<HTML><HEAD>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19019"></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Here is the next piece</DIV>
<DIV> </DIV>
<DIV>Going to the next request<BR>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=182, length=279<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x0202005719800000004d16030100480100004403014ded0eabe88ab61a73d2eb01d8d7a0aeb692c5c29abad87ddbd6bef2a7ad2d4200001600040005000a0009006400620003000600130012006301000005ff01000100<BR> State = 0x351287c635109e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0xc76135b813c9043695f6eefee2253abf<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 2 length 87<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR> TLS Length 77<BR>[peap] Length Included<BR>[peap] eaptls_verify returned 11 <BR>[peap] (other): before/accept initialization<BR>[peap] TLS_accept: before/accept initialization<BR>[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello <BR>[peap] TLS_accept: SSLv3 read client hello A<BR>[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello <BR>[peap] TLS_accept: SSLv3 write server hello A<BR>[peap] >>> TLS 1.0 Handshake [length 085e], Certificate <BR>[peap] TLS_accept: SSLv3 write certificate A<BR>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <BR>[peap] TLS_accept: SSLv3 write server done A<BR>[peap] TLS_accept: SSLv3 flush data<BR>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<BR>In SSL Handshake Phase <BR>In SSL Accept mode <BR>[peap] eaptls_process returned 13 <BR>[peap] EAPTLS_HANDLED<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 182 to 10.152.0.100 port 32819<BR> EAP-Message = 0x0103040019c0000008a216030100310200002d03014ded0ea574477edb854fb55aebb36adb4abb79a8b8bd4e781eaccbe17e59d0de000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175<BR> EAP-Message = 0x74686f72697479301e170d3131303231303136333231325a170d3132303231303136333231325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c2962fab65858e76d1ddf7925706800d725d67efa3e928fc5b835d1da4e3d5c99cd3ba137db87cd26b5609df9ff9a00d2e26b6569bd5d5<BR> EAP-Message = 0x7906b0ac844bcb0dcdafc47a271d7f4184b8e7c49def18565a1308653df9bf9af520481adbca2724c10912c5a027ebaf413980d610ac6deba96c5648b540eddcd14904c44ccdea22b433302f61cbe597a5d8587cf9cd1265a8eb71cbcd86db81668b26104bde6f85a48915ff0b49db217fddfc14199887a02eea6bab884c45f948e1ac8dfff1b174428ea59679abc877ed9a63d9d45a49e5c9260c8dfea7751f40742a8f4bdc3a159ca21c94180134fa8397913337b28431d3958f736c26766793bb5bb1f3d5b133c30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101004cec<BR> EAP-Message = 0x45279ca506050661330f4a17d5cadf66ab4afcd673447238a372ab3fa04a4290b7329b34267c54ad822d9f5d52975247bd61560abaa1e6b5c189edf03731340a167f225be1f70bc782ae26ff1599a4f69892b7cbde36cf5a85b6e955b4fa52c512140091a0750b11c5a5aafb2572b582856ae20c7c96d42dc0bf0104467b02d7fcb088f371ee192d529d4fde2233d2f8d7c1825bcf23781cadd11aeabf49cd8ca853b47b5dc74b760d34faf67941eaced3bd06b86b65ff23c247b82527ddd7136397230ad87c477643afe9c748f0cf83eff9b102206276b4d0d682f2e5ed27afa85e45426b25f152b16012918d4c04ce0a8641da60885e3c3197b4e3ed<BR> EAP-Message = 0x860004ab308204a73082038f<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c634119e107d0e4bf1d59ff6a4<BR>Finished request 1.<BR>Going to the next request<BR>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=183, length=198<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x020300061900<BR> State = 0x351287c634119e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0x0c02c2e486671a676f2146214b7d6329<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 3 length 6<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR>[peap] Received TLS ACK<BR>[peap] ACK handshake fragment handler<BR>[peap] eaptls_verify returned 1 <BR>[peap] eaptls_process returned 13 <BR>[peap] EAPTLS_HANDLED<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 