Hi,<div><br></div><div>I have managed to setup freeradius to authenticate against AD without any issues using ntlm_auth.</div><div><br></div><div>I would also like to allow users with <a href="mailto:username@example.com.au">username@example.com.au</a> to be able to login and authenticate against AD as well.</div>
<div><br></div><div>Currently I'm facing issues with it.</div><div><br></div><div>Example of error log:</div><div><br></div><div><div>Found Auth-Type = MSCHAP</div><div>+- entering group MS-CHAP {...}</div><div>[mschap] Told to do MS-CHAPv2 for <a href="mailto:user@example.com.au">user@example.com.au</a> with NT-Password</div>
<div>[mschap] expand: --username=%{mschap:User-Name} -> --username=<a href="mailto:user@example.com.au">user@example.com.au</a></div><div>[mschap] No NT-Domain was found in the User-Name.</div><div>[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=</div>
<div>[mschap] mschap2: 9e</div><div>[mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=a4ffc08d2167e1a1</div><div>[mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=3c208f5fdd84f5bb38f23d5b932e3bfc98d024c0d53a65a4</div>
</div><div><br></div><div>my AD is setup like this:</div><div><br></div><div><a href="http://example.com.au">example.com.au</a> -> top level</div><div><a href="http://staff.example.com.au">staff.example.com.au</a> -> sub branches with staff profile</div>
<div><a href="http://student.example.com.au">student.example.com.au</a> -> sub branches with student profile</div><div><br></div><div>Samba is binded to the top level <a href="http://example.com.au">example.com.au</a></div>
<div><br></div><div>normally sending the username as staff\user works fine via and if logged in on windows domain via Windows OS.</div><div><br></div><div>How can i allow for <a href="mailto:user@example.com.au">user@example.com.au</a> to also authenticate AD vi ntlm_auth or is it possible to strip the domain and append the domain\user.</div>
<div><br></div><div>I did go through all the documentation and mailinglist and wiki but could not get it running.</div><div><br></div><div>Would greatly appreciate someones help.</div><div><br></div><div><br></div><div>Thanks</div>
<div>Vikash:</div><div><br></div><div>here is the complete log:</div><div><div>FreeRADIUS Version 2.1.7, for host x86_64-redhat-linux-gnu, built on Mar 31 2010 at 00:14:28</div><div>Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. </div>
<div>There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A </div><div>PARTICULAR PURPOSE. </div><div>You may redistribute copies of FreeRADIUS under the terms of the </div><div>GNU General Public License v2. </div>
<div>Starting - reading configuration files ...</div><div>including configuration file /etc/raddb/radiusd.conf</div><div>including configuration file /etc/raddb/proxy.conf</div><div>including configuration file /etc/raddb/clients.conf</div>
<div>including files in directory /etc/raddb/modules/</div><div>including configuration file /etc/raddb/modules/<a href="http://detail.example.com">detail.example.com</a></div><div>including configuration file /etc/raddb/modules/smsotp</div>
<div>including configuration file /etc/raddb/modules/sradutmp</div><div>including configuration file /etc/raddb/modules/sqlcounter_expire_on_login</div><div>including configuration file /etc/raddb/modules/otp</div><div>including configuration file /etc/raddb/modules/realm</div>
<div>including configuration file /etc/raddb/modules/sql_log</div><div>including configuration file /etc/raddb/modules/logintime</div><div>including configuration file /etc/raddb/modules/inner-eap</div><div>including configuration file /etc/raddb/modules/checkval</div>
<div>including configuration file /etc/raddb/modules/linelog</div><div>including configuration file /etc/raddb/modules/pam</div><div>including configuration file /etc/raddb/modules/passwd</div><div>including configuration file /etc/raddb/modules/preprocess</div>
<div>including configuration file /etc/raddb/modules/attr_filter</div><div>including configuration file /etc/raddb/modules/unix</div><div>including configuration file /etc/raddb/modules/wimax</div><div>including configuration file /etc/raddb/modules/chap</div>
<div>including configuration file /etc/raddb/modules/files</div><div>including configuration file /etc/raddb/modules/ntlm_auth</div><div>including configuration file /etc/raddb/modules/mac2ip</div><div>including configuration file /etc/raddb/modules/echo</div>
<div>including configuration file /etc/raddb/modules/radutmp</div><div>including configuration file /etc/raddb/modules/always</div><div>including configuration file /etc/raddb/modules/etc_group</div><div>including configuration file /etc/raddb/modules/detail</div>
<div>including configuration file /etc/raddb/modules/attr_rewrite</div><div>including configuration file /etc/raddb/modules/exec</div><div>including configuration file /etc/raddb/modules/policy</div><div>including configuration file /etc/raddb/modules/pap</div>
<div>including configuration file /etc/raddb/modules/expr</div><div>including configuration file /etc/raddb/modules/acct_unique</div><div>including configuration file /etc/raddb/modules/ippool</div><div>including configuration file /etc/raddb/modules/perl</div>
