We have a stangle problem going on with the Apple iTouches in the
district here. This started since they were upgraded to iOS
v.4.x....so it seems. What is happening is that the user will put in
their credentials and get prompted to accept the certificate as it says
its untrusted. The user clicks accept, all looks good and then it says
it failed to connected. So they hit dismiss on that message, click
join again, accept the certificate again and then they are accepted
onto the network. But, sometimes they have to hit Dismiss/Join up to
15-20 times until it will accept it.<br>
<br>Right now I am working with a default install FreeRadius v2.1.8 for
testing this, including default certificates. I was planning on slowly
adding in my config to narrow it down, but the problem appears to be
happening by default. I *thought* that setting the default_eap_type to
peap was causing it, but I had it happen when it was set to md5 as
well. Im working on a iPod Touch with iOS v4.2. Below is the debug
output of a failed attempt, and the follow up attempt that put the user
through.<br>
<br>*********************** FAILED ATTEMPT ***************************<br><br>Ready to process requests.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br> Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br>
Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x3035303030313031343330353233<blockquote style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;" class="gmail_quote">
3035<br>
Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br> Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0200000b016b7465737435<br> Message-Authenticator = 0x32cf9f891633152f0f139a53cb61f9ee<br>
+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>
++[suffix] returns noop<br>[eap] EAP packet type response id 0 length 11<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>++[files] returns noop<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010100061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420<br>Cleaning up request 0 ID 66 with timestamp +30<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0201008819800000007e16030100790100007503014d2e0343e5f920d1f519dbfeac002febc3736014d9bee7e0c55fd8085b99b7af00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746<br> Message-Authenticator = 0xf4e7c59223ecd3e5741cc6cc48762e1f<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 1 length 136<br>[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 126<br>
[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] (other): before/accept initialization<br>[peap] TLS_accept: before/accept initialization<br>[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>[peap] TLS_accept: SSLv3 write server hello A<br>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>[peap] TLS_accept: SSLv3 write server done A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>In SSL Accept mode<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x0102040019c00000089b160301002a0200002603014d2e0330bf07fe39f7236a619358e64fa3db011bcbda7c9b9584846f6e32102000002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746<br>Finished request 1.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>Cleaning up request 1 ID 66 with timestamp +30<br>Ready to process requests.<br>rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290<br> User-Name = "ktest5"<br>
NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br> Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-5 = 0x4b4153445f54455354<br> Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br>
EAP-Message = 0x020200061900<br> State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746<br> Message-Authenticator = 0xa5c69d05dee0560c68b7d67d25b2e0b1<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 2 length 6<br>
[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010303fc194000ae0fc87b0b841be2300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303131323138353335315a170d3132303131323138353335315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b48065e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea646bdde6442593b17cb4713fb4d6f0616a5db38d9b<br>
EAP-Message = 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b60ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f111626979b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e04160414872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c03081bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193310b3009060355040613024652310f300d06035504<br>
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ae0fc87b0b841be2300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1d8583cd575710b49070b3794384d2cff45f22b81e<br>
EAP-Message = 0x2dc327be959645c8<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746<br>Finished request 2.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290<br>Cleaning up request 2 ID 66 with timestamp +39<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x020300061900<br> State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746<br>
Message-Authenticator = 0x834956d460493056f00e0117298d68d7<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 3 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x010400b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afddfcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c2309b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fda7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777ae3413772aa2f5f16030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=622<br>
Cleaning up request 3 ID 66 with timestamp +39<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br> Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br>
Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br>
Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br> Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br>
Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x020401501980000001461603010106100001020100373aae08036c5c081766d84efb8b257d7a9840bd2d91f9fbb1bad0c23993b1becc777b0890f6c8eb6b9ad515a2a5436dd50ea6feaeb8d0e9d3b7142af44ef0a0d52004a50e4b3022e3c2752cbc9caff85cbbd8281543a4a2c1b8a9a9141dd4430cafb7375f8d1a299c321a10edf205010f828f80cb188855d7888ef33d2c14d9bbc52bb23e99e2570ec2be2e6896f918c61926fbfc21009af339abbf671c483c897e7f5a9614f7ffd003d126edeebb752e3af6f8dc63a10a314fb5d105124ce25332a68c7b6aee6bebcf5eb9aa3a3853cdb0ecef655a78107a86ce327d51d84fb858490131e5c8<br>
EAP-Message = 0x4fdfa622a41c66fd40edceb1c3cc99f33a0591a75a1c419d681403010001011603010030183a1d1ce2e805a60d16d91940d4b659bc1ecda540c675ea25f530b5c3ebe4114d5553609074df1351384da76ab4f78a<br> State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746<br>
Message-Authenticator = 0xef9d2df3d5a31b39f3ddf68d687d6b5c<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 4 length 252<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 326<br>[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange<br>
[peap] TLS_accept: SSLv3 read client key exchange A<br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]<br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished<br>[peap] TLS_accept: SSLv3 read finished A<br>
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]<br>[peap] TLS_accept: SSLv3 write change cipher spec A<br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished<br>[peap] TLS_accept: SSLv3 write finished A<br>
[peap] TLS_accept: SSLv3 flush data<br>[peap] (other): SSL negotiation finished successfully<br>SSL Connection Established<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>
Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x0105004119001403010001011603010030c5ca03d2a20ef23d2e6375c8153c3e6c1afa2151b0232004998802bece4070cb14b8a1bffac3874c849f89a1f8450de2<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0xc4b1fdf8c0b4e4f9163ffe27c4915746<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277<br>Cleaning up request 4 ID 66 with timestamp +39<br>
User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br> Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br>
NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br>
Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br> Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br>
Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0206000b016b7465737435<br> Message-Authenticator = 0x7667edddd0b6ae7ddec276f6fc0d09fd<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 6 length 11<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>
++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010700061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8791eff18796f6b55a0a76adc31036d5<br>Finished request 5.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420<br>Cleaning up request 5 ID 66 with timestamp +42<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0207008819800000007e16030100790100007503014d2e034fe43eb22c54e9c30587e009b69a0a7712664fc62b7754d5321207a9e700003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State = 0x8791eff18796f6b55a0a76adc31036d5<br> Message-Authenticator = 0xdd954eaa01deac01b7a9d0973e934401<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 7 length 136<br>[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 126<br>
[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] (other): before/accept initialization<br>[peap] TLS_accept: before/accept initialization<br>[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>[peap] TLS_accept: SSLv3 write server hello A<br>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>[peap] TLS_accept: SSLv3 write server done A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>In SSL Accept mode<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x0108040019c00000089b160301002a0200002603014d2e033cabdd48cf6a4f062f86f5947a33952f7547e4871741c1b81a7c7ae51e00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8791eff18699f6b55a0a76adc31036d5<br>Finished request 6.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290<br>Cleaning up request 6 ID 66 with timestamp +42<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br>
NAS-Port = 259<br> Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br>
NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-5 = 0x4b4153445f54455354<br> Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br>
EAP-Message = 0x020800061900<br> State = 0x8791eff18699f6b55a0a76adc31036d5<br> Message-Authenticator = 0x806cd522495a9dea0f1b63c2c7612616<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>
++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 8 length 6<br>
[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010903fc194000ae0fc87b0b841be2300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303131323138353335315a170d3132303131323138353335315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b48065e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea646bdde6442593b17cb4713fb4d6f0616a5db38d9b<br>
EAP-Message = 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b60ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f111626979b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e04160414872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c03081bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193310b3009060355040613024652310f300d06035504<br>
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ae0fc87b0b841be2300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1d8583cd575710b49070b3794384d2cff45f22b81e<br>
EAP-Message = 0x2dc327be959645c8<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8791eff18598f6b55a0a76adc31036d5<br>Finished request 7.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290<br>Cleaning up request 7 ID 66 with timestamp +43<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x020900061900<br> State = 0x8791eff18598f6b55a0a76adc31036d5<br>
Message-Authenticator = 0xf2ec741c480f9339eaa13537cadc59e4<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 9 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x010a00b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afddfcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c2309b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fda7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777ae3413772aa2f5f16030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x8791eff1849bf6b55a0a76adc31036d5<br>Finished request 8.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>Cleaning up request 8 ID 66 with timestamp +43<br>
Ready to process requests.<br>rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br>
Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br> Service-Type = Framed-User<br>
Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0201000b016b7465737435<br>
Message-Authenticator = 0xacd1f25254d19ef7ef878a3a79e240be<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 1 length 11<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>
++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>
Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br>
EAP-Message = 0x010200061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x119bd5731199cc528cc4c05b9703cffa<br>Finished request 9.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420<br>Cleaning up request 9 ID 66 with timestamp +48<br> User-Name = "ktest5"<br> NAS-IP-Address = 127.0.4.1<br> NAS-Port = 259<br>
Framed-MTU = 1400<br> Called-Station-Id = "00:1f:45:7f:83:fa"<br> Calling-Station-Id = "58:b0:35:28:19:ad"<br> NAS-Port-Type = Wireless-802.11<br> NAS-Identifier = "KASD_TEST"<br>
Service-Type = Framed-User<br> Vendor-4329-Attr-3 = 0x30353030303130313433303532333035<br> Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039<br> Vendor-4329-Attr-4 = 0x4b4153445f54455354<br> Vendor-4329-Attr-5 = 0x4b4153445f54455354<br>
Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661<br> Vendor-4329-Attr-7 = 0x53747564656e7473<br> Vendor-4329-Attr-8 = 0x4b41534453747564656e7473<br> EAP-Message = 0x0202008819800000007e16030100790100007503014d2e0355d881daaa7bc48ab53b8cbf1877d5045d28d27e8bc56439c8160f2d2e00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100<br>
State = 0x119bd5731199cc528cc4c05b9703cffa<br> Message-Authenticator = 0x502685c6634bcf13076884276d720178<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>
[suffix] No '@' in User-Name = "ktest5", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 2 length 136<br>[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 126<br>
[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] (other): before/accept initialization<br>[peap] TLS_accept: before/accept initialization<br>[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>[peap] TLS_accept: SSLv3 write server hello A<br>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>[peap] TLS_accept: SSLv3 write server done A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>In SSL Accept mode<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 66 to 10.1.1.1 port 38428<br> EAP-Message = 0x0103040019c00000089b160301002a0200002603014d2e0342163fcd54d6877c34fe6b48bf4ada483c9daaeb893988fd2bdc1ee46300002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8b1f81044272b76dbaa079cbd3dd727461dfd7a5<br>
EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c81c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee467f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e33fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100904c9828165a2de337<br>
EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8bcb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b7425818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd224c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71ebbd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bfd34797fbefa47a4eed95cca895860004ab308204<br>
EAP-Message = 0xa73082038fa0030201020209<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x119bd5731098cc528cc4c05b9703cffa<br>Finished request 10.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>Cleaning up request 10 ID 66 with timestamp +48<br>Ready to process requests.</blockquote>