<html><head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text -->
<style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style></head>
<body>
<body>Quick answer . Your eduroam inner tunnel virtual server isnt handling it ... No auth method found . Mschap noop.<br><br><br>Alan<br><br><br><br>----- Reply message -----<br>From: "Wenche Backman" <Wenche.Backman@csc.fi><br>Date: Thu, Feb 24, 2011 08:14<br>Subject: TTLS-MSCHAPv2 works but PEAP-MSCHAPv2 doesn't (FreeRADIUS 2.1.3)<br>To: "freeradius-users@lists.freeradius.org" <freeradius-users@lists.freeradius.org><br><br></body>
<font size="2"><div class="PlainText">Hi,<br>
<br>
I have a FreeRADIUS-server for configuration testing purposes and on this server TTLS-MSCHAPv2 works fine but PEAP-MSCHAPv2 fails. PEAP-MSCHAPv2 fails both with the WindowsXP client and the NetworkManager included in Ubuntu 8.04 LTS.  The  output from radius -X are shown below. The configuration files are attached. I'd appreciate if someone could take a look at this and check where the problem might be.<br>
<br>
Regards,<br>
<br>
Wenche Backman<br>
<br>
PEAP-MSCHAPv2 failure (this one from Ubuntu 8.04 LTS, the output from WinXP is the same):<br>
<br>
Ready to process requests<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=137<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x02000011016475406d79746573742e6669<br>
        Message-Authenticator = 0xb613072b66070df9b35799b65683a666<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 0 length 17<br>
[eap] No EAP Start, assuming it's an on-going EAP conversation<br>
++[eap] returns updated<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] EAP Identity<br>
[eap] processing type tls<br>
[tls] Initiate<br>
[tls] Start returned 1<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x010100061920<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b666ed0567b6ebba8e637a5c<br>
Finished request 0.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=231<br>
Cleaning up request 0 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b666ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x0201005d190016030100520100004e03014d638d2813d992579c034f3369d4734a02fcc8603b1297948e5ee5d6950eb9ae00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100<br>
        Message-Authenticator = 0x7aaf685db9bfc8a730e04e61846a8ba4<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 1 length 93<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>
[peap] Done initial handshake<br>
[peap]     (other): before/accept initialization<br>
[peap]     TLS_accept: before/accept initialization<br>
[peap] <<< TLS 1.0 Handshake [length 0052], ClientHello<br>
[peap]     TLS_accept: SSLv3 read client hello A<br>
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello<br>
[peap]     TLS_accept: SSLv3 write server hello A<br>
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate<br>
[peap]     TLS_accept: SSLv3 write certificate A<br>
[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange<br>
[peap]     TLS_accept: SSLv3 write key exchange A<br>
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>
[peap]     TLS_accept: SSLv3 write server done A<br>
[peap]     TLS_accept: SSLv3 flush data<br>
[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>
In SSL Accept mode<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x0102040019c000000aad160301002a0200002603014d638d2822caad2a4af2262ab74eea2824d9767d409a66ca0cfad0ae45610e7500003901160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479<br>
        EAP-Message = 0x301e170d3039303131363130323433375a170d3130303131363130323433375a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bca3a7d340515ebd6023cbfb2c18b2ffc99f5276c2af17db6621b34a2e596aa4193eee8582efc0a84f8cb24b740602f7344f0d3e07f05dfab378f03112e3<br>
        EAP-Message = 0xa43530d75b5a611e456d530cc9e9a5143dbdcf6129d99273f9960b4d6bb2124f42bc61be778bad4e34a21d75e2904cc26ab003927898cdab60fb4bc1780c19d23e5d64065248e8a2e586a9d7f7ac6dc089269890532c952ea979de7202b549e5979c1be63419a29d64febe0a4576d629e7431a2e1fcca05c550172c0c4e309e746662bb2a80d26c975b979409596dd3e079a96850532745cb92dfdca8aab7bbb66fedd8a9ac3f30c62252a453c57acbc33cb0f669326ece07032fafb4584bcc417430203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100110e3b6ca51ea7854b<br>