<div>including configuration file /etc/raddb/modules/ldap</div><div>including configuration file /etc/raddb/modules/counter</div><div>including configuration file /etc/raddb/modules/digest</div><div>including configuration file /etc/raddb/modules/smbpasswd</div>
<div>including configuration file /etc/raddb/modules/detail.log</div><div>including configuration file /etc/raddb/modules/cui</div><div>including configuration file /etc/raddb/modules/mac2vlan</div><div>including configuration file /etc/raddb/modules/expiration</div>
<div>including configuration file /etc/raddb/modules/ORIG-ldap</div><div>including configuration file /etc/raddb/modules/mschap</div><div>including configuration file /etc/raddb/modules/OLD_mschap</div><div>including configuration file /etc/raddb/eap.conf</div>
<div>including configuration file /etc/raddb/policy.conf</div><div>including files in directory /etc/raddb/sites-enabled/</div><div>including configuration file /etc/raddb/sites-enabled/control-socket</div><div>including configuration file /etc/raddb/sites-enabled/inner-tunnel</div>
<div>including configuration file /etc/raddb/sites-enabled/default</div><div>group = radiusd</div><div>user = radiusd</div><div>including dictionary file /etc/raddb/dictionary</div><div>main {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>prefix = "/usr"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>localstatedir = "/var"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>logdir = "/var/log/radius"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>libdir = "/usr/lib64/freeradius"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>radacctdir = "/var/log/radius/radacct"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>hostname_lookups = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>max_request_time = 30</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>cleanup_delay = 5</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>max_requests = 1024</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>allow_core_dumps = no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>pidfile = "/var/run/radiusd/radiusd.pid"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>checkrad = "/usr/sbin/checkrad"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>debug_level = 0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_requests = yes</div><div> log {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>stripped_names = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>auth = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auth_badpass = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auth_goodpass = yes</div>
<div> }</div><div> security {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>max_attributes = 200</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>reject_delay = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>status_server = yes</div>
<div> }</div><div>}</div><div>radiusd: #### Loading Realms and Home Servers ####</div><div> proxy server {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>retry_delay = 5</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>retry_count = 3</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>default_fallback = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>dead_time = 120</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>wake_all_if_all_dead = no</div>
<div> }</div><div> home_server localhost {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ipaddr = 127.0.0.1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>port = 1812</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>type = "auth"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>secret = "testing123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>response_window = 20</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>max_outstanding = 65536</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>require_message_authenticator = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>zombie_period = 40</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>status_check = "status-server"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ping_interval = 30</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>check_interval = 30</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>num_answers_to_alive = 3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>num_pings_to_alive = 3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>revive_interval = 120</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>status_check_timeout = 4</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>irt = 2</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mrt = 16</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>mrc = 5</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>mrd = 30</div><div> }</div><div> home_server_pool my_auth_failover {</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>type = fail-over</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>home_server = localhost</div><div> }</div><div> realm <a href="http://example.com">example.com</a> {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>auth_pool = my_auth_failover</div><div> }</div><div> realm LOCAL {</div><div> }</div><div> realm <a href="http://example.com.au">example.com.au</a> {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>authhost = LOCAL</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>accthost = LOCAL</div><div> }</div><div>radiusd: #### Loading Clients ####</div>
