<div dir="ltr">Hi ,<br><br>I have created a user and added a node to that user. But im getting below access reject packet. :( Any clue ?<br><br><br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=199, length=152<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> EAP-Message = 0x0200000c0173616d70617468<br> Message-Authenticator = 0xe791fd6ef5be4d1bbc964ebf48dcdefa<br>
server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 0 length 12<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>
++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>rlm_perl: Added pair NAS-Port-Type = Ethernet<br>rlm_perl: Added pair Service-Type = Framed-User<br>rlm_perl: Added pair Calling-Station-Id = 78-45-C4-B5-AC-41<br>
rlm_perl: Added pair Called-Station-Id = 00-0A-B7-BC-5A-84<br>rlm_perl: Added pair Cisco-NAS-Port = FastEthernet0/4<br>rlm_perl: Added pair Message-Authenticator = 0xe791fd6ef5be4d1bbc964ebf48dcdefa<br>rlm_perl: Added pair User-Name = sampath<br>
rlm_perl: Added pair EAP-Message = 0x0200000c0173616d70617468<br>rlm_perl: Added pair EAP-Type = Identity<br>rlm_perl: Added pair NAS-IP-Address = 192.168.13.45<br>rlm_perl: Added pair NAS-Port = 50004<br>rlm_perl: Added pair Framed-MTU = 1500<br>
rlm_perl: Added pair Auth-Type = EAP<br>++[packetfence] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>
[eap] processing type tls<br>[tls] Initiate<br>[tls] Start returned 1<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 199 to 192.168.13.45 port 1812<br> EAP-Message = 0x010100061920<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d33cbc0cb31e5b71f340264f3a<br>Finished request 54.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=200, length=279<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d33cbc0cb31e5b71f340264f3a<br> EAP-Message = 0x0201007919800000006f160301006a01000066030152fb07ded3e51b3a9c9aa55b0ba6f46016c14e1644de4fbd07186f436a4f3b4e000018002f00 350005000ac013c014c009c00a003200380013000401000025ff010001000000000c000a00000773616d70617468000a0006000400170018000b00020100<br>
Message-Authenticator = 0x6aafb4e647c1076bc2b718e2181f6671<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 1 length 121<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
TLS Length 111<br>[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] (other): before/accept initialization<br>[peap] TLS_accept: before/accept initialization<br>[peap] <<< TLS 1.0 Handshake [length 006a], ClientHello<br>
[peap] TLS_accept: SSLv3 read client hello A<br>[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello<br>[peap] TLS_accept: SSLv3 write server hello A<br>[peap] >>> TLS 1.0 Handshake [length 049b], Certificate<br>
[peap] TLS_accept: SSLv3 write certificate A<br>[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone<br>[peap] TLS_accept: SSLv3 write server done A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A<br>
In SSL Handshake Phase<br>In SSL Accept mode<br>[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 200 to 192.168.13.45 port 1812<br>
EAP-Message = 0x0102040019c0000004df16030100310200002d030152fb07bc28df3e052535a0db2ea09acfb1e4bce937947a1f3b22eeb766292f1400002f000005 ff01000100160301049b0b0004970004940004913082048d30820375a003020102020900884ec713d33dcea8300d06092a864886f70d01010505003076310b3009060355040613 024341310b30090603550408130251433111300f060355040713084d6f6e747265616c3110300e060355040a1307496e766572736531123010060355040313093132372e302e30 2e313121301f06092a864886f70d0109011612737570706f727440696e76657273652e6361301e170d3134303133303038323134<br>
EAP-Message = 0x325a170d3135303133303038323134325a3076310b3009060355040613024341310b30090603550408130251433111300f060355040713084d6f6e 747265616c3110300e060355040a1307496e766572736531123010060355040313093132372e302e302e313121301f06092a864886f70d0109011612737570706f727440696e76 657273652e636130820122300d06092a864886f70d01010105000382010f003082010a0282010100cb6e98c86adb80fda9fe7c0396961929f7fb69fe2fe295ea79c8b71b9375ef 72feee48711980d5a8fd428e6e3233e0daf800f73b0b7095f2d669c6bce2faaeda9d4734c0a20aaeeb948771b6cbf52daef842d4<br>