183 to 10.152.0.100 port 32819<BR> EAP-Message = 0x010403fc1940a003020102020900a014abbd42e47192300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131303231303136333231325a170d3132303231303136333231325a308193310b3009060355040613024652310f300d0603550408130652616469757331<BR> EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100aad4b906b8f15d9efa212c359bbae114566f2f9b0c75bf45ab4def0f4a617b3fe4e56795ecf32f378d128990b6317f25252528a101362bf9345a0a394dba35688e07e2eae969c4913c3796c1c224aced4e41e9d51f5335e6b9ec030da7c36217b48835b1df864ff9<BR> EAP-Message = 0xd82ada8cda0de980115896e4bd8ec5bab2a6b9111c109dafdb3e07d6ee4a5cebfa21f39e4efeb6a45e8a8cefc278ef3418aa2ccdb710ebe491eda4ed31df9156020958cddc21ce23a5749c9f06eeb098f3894184707af45719ff0d29350defa774ea4dbda2d0c61b7939abb1757a3ee271f1bb8d4b9868bc6289db9516b6a3d7fa5ad8abdbe57b5ce5359c9eb6a6169647d1310a53e40e930203010001a381fb3081f8301d0603551d0e0416041493331cbb1ef41d0e3c45f31449266f0c304c9b193081c80603551d230481c03081bd801493331cbb1ef41d0e3c45f31449266f0c304c9b19a18199a48196308193310b300906035504061302465231<BR> EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a014abbd42e47192300c0603551d13040530030101ff300d06092a864886f70d010105050003820101003cf11452f274ea06f722666622248542b6934b4f9aa2e919e20fb227801b1addbd2626d3570f8e4c20db411f132aa313a4e877f352772d0414b67207468978a5727bc5a22843f42390103f<BR> EAP-Message = 0x53c8cb22d3f8f1f7<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c637169e107d0e4bf1d59ff6a4<BR>Finished request 2.<BR>Going to the next request<BR>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=184, length=198<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x020400061900<BR> State = 0x351287c637169e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0x119cdba488a7d26989d8954bd433b4a8<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 4 length 6<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR>[peap] Received TLS ACK<BR>[peap] ACK handshake fragment handler<BR>[peap] eaptls_verify returned 1 <BR>[peap] eaptls_process returned 13 <BR>[peap] EAPTLS_HANDLED<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 184 to 10.152.0.100 port 32819<BR> EAP-Message = 0x010500bc19004c396c46b788613f2eae5433381f96d583a69217e9b3504b2751ba9b7c98b5795763ec2dca296f1c69e6a6c0814c9723f903ff293ab3d5bd932b98d0e833e3a01ded48b321eb509dd2e61548875967dc1282a4022b615f7360c573c4d1e52b10f16387a6d3ab90066bb454697e5715108aa946fe9208e0c56acbc5ba8277b15393f6d3ce03a2fb07536a1177550c4dbb473cf421ba6fd64330b3ef931207d7af48184e874f2e55130a498d722c16030100040e000000<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c636179e107d0e4bf1d59ff6a4<BR>Finished request 3.<BR>Going to the next request<BR>Waking up in 4.9 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=185, length=514<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x020501401980000001361603010106100001020100af7d947b9773fe9077a2c66ee404afa0fb678991285a865d2d9de4f04ad98609bf599137e35f0f4aeffc8033d9c5e702472b08b65c73f6eae34045425c3ad875f168525f35e62e193f69c83d991a99416211e8db06afdc9bed2dd0de002302c482f5eea79f1ab9d00f428fb77bd2cdaed394eee44927d41d681435c641bcac71196996f34064206e571a7bb1866ddbb27241fd4a12e934ee15052cb25edd4c7d22fae6b989c6896ca7cf99eb5d851146c410c8dd046dc977d2e57c88727a269eb15830e388ef9d37822cc9331999e53827293d9dfcbdc73920d548a3e53c97e62541d8fa660912fe<BR> EAP-Message = 0xf414ea8a401cc6382dfbf9a1a47ff89b7b62d49cc942bbfb1403010001011603010020a045024939506667da57643c8bd83399c6a3e3a8649eb38d44594e43305e74c1<BR> State = 0x351287c636179e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0xebfb81416fe897f931bfb8daa890ead8<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 5 length 253<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR> TLS Length 310<BR>[peap] Length Included<BR>[peap] eaptls_verify returned 11 <BR>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange <BR>[peap] TLS_accept: SSLv3 read client key exchange A<BR>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <BR>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <BR>[peap] TLS_accept: SSLv3 read finished A<BR>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <BR>[peap] TLS_accept: SSLv3 write change cipher spec A<BR>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <BR>[peap] TLS_accept: SSLv3 write finished A<BR>[peap] TLS_accept: SSLv3 flush data<BR>[peap] (other): SSL negotiation finished successfully<BR>SSL Connection Established <BR>[peap] eaptls_process returned 13 <BR>[peap] EAPTLS_HANDLED<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 185 to 10.152.0.100 port 32819<BR> EAP-Message = 0x0106003119001403010001011603010020cfda713e83ee9c9ade69432531cf7ef8fc28d87a9d03e8eee868c8575762052f<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c631149e107d0e4bf1d59ff6a4<BR>Finished request 4.<BR>Going to the next request<BR>Waking up in 4.8 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=186, length=198<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x020600061900<BR> State = 0x351287c631149e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0x1bfb600b6f0a8f5375f18a985b9c2c19<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 6 length 6<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR>[peap] Received TLS ACK<BR>[peap] ACK handshake is finished<BR>[peap] eaptls_verify returned 3 <BR>[peap] eaptls_process returned 3 <BR>[peap] EAPTLS_SUCCESS<BR>[peap] Session established. Decoding tunneled attributes.<BR>[peap] Peap state TUNNEL ESTABLISHED<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 186 to 10.152.0.100 port 32819<BR> EAP-Message = 0x0107002019001703010015950d4132031906006e4af6d74aa4b14f552a22839a<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c630159e107d0e4bf1d59ff6a4<BR>Finished request 5.<BR>Going to the next request<BR>Waking up in 4.7 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=187, length=248<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x020700381900170301002d554f7f2caee0c646ba77fefbe2a91efd7ac46e6330fb7d473da6df47dd8dac9408aacfd1894589bca2ed220675<BR> State = 0x351287c630159e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0x39f962a302fc2678b3938b9e1dc9451e<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 7 length 56<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR>[peap] eaptls_verify returned 7 <BR>[peap] Done initial handshake<BR>[peap] eaptls_process returned 7 <BR>[peap] EAPTLS_OK<BR>[peap] Session established. Decoding tunneled attributes.<BR>[peap] Peap state WAITING FOR INNER IDENTITY<BR>[peap] Identity - host/TEST-11501.hpsd48.ab.ca<BR>[peap] Got inner identity 'host/TEST-11501.hpsd48.ab.ca'<BR>[peap] Setting default EAP type for tunneled EAP session.<BR>[peap] Got tunneled request<BR> EAP-Message = 0x0207002101686f73742f544553542d31313530312e6870736434382e61622e6361<BR>server {<BR> PEAP: Setting User-Name to host/TEST-11501.hpsd48.ab.ca<BR>Sending tunneled request<BR> EAP-Message = 0x0207002101686f73742f544553542d31313530312e6870736434382e61622e6361<BR> FreeRADIUS-Proxied-To = 127.0.0.1<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR>server inner-tunnel {<BR># Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<BR>+- entering group authorize {...}<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>++[control] returns noop<BR>[eap] EAP packet type response id 7 length 33<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>++[files] returns noop<BR>[ldap] performing user authorization for host/TEST-11501.hpsd48.ab.ca<BR>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=TEST-11501$)<BR>[ldap] expand: o=hpsd_48 -> o=hpsd_48<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)<BR>[ldap] Added the eDirectory password xxxxx in check items as Cleartext-Password<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING: Auth-Type already set. Not setting to PAP<BR>++[pap] returns noop<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/inner-tunnel<BR>+- entering group authenticate {...