<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<blockquote
cite="mid:mailman.297925.1217599878.42122.freeradius-users@lists.freeradius.org"
type="cite">
<blockquote type="cite">
<pre wrap="">rlm_ldap: Added User-Password = Testing10 in check items
---------------------------------------------------------------
clearly freeradius can see the password and also it clear text :)
below i also add samba schema that contain LM and NT password
</pre>
</blockquote>
<pre wrap=""><!---->...
</pre>
<blockquote type="cite">
<pre wrap="">-------------------------------------------------------------------
mschap module say no clear text pasword and also can't create LM and NT
password
-------------------------------------------------------------------
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
</pre>
</blockquote>
<pre wrap=""><!---->
Please post ALL of the debug output. I suspect that you are doing the
ldap lookups OUTSIDE of the TLS tunnel rather than INSIDE.
Alan DeKok.
</pre>
</blockquote>
repost forgot change subject<br>
I'm sorry I didn't include all the debug, because it was so large...
anyway here the debug :
<br>
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
EAP-Message = 0x0201000c0174657374696e67
<br>
Message-Authenticator = 0xb3af6d24481b168d63e57489e22a2458
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 1 length 12
<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
<br>
++[eap] returns updated
<br>
++[unix] returns notfound
<br>
users: Matched entry DEFAULT at line 183
<br>
++[files] returns ok
<br>
++- entering redundant-load-balance group redundant-load-balance
<br>
rlm_ldap: - authorize
<br>
rlm_ldap: performing user authorization for testing
<br>
expand: (uid=%u) -> (uid=testing)
<br>
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
<br>
rlm_ldap: ldap_get_conn: Checking Id: 0
<br>
rlm_ldap: ldap_get_conn: Got Id: 0
<br>
rlm_ldap: attempting LDAP reconnection
<br>
rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0
<br>
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.7:389
<br>
rlm_ldap: waiting for bind result ...
<br>
rlm_ldap: Bind was successful
<br>
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
<br>
rlm_ldap: checking if remote access for testing is allowed by uid
<br>
rlm_ldap: Added User-Password = Testing10 in check items
<br>
rlm_ldap: looking for check items in directory...
<br>
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
<br>
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
<br>
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
<br>
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
<br>
rlm_ldap: looking for reply items in directory...
<br>
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
<br>
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
<br>
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
<br>
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
<br>
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
<br>
rlm_ldap: user testing authorized to use remote access
<br>
rlm_ldap: ldap_release_conn: Release Id: 0
<br>
+++[ldap_instance100] returns ok
<br>
++- redundant-load-balance group redundant-load-balance returns ok
<br>
++[expiration] returns noop
<br>
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
<br>
rlm_logintime: timestr returned accept
<br>
rlm_logintime: Session-Timeout set to: 14340
<br>
++[logintime] returns ok
<br>
rlm_pap: Found existing Auth-Type, not changing it.
<br>
++[pap] returns noop
<br>
rad_check_password: Found Auth-Type EAP
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
!!! Please update your configuration so that the "known
good" !!!
<br>
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: EAP Identity
<br>
rlm_eap: processing type md5
<br>
rlm_eap_md5: Issuing Challenge
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
Framed-Compression = Van-Jacobson-TCP-IP
<br>
Tunnel-Private-Group-Id:0 = "101"
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Type:0 = VLAN
<br>
Framed-Protocol = PPP
<br>
Service-Type = Framed-User
<br>
Session-Timeout = 14340
<br>
EAP-Message = 0x0102001604108dedf8c669040a1bcd0115afdf91dbdc
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11fa52425bd7da50678295fc0
<br>
Finished request 4.
