<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.E-MailFormatvorlage17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE-CH link=blue vlink=purple><div class=WordSection1><p class=MsoNormal>Hello everybody,<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>I’m trying to setup the following setup. Wifi-Users should have access to the Access-Point when connecting with 802.1x (PEAP) and their Active-Directory-Account. <span lang=FR-CH>Everything seems to work but clients cannot connect. I hope that someone could point me to my configuration mistake or give me further information where my problem resists.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH>Thanks a lot in advance…<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH>Regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Manuel<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal>Freeradius-Version : freeradius-server-2.1.9-1.7.i586<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=FR-CH>clients.conf with Accesspoint as a client:<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>client 172.24.0.2 {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> secret = *******************<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> shortname = tunnel-3<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>nastype = other<o:p></o:p></p><p class=MsoNormal>}<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=FR-CH>wbinfo -a tuser%*********<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>plaintext password authentication succeeded<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>challenge/response password authentication succeeded<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH>ntlm_auth --request-nt-key --domain=SCS-NT --username=tuser --password=1passwort*<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>NT_STATUS_OK: Success (0x0)<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal>In users file I have set now : DEFAULT Auth-Type = ntlm_auth<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=FR-CH>radtest tuser ********* localhost 0 testing123<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Sending Access-Request of id 132 to 127.0.0.1 port 1812<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "tuser"<o:p></o:p></p><p class=MsoNormal> User-Password = "*********"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 172.24.0.113<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=132, length=20<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal>Starting the server with /usr/sbin/radiusd -X<o:p></o:p></p><p class=MsoNormal>radiusd: #### Loading Realms and Home Servers ####<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>proxy server {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> retry_delay = 5<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> retry_count = 3<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>default_fallback = no<o:p></o:p></p><p class=MsoNormal> dead_time = 120<o:p></o:p></p><p class=MsoNormal> wake_all_if_all_dead = no<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> home_server localhost {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ipaddr = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> port = 1812<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> type = "auth"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> secret = "testing123"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> response_window = 20<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> max_outstanding = 65536<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> require_message_authenticator = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> zombie_period = 40<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> status_check = "status-server"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ping_interval = 30<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> check_interval = 30<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> num_answers_to_alive = 3<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> num_pings_to_alive = 3<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> revive_interval = 120<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> status_check_timeout = 4<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> irt = 2<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> mrt = 16<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> mrc = 5<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> mrd = 30<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> home_server_pool my_auth_failover {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> type = fail-over<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> home_server = localhost<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> realm example.com {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> auth_pool = my_auth_failover<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> realm LOCAL {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>radiusd: #### Loading Clients ####<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> client localhost {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ipaddr = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> require_message_authenticator = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> secret = "testing123"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> nastype = "other"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> client 172.24.0.2 {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> require_message_authenticator = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> secret = "###################"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> shortname = "tunnel-3"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> nastype = "other"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>radiusd: #### Instantiating modules ####<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> instantiate {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_exec<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating exec<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> exec {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> wait = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> input_pairs = "request"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> shell_escape = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_expr<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating expr<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_expiration<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating expiration<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> expiration {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> reply-message = "Password Has Expired "<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_logintime<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating logintime<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> logintime {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> reply-message = "You are calling