<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
color:black;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'>What if the cert is trusted – does everything
work OK? I’m assuming in your production config the devices will trust
the cert, so why spend time troubleshooting a problem that may not exist in
production mode?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 color=black face="Times New Roman"><span
style='font-size:12.0pt;color:black'><o:p> </o:p></span></font></p>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org] <b><span
style='font-weight:bold'>On Behalf Of </span></b>Rob Yamry<br>
<b><span style='font-weight:bold'>Sent:</span></b> Wednesday, January 12, 2011
2:10 PM<br>
<b><span style='font-weight:bold'>To:</span></b> FreeRadius users mailing list<br>
<b><span style='font-weight:bold'>Subject:</span></b> Problem with
iPods/iTouches</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>We have a stangle problem going on with the Apple iTouches in the
district here. This started since they were upgraded to iOS v.4.x....so
it seems. What is happening is that the user will put in their
credentials and get prompted to accept the certificate as it says its
untrusted. The user clicks accept, all looks good and then it says it
failed to connected. So they hit dismiss on that message, click join
again, accept the certificate again and then they are accepted onto the
network. But, sometimes they have to hit Dismiss/Join up to 15-20 times
until it will accept it.<br>
<br>
Right now I am working with a default install FreeRadius v2.1.8 for testing
this, including default certificates. I was planning on slowly adding in
my config to narrow it down, but the problem appears to be happening by
default. I *thought* that setting the default_eap_type to peap was
causing it, but I had it happen when it was set to md5 as well. Im
working on a iPod Touch with iOS v4.2. Below is the debug output of a
failed attempt, and the follow up attempt that put the user through.<br>
<br>
*********************** FAILED ATTEMPT ***************************<br>
<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=277<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x3035303030313031343330353233<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>3035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x0200000b016b7465737435<br>
Message-Authenticator =
0x32cf9f891633152f0f139a53cb61f9ee<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 0 length 11<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>
++[unix] returns notfound<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] EAP Identity<br>
[eap] processing type tls<br>
[tls] Initiate<br>
[tls] Start returned 1<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010100061920<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=420<br>
Cleaning up request 0 ID 66 with timestamp +30<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message =
0x0201008819800000007e16030100790100007503014d2e0343e5f920d1f519dbfeac002febc3736014d9bee7e0c55fd8085b99b7af00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State =
0xc4b1fdf8c4b0e4f9163ffe27c4915746<br>
Message-Authenticator =
0xf4e7c59223ecd3e5741cc6cc48762e1f<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 1 length 136<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
TLS Length 126<br>
[peap] Length Included<br>
[peap] eaptls_verify returned 11<br>
[peap] (other): before/accept initialization<br>
[peap] TLS_accept: before/accept initialization<br>
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>
[peap] TLS_accept: SSLv3 write server hello A<br>
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>
[peap] TLS_accept: SSLv3 write server done A<br>
[peap] TLS_accept: SSLv3 flush data<br>
[peap] TLS_accept: Need to read more data: SSLv3 read
client certificate A<br>
In SSL Handshake Phase<br>
In SSL Accept mode<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x0102040019c00000089b160301002a0200002603014d2e0330bf07fe39f7236a619358e64fa3db011bcbda7c9b9584846f6e32102000002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message =
0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message =
0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message =
0xa73082038fa0030201020209<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0xc4b1fdf8c5b3e4f9163ffe27c4915746<br>
Finished request 1.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 1 ID 66 with timestamp +30<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=290<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 = 0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x020200061900<br>
State =
0xc4b1fdf8c5b3e4f9163ffe27c4915746<br>
Message-Authenticator =
0xa5c69d05dee0560c68b7d67d25b2e0b1<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 2 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x010303fc194000ae0fc87b0b841be2300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303131323138353335315a170d3132303131323138353335315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b48065e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea646bdde6442593b17cb4713fb4d6f0616a5db38d9b<br>
EAP-Message = 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b60ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f111626979b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e04160414872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c03081bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193310b3009060355040613024652310f300d06035504<br>
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ae0fc87b0b841be2300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1d8583cd575710b49070b3794384d2cff45f22b81e<br>
