Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
March 2006
- 210 participants
- 335 discussions
Hello all,
I have installed freeradius 1.0.5 in freebsd 6. I am authenticating
pppoe users to my remote freeradius server. I tried to delete the stale
session from radutmp file with radzap coammand but it doesnot work;
radwho shows the following login information:
#radwho
Login Name What TTY When From Location
test testaccount PPP S11 Sun 14:58 192.168.0 192.168.0.100
#radzap -u test 192.168.0.5:S11 secret
PPPOE and freeradius are running in different freebsd server.
1
0
Is it possible to dynamically install a new module ? i.e.
configure/make/install radius then compile a new module seperately and move
its .so to the lib directory ?
--
View this message in context: http://www.nabble.com/dynamic-module-installation-t1325486.html#a3537333
Sent from the FreeRadius - User forum at Nabble.com.
3
6
Hey guys,
I'm looking at this nifty FreeRadius package and I'd like to quickly write a
simple XML-RPC module for FreeRadius. I'm looking at the other modules and
I'm wondering which one you guys would recommend that I mimic. I just want
the simplest, most straightforward module that I could use to just plug in
the XML-RPC calls.
Any suggestions or perhaps dev documentation that you could point me to?
Michael
3
3
Hello,
Looking at the documentation and proxy.conf, I see that FreeRadius
can do all sorts of proxying based on the username. Can it determine
the correct proxy server by checking the value (or existence) of a
particular attribute? I'd like to forward all PEAP requests to one
server, and all other requests to another server.
Any ideas?
Thanks,
Norman
3
2
James J J Hooper a écrit :
>Radius is working fine ... ntlm_auth is returning 'Logon failure' i.e
>either samba / your 2003 AD thinks the password is wrong (look at the event
>viewer on the domain controller) or you do not have permission to
>authenticate.
>
>
Well, I know that the password typed is good.
Moreover, if I run "ntlm_auth --request-nt-key --domain=CHRT
--username=jpbrunain" with the good password, I got this message:
"NT_STATUS_OK: Success (0x0)"...
So I think I have permission to authenticate.
>you could also try running the ntlm_auth command on its own without
>specifying the domain:
>
>/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain
>--challenge=d8a9272386722a12
>--nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2
>
>
I tried it and it failed, the error code returned was: "Logon failure
(0xc000006d)".
Where do these parameters (challenge and nt-response) come from ?
As far as I remember, I tried the following commands:
/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain
--challenge=d8a9272386722a12
This one succeeded after entering the good password.
/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain
--nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2
The second one not, even with the good password... what does it mean ?
How to solve this ?
>and see if it works! (i have had problems when specifying the domain on the
>command line before)
>
>Regards,
> James
>
>
Thanks for your time.
Jeremy
>--
>James J J Hooper,
>Information Services
>University of Bristol
>--
>
1
0
RE: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
by Jonathan De Graeve 28 Mar '06
by Jonathan De Graeve 28 Mar '06
28 Mar '06
> The NAS-IP-Address can be used as a check item, just like anything
> else.
>
> DEFAULT NAS-IP-Address == 1.2.3.4
> Reply-Message = "Hello you guy from 1.2.3.4"
>
> The same config can be applied to SQL.
But not with the current dialup_admin IIRC you have to put it in
manually not?
J.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
1
0
Hello,
I used a FR 1.1.0 under FreeBSD 6.0
I configure it to PEAP auth against a windows 2003 AD through ntlm_auth
(samba 3.0.21b).
Everything works fine, user auth, machine auth...
The problem is that for some obscur reasons, some users ("jpbrunain" in
this case) are unable to log in.
As I saw in the radius.log, I got "rlm_mschap: External script failed.".
Moreover, if I run "ntlm_auth --request-nt-key --domain=CHRT
--username=jpbrunain" with the good password, I got this message:
"NT_STATUS_OK: Success (0x0)"...
This problem concerns only 2 users out of 20... and I don't see
anything "special" concerning them on the 2003 AD...
Does anyone have the problem ? Is there a way to solve it ?
Regards,
Jeremy
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = yes
cisco_accounting_username_bug = no
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/site.pem
certificate_file = ${raddbdir}/certs/site.pem
CA_file = ${raddbdir}/certs/root.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
peap {
}
}
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:-DEFAULTDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = yes
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/site.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/site.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/root.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Thread spawned new child 1. Total threads in pool: 1
Thread spawned new child 2. Total threads in pool: 2
Thread spawned new child 3. Total threads in pool: 3
Thread spawned new child 4. Total threads in pool: 4
Thread spawned new child 5. Total threads in pool: 5
Thread pool initialized
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Thread 1 waiting to be assigned a request
Thread 2 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread 4 waiting to be assigned a request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19511, id=114, length=157
--- Walking the entire request list ---
Waking up in 31 seconds...
Threads: total/active/spare threads = 5/0/5
Thread 1 got semaphore
Thread 1 handling request 0, (1 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201001301434852545c6a706272756e61696e
Message-Authenticator = 0x01534b3d5a6003e6f0043abf208d2b6b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 114 to 172.18.251.101 port 19511
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x259b177cc6b9cd7feec325680c4830d2
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19512, id=115, length=236
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 1, (1 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x259b177cc6b9cd7feec325680c4830d2
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202005019800000004616030100410100003d0301441588ea62f513ec38c4fab4e1a0efdc6e865acfa03c5d78aa06413d775b286300001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x49c0dd55d1ee2383821576285d5c4d26
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 115 to 172.18.251.101 port 19512
EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415891b69b91d75700e3fc447dcd019a87b74466a846931da9eb046f27dcb0920645bdb40884aa4d66b9f7fd5dd6afff8bcc1732e3518bdaa90edbb859ad2375f00040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf79c9a81fd56eea94d7aded976cd358a
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19513, id=116, length=162
--- Walking the entire request list ---
Waking up in 5 seconds...
