Received Access-Request Id 232 from 192.168.45.66:32769 to 192.168.99.58:1812 length 330 User-Name = 'host/252.cfs.uoguelph.ca' Chargeable-User-Identity = 0x00 Location-Capable = Civix-Location Calling-Station-Id = 'c4-8e-8f-f8-96-33' Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' NAS-Port = 1 Cisco-AVPair = 'audit-session-id=83682d420000001556606d3d' Acct-Session-Id = '56606d3d/c4:8e:8f:f8:96:33/21' Cisco-AVPair = 'mDNS=true' NAS-IP-Address = 192.168.45.66 NAS-Identifier = 'WLC_TEST' Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = '245' EAP-Message = 0x0205001119800000000715030100020230 State = 0x5ac1509c58c44996fbf3d70d9b17d6b7 Message-Authenticator = 0x255bd191fdb14ae1699aa3f93c63bfd1 (3) Received Access-Request packet from host 192.168.45.66 port 32769, id=232, length=330 (3) User-Name = 'host/252.cfs.uoguelph.ca' (3) Chargeable-User-Identity = 0x00 (3) Location-Capable = Civix-Location (3) Calling-Station-Id = 'c4-8e-8f-f8-96-33' (3) Called-Station-Id = '04-fe-7f-93-7c-a0:test-secure' (3) NAS-Port = 1 (3) Cisco-AVPair = 'audit-session-id=83682d420000001556606d3d' (3) Acct-Session-Id = '56606d3d/c4:8e:8f:f8:96:33/21' (3) Cisco-AVPair = 'mDNS=true' (3) NAS-IP-Address = 192.168.45.66 (3) NAS-Identifier = 'WLC_TEST' (3) Airespace-Wlan-Id = 7 (3) Service-Type = Framed-User (3) Framed-MTU = 1300 (3) NAS-Port-Type = Wireless-802.11 (3) Tunnel-Type:0 = VLAN (3) Tunnel-Medium-Type:0 = IEEE-802 (3) Tunnel-Private-Group-Id:0 = '245' (3) EAP-Message = 0x0205001119800000000715030100020230 (3) State = 0x5ac1509c58c44996fbf3d70d9b17d6b7 (3) Message-Authenticator = 0x255bd191fdb14ae1699aa3f93c63bfd1 (3) # Executing section authorize from file /etc/raddb/sites-enabled/default (3) authorize { (3) filter_username filter_username { (3) if (!&User-Name) (3) if (!&User-Name) -> FALSE (3) if (&User-Name =~ / /) (3) if (&User-Name =~ / /) -> FALSE (3) if (&User-Name =~ /@.*@/ ) (3) if (&User-Name =~ /@.*@/ ) -> FALSE (3) if (&User-Name =~ /\\.\\./ ) (3) if (&User-Name =~ /\\.\\./ ) -> FALSE (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) (3) if ((&User-Name =~ /@/) && (&User-Name !~ /@(.+)\\.(.+)$/)) -> FALSE (3) if (&User-Name =~ /\\.$/) (3) if (&User-Name =~ /\\.$/) -> FALSE (3) if (&User-Name =~ /@\\./) (3) if (&User-Name =~ /@\\./) -> FALSE (3) } # filter_username filter_username = notfound (3) [preprocess] = ok (3) [chap] = noop (3) [mschap] = noop (3) [digest] = noop (3) suffix : Checking for suffix after "@" (3) suffix : No '@' in User-Name = "host/252.cfs.uoguelph.ca", looking up realm NULL (3) suffix : Found realm "NULL" (3) suffix : Adding Stripped-User-Name = "host/252.cfs.uoguelph.ca" (3) suffix : Adding Realm = "NULL" (3) suffix : Authentication realm is LOCAL (3) [suffix] = ok (3) eap : Peer sent code Response (2) ID 5 length 17 (3) eap : Continuing tunnel setup (3) [eap] = ok (3) } # authorize = ok (3) Found Auth-Type = EAP (3) # Executing group from file /etc/raddb/sites-enabled/default (3) authenticate { (3) eap : Expiring EAP session with state 0x5ac1509c58c44996 (3) eap : Finished EAP session with state 0x5ac1509c58c44996 (3) eap : Previous EAP request found for state 0x5ac1509c58c44996, released from the list (3) eap : Peer sent method PEAP (25) (3) eap : EAP PEAP (25) (3) eap : Calling eap_peap to process EAP data (3) eap_peap : processing EAP-TLS TLS Length 7 (3) eap_peap : Length Included (3) eap_peap : eaptls_verify returned 11 (3) eap_peap : <<< TLS 1.0 Alert [length 0002], fatal unknown_ca (3) ERROR: eap_peap : TLS Alert read:fatal:unknown CA (3) ERROR: eap_peap : TLS_accept: Failed in SSLv3 read client certificate A (3) ERROR: eap_peap : SSL says: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca SSL: SSL_read failed inside of TLS (-1), TLS session fails. TLS receive handshake failed during operation (3) eap_peap : eaptls_process returned 4 (3) eap_peap : FR_TLS_OTHERS (3) ERROR: eap : Failed continuing EAP PEAP (25) session. EAP sub-module failed (3) eap : Failed in EAP select (3) [eap] = invalid (3) } # authenticate = invalid (3) Failed to authenticate the user (3) Login incorrect (eap_peap: TLS Alert read:fatal:unknown CA): [host/252.cfs.uoguelph.ca] (from client WLC2504 port 1 cli c4-8e-8f-f8-96-33) (3) Using Post-Auth-Type Reject (3) # Executing group from file /etc/raddb/sites-enabled/default (3) Post-Auth-Type REJECT { (3) attr_filter.access_reject : EXPAND %{User-Name} (3) attr_filter.access_reject : --> host/252.cfs.uoguelph.ca (3) attr_filter.access_reject : Matched entry DEFAULT at line 11 (3) [attr_filter.access_reject] = updated (3) eap : Reply already contained an EAP-Message, not inserting EAP-Failure (3) [eap] = noop (3) remove_reply_message_if_eap remove_reply_message_if_eap { (3) if (&reply:EAP-Message && &reply:Reply-Message) (3) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE (3) else else { (3) [noop] = noop (3) } # else else = noop (3) } # remove_reply_message_if_eap remove_reply_message_if_eap = noop (3) } # Post-Auth-Type REJECT = updated (3) Delaying response for 1 seconds Waking up in 0.3 seconds. Waking up in 0.6 seconds. (3) Sending delayed response (3) Sending Access-Reject packet to host 192.168.45.66 port 32769, id=232, length=0 (3) EAP-Message = 0x04050004 (3) Message-Authenticator = 0x00000000000000000000000000000000 Sending Access-Reject Id 232 from 192.168.99.58:1812 to 192.168.45.66:32769 EAP-Message = 0x04050004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.6 seconds. (0) Cleaning up request packet ID 229 with timestamp +25 (1) Cleaning up request packet ID 230 with timestamp +25 (2) Cleaning up request packet ID 231 with timestamp +25 Waking up in 0.3 seconds. (3) Cleaning up request packet ID 232 with timestamp +25 Ready to process requests