rad_recv: Accounting-Request packet from host 10.143.115.14 port 1646, id=117, length=172 Acct-Session-Id = "0000006A" User-Name = "phone" Acct-Authentic = RADIUS Acct-Terminate-Cause = Lost-Carrier Acct-Session-Time = 44 Acct-Input-Octets = 11471 Acct-Output-Octets = 7303 Acct-Input-Packets = 85 Acct-Output-Packets = 42 Acct-Status-Type = Stop NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" Service-Type = Framed-User NAS-IP-Address = 10.143.115.14 Acct-Delay-Time = 0 +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 50101,Client-IP-Address = 10.143.115.14,NAS-IP-Address = 10.143.115.14,Acct-Session-Id = "0000006A",User-Name = "phone"' [acct_unique] Acct-Unique-Session-ID = "10aaaf61b86057ad". ++[acct_unique] returns ok ++[files] returns noop +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/10.143.115.14/detail-20111118 [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/10.143.115.14/detail-20111118 [detail] expand: %t -> Fri Nov 18 19:22:07 2011 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{User-Name} -> phone ++[radutmp] returns ok [attr_filter.accounting_response] expand: %{User-Name} -> phone attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 117 to 10.143.115.14 port 1646 Finished request 0. Cleaning up request 0 ID 117 with timestamp +8 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=194, length=146 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x0201000a0170686f6e65 Message-Authenticator = 0x36c6ef69c3f3af00b2c114f7f98f0715 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 1 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] expand: %{User-Name} -> phone [files] users: Matched entry phone at line 22 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 194 to 10.143.115.14 port 1645 Tunnel-Private-Group-Id:0 := "654" Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Preference:0 := 0 EAP-Message = 0x0102001604107525c12a3969548d8eb2d4a4110383a3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee140df5a80dd7ae7de26d1f2b1 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=195, length=160 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020200060319 Message-Authenticator = 0xe5bc64191b3a3fefeccbc2dfd90184b8 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee140df5a80dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] expand: %{User-Name} -> phone [files] users: Matched entry phone at line 22 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 195 to 10.143.115.14 port 1645 Tunnel-Private-Group-Id:0 := "654" Tunnel-Type:0 := VLAN Tunnel-Medium-Type:0 := IEEE-802 Tunnel-Preference:0 := 0 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee141de4780dd7ae7de26d1f2b1 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=196, length=241 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x0203005719800000004d16030100480100004403014ec6f75467c81b557c96485859ab07deda8b26b3eb64c905e5089b1e8849832e00001600040005000a0009006400620003000600130012006301000005ff01000100 Message-Authenticator = 0x364baf54393e4c206fa8256ba62a09d3 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee141de4780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 3 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 196 to 10.143.115.14 port 1645 EAP-Message = 0x0104040019c0000008a216030100310200002d03014ec6f6b8d064a7dcf2c6d3edbde5bedaf9645409fad98a7bdb7f7729e92e6819000004000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3130303931373031303330305a170d3131303931373031303330305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b85a58a49cb4856bd1243be4d759ae1c354418c8d704559c7573d3fb9b928988c81e47e419b9c22f80ab310c99ff225277b1dbe929e24c EAP-Message = 0xf5edfba341047b9d03a03565cf7dab4a17009dd4b1221eae0f73605fdf486e9e0d06a54003ed0e49d476374d76d760876b0c770c3eb283d8997b45efafa4786722db5d56fa30988b060f4094d561fbbf2f80a3a3b6009a613cdfd11421da4589a878bc526b2cba6bd4414a147f2c1e4558e18b2cd001c50986061fb69dfc050f8dfe5419e60e1000dce34fe2926f4b4fa2ee430ac730bd1ddda3a9cba1ce605416d25b0f04fa51fd81197cd3ff4db656c9da79d43120a8c457197733f10cf9bcac4aee1f427214326d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101005917 EAP-Message = 0xf26065134f4197aa94707114815e86d3682a379e36d0be9390f5f55156a97d7987ce54a51ea3d6df7a5c661e71918d9420416d00ebff8e9650c3b3e66df6ec58fff09c9fe169cdf3c33e61404ab03f333777bfc9e762b6329b683e3f192cb3effddec30d9de634fd899a79dcefd8f92865ce0e1020e62e1ecdbc785c790e9ed8167a2dc5a4ccacea9f7c1a85d005682b5bb73ef5ea88de9adc3b8a877f7a458c789a0fe6b142489f2d88458d424ef5e436c9d275250ab5684d1bac7e1bbb1f484983ca9b637cd3a312befae5288dec270340018f580a74f9e686f3e04d55325e429f1830ee02bd5369f581d94e6b20e75ee8f86b56d57f71fa8944f7d7 