Thread 3 got semaphore
Thread 3 handling request 2, (1 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xf79c9a81fd56eea94d7aded976cd358a
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0xf2a7dc863a296fcb689eb9b2ed40965f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 2
modcall: leaving group authenticate (returns handled) for request 2
Sending Access-Challenge of id 116 to 172.18.251.101 port 19513
EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb90b5285349681a5c34eed34d0fbaeb8
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19514, id=118, length=157
--- Walking the entire request list ---
Waking up in 4 seconds...
Thread 4 got semaphore
Thread 4 handling request 3, (1 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201001301434852545c6a706272756e61696e
Message-Authenticator = 0xf816b4d9bad6282e9eec9b457b7f4304
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 3
modcall: leaving group authenticate (returns handled) for request 3
Sending Access-Challenge of id 118 to 172.18.251.101 port 19514
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6e71d282039f9a121584370ef1eb4150
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19515, id=119, length=236
--- Walking the entire request list ---
Waking up in 3 seconds...
Thread 5 got semaphore
Thread 5 handling request 4, (1 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x6e71d282039f9a121584370ef1eb4150
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202005019800000004616030100410100003d0301441588ecf357a70fb2b700646f1611738ac0538a64443143b4ca5eefaad9145a00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x26dff5886c95710d260b633bff5152f0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: leaving group authorize (returns updated) for request 4
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 4
modcall: leaving group authenticate (returns handled) for request 4
Sending Access-Challenge of id 119 to 172.18.251.101 port 19515
EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415891e1f3d280dd97a621a67285c3d6dd4716468a2e622e5cbbb47e8bff8f920fe66dcc00b19ebb122b0bd0ca05b88288563de2ed20d354ba84083a66e49e30300040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa7f9742dc184aa720a1b0705b78edb08
Finished request 4
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19516, id=120, length=162
Waking up in 3 seconds...
Thread 1 got semaphore
Thread 1 handling request 5, (2 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xa7f9742dc184aa720a1b0705b78edb08
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0x9e0984674cd75634e32e5d5e76a61246
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 5
modcall: leaving group authorize (returns updated) for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 5
modcall: leaving group authenticate (returns handled) for request 5
Sending Access-Challenge of id 120 to 172.18.251.101 port 19516
EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9a3e7e929b077d07cfd5ff0e15ca9396
Finished request 5
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19517, id=121, length=348
Waking up in 3 seconds...
Thread 2 got semaphore
Thread 2 handling request 6, (2 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x9a3e7e929b077d07cfd5ff0e15ca9396
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400c01980000000b61603010086100000820080014be3684587856f6f981b15ea11158b0f3bed75c89868f9114159a8c4f5723ae8b7db39af74349880adb4ec608682d57b4bcdb12565f2019cdee86f227f54a105914387b795900c593c3a052ee27a047f580323999f9521436de7e442fa60e9dff4de90a2bdd48dcb9d7fba6a5cf5361e31b26e6d35daca0dddc2898815482d1403010001011603010020126bc0f38e0a0627ec01025b76ad05f5e6e1ab7f0251318ce36cd10173d1bbe8
Message-Authenticator = 0x1e59cd98feca39973851b6339d2012b4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 6
modcall: leaving group authorize (returns updated) for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 6
modcall: leaving group authenticate (returns handled) for request 6
Sending Access-Challenge of id 121 to 172.18.251.101 port 19517
EAP-Message = 0x0105003119001403010001011603010020c4958a39e0d8b376e76a340f749f5917b162f5535c28f34e5d2402e6dd5113cf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8a509ab298ef8f1237ea19edaeb695e9
Finished request 6
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19518, id=122, length=162
--- Walking the entire request list ---
Waking up in 2 seconds...
Thread 3 got semaphore
Thread 3 handling request 7, (2 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8a509ab298ef8f1237ea19edaeb695e9
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0x9bca54ef7e51997c8e4e652b6173cfe5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 7
modcall: leaving group authorize (returns updated) for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 7
modcall: leaving group authenticate (returns handled) for request 7
Sending Access-Challenge of id 122 to 172.18.251.101 port 19518
EAP-Message = 0x0106002019001703010015d911d7637aa429cfb6f49242b0a4f800fff27699ab
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x749b89b9c75a3c0a3e9c5af8ba7d1288
Finished request 7
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19519, id=123, length=157
--- Walking the entire request list ---
Waking up in 1 seconds...