<br>
Going to the next request
<br>
Waking up in 4.9 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11fa52425bd7da50678295fc0
<br>
EAP-Message = 0x020200060319
<br>
Message-Authenticator = 0x76203b9931bdb50a703f0f50746f7ee3
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 2 length 6
<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
<br>
++[eap] returns updated
<br>
++[unix] returns notfound
<br>
users: Matched entry DEFAULT at line 183
<br>
++[files] returns ok
<br>
++- entering redundant-load-balance group redundant-load-balance
<br>
rlm_ldap: - authorize
<br>
rlm_ldap: performing user authorization for testing
<br>
expand: (uid=%u) -> (uid=testing)
<br>
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
<br>
rlm_ldap: ldap_get_conn: Checking Id: 0
<br>
rlm_ldap: ldap_get_conn: Got Id: 0
<br>
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
<br>
rlm_ldap: checking if remote access for testing is allowed by uid
<br>
rlm_ldap: Added User-Password = Testing10 in check items
<br>
rlm_ldap: looking for check items in directory...
<br>
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
<br>
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
<br>
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
<br>
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
<br>
rlm_ldap: looking for reply items in directory...
<br>
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
<br>
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
<br>
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
<br>
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
<br>
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
<br>
rlm_ldap: user testing authorized to use remote access
<br>
rlm_ldap: ldap_release_conn: Release Id: 0
<br>
+++[ldap_instance100] returns ok
<br>
++- redundant-load-balance group redundant-load-balance returns ok
<br>
++[expiration] returns noop
<br>
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
<br>
rlm_logintime: timestr returned accept
<br>
rlm_logintime: Session-Timeout set to: 14340
<br>
++[logintime] returns ok
<br>
rlm_pap: Found existing Auth-Type, not changing it.
<br>
++[pap] returns noop
<br>
rad_check_password: Found Auth-Type EAP
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
!!! Please update your configuration so that the "known
good" !!!
<br>
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
<br>
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP NAK
<br>
rlm_eap: EAP-NAK asked for EAP-Type/peap
<br>
rlm_eap: processing type tls
<br>
rlm_eap_tls: Initiate
<br>
rlm_eap_tls: Start returned 1
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
Framed-Compression = Van-Jacobson-TCP-IP
<br>
Tunnel-Private-Group-Id:0 = "101"
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Type:0 = VLAN
<br>
Framed-Protocol = PPP
<br>
Service-Type = Framed-User
<br>
Session-Timeout = 14340
<br>
EAP-Message = 0x010300061920
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11ea43925bd7da50678295fc0
<br>
Finished request 5.
<br>
Going to the next request
<br>
Waking up in 4.9 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11ea43925bd7da50678295fc0
<br>
EAP-Message =
0x0203005019800000004616030100410100003d0301489aa4c688ae33dab29d1f856cc286c03cc9db7bf7cad627057407ea7ae7ff7600001600040005000a000900640062000300060013001200630100
<br>
Message-Authenticator = 0x281bfb9a23c4dbe800b5e8ddb8a1e450
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 3 length 80
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
TLS Length 70
<br>
rlm_eap_tls: Length Included
<br>
eaptls_verify returned 11
<br>
(other): before/accept initialization
<br>
TLS_accept: before/accept initialization
<br>
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
<br>
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
<br>
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
<br>
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004],
ServerHelloDone TLS_accept: SSLv3 write server done A
<br>
TLS_accept: SSLv3 flush data
<br>
TLS_accept: Need to read more data: SSLv3 read client certificate A
<br>
In SSL Handshake Phase
<br>
In SSL Accept mode eaptls_process returned 13
<br>
rlm_eap_peap: EAPTLS_HANDLED
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x0104040019c0000008bb160301004a020000460301489a9df62033f257b37183b77110cc422d4e261ec2937a49c010c2094c03402720184330036434a2cf4ed6df923cc2dbfed170e04bc387b206ddfb5f91dbd5224e000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
<br>
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad
<br>
EAP-Message =
0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505
<br>
EAP-Message =
0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c
<br>
EAP-Message = 0xe7889fcefb2540ca2a830a91
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11da33925bd7da50678295fc0
<br>
Finished request 6.