outside your allowed timespan "<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> minimum-timeout = 60<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>radiusd: #### Loading Virtual Servers ####<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>server inner-tunnel {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> modules {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking authenticate {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating ntlm_auth<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> exec ntlm_auth {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> wait = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> program = "/usr/bin/ntlm_auth --request-nt-key --domain=SCS-NT --username=%{mschap:User-Name} --password=%{User-Password}"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> input_pairs = "request"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> shell_escape = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_pap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating pap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> pap {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> encryption_scheme = "auto"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> auto_header = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_chap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating chap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_mschap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating mschap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> mschap {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> use_mppe = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> require_encryption = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> require_strong = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_ntdomain_hack = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-SCS-NT} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_unix<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating unix<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> unix {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> radwtmp = "/var/log/radius/radwtmp"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_eap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> eap {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> default_eap_type = "md5"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> timer_expire = 60<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ignore_unknown_eap_types = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> cisco_accounting_username_bug = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> max_sessions = 4096<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_md5<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-md5<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_leap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-leap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_gtc<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-gtc<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> gtc {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> challenge = "Password: "<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> auth_type = "PAP"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_tls<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-tls<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> tls {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> rsa_key_exchange = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> dh_key_exchange = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> rsa_key_length = 512<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> dh_key_length = 512<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> verify_depth = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> pem_file_type = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> private_key_file = "/etc/raddb/certs/server.pem"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> certificate_file = "/etc/raddb/certs/server.pem"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> CA_file = "/etc/raddb/certs/ca.pem"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> private_key_password = "whatever"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> dh_file = "/etc/raddb/certs/dh"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> random_file = "/etc/raddb/certs/random"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> fragment_size = 1024<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> include_length = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> check_crl = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> cipher_list = "DEFAULT"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> make_cert_command = "/etc/raddb/certs/bootstrap"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> cache {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> enable = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> lifetime = 24<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> max_entries = 255<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_ttls<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-ttls<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ttls {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> default_eap_type = "md5"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> copy_request_to_tunnel = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> use_tunneled_reply = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> virtual_server = "inner-tunnel"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> include_length = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> peap {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> default_eap_type = "mschapv2"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> copy_request_to_tunnel = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> use_tunneled_reply = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> proxy_tunneled_request_as_eap = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> virtual_server = "inner-tunnel"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to sub-module rlm_eap_mschapv2<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating eap-mschapv2<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> mschapv2 {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_ntdomain_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking authorize {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Module: Linked to module rlm_realm<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Module: Instantiating suffix<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> realm suffix {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> format = "suffix"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> delimiter = "@"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ignore_default = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ignore_null = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_files<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating files<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> files {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> usersfile = "/etc/raddb/users"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> acctusersfile = "/etc/raddb/acct_users"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> preproxy_usersfile = "/etc/raddb/preproxy_users"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> compat = "no"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking session {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_radutmp<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating radutmp<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> radutmp {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> filename = "/var/log/radius/radutmp"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>username = "%{User-Name}"<o:p></o:p></p><p class=MsoNormal> case_sensitive = yes<o:p></o:p></p><p class=MsoNormal> check_with_nas = yes<o:p></o:p></p><p class=MsoNormal> perm = 384<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>callerid = yes<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking post-proxy {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking post-auth {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_attr_filter<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating attr_filter.access_reject<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> attr_filter attr_filter.access_reject {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> attrsfile = "/etc/raddb/attrs.access_reject"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> key = "%{User-Name}"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> } # modules<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>} # server<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>server {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> modules {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking authenticate {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking authorize {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_preprocess<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating preprocess<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> preprocess {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> huntgroups = "/etc/raddb/huntgroups"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> hints = "/etc/raddb/hints"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_ascend_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ascend_channels_per_line = 23<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_ntdomain_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_specialix_jetstream_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_cisco_vsa_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> with_alvarion_vsa_hack = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking preacct {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_acct_unique<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating acct_unique<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> acct_unique {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking accounting {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Linked to module rlm_detail<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating detail<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> detail {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>header = "%t"<o:p></o:p></p><p class=MsoNormal> detailperm = 384<o:p></o:p></p><p class=MsoNormal> dirperm = 493<o:p></o:p></p><p class=MsoNormal> locking = no<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>log_packet_header = no<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Instantiating attr_filter.accounting_response<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> attr_filter attr_filter.accounting_response {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> attrsfile = "/etc/raddb/attrs.accounting_response"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> key = "%{User-Name}"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking session {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking post-proxy {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Module: Checking post-auth {...} for more modules to load<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>} # modules<o:p></o:p></p><p class=MsoNormal>} # server<o:p></o:p></p><p class=MsoNormal>radiusd: #### Opening IP addresses and Ports ####<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>listen {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> type = "auth"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ipaddr = *<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>listen {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> type = "acct"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> ipaddr = *<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>listen {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> type = "control"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> listen {<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> socket = "/var/run/radiusd/radiusd.sock"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> }<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Listening on authentication address * port 1812<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Listening on accounting address * port 1813<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Listening on command file /var/run/radiusd/radiusd.sock<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Listening on proxy address * port 1814<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Ready to process requests.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH>######################################################################<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>######################################################################<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH>First connect of a Windows-Client with user inst.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Request packet from host 172.24.0.2 port 1672, id=233, length=142<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "SCS-NT\\inst"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Identifier = "RalinkAP1"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Called-Station-Id = "00-1A-8C-07-BE-81"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Calling-Station-Id = "00-1C-BF-B1-DF-98"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Framed-MTU = 1400<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x02010010015343532d4e545c696e7374<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x82f0744dde0b55a114ce2f8c9ad3a53e<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal>++[mschap] returns noop<o:p></o:p></p><p class=MsoNormal>[suffix] No '@' in User-Name = "SCS-NT\inst", looking up realm NULL<o:p></o:p></p><p class=MsoNormal>[suffix] No such realm "NULL"<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>++[suffix] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP packet type response id 1 length 16<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[eap] returns updated<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[unix] returns notfound<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[files] users: Matched entry DEFAULT at line 44<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[files] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[expiration] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[logintime] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[pap] WARNING! </span>No "known good" password found for the user. <span lang=FR-CH>Authentication may fail because of this.