}<BR>[eap] EAP Identity<BR>[eap] processing type mschapv2<BR>rlm_eap_mschapv2: Issuing Challenge<BR>++[eap] returns handled<BR>} # server inner-tunnel<BR>[peap] Got tunneled reply code 11<BR> EAP-Message = 0x010800361a0108003110767e2048d63fb3b8fa7ee26dd9790895686f73742f544553542d31313530312e6870736434382e61622e6361<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x1dc7def21dcfc42cab2b21ed670261c1<BR>[peap] Got tunneled reply RADIUS code 11<BR> EAP-Message = 0x010800361a0108003110767e2048d63fb3b8fa7ee26dd9790895686f73742f544553542d31313530312e6870736434382e61622e6361<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x1dc7def21dcfc42cab2b21ed670261c1<BR>[peap] Got tunneled Access-Challenge<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 187 to 10.152.0.100 port 32819<BR> EAP-Message = 0x0108004d19001703010042c80199f6a3197bda613806b420f4193a31f45282edef246bd619d1cb90cf141f66abc9fd0e95e46b6a1ce68729d036ed7707e5d48393c0035810dfd87ac6c8d496d5<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c6331a9e107d0e4bf1d59ff6a4<BR>Finished request 6.<BR>Going to the next request<BR>Waking up in 4.7 seconds.<BR>rad_recv: Access-Request packet from host 10.152.0.100 port 32819, id=188, length=302<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> NAS-IP-Address = 10.152.0.100<BR> NAS-Port = 1<BR> NAS-Identifier = "10.152.0.100"<BR> NAS-Port-Type = Wireless-802.11<BR> Calling-Station-Id = "00265EE9B2CA"<BR> Called-Station-Id = "000B86611894"<BR> Service-Type = Login-User<BR> Framed-MTU = 1100<BR> EAP-Message = 0x0208006e19001703010063b3597f44056259644b57977d26c5a386f64d577d92db2939b7357b9abaaa70521d52172f236039fc057506c544456c3d9cc0bdd2aab1e8fa4092fcc8a98d423c6b005189fc94712ce4adf77a8499c88dd5eab72a7dac41f8dcbf9077281e149f77571e<BR> State = 0x351287c6331a9e107d0e4bf1d59ff6a4<BR> Aruba-Essid-Name = "HPSD_RAD2"<BR> Aruba-Location-Id = "Tech 01"<BR> Message-Authenticator = 0x215d182fd95fe0adcd92e6ddfd90d0f3<BR># Executing section authorize from file /etc/raddb/sites-enabled/default<BR>+- entering group authorize {...}<BR>++[preprocess] returns ok<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>++[digest] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>[eap] EAP packet type response id 8 length 110<BR>[eap] Continuing tunnel setup.<BR>++[eap] returns ok<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/default<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/peap<BR>[eap] processing type peap<BR>[peap] processing EAP-TLS<BR>[peap] eaptls_verify returned 7 <BR>[peap] Done initial handshake<BR>[peap] eaptls_process returned 7 <BR>[peap] EAPTLS_OK<BR>[peap] Session established. Decoding tunneled attributes.<BR>[peap] Peap state phase2<BR>[peap] EAP type mschapv2<BR>[peap] Got tunneled request<BR> EAP-Message = 0x020800571a0208005231a83f8b39603c94edfee997158adcbffe00000000000000008168523c8deddfdf6a1eab9bd60d764976d278d43586a58200686f73742f544553542d31313530312e6870736434382e61622e6361<BR>server {<BR> PEAP: Setting User-Name to host/TEST-11501.hpsd48.ab.ca<BR>Sending tunneled request<BR> EAP-Message = 0x020800571a0208005231a83f8b39603c94edfee997158adcbffe00000000000000008168523c8deddfdf6a1eab9bd60d764976d278d43586a58200686f73742f544553542d31313530312e6870736434382e61622e6361<BR> FreeRADIUS-Proxied-To = 127.0.0.1<BR> User-Name = "host/TEST-11501.hpsd48.ab.ca"<BR> State = 0x1dc7def21dcfc42cab2b21ed670261c1<BR>server inner-tunnel {<BR># Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel<BR>+- entering group authorize {...