<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Verdana
}
--></style>
</head>
<body class='hmmessage'>
<br>> ------------------------------<br>> <br>> Message: 3<br>> Date: Mon, 16 Nov 2009 10:03:22 +0000<br>> From: Alan Buxey <A.L.M.Buxey@lboro.ac.uk><br>> Subject: Re: Problems to do an SSID based authentication<br>> To: FreeRadius users mailing list<br>> <freeradius-users@lists.freeradius.org><br>> Message-ID: <20091116100322.GB5662@lboro.ac.uk><br>> Content-Type: text/plain; charset=us-ascii<br>> <br>> Hi,<br>> <br>> > I am trying to do an SSID based authentication per user.<br>> > What I mean is that i try in the users.conf file to check for which SSID the users is trying to use to login and if it is wrong it shall do an reject for that user.<br>> > <br>> > The problem is that i dont succeed with this so I thought it does not hurt to ask the ones who knows.<br>> > My users.conf file looks like this:<br>> <br>> > Peter Cleartext-Password := "kaffe" , Called-Station-Id == "04-0B-6B-33-62-35:raket"<br>> > Jens Cleartext-Password := "kaffe" , Called-Station-Id == "02-0B-6B-33-62-35:3"<br>> <br>> so Peter can only connect from 04-0B-6B-33-62-35:raket and <br>> Jens can only get on from 02-0B-6B-33-62-35:3 ?<br>> <br>> okay - where is your log from 'radiusd -X' ?<br>> <br>> alan<br>> <br>> <br>Hi Alan!<br>The logs from my radius -X is following:<br><br>rad_recv: Access-Request packet from host 192.168.118.10 port 42531, id=97, length=194<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x02020009014a656e73<br> Message-Authenticator = 0x12ec684d2cb511be9cf431ceeae1a5c8<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 2 length 9<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[files] users: Matched entry Jens at line 92<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 97 to 192.168.118.10 port 42531<br> EAP-Message = 0x010300061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b5e336db4711a92c3e7dc829<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 46429, id=98, length=316<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b5e336db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x0203007119800000006716030100620100005e03014b01325d9b7522753ffde3bdcb960b88f167535ca9ec96ffa88e3f5577fc7b4c000018002f00350005000ac013c014c009c00a00320038001300040100001d0000000900070000046a656e73000a0006000400170018000b00020100<br> Message-Authenticator = 0xbb5e04e25bd1a69911623d1fa6fc555e<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 3 length 113<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 103<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] (other): before/accept initialization <br>[peap] TLS_accept: before/accept initialization <br>[peap] <<< TLS 1.0 Handshake [length 0062], ClientHello <br>[peap] TLS_accept: SSLv3 read client hello A <br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello <br>[peap] TLS_accept: SSLv3 write server hello A <br>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate <br>[peap] TLS_accept: SSLv3 write certificate A <br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[peap] TLS_accept: SSLv3 write server done A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 98 to 192.168.118.10 port 46429<br> EAP-Message = 0x0104040019c00000089b160301002a0200002603014b013261232f65081c0647ecdd136d4ba6d37a900ca54c63b1b42d0f9f08ec7a00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br> EAP-Message = 0x301e170d3039313131313133323535335a170d3130313131313133323535335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d5187e7bc255b26ddc283d48c5dcada8d45ed681856a7f9964de908c976390f87aae337b8f13cb67c519e95fbc0236cb71ce6cf1a0053a679a2fae47334b<br> EAP-Message = 0xea63f5d29523c2f790377a0f7cb808d1074d9dfd6eb6edb07b4244089b2c50ffb516d69ad94a252aa72af8fa371165337209dd7a5bc0701ca910f54d0de7e8cf202bae28ebdf3b68682b2f1de412b1b59152b1b747187c9a2d97fcea02d853f59e0c311bc87629914ce11a408218ff0cf921a48bc972da546c99ebf0a566e3604700c2315631113c160eb770f7632f47ccec74feefeede6352656ad5c918b7ea13eb6f6e11fbe331be19d787a2f5e9b2a1cea1a353190c6b3736a45051e2be8bb0910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010029d7cb5c38650e56d0<br> EAP-Message = 0xe1db3d87bb0b9a1a034fd23fdc928795988fae1c3b2d262a84fa06284b4a506ba315d584b6a6eed742d6e3e92f2df7194fa8b1c5f53a5d2f18f595eab97e219a024b5753a6ea48eabe8106c5c28ffb2b124c02bd19f56771f35014de4569e7f720951ded3033591943c853049bb4a245cef1270593e844e6e0a4d442023fa1cb17874b4f734963a6eece8ca51d5d253e539027eb5ef96eecb0c4d6163045767728dac1a444712e50bdba71ab058c09b35fbade6d3d30c779acfccca0e260cde86d2d15c4bffe47584863ad94965d3584805bce24d9228198b5c78b761fd3d6b89b25a2430c731ee485840ecbac95171a03f2b0d77346c40004ab308204<br> EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b4e436db4711a92c3e7dc829<br>Finished request 2.