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[pap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP Identity<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] processing type md5<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rlm_eap_md5: Issuing Challenge<o:p></o:p></span></p><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p><p class=MsoNormal>Sending Access-Challenge of id 233 to 172.24.0.2 port 1672<o:p></o:p></p><p class=MsoNormal> EAP-Message = 0x010200160410b800e23c327d070babda5440b83449ca<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62d8dbfa4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Finished request 0.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Waking up in 4.9 seconds.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Request packet from host 172.24.0.2 port 1672, id=234, length=150<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "SCS-NT\\inst"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Identifier = "RalinkAP1"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Called-Station-Id = "00-1A-8C-07-BE-81"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Calling-Station-Id = "00-1C-BF-B1-DF-98"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Framed-MTU = 1400<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x020200060319<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62d8dbfa4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x3d7a4fa0b7403e4eb6fd176cc82cf0ed<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal>[suffix] No '@' in User-Name = "SCS-NT\inst", looking up realm NULL<o:p></o:p></p><p class=MsoNormal>[suffix] No such realm "NULL"<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>++[suffix] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP packet type response id 2 length 6<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[eap] returns updated<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[unix] returns notfound<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[files] users: Matched entry DEFAULT at line 44<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[files] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[expiration] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[logintime] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[pap] WARNING! </span>No "known good" password found for the user. <span lang=FR-CH>Authentication may fail because of this.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[pap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP NAK<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP-NAK asked for EAP-Type/peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] processing type tls<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[tls] Initiate<o:p></o:p></span></p><p class=MsoNormal>[tls] Start returned 1<o:p></o:p></p><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>Sending Access-Challenge of id 234 to 172.24.0.2 port 1672<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x010300061920<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62c8ca2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Finished request 1.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Waking up in 4.9 seconds.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Request packet from host 172.24.0.2 port 1672, id=235, length=231<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "SCS-NT\\inst"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Identifier = "RalinkAP1"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Called-Station-Id = "00-1A-8C-07-BE-81"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Calling-Station-Id = "00-1C-BF-B1-DF-98"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Framed-MTU = 1400<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x0203005719800000004d16030100480100004403014ced306e1c4adb3d4aa8f39fc989daf06b7debe9c53ad8f44d9cf85bcc37f7da00001600040005000a0009006400620003000600130012006301000005ff01000100<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62c8ca2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x977a1ef017b18a24365f696e4ffb768c<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal>++[mschap] returns noop<o:p></o:p></p><p class=MsoNormal>[suffix] No '@' in User-Name = "SCS-NT\inst", looking up realm NULL<o:p></o:p></p><p class=MsoNormal>[suffix] No such realm "NULL"<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>++[suffix] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP packet type response id 3 length 87<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> TLS Length 77<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] Length Included<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] eaptls_verify returned 11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] (other): before/accept initialization<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: before/accept initialization<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: SSLv3 read client hello A<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: SSLv3 write server hello A<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: SSLv3 write certificate A<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: SSLv3 write server done A<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: SSLv3 flush data<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<o:p></o:p></span></p><p class=MsoNormal>In SSL Handshake Phase<o:p></o:p></p><p class=MsoNormal>In SSL Accept mode<o:p></o:p></p><p class=MsoNormal>[peap] eaptls_process returned 13<o:p></o:p></p><p class=MsoNormal>[peap] EAPTLS_HANDLED<o:p></o:p></p><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>Sending Access-Challenge of id 235 to 172.24.0.2 port 