<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 70.85pt 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=TR link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='color:black'>Hi;<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black'>We</span><span style='color:#1F497D'> </span><span style='color:black'> upgraded our radius to Freeradius 2.1.10 version on Ubuntu 32bit from an old version<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Our problem is windows xp clients cant login to wireless and radius has </span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'>“User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2” error mesages<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'>At the old version freeradius at</span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#1F497D;background:white'> </span><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'>exactly same configuration clients had not any problem<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> realm ntdomain { <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> format = prefix<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> delimiter = "\\" <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> ignore_default = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> ignore_null = no<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> }<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> authtype = MS-CHAP<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'> with_ntdomain_hack =yes<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'>You can find debug log export at below<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'>What we need to do ?<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black;background:white'>BR<o:p></o:p></span></p><p class=MsoNormal><span style='color:black;background:white'>Gokhan<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:black;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D;background:white'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:black'>� � User-Name = "testuser"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-IP-Address = 10.200.0.2<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Identifier = "10.200.0.2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Calling-Station-Id = "001644EF420B"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Called-Station-Id = "000B8661DFC4"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Service-Type = Login-User<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Framed-MTU = 1100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x0201001101676f6b68616e67756e796f6c<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Essid-Name = "sunet-staff-wpa2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Attr-10 = 0x424d5f62696e617369<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x50f0ec9d540b9d5e24090ea7de41963a<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing section authorize from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[yenimac] expand: - -> -<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Does not match: Calling-Station-Id = 001644EF420B<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Could not find value pair for attribute Calling-Station-Id<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[yenimac] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP packet type response id 1 length 17<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] No EAP Start, assuming it's an on-going EAP conversation<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns updated<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] performing user authorization for testuser<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: o=univ.edu -> o=univ.edu<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] performing search in o=univ.edu, with filter (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] No default NMAS login sequence<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for check items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] radiusAuthType -> Auth-Type == EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] user testuser authorized to use remote access<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[ldap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Replacing User-Password in config items with Cleartext-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Please update your configuration so that the "known good" !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing group from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP Identity<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] processing type tls<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[tls] Initiate<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[tls] Start returned 1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns handled<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Sending Access-Challenge of id 154 to 10.200.0.2 port 32795<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x010200061920<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51005d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Finished request 272.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=137, length=297<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> User-Name = "testuser"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-IP-Address = 10.200.0.2<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Identifier = "10.200.0.2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Calling-Station-Id = "001644EF420B"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Called-Station-Id = "000B8661DFC4"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Service-Type = Login-User<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Framed-MTU = 1100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x0202005719800000004d160301004801000044030150923dd861119125fc2259c6b0bc6056daa0fbf2c9a746654b172f25019442cd00001600040005000a0009006400620003000600130012006301000005ff01000100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51005d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Essid-Name = "sunet-staff-wpa2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Attr-10 = 0x424d5f62696e617369<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x711e835734fabd4577390bed80cf0722<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing section authorize from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[yenimac] expand: - -> -<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Does not match: Calling-Station-Id = 001644EF420B<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Could not find value pair for attribute Calling-Station-Id<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[yenimac] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP packet type response id 2 length 87<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] performing user authorization for testuser<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: o=univ.edu -> o=univ.edu<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] performing search in o=univ.edu, with filter (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] No default NMAS login sequence<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for check items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] radiusAuthType -> Auth-Type == EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] user testuser authorized to use remote access<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[ldap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Replacing User-Password in config items with Cleartext-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Please update your configuration so that the "known good" !