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 41440, id=99, length=209<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b4e436db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x020400061900<br> Message-Authenticator = 0xc16a7984a9f721ee6d94d31f7659a249<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 4 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 99 to 192.168.118.10 port 41440<br> EAP-Message = 0x010503fc194000a95ceefb4e6190af300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039313131313133323535335a170d3130313131313133323535335a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br> EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a5e320972e46e5b85513eac3a27f6505180668b395d4ffdebbe5458f615bb40d7ee9ae7c614be07ef57a43ec1127f128b45d58221b60d1838612c614bb26c99fdbb8c08c2cc4ecaae11df4f657241eb6b8e7a8d0317d7e00f45f2f5bc50ce9e835d3b61101a0fbe8c989d012bf8d7b<br> EAP-Message = 0x8cf31f35ca2bdc11512934f57fb4a9eb7e95b35e47b609b98a818fdeb8df415bd2574b9a907497521a446fd14969b20de542ae7abc809b56cf0e927b54b2a5519708125a38067897ffa35428799384416cb9028c0e777c6268009f696e67f2c747f9a7c09ef0cb3873ce6e22b148d43f0ad28018311d625f85820115d75358d0c7f79c534fff1552d8cde0e514b9b7554b0203010001a381fb3081f8301d0603551d0e041604148a192d95e8fb6f6ba1f6554ccf4e2bd534ff14143081c80603551d230481c03081bd80148a192d95e8fb6f6ba1f6554ccf4e2bd534ff1414a18199a48196308193310b3009060355040613024652310f300d06035504<br> EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a95ceefb4e6190af300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a3ccd6974415ace1b6b6cce8b3c02dde0d00a6aee049f97c5a5e460849a40ef10e697d8a27e1b7c4bbe6122d145c9a7202d059a831c1563e973e76edb22c927d276199b16bba81a5a8301119debfc3957d9d<br> EAP-Message = 0xba5e475db5bc4553<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b7e536db4711a92c3e7dc829<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.7 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 40388, id=100, length=209<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b7e536db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x020500061900<br> Message-Authenticator = 0xde1528468a95c4082d87b885c07692c0<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 5 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 100 to 192.168.118.10 port 40388<br> EAP-Message = 0x010600b519003ed1cdfb8ce78c8b13e8c9d49553950dba115cafd7a3d3b93b0811bcc48f642f85e57b50ef7e8b45884e991ed7d0c7c69974877b6a931e94e2b1c18241af3f56e898cdb6bf5694cf634aaed5728ab48884f93efe217772425cb71b9be6cf27aaea718f270d33593165e215533f99daf1e5a542c9052a6ecb35ccfcdd4a4c02d7d8d6d2baa96840f6498c506d054bd3023a6c1f719d133364e1eeea225c9724dc6dba0de411f816030100040e000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b6e636db4711a92c3e7dc829<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.4 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 49250, id=101, length=541<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b6e636db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x02060150198000000146160301010610000102010010da40c2277f97a716be9418364b5d036b2a1a438427372a3179fcb8f45d4f59e8f81cc24e5c03785cdd6e7e33b9472c294099bb429c2c07045b19bbff7ae2743f3ed3fa2a34a011e574d64f397990cc9cb3e308d556f4120545fd635471309e8f45b67549279c41e73bb92e817d67172a6b15b0c8da5118469fa5bcd4539916582b4dd8e678da06deeddf6bcede7de238449c9601f1efce3f23e9534c68e2a897d705e32f388f7ea3412ab5b90e85c6b508d2f04eb257e22b5c39f7fafef009a921184fbf1193c173fcb3c656cc93ee6f668c60f2fedb92897e0d558f49d8d656c76acd0a28a5a9<br> EAP-Message = 0x7a95a196ccf65f220a7130f1a338a8509b848359491e67d11403010001011603010030c85bc66fdd1fc7aef16588704d5a25cdca879ac3585be0e73d728e1aa18bb4cb2b6a5f030a417088af50b29ab56d3fc5<br> Message-Authenticator = 0xc3a9938ec998ab0398c5709115ad2bdf<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 6 length 253<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 326<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange <br>[peap] TLS_accept: SSLv3 read client key exchange A <br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 read finished A <br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] TLS_accept: SSLv3 write change cipher spec A <br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 write finished A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] (other): SSL negotiation finished successfully <br>SSL Connection Established <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 101 to 192.168.118.10 port 49250<br> EAP-Message = 0x0107004119001403010001011603010030f5dceab2b5b355a2312fe20092d891872280be1ba05a477e51657ccadb327d91249380718ec8a006eb278245f449ed2d<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b1e736db4711a92c3e7dc829<br>Finished request 5.<br>Going to the next request<br>Waking up in 4.3 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 41427, id=102, length=209<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b1e736db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x020700061900<br> Message-Authenticator = 0x77f82d817673e2f1d72bdf70771fe83d<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 7 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake is finished<br>[peap] eaptls_verify returned 3 <br>[peap] eaptls_process returned 3 <br>[peap] EAPTLS_SUCCESS<br>++[eap] returns handled<br>Sending Access-Challenge of id 102 to 192.168.118.10 port 41427<br> EAP-Message = 0x0108002b1900170301002006e1b5d62349a17609d76b94114fff9f2c956820f402a63434ebe33c0ab23254<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b0e836db4711a92c3e7dc829<br>Finished request 6.