<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style>
<!--
@font-face
{font-family:Calibri}
@font-face
{font-family:Tahoma}
@font-face
{font-family:Inconsolata}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif"}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif"}
span.EmailStyle17
{font-family:"Calibri","sans-serif";
color:windowtext}
span.BalloonTextChar
{font-family:"Tahoma","sans-serif"}
p.msochpdefault, li.msochpdefault, div.msochpdefault
{margin-right:0cm;
margin-left:0cm;
font-size:12.0pt;
font-family:"Calibri","sans-serif"}
span.emailstyle170
{font-family:"Calibri","sans-serif";
color:windowtext}
span.EmailStyle22
{font-family:"Calibri","sans-serif";
color:#1F497D}
span.EmailStyle23
{font-family:"Calibri","sans-serif";
color:#1F497D}
span.EmailStyle24
{font-family:"Calibri","sans-serif";
color:#1F497D}
.MsoChpDefault
{font-family:"Calibri","sans-serif"}
@page WordSection1
{margin:72.0pt 72.0pt 72.0pt 72.0pt}
div.WordSection1
{}
-->
</style>
</head>
<body lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#1F497D">My freeradius server seems to be falling back to local authentication rather than piping it out to our ADS server. If I create a local user on the radius box authentication is successful. Can anyone please
help with this? All relevant info I can think of is below.</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">Samba connection works fine, I’ve joined the linux box (red hat 6.2) to the domain.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Kinit connection runs fine.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Edited Testparm results are:</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Load smb config files from /etc/samba/smb.conf</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Loaded services file OK.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Server role: ROLE_DOMAIN_MEMBER</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Press enter to see a dump of your service definitions</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">[global]</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> workgroup = workgroup</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> realm = INTERNAL.DOMAIN.CO.UK</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> server string = server01</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> interfaces = 10.1.3.9/24</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> security = ADS</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> client NTLMv2 auth = Yes</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> log level = 1 winbind:5 auth:3</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> load printers = No</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> idmap uid = 10000-45000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> idmap gid = 10000-45000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> winbind use default domain = Yes</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> cups options = raw</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">net ads lookup dcs shows a domain controller</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:Inconsolata">chgrp radiusd /var/lib/samba/winbindd_privileged/ has been run</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:Inconsolata">ntlm_auth –username give result: NT_STATUS_OK: Success (0x0)</span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:Inconsolata"> </span></p>
<p class="MsoNormal"><span style="font-size:10.0pt; font-family:Inconsolata">cropped debug output:</span><span style="color:#1F497D"></span></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span></p>
<p class="MsoNormal"><span style="color:#1F497D">Ready to process requests.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=50, length=152</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0200000c01736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 0 length 12</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] No EAP Start, assuming it's an on-going EAP conversation</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns updated</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[files] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[expiration] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[logintime] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Calling-Station-Id = 00-24-54-42-86-04</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Called-Station-Id = 00-16-47-F7-32-41</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Cisco-NAS-Port = FastEthernet0/1</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Message-Authenticator = 0xa49f7bb9beab7a89b485841f3a600993</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair User-Name = sm18818</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair EAP-Message = 0x0200000c01736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair EAP-Type = Identity</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_perl: Added pair Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[packetfence] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP Identity</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type tls</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[tls] Initiate</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[tls] Start returned 1</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 50 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x010100061920</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17c7ddd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 0.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.9 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=51, length=263</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17c7ddd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0201006919800000005f160301005a0100005603014f9017be440f4cbc99f67ffe587f648545f74cc832daa9e43857f7ce7ac48e42000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0xaae583362e9a580324ffe1459a30e524</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 1 length 105</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> TLS Length 95</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Length Included</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 11
