rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=30, length=152 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x0202000e01656e73656f5f737462 Message-Authenticator = 0x8ba26525d2f95b1d79a0c62d87f854de NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry enseo_stb at line 34 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop ++- entering policy rewrite_calling_station_id {...} +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) ? Evaluating (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++? if (request:Calling-Station-Id =~ /00-A0-08-([0-9A-F]{2})-([[0-9A-F]{2})-([[0-9A-F]{2})/i) -> FALSE +++- entering else else {...} ++++[noop] returns noop +++- else else returns noop ++- policy rewrite_calling_station_id returns noop ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)) ?? Evaluating (Service-Type == 'Call-Check') -> FALSE ?? Skipping (User-Name =~ /^%{Calling-Station-ID}$/i) ++? if ((Service-Type == 'Call-Check') && (User-Name =~ /^%{Calling-Station-ID}$/i)) -> FALSE Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 30 to 172.17.254.100 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf13cc2e40d991f43b28399d7 Finished request 1. Going to the next request Waking up in 3.9 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=31, length=370 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x020300d6190016030100cb010000c70301386d438ca276cc49f14dfbd77fc35c74edf79c4fb7a13e77365d80e4db3ff4e100005ac014c00a0039003800880087c00fc00500350084c012c00800160013c00dc003000ac013c00900330032009a009900450044c00ec004002f009600410007c011c007c00cc002000500040015001200090014001100080006000301000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0xf22b9ef298b95a509e7aa414d6bda163 NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf13cc2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 214 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00cb], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0570], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 31 to 172.17.254.100 port 1645 EAP-Message = 0x0104040019c00000073f160301002a0200002603014b4619a28fdeeb857552f4771e638a5398d84d95d23dbbeb4c37d272573580110000390016030105700b00056c00056900027630820272308201dba003020102020102300d06092a864886f70d0101040500305d310b30090603550406130243413110300e06035504081307416c62657274613110300e0603550407130743616c67617279310c300a060355040a130347544b311c301a060355040b13134e6574776f726b20456e67696e656572696e67301e170d3039313231363231343830375a170d3130313231363231343830375a308187310b3009060355040613025553310b3009060355 EAP-Message = 0x040813024e593110300e060355040a13074d617272696f74310e300c060355040b1305486f74656c3121301f060355040313184d617272696f7420576174657266726f6e7420686f74656c3126302406092a864886f70d01090116176e6f5f656d61696c4074657374646f6d61696e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ebade0c361c4de76e7379805d5f0def78a63b90f450063113e87af7cebd53dbfab9eda47be2bf0ccea8a794b1f4ecf7a108a732d8cd4b497b705df4c91c87c0c50314fb37ed98934e3ca0ec5c0f1e55e260665486b453f5ecbb9522a767e4bbdb165caac535a29c95c21b1c9e1 EAP-Message = 0x16f1ec5694635d5aadca7896192141224094d50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003818100cc0a61cd0ac682e8724d9b957ad5b59e9b8bffc9e22596c8b7149c73b3091d5eadde2c30472adccedd21ec3c6573b1ff6ba91dfd25d4f22888a7d4441b563071921454154787887b35141f5681bc9864973ebb84a04b2dcaafc2647bfe704d00a6f535259285eff1e4763d16d6b6e80d4ca40401dc2551c971c679eb0315d8ce0002ed308202e930820252a003020102020100300d06092a864886f70d0101040500305d310b30090603550406130243413110300e06035504 EAP-Message = 0x081307416c62657274613110300e0603550407130743616c67617279310c300a060355040a130347544b311c301a060355040b13134e6574776f726b20456e67696e656572696e67301e170d3039313231353138303730385a170d3130313231353138303730385a305d310b30090603550406130243413110300e06035504081307416c62657274613110300e0603550407130743616c67617279310c300a060355040a130347544b311c301a060355040b13134e6574776f726b20456e67696e656572696e6730819f300d06092a864886f70d010101050003818d0030818902818100f1c0706701bf4b6fda38d20709e3c1ade9e688ff04654a61b6 EAP-Message = 0x5f7c59c68725c7b7acbbf015 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf03bc2e40d991f43b28399d7 Finished request 2. Going to the next request Waking up in 3.8 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=32, length=162 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x020400061900 Message-Authenticator = 0x1608b541209c944913895591ee90bff3 NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf03bc2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 32 to 172.17.254.100 port 1645 EAP-Message = 0x0105034f1900a9436986382fbc2402b6a2da0e277bd9320827c29963a21fe04c6aece34cd1392cf9c8f908a7284affb4a78c33cace009effea1c5d3ce2d1ff2ef2564ac8d351ef6ab89a762296a01bb37cacdeb67660138ef664a6abc3d7cef8770203010001a381b83081b5301d0603551d0e041604143e2c207773c8e329da07d1ffba19e56486bfd0a53081850603551d23047e307c80143e2c207773c8e329da07d1ffba19e56486bfd0a5a161a45f305d310b30090603550406130243413110300e06035504081307416c62657274613110300e0603550407130743616c67617279310c300a060355040a130347544b311c301a060355040b1313 EAP-Message = 0x4e6574776f726b20456e67696e656572696e67820100300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008136eb3fa3dd3091a1a2294f5cc7f507947de5a8c08cfa439fe6d7360dc342dd44b0c64f9d39806559435c6fd1d803fe9f4bd7b411323cccdd6347659286dee89bb8e3c31fc8d4b0c61a17289036680d06977ffa54468d53153054572cdefd98ff10d4497cebd88423fbd1a93f8b8e2eadbbedf57000e2618c11c115724d746c160301018d0c000189008082f3d2bfbda368fdc7aa04b247120394ecfdd76d1bbbed4153485712c5cd2db1081240badbf5e6b70062aca3583261af7c8b94680094f8eedd4ed5 EAP-Message = 0x129f4454369d216cd7e33f5c0661fcc20092383652a8e0681b4f43b89b8cb16e5c520cc0bb3a6bcc5eefdc7b677c445b85ac4f0c3e1a24cc2dc2a2e3c7f1243f89133b6803000102008045721daeee13687a2a2e5b2773e5884966d2364db39535aba746c609f1451e10a8e2ce5502728647c870b47dcba3eb9ce175aa0bbd05b673170f6717fa935fa88c517bbd585c691b462b2c4d3ca4e62baf43bb0ab53bedca0e203a88885b575e1efbfd6e19c2e6453241031f50f9771492ddc44e45ad4710fca68a173096a61e008035c9fc8527f0ac3bad43baff4f41cc59bfff751016c6d7a9c32235972ead862bce37f5ebd399ee409ddc62410e80e647ad EAP-Message = 0x881ea47c36688c298a722effceef42822e9c63ff861d3c1a5d05c7eacb29db89e666c151585db82ba96f463c20f4cea3585a19831e46f50b49207498938b1af61514320589d4293aee26cc5604366316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf33ac2e40d991f43b28399d7 Finished request 3. Going to the next request Waking up in 3.8 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=33, length=360 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x020500cc1900160301008610000082008038f5681145cd0f7ef3bfc1fd75cab2a23e280d74c18c497872e3b98a417cfd7f4c30557f88d11a5dd4734c67b5bed8991d0f93e6ac0cc0afd29b82c439c4652d054adc8a67c308e209f929f786685befc41ca0f13de8bd997f0ca078ee94072a9bd4aed8054765cc2b9ddfd0ebd669b8f9ce2a86a043c5c72fd06dcdc65634bd140301000101160301003021f202942dce4870f7297d226785b7432db88a83ab65dc2fac64b117804cba30d227cc80782c0206c6dda7c694775620 Message-Authenticator = 0xb4c26f425c6b0cb5f5da57f0f0ed2a1b NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf33ac2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 33 to 172.17.254.100 port 1645 EAP-Message = 0x0106004119001403010001011603010030de7cff041afd48187c703ba2f6c9eec16e205bf663dad9a281e9a5da225a699afc389b141d8618bf7373322245ed3c10 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf239c2e40d991f43b28399d7 Finished request 4. Going to the next request Waking up in 3.4 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=34, length=162 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x020600061900 Message-Authenticator = 0x7276b13bff26e5ee7c6941547b8fab6c NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf239c2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 34 to 172.17.254.100 port 1645 EAP-Message = 0x0107002b19001703010020a16a838465fe7ab02400cd3ba33c384f8be3add45ee546fb15847acd5b98ff7d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf538c2e40d991f43b28399d7 Finished request 5. Going to the next request Waking up in 3.3 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=35, length=236 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x0207005019001703010020e5b2276a265697048943aadb8c9a9bf20cfbca421587d2b4badb49e44a2bd2ad1703010020abdd13bfd09fdebf360b0e7d2aa98eb6589f7977b007d32361481ffa59c73c67 Message-Authenticator = 0x0857f2df65db634902f25b620a6641f9 NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf538c2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - enseo_stb [peap] Got tunneled request EAP-Message = 0x0207000e01656e73656f5f737462 server { PEAP: Got tunneled identity of enseo_stb PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to enseo_stb Sending tunneled request EAP-Message = 0x0207000e01656e73656f5f737462 