        EAP-Message = 0x05a122cefcc96f0060bc1c3d2de06a79f50ff17de7c50664598b7b499ebf536f80bc0c3a86bfb6c9837cd23992d522be1693f12aa3b9e8eead66d0e85316cb038b7673642d83b924891b057126d85e52d91452c0a52203424fc16d6094e812ef0bd1535852edbe3e5a9696a0c5c7611badba4f789f1a04dd6548127c82d7b4e4635c03b12b621b2b4022644907e12ab5f0ecfd4863cfeb440636da869fcb57b65d67b95c007afb7bd160d20e01d946cb8f4d7a3d6c252417172ea45ffb847585e98c8c6d0d34094d031cc69cfc015b24297fa0d085fe4dfb2b2de27a9363d8d023b151867e8a5c04dcfc072e0397a063db3bf4bdc5f26f0004ab308204<br>
        EAP-Message = 0xa73082038fa0030201020209<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b765ed0567b6ebba8e637a5c<br>
Finished request 1.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=144<br>
Cleaning up request 1 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b765ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x020200061900<br>
        Message-Authenticator = 0xf24d59a32f188207dee0c313a901bfb3<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 2 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x010303fc19400095425f8466e364f5300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303131363130323433375a170d3130303131363130323433375a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504<br>
        EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a79b656861b09eb9d5bd77174981b3b00554530ffc18238cf3164a1882e42c6379db8d256187bc4788e63349ae25379f606087ab41864d8a533d738c7c5286b4057c96d0f5be5972a34b0d27d784d2571bc8a085f15fd17942948566e7589f1b4994676beb9e3d9828bdda3bd6f767<br>
        EAP-Message = 0xed21bdf2e4bd035a8e235ddf4341c2b5a587e707e5b333c49d4533110ce905b31071c90bc795dee46e8b0b063862c0d58c4765553bcef3d8408dffcb951b81a1b5e8e61f5e857bc6f5931f132146fd145ed316517e7e8bd8f5941b7d571a7a0b8500a2d4538c0a036d12ce655a55dea0b4360739b0c251ed44c91900b67a7206c83e22b34ead286d9ac6023258892f4d150203010001a381fb3081f8301d0603551d0e041604140397fbc3d67c570e8f13b91c45394b5f44616cf43081c80603551d230481c03081bd80140397fbc3d67c570e8f13b91c45394b5f44616cf4a18199a48196308193310b3009060355040613024652310f300d06035504<br>
        EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090095425f8466e364f5300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010023477ecf0e1f391af60dccc8605dd8743615a07242f1d68f3815855b86ab605a9fa22c9da76fe73fdcceb1a76afb224d424dd032efa93e7d7bacc26a0fc592ed29a04993e5c4043fcfd4312b92337b2919f5<br>
        EAP-Message = 0x5746b2fc48857aac<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b464ed0567b6ebba8e637a5c<br>
Finished request 2.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=144<br>
Cleaning up request 2 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b464ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x020300061900<br>
        Message-Authenticator = 0xb8250ec4167cfca1229cd8fed99c2ebe<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 3 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake fragment handler<br>
[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x010402c71900d8fba265108675c4143ba764839add9dad12b1e94d9c914c0f18108e5d9f99090bf291b83623238457fe4576e87c1f3b3cb9dd0cf0de1522e48948e5af796c8ed530986f5610a0dc3b0d89fa14686238e318a1cbb0de862d2ea63cc0b0b29ae1210bf94ab9e772de19b817e7d0df45b71a9595499756b5d5e6c757ca7bc55b1fc7a3ebe98be922105889149cfaa023c94eda62121c053d11f6c6e59736b2d25a0496aab4db2f160301020d0c0002090080d6c327b60d685b7dea0b3bf533d54f8e151fb5d72b4a805e4c120a847706984eedeb80d3a48fabd0f36bbabdd4125fe717709c5c73010ac5185e4154b12c4738f6cb62d40b82<br>
        EAP-Message = 0x47efc9ae7da9c0612f0bf7592be07f1eb2f5b45b5289743831f2b2cad359dbf213c9e14aaf44a1ede1e7ac48b9fbb7b371d82ec2d6ab9415ff230001020080185049cf069168f5fa3037bab3f8cbe72ffa09d5222d80db41a2265b2a270aae741f7ef06a574144055e27724d75001556dd166feedcfb7827625b2fa66f72a1c85cd9dc3e1dd693ef38f2bf0c3d8f08e21d86b9ed9d8dba54a571bdb36bed6190ddfa42816f76e3a154799ba7c629ca358df7f55f2746f7918be7a9ded259fb01006b443e4a0e6f85d615db5c3a3308860a8e7335b4c3ed7a6ca6a26b60b60399b81d97499c77a6c889c21293b3bcc5ff03b87cc98556f0b3d6c1e211ed<br>