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] (other): before/accept initialization</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: before/accept initialization</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 read client hello A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 write server hello A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] >>> TLS 1.0 Handshake [length 0419], Certificate
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 write certificate A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 write server done A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 flush data</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">In SSL Handshake Phase </span></p>
<p class="MsoNormal"><span style="color:#1F497D">In SSL Accept mode </span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 13
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_HANDLED</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 51 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0102040019c00000045d16030100310200002d03014f90179057e896056f57af82c6f54e60041737802441091408cb5086b96cb93500002f000005ff0100010016030104190b00041500041200040f3082040b308202f3a0030201020209008457e87e4346de7f300d06092a864886f70d010105050030819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e20536572766963</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x65733113301106035504030c0a68616c6c736e61633031301e170d3132303431363138303930385a170d3133303431363138303930385a30819b310b30090603550406130247423110300e06035504080c07436172646966663110300e06035504070c074361726469666631283026060355040a0c1f43617264696666204d6574726f706f6c6974616e20556e697665727369747931293027060355040b0c204c69627261727920616e6420496e666f726d6174696f6e2053657276696365733113301106035504030c0a68616c6c736e6163303130820122300d06092a864886f70d01010105000382010f003082010a0282010100be9c9265f0fd69</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x36b44a273f0b3bf8aafa36904d3dec8d392bc1bc9d52c73cd83c34fc418e4ae116847ed462411d54e7f78d586e53c05e5a59a08327cdafdebd2d06fe22a08ffabab004fefdde1b2b005a2d17c114b5b262122f8ff5d3ae89b2b3debd83a134a3c504f57c0e46cdc201d51b343a8243167b95478d92c2b2289e6516219bda5daf1b64d2599512f41a35cc1cb749cecc637e905880e7794ae637e1f52bc9d62e8a73444ffe0e164888574d9afdb7ab3ee30c09296a6d299337796d36644d00f6a5725ff2e05381d12ba1fdd37075cd56a6b7e13e51d671aaa3aacf6f0cbf7f0f90e75e22369e426c2a530ab0abb6162582d6b3ec4adeb354e53102030100</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x01a350304e301d0603551d0e041604146cb125f0ea10521b328b7ae014a2680c058ca7bc301f0603551d230418301680146cb125f0ea10521b328b7ae014a2680c058ca7bc300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010084c2453f7ee7c9659c6278e51bdcda9489b9df1721271447e78c69ea94edf9a1c90a83fd14af61ced01dfe7a931363afcd4bf2ad4c563bd5200454356c3973f8233f6ebc5a8e8fec1cdfc7a46b317ec65a5b105c644b81d435480a8386267d9975db81f918a400fe1fea57f82219834c44288970bf3b5ff40ce9089dc99e432d706e765e204fab9cbc7a6dfa88c793788441371df26d</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x1966ce6ceb1e56b79c80e9ab</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17d7edd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 1.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.9 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=52, length=164</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17d7edd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x020200061900</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x7e4e96be86285da30bea39583ab60700</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 2 length 6</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Received TLS ACK</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] ACK handshake fragment handler</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 1 </span>
</p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 13
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_HANDLED</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 52 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0103006d1900ae27f7c48f8dcf1d47327fc08f9f1a9a004fd376c1a4c491331b2e554c6458a40bebde6444da9b525372d9c44920937aa26393222d460bc64bd1d007021531016d5d96796972e15d25eced794837a6d77d98a5d1b7b3c128d3c895de9e9e16030100040e000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17e7fdd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 2.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.9 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=53, length=496</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17e7fdd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0203015019800000014616030101061000010201004c7788a8a2f60c69bf9dd1c9a0a777de1a7b45ffc7efaded554f9ae7daa57bed28006e3af36fb6e48e325bba393c7ed30f62ee242f8bca8584f3982bf43879642f227025425044a0061a487781d4243d9b731719172f21056fba514a7ffe85becb7d4870d2d7b00940113a9a4a47bdbc087223f615f6643f9fee1c07f4c7b8ce849b605cf2d6e945295161f02014a91b90c95ae5419079252793bf3e1578e9d4a9891a73554201221bccfcbbecf2b658344db323b32aed8c7a74057abc15d8aa5edb9c3dd6cfd20de84639ebaa5bb1e78bfbf02d19cd2ca596e0a72bf4612f9a58c681473dbee4f5</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0xd6d80708035534d6f9a4a296d5f67a220426e485c4796430140301000101160301003086ff2b333a990ad6876caba4e9b6f806f8a437681f6db738596d4c80963e7941f7016f3bf845cd94fb15f5f5c5fe452f</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x21930395cd5e71160ca4bf8c1125df8e</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 3 length 253</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> TLS Length 326</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Length Included</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 11
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 read client key exchange A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] <<< TLS 1.0 Handshake [length 0010], Finished
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 read finished A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 write change cipher spec A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] >>> TLS 1.0 Handshake [length 0010], Finished
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 write finished A</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] TLS_accept: SSLv3 flush data</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] (other): SSL negotiation finished successfully</span></p>
<p class="MsoNormal"><span style="color:#1F497D">SSL Connection Established </span>
</p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 13