1672<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x0104040019c0000008a216030100310200002d03014ced306f6ad45cd2b5af8e314b52e10e4de253d26fd93fe24eb8ed3f12f929aa000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x74686f72697479301e170d3130313132333134313533395a170d3131313132333134313533395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cd9faa1657088905b7ef37030f9f10f4acc72b4fb54b593dd4f4e59a34aeae75d5ba2edfd2cc2690dc8eb88284cb10460f3983ca55af87<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x6ad7d63b37c4e4aeaaba70d7dbb828f23ed8dcf44bed922c66ac81643ea0355b251e18073df3017697c1388fde20db7c7a4986a3682272044265c5f36cf15785221c39372d231bdbe96156e2fe7e9645e71c4ea0a701b017cf033556cfbb4792f0e5ce14e6865104c2cd8b30f4e324d7dc849d3546f2e21c2ae8a5c0e6187e216122621204175cfb2cbb0dd16d912b1f44f05238837518c78a99588d5d5e2fe2ba7c1d365b36ff9192a79dded81bc10a81cbfbfc32d97291c5a20e04237febc44e1d6a1b8e86067bc30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038201010004fe<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0xe92adfd12c15035baba3ffffeee195e1428bf9715fbf0ef781b7e85cada065a78bf823b88aeec6bc3b67d1ec42d758c5ea1d16bace3ace1b6638f335a440cec3b01523892210520e1961c939a1d83f614698447a86564455f360784e05352dcf1eaf5a2fd62d0e9933136ff972bc5b75f7bc4506ccf905e476c0af9865062b11161488bff753dd0e29bace5d01c9ebf4ff7f969d0d71f4f11b8bf6096a03ea472e6b17bfdc78591620d5d070f04dc18488787aee1df0ba6fffee64ca68c302ab4e650f6d98e462b22f3b9c79d866cc1c76a06a911b099dd5acf58c4526e749f2f9b76e3a553180ac9762544c1aa0244ced68f5ccedbe9524731930d897<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x7c0004ab308204a73082038f<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62f8ba2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Finished request 2.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Waking up in 4.9 seconds.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Request packet from host 172.24.0.2 port 1672, id=236, length=150<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "SCS-NT\\inst"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Identifier = "RalinkAP1"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Called-Station-Id = "00-1A-8C-07-BE-81"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Calling-Station-Id = "00-1C-BF-B1-DF-98"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Framed-MTU = 1400<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x020400061900<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62f8ba2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x6e97590c4d270aba01cfeb24814b0dc6<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal>[suffix] No '@' in User-Name = "SCS-NT\inst", looking up realm NULL<o:p></o:p></p><p class=MsoNormal>[suffix] No such realm "NULL"<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>++[suffix] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP packet type response id 4 length 6<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal>[peap] Received TLS ACK<o:p></o:p></p><p class=MsoNormal>[peap] ACK handshake fragment handler<o:p></o:p></p><p class=MsoNormal>[peap] eaptls_verify returned 1<o:p></o:p></p><p class=MsoNormal>[peap] eaptls_process returned 13<o:p></o:p></p><p class=MsoNormal>[peap] EAPTLS_HANDLED<o:p></o:p></p><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>Sending Access-Challenge of id 236 to 172.24.0.2 port 1672<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x010503fc1940a003020102020900c83083d5f969607c300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130313132343135323233365a170d3131313132343135323233365a308193310b3009060355040613024652310f300d0603550408130652616469757331<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100e635de9cfdf5138774c61db62af4030d6c2e0fa16d2b32d5604bc5b0d183fe151aa9c8c40b09917076a816aeeedeca498b3a86e9ea262b5d119c40ccadc3fed7e7a27f3e7c90eb7963e8b22295fe46b26081fcb27f0c75666eeb59433aeae672a5d2a0e4ffc637a4<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x7a67a9ec4686061fb76289017e020dfc5a470ba00f4a3f9f09c351a60b19b404229642d34a66dc17c30f85e88403b11c141965c66d1f41c19bd3d171fbdeaffec605619c065ec731e1ec03113ab0a169d17dd125b2f654ba76f301ef01164d1e15c13e291c742dd6f488373a645e34e7a31e035719dd97b78f3ca24f47dff94ffc1ef177cf868797790d84de107e009f2bf714d6eef1b9c90203010001a381fb3081f8301d0603551d0e0416041494a9d6739159773c049f83f718cd410133e7c3fa3081c80603551d230481c03081bd801494a9d6739159773c049f83f718cd410133e7c3faa18199a48196308193310b300906035504061302465231<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900c83083d5f969607c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101006df485af7c40e594d6bf84f59e929b6e7453bea850b2779ca4f69f1dbf13b6c5c0e9c0341f478e4569dfa8abbf47967acd4a7b64b446e02c03fee653c2860da577b648ca3152fbf386ca92<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>EAP-Message = 0x934b8abcb4ea3bdd<o:p></o:p></p><p class=MsoNormal> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></p><p class=MsoNormal> State = 0x2d8fbba62e8aa2a4763ae991f0fa4312<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>Finished request 3.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Waking up in 4.9 seconds.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>rad_recv: Access-Request packet from host 172.24.0.2 port 1672, id=237, length=150<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>User-Name = "SCS-NT\\inst"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>NAS-IP-Address = 127.0.0.1<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Identifier = "RalinkAP1"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Called-Station-Id = "00-1A-8C-07-BE-81"<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> </span>Calling-Station-Id = "00-1C-BF-B1-DF-98"<o:p></o:p></p><p class=MsoNormal> <span lang=FR-CH>Framed-MTU = 1400<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x020500061900<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62e8aa2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x6affd650e887650568615a8f0ba11d7e<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[preprocess] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[chap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal>[suffix] No '@' in User-Name = "SCS-NT\inst", looking up realm NULL<o:p></o:p></p><p class=MsoNormal>[suffix] No such realm "NULL"<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>++[suffix] returns noop<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP packet type response id 5 length 6<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal>[peap] Received TLS ACK<o:p></o:p></p><p class=MsoNormal>[peap] ACK handshake fragment handler<o:p></o:p></p><p class=MsoNormal>[peap] eaptls_verify returned 1<o:p></o:p></p><p class=MsoNormal>[peap] eaptls_process returned 13<o:p></o:p></p><p class=MsoNormal>[peap] EAPTLS_HANDLED<o:p></o:p></p><p class=MsoNormal>++[eap] returns handled<o:p></o:p></p><p class=MsoNormal><span lang=FR-CH>Sending Access-Challenge of id 237 to 172.24.0.2 port 1672<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> EAP-Message = 0x010600bc19000ac6f2571787135ef92e7bee24970a6a167246b46795b516de48d6caeac1598a5416171a183b903fc2cdc8527dda8c6294389cee6158073332d9720b89f35c9826a2997560d9484d0809681953f980cbfce4c2f1117dc893e8d5338933c294f234ec731677abe133b7077c1f9f2194c48b36a41cf41936ebaf81662e75691b3ece44a5d3cec5f2c5d0ccd36c833708f689bc755c662cca303b6a68b1b1de9e3e9d9755f8c885b4902955b5180316030100040e000000<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH> State = 0x2d8fbba62989a2a4763ae991f0fa4312<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Finished request 4.<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p><p class=MsoNormal><span lang=FR-CH><o:p> </o:p></span></p></div></body></html>