<br>Going to the next request<br>Waking up in 4.2 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 46562, id=103, length=246<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b0e836db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x0208002b19001703010020cbfe496129842adde6abe7771cdf82d089fab1b8692359688c355d1abd7fe18d<br> Message-Authenticator = 0x51bd0d083ea0991de4ba0666c3bf3f7d<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 8 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Identity - Jens<br>[peap] Got tunneled request<br> EAP-Message = 0x02080009014a656e73<br>server {<br> PEAP: Got tunneled identity of Jens<br> PEAP: Setting default EAP type for tunneled EAP session.<br> PEAP: Setting User-Name to Jens<br>Sending tunneled request<br> EAP-Message = 0x02080009014a656e73<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "Jens"<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[control] returns noop<br>[eap] EAP packet type response id 8 length 9<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[files] users: Matched entry DEFAULT at line 222<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] Found existing Auth-Type, not changing it.<br>++[pap] returns noop<br>Found Auth-Type = Reject<br>Auth-Type = Reject, rejecting user<br>Failed to authenticate the user.<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 3<br>[peap] Got tunneled reply RADIUS code 3<br>[peap] Tunneled authentication was rejected.<br>[peap] FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 103 to 192.168.118.10 port 46562<br> EAP-Message = 0x0109002b19001703010020f22961f4b8fc8ef302e9d02a6ff60318dc7009c8c6b95edda5d0b74179b60ba9<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb5e02fd1b3e936db4711a92c3e7dc829<br>Finished request 7.<br>Going to the next request<br>Waking up in 4.1 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246<br> Service-Type = Framed-User<br> Framed-MTU = 1400<br> User-Name = "Jens"<br> State = 0xb5e02fd1b3e936db4711a92c3e7dc829<br> Acct-Session-Id = "82200128"<br> Acct-Multi-Session-Id = "02-0B-6B-33-62-35-00-26-BB-14-50-CF-82-20-00-00-00-00-01-10"<br> Calling-Station-Id = "00-26-BB-14-50-CF"<br> Called-Station-Id = "02-0B-6B-33-62-35:3"<br> EAP-Message = 0x0209002b1900170301002049d78ce8e977e9c3a54ef1cb5206e2f30a857981ca29de1d574ae788718f8397<br> Message-Authenticator = 0x10d7ce191f17a6482ce049589e279cd0<br> NAS-Identifier = "MikroTik"<br> NAS-IP-Address = 192.168.118.10<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "Jens", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 9 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Received EAP-TLV response.<br>[peap] Had sent TLV failure. User was rejected earlier in this session.<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> Jens<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 8 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246<br>Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104<br>Waking up in 0.6 seconds.<br>rad_recv: Access-Request packet from host 192.168.118.10 port 41030, id=104, length=246<br>Waiting to send Access-Reject to client 192.168.118.0/24 port 41030 - ID: 104<br>Waking up in 0.3 seconds.<br>Sending delayed reject for request 8<br>Sending Access-Reject of id 104 to 192.168.118.10 port 41030<br> EAP-Message = 0x04090004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Waking up in 3.0 seconds.<br>Cleaning up request 1 ID 97 with timestamp +46<br>Cleaning up request 2 ID 98 with timestamp +46<br>Waking up in 0.1 seconds.<br>Cleaning up request 3 ID 99 with timestamp +46<br>Waking up in 0.2 seconds.<br>Cleaning up request 4 ID 100 with timestamp +47<br>Waking up in 0.1 seconds.<br>Cleaning up request 5 ID 101 with timestamp +47<br>Waking up in 0.1 seconds.<br>Cleaning up request 6 ID 102 with timestamp +47<br>Cleaning up request 7 ID 103 with timestamp +47<br>Waking up in 1.0 seconds.<br><br>To be able to get the log from start I had to stop the radius server while the windows machine tried to do to a authorization a second time since it does it three times before it accepts the fact it can't authorize.<br><br>Best regards/ Peter<br>> ------------------------------<br>> <br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> <br>> <br>> End of Freeradius-Users Digest, Vol 55, Issue 68<br>> ************************************************<br> <br /><hr />Windows Live: Keep your friends up to date <a href='http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010' target='_new'>with what you do online.</a></body>
</html>