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "enseo_stb" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 7 length 14 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry enseo_stb at line 34 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800231a0108001e10cfc4c67360ee63531d076f5a832be6fe656e73656f5f737462 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbfae7aa2bfa6609c8d1b7c7d4057ea4d [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010800231a0108001e10cfc4c67360ee63531d076f5a832be6fe656e73656f5f737462 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbfae7aa2bfa6609c8d1b7c7d4057ea4d [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 35 to 172.17.254.100 port 1645 EAP-Message = 0x0108004b190017030100405bf7b901ce7d0b6acd122259f6603440892669352933675ff17239de05887425b24ed5c016ef04d1d124f7449f8ff7afe8156c8fe73fba2db2a31127872f64be Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf437c2e40d991f43b28399d7 Finished request 6. Going to the next request Waking up in 3.3 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=36, length=300 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x020800901900170301002063e3d0217e7a7f69f4a6ee49e9f64d2da607f5c204d797a1d79b276898ae2ff717030100605a1855de63f7b173606862b681aff67dd46ae1a4064888790061e6c262bdd1a3f784378c7fe7ee5583c8e28cdb5f0390b4cda363c51c5a47ca630f49b75731a070353ec04bcf7e3c1c139c6d3f0849a0ab6b1dc5be4ef15b2a8008b87879b46e Message-Authenticator = 0x7c7db11b9687b18347d5b3df310b5398 NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf437c2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800441a0208003f31ac5277b3f4f1656b6bd430da666da40b0000000000000000d51e8107e092941350494bec1867b087b285ffd5bf2f3a4300656e73656f5f737462 server { PEAP: Setting User-Name to enseo_stb Sending tunneled request EAP-Message = 0x020800441a0208003f31ac5277b3f4f1656b6bd430da666da40b0000000000000000d51e8107e092941350494bec1867b087b285ffd5bf2f3a4300656e73656f5f737462 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "enseo_stb" State = 0xbfae7aa2bfa6609c8d1b7c7d4057ea4d server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 68 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry enseo_stb at line 34 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] Told to do MS-CHAPv2 for enseo_stb with NT-Password [mschap] No NT-Domain was found in the User-Name. [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain= [mschap] expand: --username=%{mschap:User-Name} -> --username=enseo_stb [mschap] mschap2: cf [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=7e61828ad9b02d32 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=d51e8107e092941350494bec1867b087b285ffd5bf2f3a43 Exec-Program output: No such user (0xc0000064) Exec-Program-Wait: plaintext: No such user (0xc0000064) Exec-Program: returned: 1 [mschap] External script failed. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. Login incorrect: [enseo_stb/] (from client switches port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\010E=691 R=1" EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 36 to 172.17.254.100 port 1645 EAP-Message = 0x0109002b190017030100208bf383d0327980fb513577e7d7f206be0ce9dae4bc35d80d587e2783d6d9a682 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf13fdb9cf736c2e40d991f43b28399d7 Finished request 7. Going to the next request Waking up in 3.3 seconds. rad_recv: Access-Request packet from host 172.17.254.100 port 1645, id=37, length=236 User-Name = "enseo_stb" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-05" Calling-Station-Id = "00-21-F8-00-24-B3" EAP-Message = 0x02090050190017030100209afe200d4d90d2f10a3521c32bec7190a947b2a5b2d40d2dcc5ec79aea3f2f151703010020ef2dbd7373e2664b41554cf78f206b78fb064cf58b25370b00b06d9d08f3ab07 Message-Authenticator = 0x087077f7c982e953d1ffc528e3b6bcf9 NAS-Port-Type = Ethernet NAS-Port = 50103 NAS-Port-Id = "FastEthernet1/0/3" State = 0xf13fdb9cf736c2e40d991f43b28399d7 NAS-IP-Address = 172.17.254.100 +- entering group authorize {...} [preprocess] hints: Matched enseo_stb at 36 ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "enseo_stb", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Login incorrect: [enseo_stb/] (from client switches port 50103 cli 00-21-F8-00-24-B3) Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> enseo_stb attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 37 to 172.17.254.100 port 1645 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2.3 seconds.