<div> client localhost {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ipaddr = 127.0.0.1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>require_message_authenticator = no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>secret = "testing123"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>nastype = "other"</div><div> }</div><div> client xx.xx.xx.x {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>require_message_authenticator = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>secret = "xxxxxxxxx"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>shortname = "eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>nastype = "other"</div><div> }</div><div>radiusd: #### Instantiating modules ####</div><div> instantiate {</div><div> Module: Linked to module rlm_exec</div>
<div> Module: Instantiating exec</div><div> exec {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>wait = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>input_pairs = "request"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>shell_escape = yes</div><div> }</div><div> Module: Linked to module rlm_expr</div><div> Module: Instantiating expr</div><div> Module: Linked to module rlm_expiration</div>
<div> Module: Instantiating expiration</div><div> expiration {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>reply-message = "Password Has Expired "</div><div> }</div><div> Module: Linked to module rlm_logintime</div>
<div> Module: Instantiating logintime</div><div> logintime {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>reply-message = "You are calling outside your allowed timespan "</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>minimum-timeout = 60</div>
<div> }</div><div> }</div><div>radiusd: #### Loading Virtual Servers ####</div><div>server inner-tunnel {</div><div> modules {</div><div> Module: Checking authenticate {...} for more modules to load</div><div> Module: Linked to module rlm_pap</div>
<div> Module: Instantiating pap</div><div> pap {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>encryption_scheme = "auto"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>auto_header = no</div>
<div> }</div><div> Module: Instantiating ntlm_auth</div><div> exec ntlm_auth {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>wait = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>program = "/usr/bin/ntlm_auth --request-nt-key --domain=%{realm} --username=%{mschap:User-Name} --password=%{User-Password}"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>input_pairs = "request"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>shell_escape = yes</div><div> }</div><div> Module: Linked to module rlm_chap</div>
<div> Module: Instantiating chap</div><div> Module: Linked to module rlm_mschap</div><div> Module: Instantiating mschap</div><div> mschap {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>use_mppe = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>require_encryption = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>require_strong = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>with_ntdomain_hack = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"</div>
<div> }</div><div> Module: Linked to module rlm_eap</div><div> Module: Instantiating eap</div><div> eap {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>default_eap_type = "ttls"</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>timer_expire = 60</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ignore_unknown_eap_types = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>cisco_accounting_username_bug = no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>max_sessions = 2048</div><div> }</div><div> Module: Linked to sub-module rlm_eap_md5</div><div> Module: Instantiating eap-md5</div><div> Module: Linked to sub-module rlm_eap_leap</div>
<div> Module: Instantiating eap-leap</div><div> Module: Linked to sub-module rlm_eap_gtc</div><div> Module: Instantiating eap-gtc</div><div> gtc {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>challenge = "Password: "</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>auth_type = "PAP"</div><div> }</div><div> Module: Linked to sub-module rlm_eap_tls</div><div> Module: Instantiating eap-tls</div><div> tls {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>rsa_key_exchange = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>dh_key_exchange = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>rsa_key_length = 512</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>dh_key_length = 512</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>verify_depth = 0</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>pem_file_type = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>private_key_file = "/etc/raddb/certs/server.pem"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>certificate_file = "/etc/raddb/certs/server.pem"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>CA_file = "/etc/raddb/certs/ca.pem"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>private_key_password = "whatever"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>dh_file = "/etc/raddb/certs/dh"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>random_file = "/dev/urandom"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>fragment_size = 1024</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>include_length = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>check_crl = no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>cipher_list = "DEFAULT"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>make_cert_command = "/etc/raddb/certs/bootstrap"</div>