<br>
Going to the next request
<br>
Waking up in 4.8 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11da33925bd7da50678295fc0
<br>
EAP-Message = 0x020400061900
<br>
Message-Authenticator = 0x30262688a22da1c1ee098b29dead42c4
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 4 length 6
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
rlm_eap_tls: Received EAP-TLS ACK message
<br>
rlm_eap_tls: ack handshake fragment handler
<br>
eaptls_verify returned 1
<br>
eaptls_process returned 13
<br>
rlm_eap_peap: EAPTLS_HANDLED
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603
<br>
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6
<br>
EAP-Message =
0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0
<br>
EAP-Message =
0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1
<br>
EAP-Message = 0x2f31d1264b04c5b4
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11ca23925bd7da50678295fc0
<br>
Finished request 7.
<br>
Going to the next request
<br>
Waking up in 4.8 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11ca23925bd7da50678295fc0
<br>
EAP-Message = 0x020500061900
<br>
Message-Authenticator = 0x59d74248b0aadbf3119dbb3eeb19b42e
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 5 length 6
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
rlm_eap_tls: Received EAP-TLS ACK message
<br>
rlm_eap_tls: ack handshake fragment handler
<br>
eaptls_verify returned 1
<br>
eaptls_process returned 13
<br>
rlm_eap_peap: EAPTLS_HANDLED
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11ba13925bd7da50678295fc0
<br>
Finished request 8.
<br>
Going to the next request
<br>
Waking up in 4.8 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11ba13925bd7da50678295fc0
<br>
EAP-Message =
0x02060140198000000136160301010610000102010068ae16d861e6d0176177801ef590398287377ea6ae9a1cfd9e0b3f4e625327a010a5d554c73483273a477798edc6bd1eaa432232961de9e7075661ff9e90fb678fd8e9a6687c44d19ff9449be9b7336779175b780d08f3c9fa16c7defe05e2c42d480d633f375406c53486a487caa06358e52d72ab25fabfd960bff9271db83261783b026b500d2a14191890487de5bb545b8fe9be3aa055f3a516928cd891b9362090b986037ed516866ffafb8d14dae8baa94ab96ee893290a624b62d9f856dd3b7c4e0357a02998b1837aa538849aa0177846cee6b5f0f149ffe1cb6f5ce1866c3a325d65509b
<br>
EAP-Message =
0x74c24b32e27592aae4cf5f300d2c0ff6d2270d6d517e354a14030100010116030100200893d8c86f803d129370aa7f4d74ed825f64654040243375124d284762011ac7
<br>
Message-Authenticator = 0x3b0313d80ad2d14931da58b07de881c8
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 6 length 253
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
TLS Length 310
<br>
rlm_eap_tls: Length Included
<br>
eaptls_verify returned 11
<br>
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106],
ClientKeyExchange TLS_accept: SSLv3 read client key exchange A
<br>
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
<br>
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
<br>
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
<br>
TLS_accept: SSLv3 flush data
<br>
(other): SSL negotiation finished successfully
<br>
SSL Connection Established
<br>
eaptls_process returned 13
<br>
rlm_eap_peap: EAPTLS_HANDLED
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x0107003119001403010001011603010020ad9ae7e64760bfd2d6f845bb0d3bbc2d52fd692106a9eb9ed4cb34064db2b864
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c11aa03925bd7da50678295fc0
<br>
Finished request 9.
<br>
Going to the next request
<br>
Waking up in 4.7 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c11aa03925bd7da50678295fc0
<br>
EAP-Message = 0x020700061900
<br>
Message-Authenticator = 0x11836c23f609b5c4d3211d9b1f1f27f7
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 7 length 6
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
rlm_eap_tls: Received EAP-TLS ACK message
<br>
rlm_eap_tls: ack handshake is finished
<br>
eaptls_verify returned 3
<br>
eaptls_process returned 3
<br>
rlm_eap_peap: EAPTLS_SUCCESS
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x0108002019001703010015f4ce316d1638ae01c009d50bcc9ebce4724655b215
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c119af3925bd7da50678295fc0
<br>
Finished request 10.