EAP-Message = 0xea0004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee142d94780dd7ae7de26d1f2b1 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=197, length=160 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020400061900 Message-Authenticator = 0x9ed8f1ba380d9badefd4780c0d45a83e NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee142d94780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 197 to 10.143.115.14 port 1645 EAP-Message = 0x010503fc1940a003020102020900bd6eb0b99814db81300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130303931373031303330305a170d3131303931373031303330305a308193310b3009060355040613024652310f300d0603550408130652616469757331 EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f0fdea5058fd4918a1e34c2cdbc0577d9411e8f24317120fcf13fbcd0ac843693a80abe62b31cd5f3a266dc722335a6ecb653b4b2a2bcc13957d8c8d897f839088cea6e318cb218eeee7d8c26ee4cf28ed420536787ca007b3980429570589cff2d7a328d0c9a7d2 EAP-Message = 0xafd9f2c949c0dd1629540b283ce3ca4b00fc972717b08755ad90b2b705b5750e9200c5a4bc936d67d87f0fffbc605f3fec65f86c6b12db48afe4e6af35711e4e642d41209324a6b77c213ee94383c2efb273886de904e3a1e5144f0b7e37f2b696a68668f3b85f03f0a20ecd0d260645e814e2bff941adc47c5a223eb4df159506e505b418ad4e0ba4f1cc0f5a872302ccbeae3a862d1f2b0203010001a381fb3081f8301d0603551d0e04160414bc7a337e6aac79a8fce6094d23ad7b55f539d5793081c80603551d230481c03081bd8014bc7a337e6aac79a8fce6094d23ad7b55f539d579a18199a48196308193310b300906035504061302465231 EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900bd6eb0b99814db81300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100a1931be9bbe3f6a0511a18a28d7d9533b3eb837e0a388fac2db154b35e8b1bf68e018bb178992388ad0c899aef7a7c0031cab57577cdd9d2a76c8c4b8834a643a27f2e9fa5b4ace27d4461 EAP-Message = 0x3c860332faa46102 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee143d84780dd7ae7de26d1f2b1 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=198, length=160 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020500061900 Message-Authenticator = 0xe24e6dbb56e00ea16f7a9bf205951718 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee143d84780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 198 to 10.143.115.14 port 1645 EAP-Message = 0x010600bc19003e8de000a2017e4f66a77db2e23d35b3f91f34180cc71994de17f4ae7dcba354f8867dbf9cfa15f67e6582d3878efb6a50dc808141731f55491debd8fe062796326a766f78b343f839f1e0f18e7e853ced15a27314a406ccab22cd137314adea03f1bc9087e1e4927042284fcf8f76886964a1a2484d5aac2a034edf6659beb1ae0b2b01606127175c5b42b0ac5826e03d00597a6713c123c12f5bcff79323fc793a855b8f3d4d7ded558274a116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee144db4780dd7ae7de26d1f2b1 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=199, length=476 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020601401980000001361603010106100001020100443da5618119fbcc13e0f68ebb022fd13265b6f3c58d4793459456cfc5fccc1f7759f0e07ead993a49af3d9dfb5319a21a34bac70bc90f2644761cec4fc82098fc24444247849c2a8d9b97053eac598091c352036281db15283dab20315807ecf727709433d3898364850abc354bfdc9f24add159d38d0908a261cd7851bc1bf541f82d33674355d5ea86bb67f67dd6f6d91fdc3f9f7255c3941aac1056b5da1f9c9a87bfacb993c4bc006064ae0e7cf95273c8756d8013ecaf62e4adf15319ca8f6f9c728fff44e5b62bd9ee954dcfbe5eed5b44f180ac34298f1d3e8b00151864b7613cd379a3a EAP-Message = 0x5a59f189b123d5d57d89ffafa6170976a6be713055939d921403010001011603010020b5c875b80aad7d79d321b0376edf7b0ec5b46e9d41f64145d6c2aa9a8d2c8e81 Message-Authenticator = 0x7f0c82093ecac0cd8b3d72a9e3a03906 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee144db4780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 199 to 10.143.115.14 port 1645 EAP-Message = 0x0107003119001403010001011603010020f0a16eff55e709cad0bad6d65604934c976c3e86de02a0312c023a2a38270908 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee145da4780dd7ae7de26d1f2b1 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=200, length=160 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020700061900 Message-Authenticator = 0xd607262d4fc1cffac89c4d2f89df85d3 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee145da4780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 200 to 10.143.115.14 port 1645 EAP-Message = 0x0108002019001703010015e8b57e30c7abcd6fa55a1e3764b79aa45a798d2b38 