<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 12 (filtered medium)"><base href="x-msg://355/"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-link:"Plain Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple style='word-wrap: break-word;-webkit-nbsp-mode: space;-webkit-line-break: after-white-space'><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Here’s the full output from ‘radiusd –X’:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoPlainText><span style='font-family:"Courier New"'>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=0, length=130<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0200001001656475726f616d74657374<br> Message-Authenticator = 0x19af91fa38ff062679ec1d03996186f1<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 0 length 16<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type md5<br>rlm_eap_md5: Issuing Challenge<br>++[eap] returns handled<br>Sending Access-Challenge of id 0 to 127.0.0.1 port 46518<br> EAP-Message = 0x010100160410e3c3e67208c265aca07beb7e7865d463<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d51ec2fc226b361c74f28d1a<br>Finished request 0.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=1, length=138<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020100060319<br> State = 0xd51fc6e5d51ec2fc226b361c74f28d1a<br> Message-Authenticator = 0xd31570627564c5a11fb8b9203e310ce1<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 1 length 6<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[unix] returns notfound<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP NAK<br>[eap] EAP-NAK asked for EAP-Type/peap<br>[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>Sending Access-Challenge of id 1 to 127.0.0.1 port 46518<br> EAP-Message = 0x010200061920<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d41ddffc226b361c74f28d1a<br>Finished request 1.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=2, length=254<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0202007a198000000070160301006b0100006703014e96960ad361f23dc096d265af71ceffd445b4d9ae042b0c7c42b6b3846d4bee00003a00390038008800870035008400160013000a00330032009a009900450044002f00960041000500040015001200090014001100080006000300ff0100000400230000<br> State = 0xd51fc6e5d41ddffc226b361c74f28d1a<br> Message-Authenticator = 0x7b23ec62a31e205a2a7ec5c7f9740229<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 2 length 122<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 112<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] (other): before/accept initialization <br>[peap] TLS_accept: before/accept initialization <br>[peap] <<< TLS 1.0 Handshake [length 006b], ClientHello <br>[peap] TLS_accept: SSLv3 read client hello A <br>[peap] >>> TLS 1.0 Handshake [length 0035], ServerHello <br>[peap] TLS_accept: SSLv3 write server hello A <br>[peap] >>> TLS 1.0 Handshake [length 0824], Certificate <br>[peap] TLS_accept: SSLv3 write certificate A <br>[peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange <br>[peap] TLS_accept: SSLv3 write key exchange A <br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <br>[peap] TLS_accept: SSLv3 write server done A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>In SSL Handshake Phase <br>In SSL Accept mode <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 2 to 127.0.0.1 port 46518<br> EAP-Message = 0x0103040019c000000a7e16030100350200003103014e96960af25becfff944c864c255fad5a356b511aa59ced9de668370811edd2c000039000009ff010001000023000016030108240b00082000081d00038d3082038930820271a003020102020103300d06092a864886f70d0101050500308188310b300906035504061302554b311730150603550408130e556e69746564204b696e67646f6d311830160603550407130f57657374206f6620456e676c616e64310c300a060355040a13035557453121301f06092a864886f70d01090116126974732d756e6978407577652e61632e756b311530130603550403130c5557452c2042726973746f6c<br> EAP-Message = 0x301e170d3131303932373132313430385a170d3132303932363132313430385a306e310b300906035504061302554b311730150603550408130e556e69746564204b696e67646f6d310c300a060355040a1303555745311530130603550403130c5557452c2042726973746f6c3121301f06092a864886f70d01090116126974732d756e6978407577652e61632e756b30820122300d06092a864886f70d01010105000382010f003082010a0282010100abf8e76947fb730e676e7fe3abb28d7841bcf4766c2075580efe855329fa8c5be97b8853ed81a68a4511d890c0380cbb3fa419cccd2acd229841419fa9f08150accb9626c1ce469762a6b266<br> EAP-Message = 0xc50a3e8ce93a479982c31431a437fea310ce65ee129f121f47f97cd245d3144fdd154cb91a31ec2939b97a8147246d0553894b2da551783a081b7feb8eef899252668f49b0c63724ee2b6637a0494941c83399085a1408795d835ef1842b7b02b12029a785fa5cd2c0759287c39a14029cb5a2b261432c40267cecc5486ae333bf8d30eaaeddb87cffdf147429a54895f952468d51f32f56add55bed711dd29afd5d74b82952085a5c01a00aa196c2435d7e21910203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000382010100c5c2bf0108071d7d83a9a6fa3e0adb71ccf140eb3a3270<br> EAP-Message = 0x8b7c50da65d38a5b8d8faf512930b9f6a37c20fd24e12f83045d53774f324ca59f7dbf38c91a5db93d3daa9317bcf59ce91ee6a358fea314ebc167315ca81e6e276a28653dd2c4040777244a743040abec0b68267e6f3d5cbc09b69f9f6907800780171915d3c4e29cf5bd83e9b880871f6331219ed7b902d4831f29049a734ec7920582dc99c0d9fe2a650e563c5f0c4e50c36148e7e8b001530c461da58ac7c21920db5e8cfa11ccc807e807a2b754cf3c3323b5181e0cdc4e58b88d69dca1cd67f84cc2034c777965ff6e59b9ed1ab408d1f8b00f3b208fcc33047e3a46605b40fe70efc10490d500048a308204863082036ea003020102020900ea<br> EAP-Message = 0x76843bb94e48ff300d06092a<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d71cdffc226b361c74f28d1a<br>Finished request 2.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=3, length=138<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020300061900<br> State = 0xd51fc6e5d71cdffc226b361c74f28d1a<br> Message-Authenticator = 0xeac8d730967a7a82475dc0a22d887533<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 3 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 3 to 127.0.0.1 port 46518<br> EAP-Message = 0x010403fc1940864886f70d0101050500308188310b300906035504061302554b311730150603550408130e556e69746564204b696e67646f6d311830160603550407130f57657374206f6620456e676c616e64310c300a060355040a13035557453121301f06092a864886f70d01090116126974732d756e6978407577652e61632e756b311530130603550403130c5557452c2042726973746f6c301e170d3131303932373132303134395a170d3132303932363132303134395a308188310b300906035504061302554b311730150603550408130e556e69746564204b696e67646f6d311830160603550407130f57657374206f6620456e676c616e<br> EAP-Message = 0x64310c300a060355040a13035557453121301f06092a864886f70d01090116126974732d756e6978407577652e61632e756b311530130603550403130c5557452c2042726973746f6c30820122300d06092a864886f70d01010105000382010f003082010a0282010100eca974c9469bb2b9038c9cec00bb4710b72a5158ac68aced1f90f5af352d65068848d7187b033dbc40dc216ae01b1c0f9b37a26342cfbb1d2a544f263a1e79b3934c9895c10c797cb41b67ae18ca2ae955f2ff442f477cf9084d38b43b16a12bf18401ab2cd3d28bc5528f77a231339e20ef7f5cb0b9cec2eeecc41ea475698418883a9d55011ac7959606e44437163e650c2d<br> EAP-Message = 0x15038f9e7d0de2a28657871a47b516daf92b5920988ae0d0eda22f45a41c6b51c94e66b2d1c7c8388d35849f20ca99668862b2de96c0020e91e20b1049c122eafa7de46af7b3ff79ef88a0c4c81e2ab0aabd2861fd271b056a9a3445d83a3699e7dd5a61bcbf9f1cf5676179650203010001a381f03081ed301d0603551d0e04160414832a671a41ae7fd38f7d2a867d3caf4258a634133081bd0603551d230481b53081b28014832a671a41ae7fd38f7d2a867d3caf4258a63413a1818ea4818b308188310b300906035504061302554b311730150603550408130e556e69746564204b696e67646f6d311830160603550407130f57657374206f6620<br> EAP-Message = 0x456e676c616e64310c300a060355040a13035557453121301f06092a864886f70d01090116126974732d756e6978407577652e61632e756b311530130603550403130c5557452c2042726973746f6c820900ea76843bb94e48ff300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007748eea59b2bd6a4d042a17c13f6a67f94d7de57b9df69dd50473ef15d71362d7394558cfc9b54fc48572f4cb62d3d88802d0be516d230730c2e4e6aceeaebb0098bfd2851141f3d366ece305dfee9eb5f3599e4f60f87925c294e214f576818be4db619a976343323c56ac9b4b32eef0c1c62749cba3d6bb0c36b1105ea4e570a<br> EAP-Message = 0x9236e20dee7f5d17<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d61bdffc226b361c74f28d1a<br>Finished request 3.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=4, length=138<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020400061900<br> State = 0xd51fc6e5d61bdffc226b361c74f28d1a<br> Message-Authenticator = 0x462ba6d707d88db45403966796b77aae<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 4 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1 <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 4 to 127.0.0.1 port 46518<br> EAP-Message = 0x01050298190014f24598cc95e56c2df962cf71babff85382b7162f2583c6d0a28ddf9c25b2092388203879c714a8a11b81be2c6634e462905275ad295e874bbd16614231809d913af8d79c9a3a181ae25754adec324ac9caa93299ffa779bea8ba68d03772b5d350b07012458bcc0c565c46d7d651b8c47c16bbd34842160301020d0c0002090080d11460db9abf91f947d88e633cd4e9801540e222c95cce59f1dfbcafa31699ef9e0a5cc17142ca4cf26add8a3125af5b3e671f86dcd93acd5c90610362a99f81da008eb1af2830c5019f42bb6fc709000481512754b92235c8b9b950a31a8a66b8c4212ee376d79271ed2c5c611dd8629961e904dc<br> EAP-Message = 0xa746dfc00b07d867f1cf2300010200809acc0ffd2632f9bd6395fc75fcce6532c87fb8a72104774d5a30e09aee6647ccd17c9b1a8d8e7fb1ee681202b869040b90a5b92f743483956a7c0ab1d0e6793a9fe24b1e412766db333b2955144d7a37f4d7387421ee4edf206d9fce49bb1e855270d0c8e18f9ecae79f836aff647120715bc033b723b3b66c4ec7e346cba30701007246ace4b95fb4e321e49c08e373f86ebf6aee6921fb0bd7b6da516f55614b006f69a275899c538cc150d44aab98d20fd628a62b83a31c269ac46970a4f83a2c1465027b5e653392f3ed802ba74e361a6687b4664f743b5d8fcb8554987db224d147519c09f5eabca4051b<br> EAP-Message = 0x8337529fd094e68c5c78268fd43410af0f1f9f416c06dbc5e243057665b49f117bf74812d67c7c6dbe45c32dc490d2fd652d0f37fdd788ae15950dfb530f4ce72464ba58923a0653c13df28248b3bf89e05853950f56c1008a31d2fe679c91066597c8c595763fa7a3fbd646186bfe548aab39f9376b5421b12964d4f92c85ebed27359eb43db6bdc7e68c6e95452a0f876700143416030100040e000000<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d11adffc226b361c74f28d1a<br>Finished request 4.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=5, length=340<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020500d01980000000c616030100861000008200805acce1c3b4c2a661c04cabe6fc26f48d4ed47fa45c3df4cb1c7c198f7c9b28d95b7d585f79b7cd9c26c7af3f3c7ba9e83b0a37080d3e4e4ff3546172818cc481b603ce2b263fa1498313f5de4b7a44bd8cbea28c311e1e00bd247f1b96ae5484c793807e128ab22ea20af058d351b40025e4325585af1afa450135fc530c23c01403010001011603010030524764251831c4f454d5f934ca8f4cbcfd9a1989b40a91517a7abd51792d649083fadb08e6f89c7d3af7c2c0b15f7445<br> State = 0xd51fc6e5d11adffc226b361c74f28d1a<br> Message-Authenticator = 0xadda94034436b0ff221189c2f4be6eb4<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 5 length 208<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br> TLS Length 198<br>[peap] Length Included<br>[peap] eaptls_verify returned 11 <br>[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange <br>[peap] TLS_accept: SSLv3 read client key exchange A <br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 read finished A <br>[peap] >>> TLS 1.0 Handshake [length 00aa]??? <br>[peap] TLS_accept: SSLv3 write session ticket A <br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <br>[peap] TLS_accept: SSLv3 write change cipher spec A <br>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <br>[peap] TLS_accept: SSLv3 write finished A <br>[peap] TLS_accept: SSLv3 flush data <br>[peap] (other): SSL negotiation finished successfully <br>SSL Connection Established <br>[peap] eaptls_process returned 13 <br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>Sending Access-Challenge of id 5 to 127.0.0.1 port 46518<br> EAP-Message = 0x010600f0190016030100aa040000a60000000000a0cc8d70c52047f8b3e2dd5eefa0c6b68d481713110eb10c139a032c9ccd16342bf0bacdba48a21cf380436517e2bf9f38cc9fc56b5bc36ebb97838a7973a5b544716c3e17ea3f50d274da7a2b9fa370521419dfe016961a232f312861f6cfedf1853882db6d9da6d47f95b823935675a40a37f8c3a96a5a41abbd79cf0bb245769988ed24af435f6a1574077885f47c7dac0152caa18a44b3924694afbba260fd1403010001011603010030979402d9cc8285d5b3b688a55259b7d425d77f8cd866491751234dfc0f00fbf507399d0ed2d17862747152c72bdeb1a5<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d019dffc226b361c74f28d1a<br>Finished request 5.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=6, length=138<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020600061900<br> State = 0xd51fc6e5d019dffc226b361c74f28d1a<br> Message-Authenticator = 0xa8d2d0aa1f4e696f304941c4d6aea9c5<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 6 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake is finished<br>[peap] eaptls_verify returned 3 <br>[peap] eaptls_process returned 3 <br>[peap] EAPTLS_SUCCESS<br>++[eap] returns handled<br>Sending Access-Challenge of id 6 to 127.0.0.1 port 46518<br> EAP-Message = 0x0107002b19001703010020fde5e4f975c631461bf812654c521bf751cbd50328326c22c4314b1dc22b5981<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d318dffc226b361c74f28d1a<br>Finished request 6.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=7, length=228<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x020700601900170301002082ca809e8b71e1737e6f283824f1fc57f516b406a52edcde740635aff970657a1703010030db98915cf59fb0fbd86b01c9c93f2f071441050e4cb24444dc1750d86c0048ad2630960eee387a8b9e917906d101a5e5<br> State = 0xd51fc6e5d318dffc226b361c74f28d1a<br> Message-Authenticator = 0x9fd3dfdc80fadb9dae243e30fd904c67<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 7 length 96<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Identity - USERNAME<br>[peap] Got tunneled request<br> EAP-Message = 0x0207001001656475726f616d74657374<br>server {<br> PEAP: Got tunneled identity of USERNAME<br> PEAP: Setting default EAP type for tunneled EAP session.<br> PEAP: Setting User-Name to USERNAME<br>Sending tunneled request<br> EAP-Message = 0x0207001001656475726f616d74657374<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "USERNAME"<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[control] returns noop<br>[eap] EAP packet type response id 7 length 16<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>[eap] processing type mschapv2<br>rlm_eap_mschapv2: Issuing Challenge<br>++[eap] returns handled<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 11<br> EAP-Message = 0x010800251a0108002010753b806a5a6af658f2d316d30c12ecc1656475726f616d74657374<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xf52c5994f52443b388bfb7acfc0b1196<br>[peap] Got tunneled reply RADIUS code 11<br> EAP-Message = 0x010800251a0108002010753b806a5a6af658f2d316d30c12ecc1656475726f616d74657374<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xf52c5994f52443b388bfb7acfc0b1196<br>[peap] Got tunneled Access-Challenge<br>++[eap] returns handled<br>Sending Access-Challenge of id 7 to 127.0.0.1 port 46518<br> EAP-Message = 0x0108004b19001703010040bebe64dc1329ef2740f8e42c59e1120733b64c36c16a9475d047b551a74dfc12c69cbb404408eab8f872620679d76339d572e88b33e38a385546ae0b37847a85<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5d217dffc226b361c74f28d1a<br>Finished request 7.