Ready to process requests. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=0, length=132 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001101697365722d6c696e61757468 Message-Authenticator = 0xc939ccb6a9852cc575c6f9dd02f2ad85 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 0 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 0 to 137.222.253.119 port 32857 EAP-Message = 0x010100061520 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77aa302bec272c9fe94ea7af7c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=1, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100060319 State = 0xaa313e77aa302bec272c9fe94ea7af7c Message-Authenticator = 0x6b93bcec90e577c41e592cb17ced80cc server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 1 to 137.222.253.119 port 32857 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ab3327ec272c9fe94ea7af7c Finished request 1. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=2, length=239 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0202006a1900160301005f0100005b0301486372de2dcc31ba0374a1783145036d8ff75f7970e40c42196dbe616eb4263b00003400390038003500160013000a00330032002f006600050004006300620061001500120009006500640060001400110008000600030100 State = 0xaa313e77ab3327ec272c9fe94ea7af7c Message-Authenticator = 0x9f04ed007fc8d26e297deb45c6e82be1 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:42 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 106 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 005f], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 08c3], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange TLS_accept: SSLv3 write key exchange A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 2 to 137.222.253.119 port 32857 EAP-Message = 0x0103040019c000000ab2160301004a020000460301486372dfad1863bec79e077e090c164051ada377d0640cdc48f0edb47bff651920f1bdb301cbe8a26b1fdabc27259350ee567bf37edc15a4ccfb19e30b6c47bf0100390016030108c30b0008bf0008bc0004703082046c30820354a003020102020b01000000000116ceefe7b5300d06092a864886f70d0101050500305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c204341301e170d30373132313231 EAP-Message = 0x35313835375a170d3038313231323135313835375a308191310b3009060355040613024742310d300b0603550408130441766f6e3110300e0603550407130742726973746f6c311e301c060355040a1315556e6976657273697479206f662042726973746f6c311d301b060355040b1314496e666f726d6174696f6e20536572766963657331223020060355040313196d6f6368612e776972656c6573732e627269732e61632e756b30819f300d06092a864886f70d010101050003818d0030818902818100e914727ed8c9b31fc5bf672132b5e924f7b09ad0ef3dfd10991c26bf1f4cf023c5508a399d3128b119847524d3ee190af855e4f3043019 EAP-Message = 0x9cf867800798287e91f88bce6609bb6f262ba2759bfcb160187076b3eb39f55941c6778ec596a583508cc3e747a01c85d29b37b321e782fb6431a84dca6aaf36baf1f8acf3455bfc810203010001a38201783082017430500603551d2004493047304506072a8648b13e0100303a303806082b06010505070201162c687474703a2f2f7777772e676c6f62616c7369676e2e6e65742f7265706f7369746f72792f6370732e63666d300e0603551d0f0101ff0404030205a0301f0603551d230418301680146565a33dd73b11a30a072537c9424a5b767750e1301d0603551d0e0416041480a8a90697105d00450f52fa07845747f3306b76303a060355 EAP-Message = 0x1d1f04333031302fa02da02b8629687474703a2f2f63726c2e676c6f62616c7369676e2e6e65742f656475636174696f6e616c2e63726c304f06082b0601050507010104433041303f06082b060105050730028633687474703a2f2f7365637572652e676c6f62616c7369676e2e6e65742f6361636572742f656475636174696f6e616c2e637274301d0603551d250416301406082b0601050507030106082b0601050507030230240603551d11041d301b82196d6f6368612e776972656c6573732e627269732e61632e756b300d06092a864886f70d01010505000382010100405351a3516c691fc5e5916ac8392e521fbf4b0a0cd4003e48bd837c EAP-Message = 0x7c7323471fc1a7cc6cd83e2b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a83227ec272c9fe94ea7af7c Finished request 2. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=3, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300061900 State = 0xaa313e77a83227ec272c9fe94ea7af7c Message-Authenticator = 0x2328a63b043c9727200930b9fdfe23b6 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 3 to 137.222.253.119 port 32857 EAP-Message = 0x010403fc194006c2db4fcf117031c40f6830da3e2e4351eb3ae44312aa7c6edc686630653c49dbc0b2b3906ad098303bd3d55a950afebd30fd5e71b62574816a22b21c8ea0de0647a943345f899d02146a4064313bace8d4b47448d63ef3a0a6bef1555b3966780a0f7e8ed895e7811a252f539ab10dcb45a261dfb7f66f0c7b11a8ecbd117c35aca983396dee1e3d7a71203e2026d43d4cf7da69b74e359499a102adccbf7639b1526502d7471f9d4fe8fb881b58858cf3b151ddd4f14306bf3473cdc3e0bd441416b0fe3a9ada43a1639aab573be9736251164765f55900044630820442308203aba0030201020204040003fb300d06092a864886f7 EAP-Message = 0x0d01010505003075310b300906035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f74301e170d3036303331343230333030305a170d3133303331343233353930305a305f310b300906035504061302424531133011060355040a130a4379626572747275737431173015060355040b130e456475636174696f6e616c20434131223020060355040313194379626572747275737420456475636174696f6e616c2043 EAP-Message = 0x4130820122300d06092a864886f70d01010105000382010f003082010a02820101009522a1101d4a46606e05919bdf83c2ed12b25a7cf8abe1f8505c282c7e7e003893b08b4af1c24c3c102c3cefb0eca1692fb9fccc08146b8d4f18f383d2faa9370820aa5caa8060a2d5a52200cf5ae5b497dfba1ebe5c8e171966fdaf9f7c7b89b20e24d8c7ab63c495328d48e663597d04b833a8bdd75d64bc63b5f74d28fdf90672315cba459465a3d2b458ec3b615844a32f62b39b80b482fdd5c7cc5125e5953f472f307bacc8786ee2e16d27eb3dcc0182e835778dab58bb55d1d5a481568d1cd014b1b006dea09122f3f0a8341747c6e03ef60c5aac7e504b EAP-Message = 0xcde1696e06fc067e6a4db49599a0595c3566ecd949d417e060b05da5d71ae22a6e66f2af1d0203010001a382016f3082016b30450603551d1f043e303c303aa038a0368634687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f6367692d62696e2f43524c2f323031382f6364702e63726c301d0603551d0e041604146565a33dd73b11a30a072537c9424a5b767750e130530603551d20044c304a304806092b06010401b13e0100303b303906082b06010505070201162d687474703a2f2f7777772e7075626c69632d74727573742e636f6d2f4350532f4f6d6e69526f6f742e68746d6c3081890603551d23048181307fa179a4 EAP-Message = 0x773075310b300906 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a93527ec272c9fe94ea7af7c Finished request 3. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=4, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061900 State = 0xaa313e77a93527ec272c9fe94ea7af7c Message-Authenticator = 0xf9827901b470a31ded3fd5c25de7c721 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 4 to 137.222.253.119 port 32857 EAP-Message = 0x010502cc1900035504061302555331183016060355040a130f47544520436f72706f726174696f6e31273025060355040b131e475445204379626572547275737420536f6c7574696f6e732c20496e632e312330210603550403131a475445204379626572547275737420476c6f62616c20526f6f74820201a5300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020100300d06092a864886f70d01010505000381810043b345835471c41fdcb23c6b4ebf26f24ef2ad9a5bfa863788e8146c4118425fef653eeb0377a0b79e757a517cbb155bb8af91a0349253ed7f2a4984acb9804bb5c7b22322fbebd8fb6ec93c EAP-Message = 0xf3d2d1bbbec91cff6d01db69800e99a5ea9e7b97988fb7cf229cb3b85de5a9331774c697370fb4e926825f610b3f1e3d64e92b9b160301018d0c00018900809115795209b26f52b0d229ac083b55262c8f5eaed97d69a711e9a02419cfe778b492ff5eaf285dda5066ec10837864e8784386171fe26862865661597b99f569363efd47b100c8fac1cb58af75cac756ee30c2f3a1fcb080f12f3294a224a91f4525e6fee049efb559c4a1b2d946cfdaaac3060f85e9da753d4d89da4d65370300010200801cdaf3460abcdab761823d8f79d925532ea292127862a64b8712ec89af5c011c2544801a417d337ee17843ef12c032215feeceda403234558b