Told to do MS-CHAPv2 for UserB with NT-Password<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authenticate]: module "mschap" returns reject for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group MS-CHAP (returns reject) for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Freeing handler<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authenticate]: module "eap" returns reject for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authenticate (returns reject) for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
Failed to validate the user.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
PEAP: Tunneled authentication was rejected.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: FAILURE<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authenticate]: module "eap" returns handled for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authenticate (returns handled) for request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Sending
Access-Challenge of id 243 to 20.1.3.140 port 32958<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message =
0x010800261900170301001b39a19f38fd5c0b590dbba6327b62b4410446d5c8341d1831b1dea1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
State = 0x7421d199fd849fb3bbcd35bd05c281b1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Finished
request 6<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Going
to the next request<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Waking
up in 6 seconds...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rad_recv:
Access-Request packet from host 20.1.3.140:32958, id=244, length=246<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
User-Name = "DOMAIN\\UserB"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-IP-Address = 20.1.3.140<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port = 2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Identifier = "20.1.3.140"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
NAS-Port-Type = Wireless-802.11<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Calling-Station-Id = "001FE105CE94"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Called-Station-Id = "000B8640C280"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Service-Type = Login-User<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Framed-MTU = 1100<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message = 0x020800261900170301001bf3eab0cca7796ad13f102214334fada4a48b4ea56c555b3127decb<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
State = 0x7421d199fd849fb3bbcd35bd05c281b1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Essid-Name = "STAFF"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Aruba-Location-Id = "TestAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0x2458e54cc6a52e081b42407e963f6571<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authorize section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authorize for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "preprocess" returns ok for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Added attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "copy.user-name" returns ok for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(host/.*)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
No match found for attribute Stripped-User-Name with value 'DOMAIN\\UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "add-dollar-sign" returns ok for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'^(.*[\/]+)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_attr_rewrite:
Changed value for attribute Stripped-User-Name from 'DOMAIN\\UserB' to 'UserB'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "strip-realm-name" returns ok for request
7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "chap" returns noop for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "mschap" returns noop for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No '@' in User-Name = "DOMAIN\UserB", looking up realm
NULL<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_realm: No such realm "NULL"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "suffix" returns noop for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP packet type response id 8 length 38<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "eap" returns updated for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
users: Matched entry DEFAULT at line 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "files" returns ok for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
- authorize<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing user authorization for DOMAIN\UserB<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
'(cn=UserB)'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>radius_xlat:
't=pusd'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Checking Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_get_conn: Got Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
performing search in t=pusd, with filter (cn=UserB)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
Added the eDirectory password in check items<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for check items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
looking for reply items in directory...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
user DOMAIN\UserB authorized to use remote access<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rlm_ldap:
ldap_release_conn: Release Id: 0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authorize]: module "ldap" returns ok for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authorize (returns updated) for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rad_check_password: Found Auth-Type EAP<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
type "EAP"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Processing the authenticate section of radiusd.conf<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
entering group authenticate for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Request found, released from the list<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: EAP/peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: processing type peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Authenticate<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: processing TLS<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_verify returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_tls: Done initial handshake<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
eaptls_process returned 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: EAPTLS_OK<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Session established. Decoding tunneled attributes.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Received EAP-TLV response.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Tunneled data is valid.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>(Another
problem here)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap_peap: Had sent TLV failure, rejecting.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'> rlm_eap:
Handler failed in EAP/peap<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
rlm_eap: Failed in EAP select<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
modcall[authenticate]: module "eap" returns invalid for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>modcall:
leaving group authenticate (returns invalid) for request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>auth:
Failed to validate the user.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Delaying
request 7 for 1 seconds<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Finished
request 7<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Going
to the next request<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Waking
up in 6 seconds...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>rad_recv:
Access-Request packet from host 20.1.3.140:32958, id=244, length=246<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Sending
Access-Reject of id 244 to 20.1.3.140 port 32958<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
EAP-Message = 0x04080004<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>
Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>---
Walking the entire request list ---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Waking
up in 1 seconds...<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>---
Walking the entire request list ---<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 0 ID 237 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 1 ID 238 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 2 ID 239 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 5 ID 240 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 3 ID 241 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 4 ID 242 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 6 ID 243 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Cleaning
up request 7 ID 244 with timestamp 48481e9b<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Nothing
to do. Sleeping until we see a request.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 color="#8080ff" face="Arial Black"><span
style='font-size:10.0pt;font-family:"Arial Black";color:#8080FF'>Bryce Newall</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Systems
Administrator</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>Poway
Unified <st1:place w:st="on">School District</st1:place></span></font><o:p></o:p></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt'>(858)
679-2576</span></font><o:p></o:p></p>
<p class=MsoNormal><font size=3 face=Arial><span style='font-size:12.0pt'><a
href="mailto:bnewall@powayusd.com"><font size=2><span style='font-size:10.0pt'>UserA@powayusd.com</span></font></a><o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face=Arial><span style='font-size:12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>