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_HANDLED</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 53 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x01040041190014030100010116030100301a7416c5a68d27374ed4739350a51eae93d8baede52b057347c665cabff9410f7dab4d72795b54891b15e6ed2dd0d780</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17f78dd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 3.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.9 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=54, length=164</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17f78dd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x020400061900</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x7f354427c0059d1a5fc0a89e7fac88f1</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 4 length 6</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Received TLS ACK</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] ACK handshake is finished</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 3 </span>
</p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 3
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_SUCCESS</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Session established. Decoding tunneled attributes.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Peap state TUNNEL ESTABLISHED</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 54 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0105002b190017030100207698c92d6973a15e192ae19cecef7a29e6ccd5f32f64f713e4f5497216d6f371</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17879dd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 4.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.8 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=55, length=201</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17879dd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0205002b1900170301002095f189b1ea8c30d31387e9a79add21fc2b07b4e7e86205b38772a041b99a6b00</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x3fa49fa72ae68063e5edc7c76c1a23c5</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 5 length 43</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 7 </span>
</p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Done initial handshake</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 7
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_OK</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Session established. Decoding tunneled attributes.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Peap state WAITING FOR INNER IDENTITY</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Identity - sm18818</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got inner identity 'sm18818'</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Setting default EAP type for tunneled EAP session.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled request</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0205000c01736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Setting User-Name to sm18818</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending tunneled request</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0205000c01736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> FreeRADIUS-Proxied-To = 127.0.0.1</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence-tunnel {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 5 length 12</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] No EAP Start, assuming it's an on-going EAP conversation</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns updated</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[files] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[expiration] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[logintime] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP Identity</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type mschapv2</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rlm_eap_mschapv2: Issuing Challenge</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled reply code 11</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x9920660299267c474e5f7c2e3011a1e5</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled reply RADIUS code 11</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x010600211a0106001c10b6f046e50b7952e6e797acb2dcd7b773736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x9920660299267c474e5f7c2e3011a1e5</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled Access-Challenge</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 55 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0106004b190017030100404ae4ff24a485244baabe8642914ae553c53877050c4ac566f444c764f938c4bbb924e13de5c7f90c50d5d89d5e0322b2f7e54eec93a9b6ef170863282b669f90</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a1797add7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 5.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Waking up in 4.8 seconds.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">rad_recv: Access-Request packet from host 10.1.1.22 port 1812, id=56, length=265</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a1797add7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0206006b1900170301006024a871b68d472e9b2fb927c48ee8eec1927e26d0c995f1d33b245e2aaedf10d0850fe337c1fbeca10935879e64a3ca65c75159b07b567d9bca49128ad5d4abe9c7069dcb9c32575274cd9e383e7c4b93dd49018d352297f3253b5831d997b660</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x19cf5c1dc655bdbc50918cb01e71cfd0</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[preprocess] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 6 length 107</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Continuing tunnel setup.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns ok</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type peap</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] processing EAP-TLS</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_verify returned 7 </span>
</p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Done initial handshake</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] eaptls_process returned 7