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=8, length=276<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0208009019001703010020ee50e7ff63126c0c1bd3205c1b5329263a41d41fe547b9c71e7fff5021f0990217030100608d63c97a880115c98a6c4912eef2cc8e592bf71ef659f8f13327695b6d066a45c194cb99e0e351e1533c5d6a4b4a80a9137ea22d7fc5dda4b8afbe2e08da5246c1edaea83f2d550a0ed20eab76d634f48076a74b99e3e38db6647e67adbc4390<br> State = 0xd51fc6e5d217dffc226b361c74f28d1a<br> Message-Authenticator = 0xe7ced67503caf2dc1389e6b832ec8252<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 8 length 144<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] EAP type mschapv2<br>[peap] Got tunneled request<br> EAP-Message = 0x020800461a020800413140c4b30b46c9ec6da33aad308ce5eb96000000000000000027fce3051abca58436d4737a54e109bf7485f073cf95b00900656475726f616d74657374<br>server {<br> PEAP: Setting User-Name to USERNAME<br>Sending tunneled request<br> EAP-Message = 0x020800461a020800413140c4b30b46c9ec6da33aad308ce5eb96000000000000000027fce3051abca58436d4737a54e109bf7485f073cf95b00900656475726f616d74657374<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "USERNAME"<br> State = 0xf52c5994f52443b388bfb7acfc0b1196<br>server inner-tunnel {<br>+- entering group authorize {...}<br>++[chap] returns noop<br>++[mschap] returns noop<br>++[unix] returns notfound<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[control] returns noop<br>[eap] EAP packet type response id 8 length 70<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>[files] users: Matched entry DEFAULT at line 1<br>++[files] returns ok<br>++[expiration] returns noop<br>++[logintime] returns noop<br>++[pap] returns noop<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/mschapv2<br>[eap] processing type mschapv2<br>[mschapv2] +- entering group MS-CHAP {...}<br>[mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>[mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>[mschap] Told to do MS-CHAPv2 for USERNAME with NT-Password<br>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>[mschap] FAILED: MS-CHAP2-Response is incorrect<br>++[mschap] returns reject<br>[eap] Freeing handler<br>++[eap] returns reject<br>Failed to authenticate the user.<br>} # server inner-tunnel<br>[peap] Got tunneled reply code 3<br> MS-CHAP-Error = "\010E=691 R=1"<br> EAP-Message = 0x04080004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>[peap] Got tunneled reply RADIUS code 3<br> MS-CHAP-Error = "\010E=691 R=1"<br> EAP-Message = 0x04080004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>[peap] Tunneled authentication was rejected.<br>[peap] FAILURE<br>++[eap] returns handled<br>Sending Access-Challenge of id 8 to 127.0.0.1 port 46518<br> EAP-Message = 0x0109002b190017030100208c4e2f1cf1bae28345164884c2d88d6076154baf708a8d14257705571de8bdc2<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xd51fc6e5dd16dffc226b361c74f28d1a<br>Finished request 8.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 127.0.0.1 port 46518, id=9, length=212<br> User-Name = "USERNAME"<br> NAS-IP-Address = 127.0.0.1<br> Calling-Station-Id = "02-00-00-00-00-01"<br> Framed-MTU = 1400<br> NAS-Port-Type = Wireless-802.11<br> Connect-Info = "CONNECT 11Mbps 802.11b"<br> EAP-Message = 0x0209005019001703010020d9cfaefa5e285c9f5f3f69feb289acf8d93c592efca5a111d9de338781b85fb917030100201d132513a9b552a9e5e7f85cb6c0158ad889b9367619656d3dd80a869ef4cd11<br> State = 0xd51fc6e5dd16dffc226b361c74f28d1a<br> Message-Authenticator = 0x05a869fff5928f065bcf99af65e0681f<br>+- entering group authorize {...