Thread 4 got semaphore
Thread 4 handling request 8, (2 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201001301434852545c6a706272756e61696e
Message-Authenticator = 0x625999e83e7216481b8fc5b9e2282cc3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 8
modcall: leaving group authorize (returns updated) for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
Sending Access-Challenge of id 123 to 172.18.251.101 port 19519
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6ff9ac8fcf10cbe4295f4d74c7f443b3
Finished request 8
Going to the next request
Thread 4 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 0 ID 114 with timestamp 4415891b
Cleaning up request 1 ID 115 with timestamp 4415891b
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 116 with timestamp 4415891c
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 118 with timestamp 4415891d
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 4 ID 119 with timestamp 4415891e
Cleaning up request 5 ID 120 with timestamp 4415891e
Cleaning up request 6 ID 121 with timestamp 4415891e
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 7 ID 122 with timestamp 4415891f
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:19520, id=124, length=236
--- Walking the entire request list ---
Cleaning up request 8 ID 123 with timestamp 44158920
Waking up in 31 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x6ff9ac8fcf10cbe4295f4d74c7f443b3
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202005019800000004616030100410100003d0301441588eea92bba8456075ace53e76cca9bbc4443c6b3f59d02876ce2011ebb7d00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x9fd5224e0de41de504cd3e99f11719a4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 124 to 172.18.251.101 port 19520
EAP-Message = 0x010303ee19c0000006af160301004a020000460301441589262286b377be54275577aedd72b10847b4791bef1aeffe4b0bdadf8b3b20f907531554da8c71c3f39a3cdbc7190f521f5987831257fbc68e6c2cc11cb0c700040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc7e1b6d1a47f879d1692e733eb79e182
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19521, id=125, length=162
Waking up in 31 seconds...
Thread 1 got semaphore
Thread 1 handling request 10, (3 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xc7e1b6d1a47f879d1692e733eb79e182
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0xe3678c5426029d8175e1f151453cdea3
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 125 to 172.18.251.101 port 19521
EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x03e204533146f6df5a7b948fad3481c4
Finished request 10
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19522, id=126, length=348
Waking up in 31 seconds...
Thread 2 got semaphore
Thread 2 handling request 11, (3 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x03e204533146f6df5a7b948fad3481c4
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400c01980000000b61603010086100000820080429ec85d9aada81d6aa6c105d2fda77d176743ba65bd272238a345992be92ebd415395c8fce3271ef628a0f3c8c844406b02770043ac682b5a8e2b25032b894d34e85dab4fa68403855d707d4f642ad356f4aab5bc5bccc27a3fdbc0cfb2093f15274a757869367b6f608b6df123f69c0492d7ae41f6dd6f33c11a8a334823ed14030100010116030100204ae823b50d2350f9ae48461c18f6abc7ab8083e4ca1a10d8ae69cc702310165a
Message-Authenticator = 0x274b00a00e8339d2a869a485cc06ed2e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 126 to 172.18.251.101 port 19522
EAP-Message = 0x01050031190014030100010116030100203fbb11de01ef27ed787f34097b5d3d185b5429cb62bd1a5d044ec7b9ba838968
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6b927044383b55feeb48b65586a9731b
Finished request 11
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19523, id=127, length=162
--- Walking the entire request list ---
Waking up in 5 seconds...
Thread 3 got semaphore
Thread 3 handling request 12, (3 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x6b927044383b55feeb48b65586a9731b
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0x7f1b03a50a635f5e94d7004dde52e7da
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 127 to 172.18.251.101 port 19523
EAP-Message = 0x010600201900170301001504f6a5def3fff687a65ed7e93d4e9a233e6007e75b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xce440cff70bc3b0d52f9ed0103d1329c
Finished request 12
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19524, id=128, length=198
Waking up in 5 seconds...
Thread 4 got semaphore
Thread 4 handling request 13, (3 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xce440cff70bc3b0d52f9ed0103d1329c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0206002a1900170301001fb071ec3e8e6fd036374c109a67bff53089d124e9cdc0a3db1e66a8c7172a2d
Message-Authenticator = 0xb09f0ff1cec1215739dd600d468f1921
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
rlm_eap: EAP packet type response id 6 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
rlm_eap: EAP packet type response id 6 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 128 to 172.18.251.101 port 19524
EAP-Message = 0x0107003f1900170301003468aba24faf299cf0e287148d9b2dab1dd067476df64259821adc6c48abd930acae31a608bcb94f8472a9d56554f3dcf0e5b0993c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb6b2a36b1b7103da9e139243e6610932
Finished request 13
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19525, id=129, length=252
Waking up in 5 seconds...
Thread 5 got semaphore
Thread 5 handling request 14, (3 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xb6b2a36b1b7103da9e139243e6610932
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0207006019001703010055d5a470f751027d6e99b883147e7575fe1652fc0073030c1c31b0307efd2c48e5c5e3722c8f82fbde298366f25bcefb4b9f75172b92ed24de08362c9f6fec89f0427d0b3201f732997aeb01d1258b30b7d249d46eb0
Message-Authenticator = 0x465e312145ccbe73b9df33208e8ad391
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 7 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 52 be
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 7 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 14
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: f2
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=4cfc39bd5386a9cd --nt-response=f0f4887e245cc3352a1b6141a15e82751e586a4dd8aa5ed1'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=4cfc39bd5386a9cd --nt-response=f0f4887e245cc3352a1b6141a15e82751e586a4dd8aa5ed1
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 14
modcall: leaving group MS-CHAP (returns reject) for request 14
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 14
modcall: leaving group authenticate (returns reject) for request 14
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 129 to 172.18.251.101 port 19525
EAP-Message = 0x010800261900170301001bc23334024bc9aee6b5c0ed5c372addd84565a6fcc69fdeeb63ee48
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7c15e0b7a9e583e51ad067fda35623fd
Finished request 14
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19526, id=130, length=194
Waking up in 5 seconds...
Thread 1 got semaphore
Thread 1 handling request 15, (4 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7c15e0b7a9e583e51ad067fda35623fd
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4
Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 15
modcall: leaving group authenticate (returns invalid) for request 15
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 15 for 1 seconds
Finished request 15
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19527, id=130, length=194
--- Walking the entire request list ---
Sending Access-Reject of id 130 to 172.18.251.101 port 19526
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3 seconds...