EAP-Message = 0xcc7c33a9c611e08be2ffe2c786ad1b685d607f90126c4d262bed4c683e97cdd39c6d03a7c3f2d2acea03542ce43004008518611445858caecde8e5 84104684170db2327c16861bdb2a7e6d827cf4c25197275278d702626a3b2bbcaf28d011d37252e79b7d041c2c0f715134ba4d92afdd9c9f09411877ba134798ff6d74c11ea95f e96c2f70e2c4c42333f750dc88cca9fb13c960eff392c7981f34ab6b27169db27f9f1a8832a8901ffcf29b0203010001a382011c30820118301d0603551d0e04160414d35fe892 a095707f22eee3cb19be4b6cab49ee3c3081a80603551d230481a030819d8014d35fe892a095707f22eee3cb19be4b6cab49ee3c<br>
EAP-Message = 0xa17aa4783076310b3009060355040613024341310b30090603550408130251433111300f060355040713084d6f6e747265616c3110300e06035504 0a1307496e766572736531123010060355040313093132372e302e302e313121301f06092a864886f70d0109011612737570706f727440696e76657273652e6361820900884ec7 13d33dcea8300c0603551d130101ff0402300030090603551d1204023000300b0603551d0f0404030205e030130603551d25040c300a06082b0601050507030130110609608648 0186f8420101040403020640300d06092a864886f70d010105050003820101009e1fdecc9821df724b9d9c78b12af5551673703f<br>
EAP-Message = 0xd588ff15429f1f34ed6b7926<br> Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d33dbf0cb31e5b71f340264f3a<br>Finished request 55.<br>Going to the next request<br>
Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=201, length=164<br> NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br>
NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br> Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br>
Framed-MTU = 1500<br> State = 0x3cbd15d33dbf0cb31e5b71f340264f3a<br> EAP-Message = 0x020200061900<br> Message-Authenticator = 0x353191b59561f9f1fe76fed6e28ef8a9<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>
+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>
[eap] EAP packet type response id 2 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>
[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>[peap] Received TLS ACK<br>[peap] ACK handshake fragment handler<br>[peap] eaptls_verify returned 1<br>
[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 201 to 192.168.13.45 port 1812<br> EAP-Message = 0x010300ef19007bb5e27c4da9bd39dfefc5c3402654575ff7204a10c5e4f018a975a2630c5599830e34267ba452b94ac1b7e2442ea616aecc99dc4b 47687b862d9b4df2fc607342e483df9231cd5c320f09ad144ba7980db161959853db1ca476fcdee76a1fae8744e7583d57291c42904a8c353f7f1ee417e4625efd2a6d8662301c 778e81f944fa4fa66deacb7f01d8687b39b7cc9054c58e4e0a43146042677aa701399ca609a08a9a4bf7a57c9bf36f03898dc606d7fd92cefd01b3976d1f2c217ce90a8dd1a956 c7b0e34d4e99e54f6278e229e3ed458dc2c4f7512023ccd6384a517bef16030100040e000000<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d33ebe0cb31e5b71f340264f3a<br>Finished request 56.<br>Going to the next request<br>Waking up in 4.9 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=202, length=496<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d33ebe0cb31e5b71f340264f3a<br> EAP-Message = 0x02030150198000000146160301010610000102010059580f2ba30cc29dc5a15d7df2a9dead82de23679970708fb1c0ace280aee5f6db7256ef1b8f 659768e6e6959d71b576fd75c2d10e484741edf492f0fa72cf2144616a2591fa8bf10da5959fbbd6f98e9d1ae6005c890cb35f4038e0015a8fe69801f8c6601f096a1b5fed5ddf 07c16cdf1845a9bc0fea83db38aa4dba5ab0448f1b78e51230b7d3dadaf1b369882273d34c58ffd4e2d11ad96c5136019a2591a4a667b230511e776e954539b63327cacec28be8 84ffe88fee2be913ee19e0c69396495a1242a0fbaeb5d10536cb5b26670d7e32ee27a4715b402bda8bf497a8564e1832f28df7f5<br>
EAP-Message = 0x31026b26edf1c7a46c69b5f35940c27541d48a52a1e235d91403010001011603010030d7cb7d641679a62d43055e25b36a2a4e2c487b7b313cb39d 38a3bd9d2dc5a4920a83fe83098070b6211205c38efa7b68<br> Message-Authenticator = 0x69c90a78fea5c6b936dbe253ccf88a43<br>