        EAP-Message = 0x7e11c75caad6f24d6d967130f88120690fbce884666d5c4d9e235230e58b53878eb7437b253601580401c2cafba3ae088abce707763cec25709e95cb0dc4a3a9b772a507058baa5783dbf780b2e59cc2be5e8bf28401722211bec6093170c426993baf969daad724132211f1ae38314bbbb6e6a7681a57894482574f43fc60fc18d8f40b92d2fa6de896ddedfd5be469845235a8fa561c2abc94cd37764575ff0c209165d1d128af9cde0b51be10533052b7180313f411529ba43abd073e54b2111495a516030100040e000000<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b563ed0567b6ebba8e637a5c<br>
Finished request 3.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=342<br>
Cleaning up request 3 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b563ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x020400cc1900160301008610000082008086f0298b073e157e853a830e045a18b40f17a02efbe131d943518b00817f8a72a2be1b64d1208657beea1cff038418106c6beda352e34d9950e7b9c397932bd7cb8f722ff87b819edfea5910676e1e898ec4c071c6cdedab5b8c8980dbd752c9f74bbf5818cc35900515d0a97a4b6139b94e24c2b0aa1aa7ca282e205952121e140301000101160301003053d0e5fbe8ed7e32c5d7318f3baf834371d7ccc760d9a0fb0b2320f9707c9acf7f218bcb8c70a8b51e88bbdc2274aec8<br>
        Message-Authenticator = 0x7b92c60ebe961910947ed53e0f3deced<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 4 length 204<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>
[peap] Done initial handshake<br>
[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange<br>
[peap]     TLS_accept: SSLv3 read client key exchange A<br>
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]<br>
[peap] <<< TLS 1.0 Handshake [length 0010], Finished<br>
[peap]     TLS_accept: SSLv3 read finished A<br>
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]<br>
[peap]     TLS_accept: SSLv3 write change cipher spec A<br>
[peap] >>> TLS 1.0 Handshake [length 0010], Finished<br>
[peap]     TLS_accept: SSLv3 write finished A<br>
[peap]     TLS_accept: SSLv3 flush data<br>
[peap]     (other): SSL negotiation finished successfully<br>
SSL Connection Established<br>
[peap] eaptls_process returned 13<br>
[peap] EAPTLS_HANDLED<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x01050041190014030100010116030100305a7b9877876923768d3f6b8ddffb2a49d7c701b35c74a0c803a5c99b9b632fcb4eeb6ef635de4e8994feef3c84f828ff<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b262ed0567b6ebba8e637a5c<br>
Finished request 4.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=144<br>
Cleaning up request 4 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b262ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x020500061900<br>
        Message-Authenticator = 0xc5648cb005eb7be3dcd512844c73fc53<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 5 length 6<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>
[peap] ACK handshake is finished<br>
[peap] eaptls_verify returned 3<br>
[peap] eaptls_process returned 3<br>
[peap] EAPTLS_SUCCESS<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x0106002b190017030100204911606b54a92f837428b80e62f8fd2eaa9def9e14ca28d915ccc4e1718e421e<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b361ed0567b6ebba8e637a5c<br>
Finished request 5.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=234<br>
Cleaning up request 5 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b361ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x020600601900170301002084f81dbeee164be0d004166b849fec7362852574d78846dad2b62b39b08cf6a51703010030825c7db26910cfcc090ad6f9edf862db3bf8a16401564750eb0bcf77857da0fdb7de955192557ac83755357f816949b9<br>
        Message-Authenticator = 0xa9e56e06a53d4769e832e0f8cee70a4d<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 6 length 96<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>
[peap] Done initial handshake<br>
[peap] eaptls_process returned 7<br>
[peap] EAPTLS_OK<br>
[peap] Session established.  Decoding tunneled attributes.<br>
[peap] Identity - du@mytest.fi<br>
[peap] Got tunneled request<br>
        EAP-Message = 0x02060011016475406d79746573742e6669<br>
server eduroam {<br>
  PEAP: Got tunneled identity of du@mytest.fi<br>
  PEAP: Setting default EAP type for tunneled EAP session.<br>
  PEAP: Setting User-Name to du@mytest.fi<br>
Sending tunneled request<br>
        EAP-Message = 0x02060011016475406d79746573742e6669<br>
        FreeRADIUS-Proxied-To = 127.0.0.1<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        NAS-Port-Type = Wireless-802.11<br>