Thread 2 got semaphore
Thread 2 handling request 16, (4 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7c15e0b7a9e583e51ad067fda35623fd
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4
Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
modcall: leaving group authorize (returns updated) for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 16
modcall: leaving group authenticate (returns invalid) for request 16
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19528, id=130, length=194
--- Walking the entire request list ---
Sending Access-Reject of id 130 to 172.18.251.101 port 19527
Waking up in 1 seconds...
Thread 3 got semaphore
Thread 3 handling request 17, (4 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7c15e0b7a9e583e51ad067fda35623fd
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4
Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 17
modcall: leaving group authenticate (returns invalid) for request 17
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 17 for 1 seconds
Finished request 17
Going to the next request
Thread 3 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 9 ID 124 with timestamp 44158926
Cleaning up request 10 ID 125 with timestamp 44158926
Cleaning up request 11 ID 126 with timestamp 44158926
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 12 ID 127 with timestamp 44158927
Cleaning up request 13 ID 128 with timestamp 44158927
Cleaning up request 14 ID 129 with timestamp 44158927
Cleaning up request 15 ID 130 with timestamp 44158927
Sending Access-Reject of id 130 to 172.18.251.101 port 19528
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 16 ID 130 with timestamp 44158929
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:19529, id=131, length=157
Waking up in 2 seconds...
Thread 4 got semaphore
Thread 4 handling request 18, (4 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0201001301434852545c6a706272756e61696e
Message-Authenticator = 0x37daf9ff5b57bebe02db3f2603e9284f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
rlm_eap: EAP packet type response id 1 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
modcall: leaving group authorize (returns updated) for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 18
modcall: leaving group authenticate (returns handled) for request 18
Sending Access-Challenge of id 131 to 172.18.251.101 port 19529
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x70f4a097799af899825c5555f576ff28
Finished request 18
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19530, id=132, length=236
--- Walking the entire request list ---
Waking up in 1 seconds...
Thread 5 got semaphore
Thread 5 handling request 19, (4 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x70f4a097799af899825c5555f576ff28
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0202005019800000004616030100410100003d0301441588fe60da33dbfcecdfcfbf059a17b89c6ccd6d7bc60c0153578299a1ab7900001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x995310ef409b43695b789a005207db35
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 19
modcall: leaving group authorize (returns updated) for request 19
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 19
modcall: leaving group authenticate (returns handled) for request 19
Sending Access-Challenge of id 132 to 172.18.251.101 port 19530
EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415893012c01ecacda995fe6984108679d45179ffb13a35a7373f42c5ae81902093b20866bbef43d26c1701e46bef1d027bf02700b465445b5db0d1fe0109890a00040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x36d8d7f6ebb95d5a7917ba3e5fd14a8d
Finished request 19
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19531, id=133, length=162
Cleaning up request 17 ID 130 with timestamp 4415892b
Waking up in 1 seconds...
Thread 1 got semaphore
Thread 1 handling request 20, (5 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x36d8d7f6ebb95d5a7917ba3e5fd14a8d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020300061900
Message-Authenticator = 0x7092467bed276e385e1643f6ec0584e5
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
modcall: leaving group authorize (returns updated) for request 20
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 20
modcall: leaving group authenticate (returns handled) for request 20
Sending Access-Challenge of id 133 to 172.18.251.101 port 19531
EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x0f64693f87c54d28249a2ef8ec3fda26
Finished request 20
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19532, id=134, length=348
Waking up in 1 seconds...
Thread 2 got semaphore
Thread 2 handling request 21, (5 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x0f64693f87c54d28249a2ef8ec3fda26
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400c01980000000b616030100861000008200806bf4f04187bcdbd2e2176bcaf72dc94da05d0ee0142f79388ca0ec746be817bfb10ea2b38f698ba29aa7e70f88eb9f3fe2ab1cc4b7a1fcb9dbbad4de51702cf3361362ed2a9ce6a21e527f29f25efa255ffe91744aaae15ae46b76bcf1b7259f193779243e1f43d7f5a55a11c89c9301b787e027b14663090088b9e02ead32f01403010001011603010020d333351920022c34ce7f581f2816eaed76481a7f18e85b41f25ee58c67347fcf
Message-Authenticator = 0xa0382018ca6755cf9b9375629d06380a
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
modcall: leaving group authorize (returns updated) for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 21
modcall: leaving group authenticate (returns handled) for request 21
Sending Access-Challenge of id 134 to 172.18.251.101 port 19532
EAP-Message = 0x01050031190014030100010116030100205c46dfa9729bfe4cbbc4d776b05be437ffc42b6826edee4bc950b19a3fbdd426
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x812edbb19e98e6bbaa4efe49ab642b1d
Finished request 21
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19533, id=135, length=162
Waking up in 1 seconds...
Thread 3 got semaphore
Thread 3 handling request 22, (5 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x812edbb19e98e6bbaa4efe49ab642b1d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020500061900
Message-Authenticator = 0x31833ad04516978568276f2217e9951d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 22
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
modcall: leaving group authorize (returns updated) for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 22
modcall: leaving group authenticate (returns handled) for request 22
Sending Access-Challenge of id 135 to 172.18.251.101 port 19533
EAP-Message = 0x010600201900170301001527218bd88a945d702b8e58bd1eebd0d120959b8ac0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xca1a9289e5a74a4193c63d85d0a7fd99
Finished request 22
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19534, id=136, length=198
Waking up in 1 seconds...