EAP-Message = 0x2dc327be959645c8<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0xc4b1fdf8c6b2e4f9163ffe27c4915746<br>
Finished request 2.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=290<br>
Cleaning up request 2 ID 66 with timestamp +39<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x020300061900<br>
State =
0xc4b1fdf8c6b2e4f9163ffe27c4915746<br>
Message-Authenticator =
0x834956d460493056f00e0117298d68d7<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 3 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x010400b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afddfcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c2309b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fda7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777ae3413772aa2f5f16030100040e000000<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0xc4b1fdf8c7b5e4f9163ffe27c4915746<br>
Finished request 3.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=622<br>
Cleaning up request 3 ID 66 with timestamp +39<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message =
0x020401501980000001461603010106100001020100373aae08036c5c081766d84efb8b257d7a9840bd2d91f9fbb1bad0c23993b1becc777b0890f6c8eb6b9ad515a2a5436dd50ea6feaeb8d0e9d3b7142af44ef0a0d52004a50e4b3022e3c2752cbc9caff85cbbd8281543a4a2c1b8a9a9141dd4430cafb7375f8d1a299c321a10edf205010f828f80cb188855d7888ef33d2c14d9bbc52bb23e99e2570ec2be2e6896f918c61926fbfc21009af339abbf671c483c897e7f5a9614f7ffd003d126edeebb752e3af6f8dc63a10a314fb5d105124ce25332a68c7b6aee6bebcf5eb9aa3a3853cdb0ecef655a78107a86ce327d51d84fb858490131e5c8<br>
EAP-Message =
0x4fdfa622a41c66fd40edceb1c3cc99f33a0591a75a1c419d681403010001011603010030183a1d1ce2e805a60d16d91940d4b659bc1ecda540c675ea25f530b5c3ebe4114d5553609074df1351384da76ab4f78a<br>
State =
0xc4b1fdf8c7b5e4f9163ffe27c4915746<br>
Message-Authenticator =
0xef9d2df3d5a31b39f3ddf68d687d6b5c<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 4 length 252<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
TLS Length 326<br>
[peap] Length Included<br>
[peap] eaptls_verify returned 11<br>
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange<br>
[peap] TLS_accept: SSLv3 read client key exchange A<br>
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]<br>
[peap] <<< TLS 1.0 Handshake [length 0010], Finished<br>
[peap] TLS_accept: SSLv3 read finished A<br>
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]<br>
[peap] TLS_accept: SSLv3 write change cipher spec A<br>
[peap] >>> TLS 1.0 Handshake [length 0010], Finished<br>
[peap] TLS_accept: SSLv3 write finished A<br>
[peap] TLS_accept: SSLv3 flush data<br>
[peap] (other): SSL negotiation finished successfully<br>
SSL Connection Established<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x0105004119001403010001011603010030c5ca03d2a20ef23d2e6375c8153c3e6c1afa2151b0232004998802bece4070cb14b8a1bffac3874c849f89a1f8450de2<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0xc4b1fdf8c0b4e4f9163ffe27c4915746<br>
Finished request 4.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=277<br>
Cleaning up request 4 ID 66 with timestamp +39<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message =
0x0206000b016b7465737435<br>
Message-Authenticator =
0x7667edddd0b6ae7ddec276f6fc0d09fd<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 6 length 11<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>
++[unix] returns notfound<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] EAP Identity<br>
[eap] processing type tls<br>
[tls] Initiate<br>
[tls] Start returned 1<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010700061920<br>
Message-Authenticator = 0x00000000000000000000000000000000<br>
State =
0x8791eff18796f6b55a0a76adc31036d5<br>
Finished request 5.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=420<br>
Cleaning up request 5 ID 66 with timestamp +42<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x0207008819800000007e16030100790100007503014d2e034fe43eb22c54e9c30587e009b69a0a7712664fc62b7754d5321207a9e700003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State =
0x8791eff18796f6b55a0a76adc31036d5<br>
Message-Authenticator =
0xdd954eaa01deac01b7a9d0973e934401<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 7 length 136<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
TLS Length 126<br>
[peap] Length Included<br>
[peap] eaptls_verify returned 11<br>
[peap] (other): before/accept initialization<br>
[peap] TLS_accept: before/accept initialization<br>
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>
[peap] TLS_accept: SSLv3 write server hello A<br>
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>
[peap] TLS_accept: SSLv3 write server done A<br>
[peap] TLS_accept: SSLv3 flush data<br>
[peap] TLS_accept: Need to read more data: SSLv3 read
client certificate A<br>
In SSL Handshake Phase<br>
In SSL Accept mode<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x0108040019c00000089b160301002a0200002603014d2e033cabdd48cf6a4f062f86f5947a33952f7547e4871741c1b81a7c7ae51e00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message =
0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message =
0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message =
0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message =
0xa73082038fa0030201020209<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0x8791eff18699f6b55a0a76adc31036d5<br>
Finished request 6.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=290<br>
Cleaning up request 6 ID 66 with timestamp +42<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x020800061900<br>