server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 3 length 253<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
TLS Length 326<br>[peap] Length Included<br>[peap] eaptls_verify returned 11<br>[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange<br>[peap] TLS_accept: SSLv3 read client key exchange A<br>[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]<br>
[peap] <<< TLS 1.0 Handshake [length 0010], Finished<br>[peap] TLS_accept: SSLv3 read finished A<br>[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]<br>[peap] TLS_accept: SSLv3 write change cipher spec A<br>
[peap] >>> TLS 1.0 Handshake [length 0010], Finished<br>[peap] TLS_accept: SSLv3 write finished A<br>[peap] TLS_accept: SSLv3 flush data<br>[peap] (other): SSL negotiation finished successfully<br>SSL Connection Established<br>
[peap] eaptls_process returned 13<br>[peap] EAPTLS_HANDLED<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 202 to 192.168.13.45 port 1812<br> EAP-Message = 0x01040041190014030100010116030100302d72e9da629993e710a01375e44f3ff6c496bc91aafe3b5efea86d1af805a7b9a01238efc53d2efc31a7 ff63472088bf<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d33fb90cb31e5b71f340264f3a<br>Finished request 57.<br>Going to the next request<br>Waking up in 4.8 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=203, length=164<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d33fb90cb31e5b71f340264f3a<br> EAP-Message = 0x020400061900<br>
Message-Authenticator = 0x3c84ad083e4e9d0a8240786169b376cf<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 4 length 6<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] Received TLS ACK<br>[peap] ACK handshake is finished<br>[peap] eaptls_verify returned 3<br>[peap] eaptls_process returned 3<br>[peap] EAPTLS_SUCCESS<br>[peap] Session established. Decoding tunneled attributes.<br>
[peap] Peap state TUNNEL ESTABLISHED<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 203 to 192.168.13.45 port 1812<br> EAP-Message = 0x0105002b19001703010020233ca5ac7fdbf4aee3541cb39f7899bb7e74ea734215947f14d822d238425e59<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d338b80cb31e5b71f340264f3a<br>Finished request 58.<br>Going to the next request<br>Waking up in 4.3 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=204, length=201<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d338b80cb31e5b71f340264f3a<br> EAP-Message = 0x0205002b19001703010020738e4cb80e9a4f1f0d240d62bd1cecdd81e2ceef1fcd8a736f92a620ab1e6827<br>
Message-Authenticator = 0x4d5068c89b9e99b0fcac71687069f264<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 5 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state WAITING FOR INNER IDENTITY<br>
[peap] Identity - sampath<br>[peap] Got inner identity 'sampath'<br>[peap] Setting default EAP type for tunneled EAP session.<br>[peap] Got tunneled request<br> EAP-Message = 0x0205000c0173616d70617468<br>server packetfence {<br>
[peap] Setting User-Name to sampath<br>Sending tunneled request<br> EAP-Message = 0x0205000c0173616d70617468<br> FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "sampath"<br> NAS-IP-Address = 192.168.13.45<br>
NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br> Calling-Station-Id = "78-45-C4-B5-AC-41"<br>
Service-Type = Framed-User<br> Framed-MTU = 1500<br>server packetfence-tunnel {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel<br>+- entering group authorize {...}<br>
[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[ntdomain] No '\' in User-Name = "sampath", looking up realm NULL<br>
[ntdomain] No such realm "NULL"<br>++[ntdomain] returns noop<br>[eap] EAP packet type response id 5 length 12<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>
++[expiration] returns noop<br>++[logintime] returns noop<br>Found Auth-Type = EAP<br># Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel<br>+- entering group authenticate {...}<br>[eap] EAP Identity<br>