Thread 4 got semaphore
Thread 4 handling request 23, (5 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xca1a9289e5a74a4193c63d85d0a7fd99
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0206002a1900170301001f5dd02390a8d076cbebf2b6abb1a799cec8de3470f9715e70b6f4482805176c
Message-Authenticator = 0x6ca47697b7cef02a3d4425ddb44ebd8b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 23
rlm_eap: EAP packet type response id 6 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
modcall: leaving group authorize (returns updated) for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 23
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 23
rlm_eap: EAP packet type response id 6 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
modcall: leaving group authorize (returns updated) for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 23
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 23
modcall: leaving group authenticate (returns handled) for request 23
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 23
modcall: leaving group authenticate (returns handled) for request 23
Sending Access-Challenge of id 136 to 172.18.251.101 port 19534
EAP-Message = 0x0107003f190017030100348e96e794436e2b745dcc6735c24e1681e4784145fd1329e2db7464f7bd0ea25cb92240484c4e08ce985af48b474b7b89ed9fec69
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x05632450620b5ad07f68889dec4b15ee
Finished request 23
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19535, id=137, length=252
--- Walking the entire request list ---
Waking up in 4 seconds...
Thread 5 got semaphore
Thread 5 handling request 24, (5 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x05632450620b5ad07f68889dec4b15ee
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020700601900170301005565c137e8bf4c325d29c8c0f03317ef5fab3c280f7febd2d2a09ac3332f0dcad22a9e3796e5c5245462f18dfda9a58518ac5057c8d68e18984848fb8bdeb1f1f33b17b2c08eec8be4a296f35e8dc57eeb7f57a840d5
Message-Authenticator = 0x51b35c728805e403d81cfeb94bf03986
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 7 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 8e df
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 7 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 24
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 8b
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=7dc8cbea28bf15f0 --nt-response=bc3041545116eafb59753b4e62b4ddb09fae2452b604eb38'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=7dc8cbea28bf15f0 --nt-response=bc3041545116eafb59753b4e62b4ddb09fae2452b604eb38
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 24
modcall: leaving group MS-CHAP (returns reject) for request 24
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 24
modcall: leaving group authenticate (returns reject) for request 24
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 24
modcall: leaving group authenticate (returns handled) for request 24
Sending Access-Challenge of id 137 to 172.18.251.101 port 19535
EAP-Message = 0x010800261900170301001b793424a5cbb4572b56c27a140542fe91dbf9b9dc55840cd06f2dca
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7bc82c2b743d3a6c32c38f687df3fb49
Finished request 24
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19536, id=138, length=194
Waking up in 4 seconds...
Thread 1 got semaphore
Thread 1 handling request 25, (6 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7bc82c2b743d3a6c32c38f687df3fb49
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59
Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 25
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 25
modcall: leaving group authorize (returns updated) for request 25
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 25
modcall: leaving group authenticate (returns invalid) for request 25
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 25 for 1 seconds
Finished request 25
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 172.18.251.101:19537, id=138, length=194
--- Walking the entire request list ---
Sending Access-Reject of id 138 to 172.18.251.101 port 19536
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 2 seconds...
Thread 2 got semaphore
Thread 2 handling request 26, (6 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7bc82c2b743d3a6c32c38f687df3fb49
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59
Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 26
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 26
modcall: leaving group authorize (returns updated) for request 26
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 26
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 26
modcall: leaving group authenticate (returns invalid) for request 26
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 26 for 1 seconds
Finished request 26
Going to the next request
Thread 2 waiting to be assigned a request
--- Walking the entire request list ---
Cleaning up request 18 ID 131 with timestamp 4415892f
Sending Access-Reject of id 138 to 172.18.251.101 port 19537
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:19538, id=138, length=194
Cleaning up request 19 ID 132 with timestamp 44158930
Cleaning up request 20 ID 133 with timestamp 44158930
Cleaning up request 21 ID 134 with timestamp 44158930
Cleaning up request 22 ID 135 with timestamp 44158930
Cleaning up request 23 ID 136 with timestamp 44158930
Waking up in 1 seconds...
Thread 3 got semaphore
Thread 3 handling request 27, (6 handled so far)
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7bc82c2b743d3a6c32c38f687df3fb49
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59
Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
rlm_eap: EAP packet type response id 8 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 27
modcall: leaving group authorize (returns updated) for request 27
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 27
modcall: leaving group authenticate (returns invalid) for request 27
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 27 for 1 seconds
Finished request 27
Going to the next request
Thread 3 waiting to be assigned a request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 24 ID 137 with timestamp 44158931
Cleaning up request 25 ID 138 with timestamp 44158931
Sending Access-Reject of id 138 to 172.18.251.101 port 19538
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 26 ID 138 with timestamp 44158933
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 27 ID 138 with timestamp 44158935
Nothing to do. Sleeping until we see a request.
prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
proxy_requests = no
$INCLUDE ${confdir}/clients.conf
snmp = no
modules {
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:-DEFAULTDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
}
authorize {
eap
}
authenticate {
Auth-Type MS-CHAP {
mschap
}
eap
}
3
6
RE: Different user attributes based on NAS-IP-Address? Also Suffixwildcards available?
by John Mylchreest 28 Mar '06
by John Mylchreest 28 Mar '06
28 Mar '06
Hi Alan,
When you mean key off the NAS-IP-Address, do you mean like I suggested in my previous example, or a cleaner solution?