</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAPTLS_OK</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Session established. Decoding tunneled attributes.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Peap state phase2</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] EAP type mschapv2</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled request</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence {</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Setting User-Name to sm18818</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending tunneled request</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x020600421a0206003d31b49f7150ff84c15725200ff871377c240000000000000000b1ce20b6cca5c3e86e219ec24aef13ee2e4c12825e87e18a00736d3138383138</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> FreeRADIUS-Proxied-To = 127.0.0.1</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> User-Name = "sm18818"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x9920660299267c474e5f7c2e3011a1e5</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-IP-Address = 10.1.1.22</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port = 50001</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Cisco-NAS-Port = "FastEthernet0/1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> NAS-Port-Type = Ethernet</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Called-Station-Id = "00-16-47-F7-32-41"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Calling-Station-Id = "00-24-54-42-86-04"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Service-Type = Framed-User</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Framed-MTU = 1500</span></p>
<p class="MsoNormal"><span style="color:#1F497D">server packetfence-tunnel {</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing section authorize from file /etc/raddb/sites-enabled/packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authorize {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No '@' in User-Name = "sm18818", looking up realm NULL</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[suffix] No such realm "NULL"</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[suffix] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP packet type response id 6 length 66</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] No EAP Start, assuming it's an on-going EAP conversation</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns updated</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[files] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[expiration] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[logintime] returns noop</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Found Auth-Type = EAP</span></p>
<p class="MsoNormal"><span style="color:#1F497D"># Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">+- entering group authenticate {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Request found, released from the list</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] EAP/mschapv2</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] processing type mschapv2</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschapv2] # Executing group from file /etc/raddb/sites-enabled/packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschapv2] +- entering group MS-CHAP {...}</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] No Cleartext-Password configured. Cannot create LM-Password.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] No Cleartext-Password configured. Cannot create NT-Password.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] Creating challenge hash with username: sm18818</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] Told to do MS-CHAPv2 for sm18818 with NT-Password</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[mschap] FAILED: MS-CHAP2-Response is incorrect</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[mschap] returns reject</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[eap] Freeing handler</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns reject</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Failed to authenticate the user.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Login incorrect: [sm18818] (from client 10.1.1.22 port 50001 cli 00-24-54-42-86-04 via TLS tunnel)</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence-tunnel</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled reply code 3</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> MS-CHAP-Error = "\006E=691 R=1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x04060004</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Got tunneled reply RADIUS code 3</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> MS-CHAP-Error = "\006E=691 R=1"</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x04060004</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] Tunneled authentication was rejected.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">[peap] FAILURE</span></p>
<p class="MsoNormal"><span style="color:#1F497D">++[eap] returns handled</span></p>
<p class="MsoNormal"><span style="color:#1F497D">} # server packetfence</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Sending Access-Challenge of id 56 to 10.1.1.22 port 1812</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> EAP-Message = 0x0107002b1900170301002083d13929a4b17d457d0978cbdf96feaf9b3d0291f181a38ab1d60377f0333d2a</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> Message-Authenticator = 0x00000000000000000000000000000000</span></p>
<p class="MsoNormal"><span style="color:#1F497D"> State = 0x7c7cc4a17a7bdd7defb2c24478e29151</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Finished request 6.</span></p>
<p class="MsoNormal"><span style="color:#1F497D">Going to the next request</span></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Cheers,</p>
<p class="MsoNormal">Andi</p>
</div>
<hr>
<br>
>From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan
University will now be sent from the new @cardiffmet.ac.uk address. <b>Please could you ensure that all of your contact records and databases are updated to reflect this change.</b> Further information can be found on the website
<a href="http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx">here.</a>
<br>
<br>
Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd
yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. <b>Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn.</b> Gellir cael rhagor o wybodaeth ar y wefan
<a href="http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx">yma.</a>
<br>
<br>
</body>
</html>