}<br>++[preprocess] returns ok<br>++[chap] returns noop<br>++[mschap] returns noop<br>[suffix] No '@' in User-Name = "USERNAME", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[eap] EAP packet type response id 9 length 80<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] eaptls_verify returned 7 <br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7 <br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Received EAP-TLV response.<br>[peap] The users session was previously rejected: returning reject (again.)<br>[peap] *** This means you need to read the PREVIOUS messages in the debug output<br>[peap] *** to find out the reason why the user was rejected.<br>[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.<br>[peap] *** what went wrong, and how to fix the problem.<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>++[eap] returns invalid<br>Failed to authenticate the user.<br>Using Post-Auth-Type Reject<br>+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> USERNAME<br> attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 9 for 1 seconds<br>Going to the next request<br>Waking up in 0.9 seconds.<br>Sending delayed reject for request 9<br>Sending Access-Reject of id 9 to 127.0.0.1 port 46518<br> EAP-Message = 0x04090004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>Waking up in 3.9 seconds.<br>Cleaning up request 0 ID 0 with timestamp +111<br>Cleaning up request 1 ID 1 with timestamp +111<br>Cleaning up request 2 ID 2 with timestamp +111<br>Cleaning up request 3 ID 3 with timestamp +111<br>Cleaning up request 4 ID 4 with timestamp +111<br>Cleaning up request 5 ID 5 with timestamp +111<br>Cleaning up request 6 ID 6 with timestamp +111<br>Cleaning up request 7 ID 7 with timestamp +111<br>Cleaning up request 8 ID 8 with timestamp +111<br>Waking up in 1.0 seconds.<br>Cleaning up request 9 ID 9 with timestamp +111<br>Ready to process requests.</span><o:p></o:p></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> freeradius-users-bounces+martin.ubank=uwe.ac.uk@lists.freeradius.org [mailto:freeradius-users-bounces+martin.ubank=uwe.ac.uk@lists.freeradius.org] <b>On Behalf Of </b>Arran Cudbard-Bell<br><b>Sent:</b> 14 October 2011 16:04<br><b>To:</b> FreeRadius users mailing list<br><b>Subject:</b> Re: Configuring FreeRADIUS to use ntlm_auth for MS-CHAP<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><o:p> </o:p></p><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas'>I can see from the 'radiusd -X' output that FreeRadius is not using MS-CHAP correctly:<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas'><snip><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:"Courier New"'>[eap] processing type mschapv2<br>[mschapv2] +- entering group MS-CHAP {...}<br>[mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>[mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>[mschap] Told to do MS-CHAPv2 for USERNAME with NT-Password<br>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>[mschap] FAILED: MS-CHAP2-Response is incorrect<br>++[mschap] returns reject<br><snip></span><span style='font-size:10.5pt;font-family:Consolas'><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:10.5pt;font-family:Consolas'> <o:p></o:p></span></p></div></div></blockquote><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>You just snipped away the useful information in the log... Please include the full debug log for the EAP round where this message is produced.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";color:black'>Arran Cudbard-Bell<br><a href="mailto:a.cudbardb@freeradius.org">a.cudbardb@freeradius.org</a><br><br>Betelwiki, Betelwiki, Betelwiki....<span class=apple-converted-space> </span>http://wiki.freeradius.org/ !<o:p></o:p></span></p></div></div></div><p class=MsoNormal><o:p> </o:p></p></div></body></html>