<br>
Going to the next request
<br>
Waking up in 4.7 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c119af3925bd7da50678295fc0
<br>
EAP-Message =
0x0208002319001703010018a04db0485b87de4eb7d2eddc7a5ce6a50d14325deef1bd91
<br>
Message-Authenticator = 0x2debf67f813086666dc007c59a814494
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 8 length 35
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
eaptls_verify returned 7
<br>
rlm_eap_tls: Done initial handshake
<br>
eaptls_process returned 7
<br>
rlm_eap_peap: EAPTLS_OK
<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.
<br>
rlm_eap_peap: Identity - testing
<br>
PEAP: Got tunneled identity of testing
<br>
PEAP: Setting default EAP type for tunneled EAP session.
<br>
PEAP: Setting User-Name to testing
<br>
+- entering group authorize
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
++[unix] returns notfound
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
++[control] returns noop
<br>
rlm_eap: EAP packet type response id 8 length 12
<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
<br>
++[eap] returns updated
<br>
++[files] returns noop
<br>
++[expiration] returns noop
<br>
++[logintime] returns noop
<br>
++[pap] returns noop
<br>
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: EAP Identity
<br>
rlm_eap: processing type mschapv2
<br>
rlm_eap_mschapv2: Issuing Challenge
<br>
++[eap] returns handled
<br>
PEAP: Got tunneled Access-Challenge
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x010900381900170301002d93de421ad659f0beec711c64baecd2841ee70b243fb51b315798646770e2eb873dcc3fe78aa54d2094030f54c2
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c118ae3925bd7da50678295fc0
<br>
Finished request 11.
<br>
Going to the next request
<br>
Waking up in 4.7 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c118ae3925bd7da50678295fc0
<br>
EAP-Message =
0x020900591900170301004eed1ff2effc4e1752902dee5fd3d3f56281045c8aea4fd46077f8f2f1afff31459f86f4a8fbb3e149d7ea91ce2bacd815be3a82d279f0533b969fe6383bdbbc520661151b64e5d073ebe9d0ed7258
<br>
Message-Authenticator = 0xea29d99ebda12bc8cee708264041d3a1
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 9 length 89
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
eaptls_verify returned 7
<br>
rlm_eap_tls: Done initial handshake
<br>
eaptls_process returned 7
<br>
rlm_eap_peap: EAPTLS_OK
<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.
<br>
rlm_eap_peap: EAP type mschapv2
<br>
PEAP: Setting User-Name to testing
<br>
+- entering group authorize
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
++[unix] returns notfound
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
++[control] returns noop
<br>
rlm_eap: EAP packet type response id 9 length 66
<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
<br>
++[eap] returns updated
<br>
++[files] returns noop
<br>
++[expiration] returns noop
<br>
++[logintime] returns noop
<br>
++[pap] returns noop
<br>
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/mschapv2
<br>
rlm_eap: processing type mschapv2
<br>
+- entering group MS-CHAP
<br>
rlm_mschap: No Cleartext-Password configured. Cannot create
LM-Password.
<br>
rlm_mschap: No Cleartext-Password configured. Cannot create
NT-Password.
<br>
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
<br>
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
<br>
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
<br>
++[mschap] returns reject
<br>
rlm_eap: Freeing handler
<br>
++[eap] returns reject
<br>
auth: Failed to validate the user.
<br>
Login incorrect: [testing/<via Auth-Type = EAP>] (from client
dotix port 0)
<br>
PEAP: Tunneled authentication was rejected.
<br>
rlm_eap_peap: FAILURE
<br>
++[eap] returns handled
<br>
} # server nispdot1x
<br>
EAP-Message =
0x010a00261900170301001bf310bdd3b5003f17e6b384f8d72a7a9c7a874b3b2ae817450b07cd
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
State = 0x1fa720c117ad3925bd7da50678295fc0
<br>
Finished request 12.
<br>
Going to the next request
<br>
Waking up in 4.6 seconds.