<div> cache {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>enable = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>lifetime = 24</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>max_entries = 255</div>
<div> }</div><div> }</div><div> Module: Linked to sub-module rlm_eap_ttls</div><div> Module: Instantiating eap-ttls</div><div> ttls {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>default_eap_type = "mschapv2"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>copy_request_to_tunnel = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>use_tunneled_reply = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>virtual_server = "inner-tunnel"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>include_length = yes</div><div> }</div><div> Module: Linked to sub-module rlm_eap_peap</div><div> Module: Instantiating eap-peap</div><div> peap {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>default_eap_type = "mschapv2"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>copy_request_to_tunnel = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>use_tunneled_reply = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>proxy_tunneled_request_as_eap = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>virtual_server = "inner-tunnel"</div><div>
}</div><div> Module: Linked to sub-module rlm_eap_mschapv2</div><div> Module: Instantiating eap-mschapv2</div><div> mschapv2 {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>with_ntdomain_hack = no</div>
<div> }</div><div> Module: Checking authorize {...} for more modules to load</div><div> Module: Linked to module rlm_realm</div><div> Module: Instantiating suffix</div><div> realm suffix {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>format = "suffix"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>delimiter = "@"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ignore_default = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ignore_null = yes</div>
<div> }</div><div> Module: Checking session {...} for more modules to load</div><div> Module: Linked to module rlm_radutmp</div><div> Module: Instantiating radutmp</div><div> radutmp {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>filename = "/var/log/radius/radutmp"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>username = "%{User-Name}"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>case_sensitive = yes</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>check_with_nas = yes</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>perm = 384</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>callerid = yes</div><div> }</div><div> Module: Checking post-proxy {...} for more modules to load</div>
<div> Module: Checking post-auth {...} for more modules to load</div><div> Module: Linked to module rlm_attr_filter</div><div> Module: Instantiating attr_filter.access_reject</div><div> attr_filter attr_filter.access_reject {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>attrsfile = "/etc/raddb/attrs.access_reject"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>key = "%{User-Name}"</div>
<div> }</div><div> } # modules</div><div>} # server</div><div>server {</div><div> modules {</div><div> Module: Checking authenticate {...} for more modules to load</div><div> Module: Checking authorize {...} for more modules to load</div>
<div> Module: Linked to module rlm_preprocess</div><div> Module: Instantiating preprocess</div><div> preprocess {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>huntgroups = "/etc/raddb/huntgroups"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>hints = "/etc/raddb/hints"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>with_ascend_hack = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ascend_channels_per_line = 23</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>with_ntdomain_hack = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>with_specialix_jetstream_hack = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>with_cisco_vsa_hack = no</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>with_alvarion_vsa_hack = no</div><div> }</div><div> Module: Checking preacct {...} for more modules to load</div><div> Module: Linked to module rlm_acct_unique</div>
<div> Module: Instantiating acct_unique</div><div> acct_unique {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"</div>
<div> }</div><div> Module: Linked to module rlm_files</div><div> Module: Instantiating files</div><div> files {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>usersfile = "/etc/raddb/users"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>acctusersfile = "/etc/raddb/acct_users"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>preproxy_usersfile = "/etc/raddb/preproxy_users"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>compat = "no"</div><div> }</div><div> Module: Checking accounting {...} for more modules to load</div><div> Module: Linked to module rlm_detail</div>