[eap] processing type mschapv2<br>rlm_eap_mschapv2: Issuing Challenge<br>++[eap] returns handled<br>} # server packetfence-tunnel<br>[peap] Got tunneled reply code 11<br> EAP-Message = 0x010600211a0106001c103c9631cb9240941b8ff7cb26b01cdccd73616d70617468<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb763a09fb765baae8b5ff4f7e1e703c3<br>[peap] Got tunneled reply RADIUS code 11<br> EAP-Message = 0x010600211a0106001c103c9631cb9240941b8ff7cb26b01cdccd73616d70617468<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0xb763a09fb765baae8b5ff4f7e1e703c3<br>[peap] Got tunneled Access-Challenge<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 204 to 192.168.13.45 port 1812<br>
EAP-Message = 0x0106004b190017030100407ea62a6842f0b519ec0bf48a630b60f7e9f84151bee10b16cba686cd23951470367e059996c25fe5f9ab0312a3af8e05 222bd031372641bbc939adbacd345ea6<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
State = 0x3cbd15d339bb0cb31e5b71f340264f3a<br>Finished request 59.<br>Going to the next request<br>Waking up in 3.0 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=205, length=265<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d339bb0cb31e5b71f340264f3a<br> EAP-Message = 0x0206006b190017030100605c575006ef74492c6d35cf856541302dd4f1fb1272c048206638ab77315df28a5585a4cbd8fe6b9accf1e03d27ac3c2c 64d8052b1d08f12dcc61829dbddd05acb0dff7a2427b7fb0f096fe68defb30cecd74a4b9321c185184166c83c77f60a7<br>
Message-Authenticator = 0xdaa88d9bc6343059a93a80ca449d11ae<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 6 length 107<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state phase2<br>[peap] EAP type mschapv2<br>
[peap] Got tunneled request<br> EAP-Message = 0x020600421a0206003d31e3766c4f25bb1e54194b8e8fc97544ed0000000000000000fead0628b2da8557a51d90b546624ef9f4ee5e1bdf2eec4400 73616d70617468<br>server packetfence {<br>
[peap] Setting User-Name to sampath<br>Sending tunneled request<br> EAP-Message = 0x020600421a0206003d31e3766c4f25bb1e54194b8e8fc97544ed0000000000000000fead0628b2da8557a51d90b546624ef9f4ee5e1bdf2eec4400 73616d70617468<br>
FreeRADIUS-Proxied-To = 127.0.0.1<br> User-Name = "sampath"<br> State = 0xb763a09fb765baae8b5ff4f7e1e703c3<br> NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br>
NAS-Port-Type = Ethernet<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br> Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br>
server packetfence-tunnel {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>[ntdomain] No '\' in User-Name = "sampath", looking up realm NULL<br>[ntdomain] No such realm "NULL"<br>++[ntdomain] returns noop<br>
[eap] EAP packet type response id 6 length 66<br>[eap] No EAP Start, assuming it's an on-going EAP conversation<br>++[eap] returns updated<br>++[files] returns noop<br>++[expiration] returns noop<br>++[logintime] returns noop<br>
Found Auth-Type = EAP<br># Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/mschapv2<br>[eap] processing type mschapv2<br>
[mschapv2] # Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence-tunnel<br>[mschapv2] +- entering group MS-CHAP {...}<br>[mschap] No Cleartext-Password configured. Cannot create LM-Password.<br>[mschap] No Cleartext-Password configured. Cannot create NT-Password.<br>
[mschap] Creating challenge hash with username: sampath<br>[mschap] Client is using MS-CHAPv2 for sampath, we need NT-Password<br>[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.<br>[mschap] FAILED: MS-CHAP2-Response is incorrect<br>
++[mschap] returns reject<br>[eap] Freeing handler<br>++[eap] returns reject<br>Failed to authenticate the user.<br>Login incorrect: [sampath] (from client 192.168.13.45 port 50004 cli 78-45-C4-B5-AC-41 via TLS tunnel)<br>
} # server packetfence-tunnel<br>[peap] Got tunneled reply code 3<br> MS-CHAP-Error = "\006E=691 R=1"<br> EAP-Message = 0x04060004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