<br>
Framed-MTU = 1480
<br>
NAS-IP-Address = 192.168.12.130
<br>
NAS-Identifier = "ProCurve Switch 2650"
<br>
User-Name = "testing"
<br>
Service-Type = Framed-User
<br>
Framed-Protocol = PPP
<br>
NAS-Port = 1
<br>
NAS-Port-Type = Ethernet
<br>
NAS-Port-Id = "1"
<br>
Called-Station-Id = "00-1c-2e-73-85-00"
<br>
Calling-Station-Id = "00-16-36-5a-f1-e4"
<br>
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
<br>
Tunnel-Type:0 = VLAN
<br>
Tunnel-Medium-Type:0 = IEEE-802
<br>
Tunnel-Private-Group-Id:0 = "1"
<br>
State = 0x1fa720c117ad3925bd7da50678295fc0
<br>
EAP-Message =
0x020a00261900170301001bc69a12bf5d23b5dedc2c6c8d537f8577436b7bded7dee8eb290178
<br>
Message-Authenticator = 0x2a7e10fb4deef91301ba11f38f970f39
<br>
server nispdot1x {
<br>
+- entering group authorize
<br>
++[preprocess] returns ok
<br>
++[chap] returns noop
<br>
++[mschap] returns noop
<br>
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
<br>
rlm_realm: No such realm "NULL"
<br>
++[suffix] returns noop
<br>
rlm_eap: EAP packet type response id 10 length 38
<br>
rlm_eap: Continuing tunnel setup.
<br>
++[eap] returns ok
<br>
rad_check_password: Found Auth-Type EAP
<br>
auth: type "EAP"
<br>
+- entering group authenticate
<br>
rlm_eap: Request found, released from the list
<br>
rlm_eap: EAP/peap
<br>
rlm_eap: processing type peap
<br>
rlm_eap_peap: Authenticate
<br>
rlm_eap_tls: processing TLS
<br>
eaptls_verify returned 7
<br>
rlm_eap_tls: Done initial handshake
<br>
eaptls_process returned 7
<br>
rlm_eap_peap: EAPTLS_OK
<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.
<br>
rlm_eap_peap: Received EAP-TLV response.
<br>
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
<br>
rlm_eap: Handler failed in EAP/peap
<br>
rlm_eap: Failed in EAP select
<br>
++[eap] returns invalid
<br>
auth: Failed to validate the user.
<br>
Login incorrect: [testing/<via Auth-Type = EAP>] (from client
dotix port 1 cli 00-16-36-5a-f1-e4)
<br>
} # server nispdot1x
<br>
Found Post-Auth-Type Reject
<br>
+- entering group REJECT
<br>
expand: %{User-Name} -> testing
<br>
attr_filter: Matched entry DEFAULT at line 11
<br>
++[attr_filter.access_reject] returns updated
<br>
Delaying reject of request 13 for 1 seconds
<br>
Going to the next request
<br>
Waking up in 0.9 seconds.
<br>
Sending delayed reject for request 13
<br>
EAP-Message = 0x040a0004
<br>
Message-Authenticator = 0x00000000000000000000000000000000
<br>
Waking up in 3.6 seconds.
<br>
Cleaning up request 4 ID 9 with timestamp +540
<br>
Cleaning up request 5 ID 10 with timestamp +540
<br>
Waking up in 0.1 seconds.
<br>
Cleaning up request 6 ID 11 with timestamp +540
<br>
Cleaning up request 7 ID 12 with timestamp +540
<br>
Cleaning up request 8 ID 13 with timestamp +540
<br>
Cleaning up request 9 ID 14 with timestamp +540
<br>
Cleaning up request 10 ID 15 with timestamp +540
<br>
Cleaning up request 11 ID 16 with timestamp +540
<br>
Cleaning up request 12 ID 17 with timestamp +540
<br>
Waking up in 1.0 seconds.
<br>
Cleaning up request 13 ID 18 with timestamp +540
<br>
Ready to process requests.
<br>
<br>
Thank You
<br>
Ryan Setiawan H
<br>
<br>
<br>-- <br>
DISCLAIMER:<br>
<br>
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.</body>
</html>