<div> Module: Instantiating detail</div><div> detail {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>header = "%t"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>detailperm = 384</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>dirperm = 493</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>locking = no</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>log_packet_header = no</div><div> }</div><div> Module: Linked to module rlm_unix</div>
<div> Module: Instantiating unix</div><div> unix {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>radwtmp = "/var/log/radius/radwtmp"</div><div> }</div><div> Module: Instantiating attr_filter.accounting_response</div>
<div> attr_filter attr_filter.accounting_response {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>attrsfile = "/etc/raddb/attrs.accounting_response"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>key = "%{User-Name}"</div>
<div> }</div><div> Module: Checking session {...} for more modules to load</div><div> Module: Checking post-proxy {...} for more modules to load</div><div> Module: Checking post-auth {...} for more modules to load</div><div>
} # modules</div><div>} # server</div><div>radiusd: #### Opening IP addresses and Ports ####</div><div>listen {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>type = "auth"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ipaddr = *</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>port = 0</div><div>}</div><div>listen {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>type = "acct"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>ipaddr = *</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>port = 0</div><div>}</div><div>listen {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>type = "control"</div><div> listen {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>socket = "/var/run/radiusd/radiusd.sock"</div><div> }</div><div>}</div><div>Listening on authentication address * port 1812</div><div>Listening on accounting address * port 1813</div>
<div>Listening on command file /var/run/radiusd/radiusd.sock</div><div>Listening on proxy address * port 1814</div><div>Ready to process requests.</div><div>rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=178, length=259</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div><div>
<span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0201001901756c64617074657374406163752e6564752e6175</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xa6b74ce27715f3c6314f30ce435d689f</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 1 length 25</div><div>[eap] No EAP Start, assuming it's an on-going EAP conversation</div>
<div>++[eap] returns updated</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.</div>
<div>++[pap] returns noop</div><div>++? if (!control:Auth-Type)</div><div>? Evaluating !(control:Auth-Type) -> FALSE</div><div>++? if (!control:Auth-Type) -> FALSE</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div>
<div>[eap] EAP Identity</div><div>[eap] processing type tls</div><div>[tls] Initiate</div><div>[tls] Start returned 1</div><div>++[eap] returns handled</div><div>Sending Access-Challenge of id 178 to 10.38.0.3 port 32769</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010200061520</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13255d9ea7b896c4c3b04c6f97</div><div>Finished request 0.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>
rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=179, length=404</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0202009815800000008e16030100890100008503014eea692751ed1acdf3e116c9c0875f917e2ff6fb38ff3a9c355b5e337125011700004a00ffc024c023c00ac009c007c008c028c027c014c013c011c012c026c025c02ac029c004c005c002c003c00ec00fc00cc00d003d003c002f000500040035000a0067006b00330039001601000012000a00080006001700180019000b00020100</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13255d9ea7b896c4c3b04c6f97</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xc8ca528a26e8648e1aa38c1c6f22a0ad</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 2 length 152</div><div>[eap] Continuing tunnel setup.</div>
<div>++[eap] returns ok</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/ttls</div><div>[eap] processing type ttls</div>
<div>[ttls] Authenticate</div><div>[ttls] processing EAP-TLS</div><div> TLS Length 142</div><div>[ttls] Length Included</div><div>[ttls] eaptls_verify returned 11 </div><div>[ttls] (other): before/accept initialization </div>
<div>[ttls] TLS_accept: before/accept initialization </div><div>[ttls] <<< TLS 1.0 Handshake [length 0089], ClientHello </div><div>[ttls] TLS_accept: SSLv3 read client hello A </div><div>[ttls] >>> TLS 1.0 Handshake [length 0031], ServerHello </div>
<div>[ttls] TLS_accept: SSLv3 write server hello A </div><div>[ttls] >>> TLS 1.0 Handshake [length 085e], Certificate </div><div>[ttls] TLS_accept: SSLv3 write certificate A </div><div>[ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone </div>
<div>[ttls] TLS_accept: SSLv3 write server done A </div><div>[ttls] TLS_accept: SSLv3 flush data </div><div>[ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A</div><div>In SSL Handshake Phase </div>