Cheers,
john
-----Original Message-----
From: freeradius-users-bounces+john.mylchreest=ioko.com(a)lists.freeradius.org [mailto:freeradius-users-bounces+john.mylchreest=ioko.com@lists.freeradius.org] On Behalf Of Alan DeKok
Sent: 27 March 2006 19:23
To: FreeRadius users mailing list
Subject: Re: Different user attributes based on NAS-IP-Address? Also Suffixwildcards available?
"Andy Coates" <andy(a)corenetwork.co.uk> wrote:
> Returning unique fields for each user
> based on the NAS-IP-Address doesn't seem possible?
Yes, it's possible. Just key off of the NAS-IP-Address and send
different replies. You don't need huntgroups or anything else.
> That aside, does anyone know if its possible to use wildcards with Suffix
> when stripping usernames? I've tried "@*" or "@*.domain.com" and it doesn't
> seem to match :(
No, it's not possible.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.
Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation.
ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved.
2
1
hi list, well, finally my linux based ap works with wpa-eap, i use debian etch, madwifi-ng-r1475, freeradius 1.1.0 and hostapd 0.5.2. my ap can authenticate users and they can connect to wlan, everything ok. but now result they cann't surf internet because connection is very slow, they cann't inclusive access google or yahoo, connection is too slow and requests are never completed or delays among 35-120 seconds. i'm just performing tests, so ap and clients are in same room.
and when clients authenticating get lots of messages like this:
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 BE_AUTH entering state IDLE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state INITPMK
WPA: PMK from EAPOL state machine (len=32)
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state PTKSTART
ath0: STA 00:0f:66:11:c1:96 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(secure=0 mic=0 ack=1 install=0 pairwise=1 ie_len=0 gtk_len=0 key idx=0 encr=0)
TX EAPOL - hexdump(len=113): 00 0f 66 11 c1 96 00 0f 66 11 c1 97 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 bb a5 40 06 72 ff 43 57 37 d3 d3 67 f1 5c 13 3f 6c 48 d1 fb 14 5a 31 ce b2 ce 47 a9 96 20 a5 20 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
and authentication delays 2 minutes, is it normal??
using ethereal to monitor wlan get a lot (but really many) of messages like this:
SOURCE DESTINATION PROTOCOL INFO
Cisco-Li_11:c1:96 192.168.50.1 MDS HEADER [Malformed Packet]
where 192.168.50.1 is ap's ip direction.
these are my configuration files:
MADWIFI:
rmmod ath_pci
modprobe ath_pci autocreate=ap
ifconfig ath0 up
iwpriv ath0 mode 3
iwconfig ath0 essid MYWLAN
iwconfig ath0 channel auto
iwconfig ath0 bitrate 54M
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
IPTABLES=/sbin/iptables
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/etc/init.d/dhcp restart
HOSTAPD:
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=1
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=MYWLAN
macaddr_acl=0
auth_algs=1
ieee8021x=1
eap_server=0
own_ip_addr=127.0.0.1
nas_identifier=www.srvw1.com
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=mywlan
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=mywlan
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
wpa_group_rekey=300
wpa_gmk_rekey=640
I think it's behavior is related to freeradius because i tested using only hostapd with psk and without securities and everything was right, speed connection and everything fine, but activating freeradius speed connection is very poor.
so is in freeradius any parameter i should activate or change to avoid this problem??
these are freeradius configuration files:
USERS:
"User1"
DEFAULT Auth-Type = EAP
Fall-Through = 1
CLIENTS:
client 192.168.50.0/24 {
secret = mywlan
shortname = MYWLAN
}
EAP:
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
tls {
private_key_file = ${raddbdir}/certs/www.srvw1.com.pem
certificate_file = /home/admin/test/www.srvw1.com.pem
CA_file = /home/admin/test/cacert.pem
dh_file = /home/admin/test/dh
random_file = /home/admin/test/random
fragment_size = 1024
include_length = yes
}
}
RADDB:
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
authenticate {
eap
}
_______________________________________________________________
Where can you observe the highest tides in the world?
postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=158
2
1
In attachment, the log in debug mode.