EAP-Message = 0x2900edd19f4791bcd6650fb06f2f345d1a319e09250cfd2b43ac0794ab10f1b109d07c67d07b30ab3563fcad036cc32ac060cc53c651467f9f4104cfb483551c478b9910d5c88b008026f1c12563fa4c906310a2d0cee267cf1e70294137815d611f4b00c419e57201311458383f3df251deb91e572fe42991a6a8aa97d2b52bafcfbb93eedf76517160e9eb7ea1e6fa6e8a417d8cc234477afc21c38fef64f2ef879610ae13dfa0dc0befab0d1e7de84b05b093d3cc09cee8ea5f33df333acf46c0cd7d687c7f5e1616030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ae3427ec272c9fe94ea7af7c Finished request 4. Going to the next request Waking up in 4.2 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=5, length=337 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500cc190016030100861000008200803e9962a87f3615df98642a6c14eebe2a019e262ef6a77595e6c40afa82455e7abee13e214df7bae06cf5e130b6d51ddbabe4d08d078609d7cf694b9ea5243f6c6e57322dc441aba65c317452a5b5d0627e7e5c5e1f23bcc9b721657d3cabf2947b4ee1a86a704e562a800776af6deba1071dad8abb94fc634b3d8a80e0a02b0e140301000101160301003054bcba97f79853e497b53e1d09ee2194704e8fa90dde73013696a0031a0cd833d4db14486ec5ca5e713bba13fe552f3e State = 0xaa313e77ae3427ec272c9fe94ea7af7c Message-Authenticator = 0xd99eda46204b9089f9314b78c8c53751 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 204 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 5 to 137.222.253.119 port 32857 EAP-Message = 0x010600411900140301000101160301003080fcef8a328fe99da4d43eec16d6bfb9f9d22d0c0d9c6d720dea6218f5ca2962bf1ba4e098a6442a3df218c8bdfa7640 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77af3727ec272c9fe94ea7af7c Finished request 5. Going to the next request Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=6, length=139 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600061900 State = 0xaa313e77af3727ec272c9fe94ea7af7c Message-Authenticator = 0x576f60ea79bbfddf88d4c6b6a66ab57b server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 6 to 137.222.253.119 port 32857 EAP-Message = 0x0107002b190017030100200be314698ff1b187a273a35e3237088f1dcea8b6ffcc05057b1b5cf6751c4a0e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ac3627ec272c9fe94ea7af7c Finished request 6. Going to the next request Waking up in 3.7 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=7, length=229 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0207006019001703010020897f34752e8925f78d9ace96836248c02ee4966fa1df28a1bca4db009add8dde17030100305ce01fef74f6b0d60e2cb0f96cf6c3b3887eb1943f663c985df4899c6e9a93957d46822600012b613439c4b4ba3dc78d State = 0xaa313e77ac3627ec272c9fe94ea7af7c Message-Authenticator = 0x0da410f9dd3c585d6fa4677d52c880c6 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 96 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - iser-linauth PEAP: Got tunneled identity of iser-linauth PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to iser-linauth +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:43 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 7 to 137.222.253.119 port 32857 EAP-Message = 0x0108004b1900170301004045076e43f153ad26143503d8fcfd09ea69f24246923565bc6ccad54131c75ece9f3e8350549f74a61d8670b32313b10400d4f7121c5b4fa27776b5a391840dc4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77ad3927ec272c9fe94ea7af7c Finished request 7. Going to the next request Waking up in 3.3 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=8, length=277 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208009019001703010020ac8b239e9d813d4029c41e2d9f54bbeb502a1684a5e691695cdc91624989d208170301006030934d1f00b0b15cecfe1365607325b7f42c35525e757f33ba1d3fdb2fc87158c6ebe75ee270e0edcc18acf6219580f06997b21687a50ae099f1488e5be2aad427d7cf1268b08836fb5207e62f4d97011e93b2b9f528f1210225f0582fdef871 State = 0xaa313e77ad3927ec272c9fe94ea7af7c Message-Authenticator = 0x663825aff0c493af655f6024f5b005d5 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 144 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to iser-linauth +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for iser-linauth with NT-Password WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=iser-linauth mschap2: 7e expand: --challenge=%{mschap:Challenge:-00} -> --challenge=1d6cfc3022197726 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=66bdf412eba82ab2f075b110703fa61e3304fe996476726c Exec-Program output: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program-Wait: plaintext: winbind client not authorized to use winbindd_pam_auth_crap. Ensure permissions on /var/cache/samba/winbindd_privileged are set correctly. (0xc0000022) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [iser-linauth] (from client Testing port 0 via TLS tunnel) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled } # server uobresnet Sending Access-Challenge of id 8 to 137.222.253.119 port 32857 EAP-Message = 0x0109002b190017030100205093166ec848365fa6e561c9b427cb7fd9a56270a6b78bfbb93fa0e1d2fae2fb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa313e77a23827ec272c9fe94ea7af7c Finished request 8. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 137.222.253.119 port 32857, id=9, length=213 User-Name = "iser-linauth" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020900501900170301002025aba6569535d62b668c078b211e21410fd5c3c779aa918fc3f3c13e67af645917030100201bef5721717851d177423dea2a4491ee4b9887925f5b4059fc4db3bf7741a988 State = 0xaa313e77a23827ec272c9fe94ea7af7c Message-Authenticator = 0xab8a68438dc7cc82b4687642a3075598 server uobresnet { +- entering group authorize ++[preprocess] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/137.222.253.119/auth-detail-20080626 expand: %t -> Thu Jun 26 11:43:44 2008 ++[auth_log] returns ok ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth ? Evaluating ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++? if ("%{Stripped-User-Name:-%{mschap:User-Name}}") -> TRUE ++- entering if ("%{Stripped-User-Name:-%{mschap:User-Name}}") +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: %{Stripped-User-Name:-%{mschap:User-Name}} -> iser-linauth Exec-Program output: 0 Exec-Program-Wait: plaintext: 0 Exec-Program: returned: 0 ? Evaluating (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE +++? if (`/usr/local/etc/raddb/scripts/UserLookup.pl %{Stripped-User-Name:-%{mschap:User-Name}}`) -> FALSE ++- if ("%{Stripped-User-Name:-%{mschap:User-Name}}") returns ok ++[mschap] returns noop rlm_realm: No '@' in User-Name = "iser-linauth", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [iser-linauth] (from client Testing port 0 cli 02-00-00-00-00-01) } # server uobresnet Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> iser-linauth attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Sending Access-Reject of id 9 to 137.222.253.119 port 32857 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 9. Going to the next request Waking up in 2.7 seconds. Cleaning up request 0 ID 0 with timestamp +5 Waking up in 0.2 seconds. Cleaning up request 1 ID 1 with timestamp +5 Waking up in 0.2 seconds. Cleaning up request 2 ID 2 with timestamp +5 Waking up in 0.1 seconds. Cleaning up request 3 ID 3 with timestamp +6 Waking up in 0.1 seconds. Cleaning up request 4 ID 4 with timestamp +6 Waking up in 0.2 seconds. Cleaning up request 5 ID 5 with timestamp +6 Waking up in 0.1 seconds. Cleaning up request 6 ID 6 with timestamp +6 Waking up in 0.3 seconds. Cleaning up request 7 ID 7 with timestamp +6 Waking up in 0.4 seconds. Cleaning up request 8 ID 8 with timestamp +7 Waking up in 0.1 seconds. Cleaning up request 9 ID 9 with timestamp +7 Ready to process requests.