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing group from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> TLS Length 77<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] Length Included<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_verify returned 11 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] (other): before/accept initialization<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: before/accept initialization<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] <<< TLS 1.0 Handshake [length 0048], ClientHello <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 read client hello A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 write server hello A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] >>> TLS 1.0 Handshake [length 07af], Certificate <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 write certificate A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 write server done A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 flush data<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>In SSL Handshake Phase <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>In SSL Accept mode <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_process returned 13 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] EAPTLS_HANDLED<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns handled<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Sending Access-Challenge of id 137 to 10.200.0.2 port 32795<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x0103040019c0000007f316030100310200002d030150923de9c2b9bb8cd34ef049ee8297b8d2c2431864dd9f472838bcbf6c1279cf000004000005ff0100010016030107af0b0007ab0007a80003e8308203e43082034da003020102020200b9300d06092a864886f70d010105050030819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e69766572736974793127302506092a864886f70d010901161873797361<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x646d696e40736162616e6369756e69762e656475301e170d3132303531303130333233355a170d3135303531303130333233355a30819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b3019060355040313125261646975732041757468205365727665723127302506092a864886f70d010901161873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100a868d32fea2097c26fc7<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x06c909e04dffea3289404adeca30535091e4e2b65a36ee9adfe02002bde97406390787773774e2ef394cef6e918710c7010ce82e41bc97211b8ab3b109377bcee92e67133965afb7e48c4b2dc1a0e224c721b63b2584c6d16b5a64c4a8f183062baac5d87fdb2250372a4b3fc75f2c3a420ec29a5cb90203010001a382012b3082012730090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e04160414a34c94bbb730604678cc372d518bbbbbe1c43e3a3081cc0603551d230481c43081c18014c6c1f74047266b05e67daee7263acf804303<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0xbd0aa181a5a481a230819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e69766572736974793127302506092a864886f70d010901161873797361646d696e40736162616e6369756e69762e656475820100300d06092a864886f70d0101050500038181003b55627e878b84bbfc142e852404b1f5c0d0866cb76d1cd12ce1c45bcc36c2492f4f4bfe4af1b175e79ab4f3eb915085c9e50afd756a44dc758d4d56f4<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0xff14f1d23ad3d94011923725<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51104d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Finished request 273.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Cleaning up request 258 ID 63 with timestamp +759<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=222, length=216<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> User-Name = "testuser"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-IP-Address = 10.200.0.2<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Identifier = "10.200.0.2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Calling-Station-Id = "001644EF420B"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Called-Station-Id = "000B8661DFC4"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Service-Type = Login-User<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Framed-MTU = 1100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x020300061900<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51104d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Essid-Name = "sunet-staff-wpa2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Attr-10 = 0x424d5f62696e617369<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0xaedcfb0ad4ddd446ffbad960996ff1fe<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing section authorize from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[yenimac] expand: - -> -<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Does not match: Calling-Station-Id = 001644EF420B<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Could not find value pair for attribute Calling-Station-Id<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[yenimac] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP packet type response id 3 length 6<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] performing user authorization for testuser<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: o=univ.edu -> o=univ.edu<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] performing search in o=univ.edu, with filter (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] No default NMAS login sequence<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for check items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] radiusAuthType -> Auth-Type == EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] user testuser authorized to use remote access<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[ldap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Replacing User-Password in config items with Cleartext-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Please update your configuration so that the "known good" !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing group from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] Received TLS ACK<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] ACK handshake fragment handler<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_verify returned 1 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_process returned 13 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] EAPTLS_HANDLED<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns handled<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Sending Access-Challenge of id 222 to 10.200.0.2 port 32795<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x010403fc1940aa154b4beb99b0651d518b10cde973766e445b091bfdb89d709d3d36d3efcfa451eafe08fa690edc4b432017567af20d482218484a45bf0003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e69766572736974793127302506092a864886f70d010901161873797361646d696e40736162616e6369756e6976<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x2e656475301e170d3033303331393038343032305a170d3133303331363038343032305a30819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e69766572736974793127302506092a864886f70d010901161873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100b4d46775b459661c4ba537e81197a67c18ab969ba96fb2ad2a7e<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x0f5a8de0ae0d8b564b1269b32de256c8a526139934887adf8c5d1886da51c3d92ecbb91c01b07ca4cbae2d4d5edf5962133790fc813ad092478d304e4b5344d63bf2af0607bb3d8de02522dadb62b8972928232ba581d7a047a1c9187eb4c5549a56f3780b6d0203010001a381ff3081fc301d0603551d0e04160414c6c1f74047266b05e67daee7263acf804303bd0a3081cc0603551d230481c43081c18014c6c1f74047266b05e67daee7263acf804303bd0aa181a5a481a230819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a30<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x18060355040b1311496e666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e69766572736974793127302506092a864886f70d010901161873797361646d696e40736162616e6369756e69762e656475820100300c0603551d13040530030101ff300d06092a864886f70d010104050003818100146ceba80178d651a8a31c3e9c0cc9a00f0a4ff1885f2513befb08f252b0cfcda3db78b749e97c2b81293febd5327166c40d9a1fc660e006b041be67976381b6610dd938cd1c4dd57bbec9a3f0cf95fce609392ea17400c24acc4dd9c8c1b962818d9d2ee0081f868984a5b472d757746af53244cffc6c46f741<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x939a3cb53a961603<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51203d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Finished request 274.