rad_recv: Access-Request packet from host 172.18.251.101:20455, id=13, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020a001301434852545c6a706272756e61696e
Message-Authenticator = 0xc7366f11cef5ff3477a0b52e2bf1b9bf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_eap: EAP packet type response id 10 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 13 to 172.18.251.101 port 20455
EAP-Message = 0x010b00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4f6154c4a3c46701a092952d021ef82
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20456, id=14, length=236
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xe4f6154c4a3c46701a092952d021ef82
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020b005019800000004616030100410100003d030144294391e4b90042d8267e308d211edaacb81edba9e9d006c990fbb5688a87ae00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x81443eb638857b7d502e43b65585e85e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
rlm_eap: EAP packet type response id 11 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 14 to 172.18.251.101 port 20456
EAP-Message = 0x010c03ee19c0000006af160301004a020000460301442943d77f7d9d36b1f871da1349572bb879667447ca41bcd3e731806484a1fd20a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b8800040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20457, id=15, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020c00061900
Message-Authenticator = 0x414515df20242ea5466fb3e69f60830b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
rlm_eap: EAP packet type response id 12 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 15 to 172.18.251.101 port 20457
EAP-Message = 0x010d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x22e8cc4cb36b4b466039f940c1949a64
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20458, id=16, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x22e8cc4cb36b4b466039f940c1949a64
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020d00c01980000000b6160301008610000082008036af7754e77c6abb07461769945991d7fa6ff009390cf14c1ac60c17ab0f99100457696bbf239a6364bce049d00300c5bdcba7a595dbbd44ca238f9a30e8a0ed4cfc9b70902a448ccd37c42ed763a58c6ebac68bf05daaf4274f90f399a66228ff16a1cf341962df328735117ec39b293db78bf154e0d729ae7de799a5257a8b1403010001011603010020acca8cf619a568355f55042b6b63f55bf75e71b8556d22a98128e02b76d6bf33
Message-Authenticator = 0x2f8f571838c46c8e220f8c427bb62d61
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
rlm_eap: EAP packet type response id 13 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 16 to 172.18.251.101 port 20458
EAP-Message = 0x010e003119001403010001011603010020538b404830b7626241e73023c3481089bcb745935e1a87d70a07306ee4ef5b5f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x922d6bc463165090d03b4ebb3a04c243
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20459, id=17, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x922d6bc463165090d03b4ebb3a04c243
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020e00061900
Message-Authenticator = 0x0363020fb7079adf3733134cd56780b0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
rlm_eap: EAP packet type response id 14 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 17 to 172.18.251.101 port 20459
EAP-Message = 0x010f002019001703010015b9c346ac5589ce348dc831b3045da67715f06e116d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80d26d2b5771117f089d50dbd0c186a7
Finished request 13
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20460, id=18, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f089d50dbd0c186a7
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020f002a1900170301001f2a0d362ea93bcf666c36de8e81ef412ca4291ac21d909692799fbee14f769d
Message-Authenticator = 0xce8f4d77be356287f155846ab659406d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 15 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 15 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 18 to 172.18.251.101 port 20460
EAP-Message = 0x0110003f19001703010034f161b5d813faa4725b1c6ec2bd3c43f8c12464b5e04a1006d8867596d879df1ab2967449bc0acd071f366b794c6e7c0791bc46be
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x852c958213278c063a659f68a55c7088
Finished request 14
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20461, id=19, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x852c958213278c063a659f68a55c7088
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02100060190017030100553d1214b66fde907d54fdb5704e84a60f00090bd0ef2890fa62421ca3734188f9ace62392b8ecefa5b39e1987411025b16cd1ab1a24afcc40447dc82ab09744f230c8ed8d7be905d26fcb08d7fb57fccdc4c383f1ec
Message-Authenticator = 0x414433b19a8188e7f32a13f5a43fb8b6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 16 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 3f ca
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 16 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 15
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 03
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 15
modcall: leaving group MS-CHAP (returns reject) for request 15
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 15
modcall: leaving group authenticate (returns reject) for request 15
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
Sending Access-Challenge of id 19 to 172.18.251.101 port 20461
EAP-Message = 0x011100261900170301001bae6c352b3d9c79275a20cddcf2e57dee34c7c51f06104bb90f377c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3aacd993356b12d976db330a090b4527
Finished request 15
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20462, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
modcall: leaving group authorize (returns updated) for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 16
modcall: leaving group authenticate (returns invalid) for request 16
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20463, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 17
modcall: leaving group authenticate (returns invalid) for request 17
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 17 for 1 seconds
Finished request 17
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 20 to 172.18.251.101 port 20462
EAP-Message = 0x04110004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 20 to 172.18.251.101 port 20463
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20464, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
modcall: leaving group authorize (returns updated) for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 18
modcall: leaving group authenticate (returns invalid) for request 18
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 18 for 1 seconds
Finished request 18
Going to the next request
Cleaning up request 9 ID 13 with timestamp 442943d7
Cleaning up request 10 ID 14 with timestamp 442943d7
Cleaning up request 11 ID 15 with timestamp 442943d7
Cleaning up request 12 ID 16 with timestamp 442943d7
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 13 ID 17 with timestamp 442943d8
Cleaning up request 14 ID 18 with timestamp 442943d8
Cleaning up request 15 ID 19 with timestamp 442943d8
Cleaning up request 16 ID 20 with timestamp 442943d8
Sending Access-Reject of id 20 to 172.18.251.101 port 20464
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 17 ID 20 with timestamp 442943da
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20465, id=21, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0212001301434852545c6a706272756e61696e
Message-Authenticator = 0x103c1d9b52a3f14e61de997e0575d2bb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
rlm_eap: EAP packet type response id 18 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 19
modcall: leaving group authorize (returns updated) for request 19
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 19
modcall: leaving group authenticate (returns handled) for request 19
Sending Access-Challenge of id 21 to 172.18.251.101 port 20465
EAP-Message = 0x011300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f
Finished request 19
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20466, id=22, length=268
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0213007019800000006616030100610100005d03014429439badcc7ddf0ce12e4247b275210ae294c4733a77b6bfc2fcecb9aaef5420a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b88001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x9515f46c42517aeeb8150569aac6d49f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