<div>In SSL Accept mode </div><div>[ttls] eaptls_process returned 13 </div><div>++[eap] returns handled</div><div>Sending Access-Challenge of id 179 to 10.38.0.3 port 32769</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0103040015c0000008a216030100310200002d03014eea692667acccd592e9309a5faf894898300061d01624253fdef50f6653aae200002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x74686f72697479301e170d3131313231333232313734335a170d3132313231323232313734335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100cfaf7a058431841af986f84a83a6e673588926ad79a0dc4f630c715ce96960ef1af4035780e923173ebdba24f8ea251743b18594812b4b</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x5369e973914dc50bf34df150e89c1bfb5dfec4f4617f6742d314720d609e517df7b2fea7bc96846799a226ce2c6f82df891bbb21b66c442fff03fc6f0f48014dc87f5a8425687abc8c1df0f80dadbb186ca7de4404c8afb5d5557bcc4085c57a6f010cb6ee7bb881f861e1c3ae008718b06b5650dccba392b9246d9518882e000cd0faa51966eecd626d139f592761bb19650880a0155bbe60a6d0f96db2c442500396a4dc010fdccdf0672b26c058af42cd1a1eb06018f9e0de40d92f213a0456d1419e0735a274f10203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100aa8c</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x4b7401fcb2014b7866e9cacd1aa6d41d2dc309245b37a14ef930eda5bd254a378af0645c4b093f67373023562708492d000d4a8e726549e4df4bb207d23f648d97b10bf9194a73cc60a72958f7b9c3af24ac839b182ae6c9f3af8ace9e5b90a63190f6159de91d2d0314d87c8f14c33d2d484162000f130e512b57aac1d87855c1d8f00cbf3667ced34398d76f87bdc47d26a0402947e709e2bb870fb6987feff928160eb7f6d2960281680ca8a962ce77e7d445b1126523ac65113778149699af0bb9102597dceebbbb7837c6486165854f75ae3d9df3a495ca5ecc9ab6cd95c1bef4d8fe17b23b076b9c0647464c763f770d1b1d8a56791f2e1362de</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010004ab308204a73082038f</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13245c9ea7b896c4c3b04c6f97</div><div>Finished request 1.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>
rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=180, length=258</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x020300061500</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13245c9ea7b896c4c3b04c6f97</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xddac83b5c84460996555e7b43e235788</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 3 length 6</div><div>[eap] Continuing tunnel setup.</div>
<div>++[eap] returns ok</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/ttls</div><div>[eap] processing type ttls</div>
<div>[ttls] Authenticate</div><div>[ttls] processing EAP-TLS</div><div>[ttls] Received TLS ACK</div><div>[ttls] ACK handshake fragment handler</div><div>[ttls] eaptls_verify returned 1 </div><div>[ttls] eaptls_process returned 13 </div>
<div>++[eap] returns handled</div><div>Sending Access-Challenge of id 180 to 10.38.0.3 port 32769</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0104040015c0000008a2a00302010202090081954b05fc420019300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3131313231333232313734335a170d3132313231323232313734335a308193310b3009060355040613024652310f300d06035504081306526164</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x6975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cc940f2715240f984bef0113058fb77c9c9dd5f325f8f14cc112fe8f0b367fb7e7005e20a86a0e37582884d6aeb2fdf7407bd049914a2fec7b3380698e2bddf2f3fb18418b8bd9a2601abebf02b7aa9e333bbc1802a323b213613fb99fdfe4e278bcd08a</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0xbd2e65104fe99747c4446fc48bba500d8c7ede55fc5eaaa96c081a4114e76c53a378da060a61bbcdc8c71594bd26a6d373eb0de9c866af04b216ceffc93cc0e1b492b6ce447960a7b9f7488cea39d1df6771e8ed963853b12bf886b4337c40d934e259ea98bb71cbb9c3fcf6fb5fe86c0a7b25298b54d62350a2a8b740c431b7e221032cdf3f309dc628e076ba2d531292a021cd5673f009bc4b2ebd0203010001a381fb3081f8301d0603551d0e04160414ae4906d1a02877e55de58a7df11f79583bd463a33081c80603551d230481c03081bd8014ae4906d1a02877e55de58a7df11f79583bd463a3a18199a48196308193310b3009060355040613</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090081954b05fc420019300c0603551d13040530030101ff300d06092a864886f70d010105050003820101007a6c684dd06db01bdbd75cae83074bda777c20e8be9a1be1bd56bd2b3d8c950803c003b37fc7554cb10a1122dbead4a23ba9ff6bdbeea1afef17b5a8e565a1d855277c2baebb94</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x1f57f0f52a672be403901059</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13275b9ea7b896c4c3b04c6f97</div><div>Finished request 2.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>
rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=181, length=258</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x020400061500</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13275b9ea7b896c4c3b04c6f97</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xfc99a254f9326c2e5935b07dd2be7e6c</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 4 length 6</div><div>[eap] Continuing tunnel setup.</div>
<div>++[eap] returns ok</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/ttls</div><div>[eap] processing type ttls</div>
<div>[ttls] Authenticate</div><div>[ttls] processing EAP-TLS</div><div>[ttls] Received TLS ACK</div><div>[ttls] ACK handshake fragment handler</div><div>[ttls] eaptls_verify returned 1 </div><div>[ttls] eaptls_process returned 13 </div>