}<BR>++[chap] returns noop<BR>++[mschap] returns noop<BR>[suffix] No <A href="mailto:'@'">'@'</A> in User-Name = "host/TEST-11501.hpsd48.ab.ca", looking up realm NULL<BR>[suffix] No such realm "NULL"<BR>++[suffix] returns noop<BR>++[control] returns noop<BR>[eap] EAP packet type response id 8 length 87<BR>[eap] No EAP Start, assuming it's an on-going EAP conversation<BR>++[eap] returns updated<BR>++[files] returns noop<BR>[ldap] performing user authorization for host/TEST-11501.hpsd48.ab.ca<BR>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=TEST-11501$)<BR>[ldap] expand: o=hpsd_48 -> o=hpsd_48<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)<BR>[ldap] Added the eDirectory password xxxxx in check items as Cleartext-Password<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access<BR> [ldap] ldap_release_conn: Release Id: 0<BR>++[ldap] returns ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] WARNING: Auth-Type already set. Not setting to PAP<BR>++[pap] returns noop<BR>Found Auth-Type = EAP<BR># Executing group from file /etc/raddb/sites-enabled/inner-tunnel<BR>+- entering group authenticate {...}<BR>[eap] Request found, released from the list<BR>[eap] EAP/mschapv2<BR>[eap] processing type mschapv2<BR>[mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel<BR>[mschapv2] +- entering group MS-CHAP {...}<BR>[mschap] Creating challenge hash with username: host/TEST-11501.hpsd48.ab.ca<BR>[mschap] Told to do MS-CHAPv2 for host/TEST-11501.hpsd48.ab.ca with NT-Password<BR>[mschap] FAILED: MS-CHAP2-Response is incorrect<BR>++[mschap] returns reject<BR>[eap] Freeing handler<BR>++[eap] returns reject<BR>Failed to authenticate the user.<BR>} # server inner-tunnel<BR>[peap] Got tunneled reply code 3<BR> MS-CHAP-Error = "\010E=691 R=1"<BR> EAP-Message = 0x04080004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR>[peap] Got tunneled reply RADIUS code 3<BR> MS-CHAP-Error = "\010E=691 R=1"<BR> EAP-Message = 0x04080004<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR>[peap] Tunneled authentication was rejected.<BR>[peap] FAILURE<BR>++[eap] returns handled<BR>Sending Access-Challenge of id 188 to 10.152.0.100 port 32819<BR> EAP-Message = 0x010900261900170301001b072adbce833a69b1eafb74ca2eec741cb66b500120cb916456c36a<BR> Message-Authenticator = 0x00000000000000000000000000000000<BR> State = 0x351287c6321b9e107d0e4bf1d59ff6a4<BR>Finished request 7.<BR>Going to the next request<BR><BR><BR>>>> Alan DeKok <aland@deployingradius.com> 6/5/2011 2:18 AM >>><BR>Mark Jones wrote:<BR>> Ok Im going to try following that guide Monday morning, just one<BR>> question before I get started...does it work with an edir backend and a<BR>> samba server acting as a PDC on an OES2 server?<BR><BR> Uh... no. The guide is for getting Active Directory to work. Active<BR>Directory is not Samba.<BR><BR> eDir is just an LDAP server. You've configured it as an LDAP server:<BR><BR>[ldap] expand: o=hpsd_48 -> o=hpsd_48<BR> [ldap] ldap_get_conn: Checking Id: 0<BR> [ldap] ldap_get_conn: Got Id: 0<BR> [ldap] performing search in o=hpsd_48, with filter (uid=TEST-11501$)<BR>[ldap] Added the eDirectory password xxxx in check items as<BR>Cleartext-Password<BR>[ldap] looking for check items in directory...<BR>[ldap] looking for reply items in directory...<BR>[ldap] user host/TEST-11501.hpsd48.ab.ca authorized to use remote access<BR>...<BR><BR> But you *HAVEN'T* changed the "inner-tunnel" virtual server to use the<BR>LDAP module. Go read it, and un-comment the line saying "ldap".<BR><BR> Alan DeKok.<BR>-<BR>List info/subscribe/unsubscribe? See <A href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</A><BR></DIV><BR>
<p>
<font face="Times New Roman"><b>This communication is intended for the
use of the recipient to which it is addressed and may contain
confidential, personal and/or privileged information. If you received
this e-mail in error, please advise me (by return e-mail or otherwise)
immediately.</b></font>
</p>
</BODY></HTML>