[peap] Got tunneled reply RADIUS code 3<br> MS-CHAP-Error = "\006E=691 R=1"<br> EAP-Message = 0x04060004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>[peap] Tunneled authentication was rejected.<br>
[peap] FAILURE<br>++[eap] returns handled<br>} # server packetfence<br>Sending Access-Challenge of id 205 to 192.168.13.45 port 1812<br> EAP-Message = 0x0107002b190017030100204facc5d6c6a20c7d1d8da40959527f726dbb84e495fd0ebc71ea913fc79b2b12<br>
Message-Authenticator = 0x00000000000000000000000000000000<br> State = 0x3cbd15d33aba0cb31e5b71f340264f3a<br>Finished request 60.<br>Going to the next request<br>Waking up in 2.2 seconds.<br>rad_recv: Access-Request packet from host 192.168.13.45 port 1812, id=206, length=201<br>
NAS-IP-Address = 192.168.13.45<br> NAS-Port = 50004<br> Cisco-NAS-Port = "FastEthernet0/4"<br> NAS-Port-Type = Ethernet<br> User-Name = "sampath"<br> Called-Station-Id = "00-0A-B7-BC-5A-84"<br>
Calling-Station-Id = "78-45-C4-B5-AC-41"<br> Service-Type = Framed-User<br> Framed-MTU = 1500<br> State = 0x3cbd15d33aba0cb31e5b71f340264f3a<br> EAP-Message = 0x0207002b19001703010020e803f872cda2fc4834ed5079ccedbc963ca3580ad74aada3ce4f6ef81e932f3a<br>
Message-Authenticator = 0x2b593816dc1b145744204630a7a77fee<br>server packetfence {<br># Executing section authorize from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authorize {...}<br>[suffix] No '@' in User-Name = "sampath", looking up realm NULL<br>
[suffix] No such realm "NULL"<br>++[suffix] returns noop<br>++[preprocess] returns ok<br>[eap] EAP packet type response id 7 length 43<br>[eap] Continuing tunnel setup.<br>++[eap] returns ok<br>Found Auth-Type = EAP<br>
# Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>+- entering group authenticate {...}<br>[eap] Request found, released from the list<br>[eap] EAP/peap<br>[eap] processing type peap<br>[peap] processing EAP-TLS<br>
[peap] eaptls_verify returned 7<br>[peap] Done initial handshake<br>[peap] eaptls_process returned 7<br>[peap] EAPTLS_OK<br>[peap] Session established. Decoding tunneled attributes.<br>[peap] Peap state send tlv failure<br>
[peap] Received EAP-TLV response.<br>[peap] The users session was previously rejected: returning reject (again.)<br>[peap] *** This means you need to read the PREVIOUS messages in the debug output<br>[peap] *** to find out the reason why the user was rejected.<br>
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.<br>[peap] *** what went wrong, and how to fix the problem.<br>[eap] Handler failed in EAP/peap<br>[eap] Failed in EAP select<br>
++[eap] returns invalid<br>Failed to authenticate the user.<br>Login incorrect: [sampath] (from client 192.168.13.45 port 50004 cli 78-45-C4-B5-AC-41)<br>} # server packetfence<br>Using Post-Auth-Type REJECT<br># Executing group from file /usr/local/pf/raddb/sites-enabled/packetfence<br>
+- entering group REJECT {...}<br>[attr_filter.access_reject] expand: %{User-Name} -> sampath<br>attr_filter: Matched entry DEFAULT at line 11<br>++[attr_filter.access_reject] returns updated<br>Delaying reject of request 61 for 1 seconds<br>
Going to the next request<br>Waking up in 0.4 seconds.<br>Cleaning up request 54 ID 199 with timestamp +2742<br>Cleaning up request 55 ID 200 with timestamp +2742<br>Cleaning up request 56 ID 201 with timestamp +2742<br>Cleaning up request 57 ID 202 with timestamp +2742<br>
Waking up in 0.4 seconds.<br>Sending delayed reject for request 61<br>Sending Access-Reject of id 206 to 192.168.13.45 port 1812<br> EAP-Message = 0x04070004<br> Message-Authenticator = 0x00000000000000000000000000000000<br>
Cleaning up request 58 ID 203 with timestamp +2743<br>Waking up in 1.2 seconds.<br>Cleaning up request 59 ID 204 with timestamp +2744<br>Waking up in 0.8 seconds.<br>Cleaning up request 60 ID 205 with timestamp +2745<br>Waking up in 2.7 seconds.<br>
Cleaning up request 61 ID 206 with timestamp +2747<br>Ready to process requests.<br><br><br>Regards,<br>Sampath Jayashantha</div>