server eduroam-inner-tunnel {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[files] users: Matched entry du@mytest.fi at line 206<br>
++[files] returns ok<br>
++[mschap] returns noop<br>
[pap] Normalizing NT-Password from hex encoding<br>
[pap] No clear-text password in the request.  Not performing PAP.<br>
++[pap] returns noop<br>
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user<br>
Failed to authenticate the user.<br>
} # server eduroam-inner-tunnel<br>
[peap] Got tunneled reply code 3<br>
[peap] Got tunneled reply RADIUS code 3<br>
[peap] Tunneled authentication was rejected.<br>
[peap] FAILURE<br>
++[eap] returns handled<br>
} # server eduroam<br>
Sending Access-Challenge of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x0107003b19001703010030998319d6fd8e167dc17373bdbd74ff90ed3b3565f1eeec9f48a3fabf8022e8a3f0d84d04fed1507c2be2696c67f0591b<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
        State = 0xb667f4e0b060ed0567b6ebba8e637a5c<br>
Finished request 6.<br>
Going to the next request<br>
Waking up in 4.9 seconds.<br>
rad_recv: Access-Request packet from host 193.166.6.179 port 2048, id=0, length=234<br>
Cleaning up request 6 ID 0 with timestamp +107<br>
        User-Name = "du@mytest.fi"<br>
        NAS-IP-Address = 193.166.6.179<br>
        Called-Station-Id = "000d0b6cd027"<br>
        Calling-Station-Id = "001de01a9a47"<br>
        NAS-Identifier = "000d0b6cd027"<br>
        NAS-Port = 7<br>
        Framed-MTU = 1400<br>
        State = 0xb667f4e0b060ed0567b6ebba8e637a5c<br>
        NAS-Port-Type = Wireless-802.11<br>
        EAP-Message = 0x02070060190017030100206a2891cc8d712812216d36fc9a6aafafcfa02faf5c3746b46c8b5bd3fec306071703010030bb13eb9f3a5a8808db75cf59c22d50994ae45e0ecc1f7b91c3e00de1e70e8e45a98adbe3b2d7a7e15547c50362d7fdda<br>
        Message-Authenticator = 0x534b7bb55532f1fde1e5c3205e83ecae<br>
server eduroam {<br>
+- entering group authorize {...}<br>
[auth_log]      expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/auth-detail-20110222<br>
[auth_log]      expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[auth_log] returns ok<br>
[suffix] Looking up realm "mytest.fi" for User-Name = "du@mytest.fi"<br>
[suffix] Found realm "mytest.fi"<br>
[suffix] Adding Realm = "mytest.fi"<br>
[suffix] Authentication realm is LOCAL.<br>
++[suffix] returns ok<br>
[eap] EAP packet type response id 7 length 96<br>
[eap] Continuing tunnel setup.<br>
++[eap] returns ok<br>
Found Auth-Type = EAP<br>
+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>
[eap] EAP/peap<br>
[eap] processing type peap<br>
[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>
[peap] Done initial handshake<br>
[peap] eaptls_process returned 7<br>
[peap] EAPTLS_OK<br>
[peap] Session established.  Decoding tunneled attributes.<br>
[peap] Received EAP-TLV response.<br>
[peap]  Had sent TLV failure.  User was rejected earlier in this session.<br>
[eap] Handler failed in EAP/peap<br>
[eap] Failed in EAP select<br>
++[eap] returns invalid<br>
Failed to authenticate the user.<br>
} # server eduroam<br>
Using Post-Auth-Type Reject<br>
+- entering group REJECT {...}<br>
[reply_log]     expand: /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/radius/radacct/193.166.6.179/reply-detail-20110222<br>
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/radius/radacct/193.166.6.179/reply-detail-20110222<br>
[reply_log]     expand: %t -> Tue Feb 22 12:17:12 2011<br>
++[reply_log] returns ok<br>
Delaying reject of request 7 for 1 seconds<br>
Going to the next request<br>
Waking up in 0.9 seconds.<br>
Sending delayed reject for request 7<br>
Sending Access-Reject of id 0 to 193.166.6.179 port 2048<br>
        EAP-Message = 0x04070004<br>
        Message-Authenticator = 0x00000000000000000000000000000000<br>
Waking up in 4.9 seconds.<br>
Cleaning up request 7 ID 0 with timestamp +107<br>
Ready to process requests.<br>
<br>
<br>
Wenche Backman<br>
Tietoliikenneasiantuntija<br>
CSC - Tieteen tietotekniikan keskus Oy<br>
PL 405, 02101 Espoo<br>
(09) 457 2737, Wenche.Backman@csc.fi<br>
<br>
Ms. Wenche Backman<br>
Data Communications Specialist<br>
CSC - IT Center for Science Ltd.<br>
P.O. BOX 405, FI-02101 Espoo, Finland<br>
+358 9 457 2737, Wenche.Backman@csc.fi<br>
<br>
</div></font>
</body>
</html>