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Cleaning up request 259 ID 58 with timestamp +759<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=4, length=216<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> User-Name = "testuser"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-IP-Address = 10.200.0.2<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Identifier = "10.200.0.2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Calling-Station-Id = "001644EF420B"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Called-Station-Id = "000B8661DFC4"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Service-Type = Login-User<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Framed-MTU = 1100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x020400061900<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51203d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Essid-Name = "sunet-staff-wpa2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Attr-10 = 0x424d5f62696e617369<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x66ee7c8a6e9f1922ad84549e4bd66bb6<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing section authorize from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[yenimac] expand: - -> -<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Does not match: Calling-Station-Id = 001644EF420B<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Could not find value pair for attribute Calling-Station-Id<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[yenimac] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP packet type response id 4 length 6<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] performing user authorization for testuser<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: o=univ.edu -> o=univ.edu<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] performing search in o=univ.edu, with filter (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] No default NMAS login sequence<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for check items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] radiusAuthType -> Auth-Type == EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] user testuser authorized to use remote access<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[ldap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Replacing User-Password in config items with Cleartext-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Please update your configuration so that the "known good" !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing group from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] Received TLS ACK<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] ACK handshake fragment handler<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_verify returned 1 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_process returned 13 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] EAPTLS_HANDLED<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns handled<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Sending Access-Challenge of id 4 to 10.200.0.2 port 32795<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x0105000d19000100040e000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51302d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Finished request 275.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Going to the next request<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=23, length=402<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> User-Name = "testuser"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-IP-Address = 10.200.0.2<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port = 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Identifier = "10.200.0.2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> NAS-Port-Type = Wireless-802.11<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Calling-Station-Id = "001644EF420B"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Called-Station-Id = "000B8661DFC4"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Service-Type = Login-User<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Framed-MTU = 1100<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x020500c01980000000b61603010086100000820080700e1be39859332693d138b13d7e28eab48a5f87e939eeb5d0978da9efd0957c2df909e3bcc53330e00981b44ca7eea794e28607d99680c38bfb6886d6d3f689e4b8e2251eb9fed2f9747f905c664b4d39ced29c4e8eaa87c4479ebe30a0c817b52eb0e1c6ebe80a3c8adc3c51352752803f9f15746bfef8bba5724e5d475f5d140301000101160301002067324c95356ea8cec4f757f37caa1e0bad62558c0e9372b33e9ac4f2381bbcf6<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51302d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Essid-Name = "sunet-staff-wpa2"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Aruba-Attr-10 = 0x424d5f62696e617369<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x280d05f5afa8df8132594e3046573b8e<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing section authorize from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authorize {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[yenimac] expand: - -> -<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Does not match: Calling-Station-Id = 001644EF420B<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>yenimac: Could not find value pair for attribute Calling-Station-Id<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[yenimac] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP packet type response id 5 length 192<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Continuing tunnel setup.<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[mschap] returns noop<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] performing user authorization for testuser<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] expand: o=univ.edu -> o=univ.edu<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Checking Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_get_conn: Got Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] performing search in o=univ.edu, with filter (uid=testuser)<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] No default NMAS login sequence<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for check items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo"<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] radiusAuthType -> Auth-Type == EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] looking for reply items in directory...<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[ldap] user testuser authorized to use remote access<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> [ldap] ldap_release_conn: Release Id: 0<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[ldap] returns ok<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Found Auth-Type = EAP<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Replacing User-Password in config items with Cleartext-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! Please update your configuration so that the "known good" !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!! clear text password is in Cleartext-Password, and not in User-Password. !!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'># Executing group from file /etc/freeradius/radiusd.conf<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>+- entering group authenticate {...}<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] Request found, released from the list<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] EAP/peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[eap] processing type peap<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] processing EAP-TLS<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> TLS Length 182<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] Length Included<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_verify returned 11 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 read client key exchange A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] <<< TLS 1.0 Handshake [length 0010], Finished <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 read finished A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 write change cipher spec A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] >>> TLS 1.0 Handshake [length 0010], Finished <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 write finished A<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] TLS_accept: SSLv3 flush data<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] (other): SSL negotiation finished successfully<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>SSL Connection Established <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] eaptls_process returned 13 <o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>[peap] EAPTLS_HANDLED<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>++[eap] returns handled<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Sending Access-Challenge of id 23 to 10.200.0.2 port 32795<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> EAP-Message = 0x01060031190014030100010116030100201137f7a6559497aeecf8db8a0dafbbc6f6a4014c362fb22f123f439db04ae04f<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> Message-Authenticator = 0x00000000000000000000000000000000<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'> State = 0x1007cea51401d77e23351c7d723e9be1<o:p></o:p></span></p><p class=MsoNormal><span style='color:black'>Finished request 276.</span><span style='color:#1F497D'><o:p></o:p></span></p></div></body></html>