<div>++[eap] returns handled</div><div>Sending Access-Challenge of id 181 to 10.38.0.3 port 32769</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x010500c01580000008a2f93ffa21693b555e0ae5383ec5b742022c77860ffe184ee9a72c4b2e2ee19fc6999842d4fa3aa95f0701342b79e8ba09b404f50be7380f7355f11a2996a99fd0dfa756aa053fcbbc0584de34623f24affe35f9ce6ce1bb9c6324191ea71d5c0ae6886fd376847ce845e7e690c438d55e00f86ade7da9f69572f13e1bece372ddc945061caaca04e5d934db3b7304ea3236a3523c54ee4858a4020dfc66da3f0966bdffd05310a63706d02e2d8616030100040e000000</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13265a9ea7b896c4c3b04c6f97</div>
<div>Finished request 3.</div><div>Going to the next request</div><div>Waking up in 4.9 seconds.</div><div>rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=182, length=590</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0205015015800000014616030101061000010201005eb0e7366af459216883bcfe66c782c2cadb93471f57894edd91701438fa5ef036269d8bc464da118bfe77f46b3ea25b8b082793b94e85e4c234cf0621f144fb785c1c691f2f55ceca405237cee5cb24e65c39694704bf16322243bfb8b6abd72a8f5c2e38de6d8d9336d0be223614f1536896c0c33e896099c10997b253b5999a8288649b1962aea6d4d02a25aaaceb9b9494fe7fc67647911b4330ec9f990d3ea555b9b79555e8b3d65d7e12bd73798a8283fcc7d954e8ae88d225cc0e44b9192ce06c9a9fb7ed89e16ae4f8d12fe4f1f8de0b5e60cf09c82455e58e301107dfa5c6b70ff22cd8</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0xfc36bb4e4d9d45b2e78903cdfd098985d2e83430cd67fb941403010001011603010030be9deb372366b2a588d43e9845b2964b1a3fd1fea139f310addbc39c768cf77eba9b10ad9d403319e6a8d2721b50b94d</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b13265a9ea7b896c4c3b04c6f97</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xb5a83699ac11acbfbe8ad5c6a4c85065</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 5 length 253</div><div>[eap] Continuing tunnel setup.</div>
<div>++[eap] returns ok</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/ttls</div><div>[eap] processing type ttls</div>
<div>[ttls] Authenticate</div><div>[ttls] processing EAP-TLS</div><div> TLS Length 326</div><div>[ttls] Length Included</div><div>[ttls] eaptls_verify returned 11 </div><div>[ttls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange </div>
<div>[ttls] TLS_accept: SSLv3 read client key exchange A </div><div>[ttls] <<< TLS 1.0 ChangeCipherSpec [length 0001] </div><div>[ttls] <<< TLS 1.0 Handshake [length 0010], Finished </div><div>[ttls] TLS_accept: SSLv3 read finished A </div>
<div>[ttls] >>> TLS 1.0 ChangeCipherSpec [length 0001] </div><div>[ttls] TLS_accept: SSLv3 write change cipher spec A </div><div>[ttls] >>> TLS 1.0 Handshake [length 0010], Finished </div><div>[ttls] TLS_accept: SSLv3 write finished A </div>
<div>[ttls] TLS_accept: SSLv3 flush data </div><div>[ttls] (other): SSL negotiation finished successfully </div><div>SSL Connection Established </div><div>[ttls] eaptls_process returned 13 </div><div>++[eap] returns handled</div>
<div>Sending Access-Challenge of id 182 to 10.38.0.3 port 32769</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0106004515800000003b14030100010116030100307dd7611e8f7882f4503eb58c834cbc158b60f906df5f1a34f29ec7b5eca23d080918129b5c2b822f2f6090433486eac2</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b1321599ea7b896c4c3b04c6f97</div>
<div>Finished request 4.</div><div>Going to the next request</div><div>Waking up in 4.8 seconds.</div><div>rad_recv: Access-Request packet from host 10.38.0.3 port 32769, id=183, length=411</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x0206009f158000000095170301009019a583666c2057ca5e6f9adb0f78e8264ff1e75fd11f0dde18ebfebec8ac135505ea649eb64ca0584b490f034e83136fce991af2f542bc71a1271674a60630161d2d863641c42c8f0cb1efe46733b7618119f2cd5dfbbadc2ed5ee55980bff1646c1e8be19117b9d0859b010fe4467daae591b3db2d824670889726294a4e6544a8c92176d21754fbc3a8c62c700097a</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>State = 0x255f8b1321599ea7b896c4c3b04c6f97</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0xe625583ae40d6922617196d1c2b56a0c</div>
<div>+- entering group authorize {...}</div><div>++[preprocess] returns ok</div><div>++[chap] returns noop</div><div>++[mschap] returns noop</div><div>[eap] EAP packet type response id 6 length 159</div><div>[eap] Continuing tunnel setup.</div>
<div>++[eap] returns ok</div><div>Found Auth-Type = EAP</div><div>+- entering group authenticate {...}</div><div>[eap] Request found, released from the list</div><div>[eap] EAP/ttls</div><div>[eap] processing type ttls</div>
<div>[ttls] Authenticate</div><div>[ttls] processing EAP-TLS</div><div> TLS Length 149</div><div>[ttls] Length Included</div><div>[ttls] eaptls_verify returned 11 </div><div>[ttls] eaptls_process returned 7 </div><div>[ttls] Session established. Proceeding to decode tunneled attributes.</div>
<div>[ttls] Got tunneled request</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>MS-CHAP-Challenge = 0x6ff7b6dd4a5155fa5d41b7b76dd50084</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>MS-CHAP2-Response = 0xda005b945c000516c50eaa0ae012e61fafcc0000000000000000ae2f8133e1b834293ee0a3c6bfe522d7928cf57b97ef589d</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>FreeRADIUS-Proxied-To = 127.0.0.1</div>