State =
0x8791eff18699f6b55a0a76adc31036d5<br>
Message-Authenticator =
0x806cd522495a9dea0f1b63c2c7612616<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 8 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010903fc194000ae0fc87b0b841be2300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303131323138353335315a170d3132303131323138353335315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
EAP-Message =
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b48065e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea646bdde6442593b17cb4713fb4d6f0616a5db38d9b<br>
EAP-Message =
0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b60ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f111626979b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e04160414872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c03081bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193310b3009060355040613024652310f300d06035504<br>
EAP-Message =
0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ae0fc87b0b841be2300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1d8583cd575710b49070b3794384d2cff45f22b81e<br>
EAP-Message = 0x2dc327be959645c8<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0x8791eff18598f6b55a0a76adc31036d5<br>
Finished request 7.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=290<br>
Cleaning up request 7 ID 66 with timestamp +43<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message = 0x020900061900<br>
State =
0x8791eff18598f6b55a0a76adc31036d5<br>
Message-Authenticator =
0xf2ec741c480f9339eaa13537cadc59e4<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 9 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x010a00b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afddfcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c2309b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fda7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777ae3413772aa2f5f16030100040e000000<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0x8791eff1849bf6b55a0a76adc31036d5<br>
Finished request 8.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 8 ID 66 with timestamp +43<br>
Ready to process requests.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=277<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 =
0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message =
0x0201000b016b7465737435<br>
Message-Authenticator =
0xacd1f25254d19ef7ef878a3a79e240be<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 1 length 11<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>
++[unix] returns notfound<br>
++[files] returns noop<br>
++[expiration] returns noop<br>
++[logintime] returns noop<br>
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.<br>
++[pap] returns noop<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] EAP Identity<br>
[eap] processing type tls<br>
[tls] Initiate<br>
[tls] Start returned 1<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010200061920<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State =
0x119bd5731199cc528cc4c05b9703cffa<br>
Finished request 9.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66,
length=420<br>
Cleaning up request 9 ID 66 with timestamp +48<br>
User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id =
"00:1f:45:7f:83:fa"<br>
Calling-Station-Id =
"58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier =
"KASD_TEST"<br>
Service-Type = Framed-User<br>
Vendor-4329-Attr-3 =
0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-5 =
0x4b4153445f54455354<br>
Vendor-4329-Attr-6 =
0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 =
0x53747564656e7473<br>
Vendor-4329-Attr-8 =
0x4b41534453747564656e7473<br>
EAP-Message =
0x0202008819800000007e16030100790100007503014d2e0355d881daaa7bc48ab53b8cbf1877d5045d28d27e8bc56439c8160f2d2e00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State =
0x119bd5731199cc528cc4c05b9703cffa<br>
Message-Authenticator =
0x502685c6634bcf13076884276d720178<br>
+- entering group authorize {...}<br>
++[preprocess] returns ok<br>
++[chap] returns noop<br>
++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>
[eap] EAP packet type response id 2 length 136<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
TLS Length 126<br>
[peap] Length Included<br>
[peap] eaptls_verify returned 11<br>
[peap] (other): before/accept initialization<br>
[peap] TLS_accept: before/accept initialization<br>
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>
[peap] TLS_accept: SSLv3 write server hello A<br>
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>
[peap] TLS_accept: SSLv3 write server done A<br>
[peap] TLS_accept: SSLv3 flush data<br>
[peap] TLS_accept: Need to read more data: SSLv3 read
client certificate A<br>
In SSL Handshake Phase<br>
In SSL Accept mode<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message =
0x0103040019c00000089b160301002a0200002603014d2e0342163fcd54d6877c34fe6b48bf4ada483c9daaeb893988fd2bdc1ee46300002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message =
0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message =
0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message =
0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message =
0xa73082038fa0030201020209<br>
Message-Authenticator =
0x00000000000000000000000000000000<br>
State = 0x119bd5731098cc528cc4c05b9703cffa<br>
Finished request 10.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 10 ID 66 with timestamp +48<br>
Ready to process requests.<o:p></o:p></span></font></p>
</div>
<font size="1">
<div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
</body>
</html>