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee146d54780dd7ae7de26d1f2b1 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=201, length=187 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x0208002119001703010016e8fafe40c1af3845ba3656a615e2a86d82ee881ba07e Message-Authenticator = 0xdd1a9f7915c656e43a417cf668503bcc NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee146d54780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 8 length 33 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - phone [peap] Got tunneled request EAP-Message = 0x0208000a0170686f6e65 server { PEAP: Got tunneled identity of phone PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to phone Sending tunneled request EAP-Message = 0x0208000a0170686f6e65 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "phone" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "phone", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0109001f1a0109001a10847763a3e9ff79d1d6a2ff775a4343ed70686f6e65 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb392bfebb303154a856b78b464884b3 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0109001f1a0109001a10847763a3e9ff79d1d6a2ff775a4343ed70686f6e65 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbb392bfebb303154a856b78b464884b3 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 201 to 10.143.115.14 port 1645 EAP-Message = 0x010900361900170301002b9064b93734a90981b93ae3d9a544e10341287ba24f23fdaf412209508c1504ea133ff52076d20aae40e57e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee147d44780dd7ae7de26d1f2b1 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=202, length=241 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020900571900170301004c6d5e949b1ce564aa5703ad3fa8541ebfe1baf4386ff3e82628eab70bbc0dc21dfc3433a249b9ca65dee50357a3e0402db4bcd7cc8f6e5e183e3ec47f88c625d3b111e716ff95596040e45ea5 Message-Authenticator = 0xe82f65406ceac00bdc2187ff91e959bc NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee147d44780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 9 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900401a0209003b31524e45c9734d13f7f6be2345fcc5ae670000000000000000cda625d195f03c34552a9557e52e0b3fc02104c4cf0b8f720070686f6e65 server { PEAP: Setting User-Name to phone Sending tunneled request EAP-Message = 0x020900401a0209003b31524e45c9734d13f7f6be2345fcc5ae670000000000000000cda625d195f03c34552a9557e52e0b3fc02104c4cf0b8f720070686f6e65 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "phone" State = 0xbb392bfebb303154a856b78b464884b3 server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "phone", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone [files] expand: %{User-Name} -> phone ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for phone with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. expand: %{NAS-IP-Address} -> Login incorrect: [phone] (from client 10.143.115.0/24 port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 202 to 10.143.115.14 port 1645 EAP-Message = 0x010a00261900170301001b16b71dd85b122f372f80cb12c1208d045463fdb6ee7c4502e32203 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40dd5ee148d74780dd7ae7de26d1f2b1 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.143.115.14 port 1645, id=203, length=192 User-Name = "phone" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1D-E5-9C-29-03" Calling-Station-Id = "00-11-43-FE-80-19" EAP-Message = 0x020a00261900170301001bceaf2a51d45e97b55207b4d28bf351754259bfb660c62d92fa2c4c Message-Authenticator = 0xe14f1c0a01c3e4fce82eccee7c26111e NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "FastEthernet1/0/1" State = 0x40dd5ee148d74780dd7ae7de26d1f2b1 NAS-IP-Address = 10.143.115.14 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [Marriott] No '/' in User-Name = "phone", looking up realm NULL [Marriott] No such realm "NULL" ++[Marriott] returns noop [eap] EAP packet type response id 10 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. expand: %{NAS-IP-Address} -> 10.143.115.14 Login incorrect: [phone] (from client 10.143.115.0/24 port 50101 cli 00-11-43-FE-80-19) 10.143.115.14 Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> phone attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 10 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 10 Sending Access-Reject of id 203 to 10.143.115.14 port 1645 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. [root@jwmarriott_rndtestbed raddb]#