<div>[ttls] Sending tunneled request</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>MS-CHAP-Challenge = 0x6ff7b6dd4a5155fa5d41b7b76dd50084</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>MS-CHAP2-Response = 0xda005b945c000516c50eaa0ae012e61fafcc0000000000000000ae2f8133e1b834293ee0a3c6bfe522d7928cf57b97ef589d</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>FreeRADIUS-Proxied-To = 127.0.0.1</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Calling-Station-Id = "d0-23-db-e8-b6-01"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Called-Station-Id = "e8-ba-70-9c-a3-d0:eduraom-test"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port = 1</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Cisco-AVPair = "audit-session-id=0a2600030000afdc4eea6929"</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-IP-Address = 10.38.0.3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Identifier = "MAKWLC5508-1"</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Airespace-Wlan-Id = 4</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Service-Type = Framed-User</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Framed-MTU = 1300</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>NAS-Port-Type = Wireless-802.11</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Type:0 = VLAN</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Medium-Type:0 = IEEE-802</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Tunnel-Private-Group-Id:0 = "19"</div>
<div>server inner-tunnel {</div><div>+- entering group authorize {...}</div><div>++[chap] returns noop</div><div>[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'</div><div>++[mschap] returns ok</div>
<div>[suffix] Looking up realm "<a href="http://example.com.au">example.com.au</a>" for User-Name = "<a href="mailto:user@example.com.au">user@example.com.au</a>"</div><div>[suffix] Found realm "<a href="http://example.com.au">example.com.au</a>"</div>
<div>[suffix] Adding Stripped-User-Name = "user"</div><div>[suffix] Adding Realm = "<a href="http://example.com.au">example.com.au</a>"</div><div>[suffix] Authentication realm is LOCAL.</div><div>++[suffix] returns ok</div>
<div>++[control] returns ok</div><div>[eap] No EAP-Message, not doing EAP</div><div>++[eap] returns noop</div><div>++[expiration] returns noop</div><div>++[logintime] returns noop</div><div>++[pap] returns noop</div><div>
++? if (!control:Auth-Type)</div><div>? Evaluating !(control:Auth-Type) -> FALSE</div><div>++? if (!control:Auth-Type) -> FALSE</div><div>Found Auth-Type = MSCHAP</div><div>+- entering group MS-CHAP {...}</div><div>
[mschap] Told to do MS-CHAPv2 for <a href="mailto:user@example.com.au">user@example.com.au</a> with NT-Password</div><div>[mschap] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: --username=%{mschap:User-Name} -> --username=<a href="mailto:user@example.com.au">user@example.com.au</a></div>
<div>[mschap] No NT-Domain was found in the User-Name.</div><div>[mschap] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: --domain=%{mschap:NT-Domain} -> --domain=</div><div>[mschap] mschap2: 6f</div>
<div>[mschap] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: --challenge=%{mschap:Challenge:-00} -> --challenge=d1b8a20829fffe33</div><div>[mschap] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=ae2f8133e1b834293ee0a3c6bfe522d7928cf57b97ef589d</div>
<div>Exec-Program output: No such user (0xc0000064) </div><div>Exec-Program-Wait: plaintext: No such user (0xc0000064) </div><div>Exec-Program: returned: 1</div><div>[mschap] External script failed.</div><div>[mschap] FAILED: MS-CHAP2-Response is incorrect</div>
<div>++[mschap] returns reject</div><div>Failed to authenticate the user.</div><div>Login incorrect: [user/<via Auth-Type = mschap>] (from client eduraom-test port 1 cli d0-23-db-e8-b6-01 via TLS tunnel)</div><div>} # server inner-tunnel</div>
<div>[ttls] Got tunneled reply code 3</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>MS-CHAP-Error = "\332E=691 R=1"</div><div>[ttls] Got tunneled Access-Reject</div><div>[eap] Handler failed in EAP/ttls</div>
<div>[eap] Failed in EAP select</div><div>++[eap] returns invalid</div><div>Failed to authenticate the user.</div><div>Login incorrect: [<a href="http://user@example.com.au/">user@example.com.au/</a><via Auth-Type = EAP>] (from client eduraom-test port 1 cli d0-23-db-e8-b6-01)</div>
<div>Using Post-Auth-Type Reject</div><div>+- entering group REJECT {...}</div><div>[attr_filter.access_reject] <span class="Apple-tab-span" style="white-space:pre"> </span>expand: %{User-Name} -> <a href="mailto:user@example.com.au">user@example.com.au</a></div>
<div> attr_filter: Matched entry DEFAULT at line 11</div><div>++[attr_filter.access_reject] returns updated</div><div>Delaying reject of request 5 for 1 seconds</div><div>Going to the next request</div><div>Waking up in 0.9 seconds.</div>
<div>Sending delayed reject for request 5</div><div>Sending Access-Reject of id 183 to 10.38.0.3 port 32769</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>EAP-Message = 0x04060004</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Message-Authenticator = 0x00000000000000000000000000000000</div>
<div>Waking up in 3.8 seconds.</div><div>Cleaning up request 0 ID 178 with timestamp +21</div><div>Cleaning up request 1 ID 179 with timestamp +21</div><div>Cleaning up request 2 ID 180 with timestamp +21</div><div>Cleaning up request 3 ID 181 with timestamp +21</div>
<div>Cleaning up request 4 ID 182 with timestamp +21</div><div>Waking up in 1.0 seconds.</div></div><div><br></div>