rlm_eap: EAP packet type response id 19 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
modcall: leaving group authorize (returns updated) for request 20
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 20
modcall: leaving group authenticate (returns handled) for request 20
Sending Access-Challenge of id 22 to 172.18.251.101 port 20466
EAP-Message = 0x011403ee19c0000006af160301004a020000460301442943e117b292931eccbd9bd3ff55e39319b003f5a6b17ae4443a29bd726d9320aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae600040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfbea7da3a4587e91b468a709f3f2007c
Finished request 20
Going to the next request
Cleaning up request 18 ID 20 with timestamp 442943dc
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20467, id=23, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xfbea7da3a4587e91b468a709f3f2007c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021400061900
Message-Authenticator = 0xd5a7d0d0c5e010ad6c4cfc4dabcb6da6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
rlm_eap: EAP packet type response id 20 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
modcall: leaving group authorize (returns updated) for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 21
modcall: leaving group authenticate (returns handled) for request 21
Sending Access-Challenge of id 23 to 172.18.251.101 port 20467
EAP-Message = 0x011502d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9f07414fa772228cad6a9d7d2bc2de5
Finished request 21
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20468, id=24, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xd9f07414fa772228cad6a9d7d2bc2de5
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021500c01980000000b61603010086100000820080308b48c8a794eed1bd11cc5f94f0b68937d1138dc95c7cbac72fece10a246cf464c67c3ffa363e267bc31b5ff117b9db169b7690c663e7b9fe7c2fcab67c221b444cecd19bafaa57928bd581be61d84d28d520b2a0926912e82854005e5e089baeccff7b8ff193df9fee5ec779cfa2e37aab68b291a38473958fcbb9550bb06e14030100010116030100203408da38252b9d8396b8962b7cafee82e7f92c02f5bc6ca3fb04c2974381a7dc
Message-Authenticator = 0x31ac3dcc6cd07a2059b19089f1d7a619
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 22
rlm_eap: EAP packet type response id 21 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
modcall: leaving group authorize (returns updated) for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 22
modcall: leaving group authenticate (returns handled) for request 22
Sending Access-Challenge of id 24 to 172.18.251.101 port 20468
EAP-Message = 0x0116003119001403010001011603010020216a2fa917c56880e9d8bfb3ae50ff7a19c40bbed89bf78631000c061356b06a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe23dfb3b27929274e85f3a7e6d9cfe28
Finished request 22
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20469, id=25, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xe23dfb3b27929274e85f3a7e6d9cfe28
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021600061900
Message-Authenticator = 0xd855b1a4ed2987ead99e79efd43279bc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 23
rlm_eap: EAP packet type response id 22 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
modcall: leaving group authorize (returns updated) for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 23
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 23
modcall: leaving group authenticate (returns handled) for request 23
Sending Access-Challenge of id 25 to 172.18.251.101 port 20469
EAP-Message = 0x011700201900170301001541948caebfdb7bce995e12515e333e57835c6eb971
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3c43164879792e9ed60aa36fafed4e9d
Finished request 23
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20470, id=26, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3c43164879792e9ed60aa36fafed4e9d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0217002a1900170301001f1065287fee5eb7343cb84c8dad2d4959249e5520f45fdb0c24de2d2e2dd21e
Message-Authenticator = 0xcdd242f83636fb700f907a9e4dda2a14
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 23 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 23 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 24
modcall: leaving group authenticate (returns handled) for request 24
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 24
modcall: leaving group authenticate (returns handled) for request 24
Sending Access-Challenge of id 26 to 172.18.251.101 port 20470
EAP-Message = 0x0118003f1900170301003428f7e2f09ec64fefc7ccb1336e1e10440c21e04eacb8b716c2b3bc48dd8216df9ee97a081e3423b31653c6696cbc62601faaef94
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80997b6e9e8cb85758ca6d5fd1b74563
Finished request 24
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20471, id=27, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80997b6e9e8cb85758ca6d5fd1b74563
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021800601900170301005550c4dd66b9b564842e95761b9f4a245fa8a7947974227fe090706e808e20f713d618b981a7123922835cf19c71371fe81af763c48d78366ba468bf9037820e7092cc06fb34c38253ff5135621c6f026ebee91a8b32
Message-Authenticator = 0xbfc073342d6935e06d672999f45885f2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 25
rlm_eap: EAP packet type response id 24 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 25
modcall: leaving group authorize (returns updated) for request 25
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 2f 78
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 25
rlm_eap: EAP packet type response id 24 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 25
modcall: leaving group authorize (returns updated) for request 25
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 25
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 13
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 25
modcall: leaving group MS-CHAP (returns reject) for request 25
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 25
modcall: leaving group authenticate (returns reject) for request 25
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 25
modcall: leaving group authenticate (returns handled) for request 25
Sending Access-Challenge of id 27 to 172.18.251.101 port 20471
EAP-Message = 0x011900261900170301001b07fdaf03cc726ee647e6193f16f212aff7689a48545fdc3d15e590
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
Finished request 25
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20472, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 26
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 26
modcall: leaving group authorize (returns updated) for request 26
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 26
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 26
modcall: leaving group authenticate (returns invalid) for request 26
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 26 for 1 seconds
Finished request 26
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20473, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 27
modcall: leaving group authorize (returns updated) for request 27
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 27
modcall: leaving group authenticate (returns invalid) for request 27
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 27 for 1 seconds
Finished request 27
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 28 to 172.18.251.101 port 20472
EAP-Message = 0x04190004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 28 to 172.18.251.101 port 20473
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20474, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 28
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 28
modcall: leaving group authorize (returns updated) for request 28
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 28
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 28
modcall: leaving group authenticate (returns invalid) for request 28
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 28 for 1 seconds
Finished request 28
Going to the next request
Cleaning up request 19 ID 21 with timestamp 442943e1
Cleaning up request 20 ID 22 with timestamp 442943e1
Cleaning up request 21 ID 23 with timestamp 442943e1
Cleaning up request 22 ID 24 with timestamp 442943e1
Cleaning up request 23 ID 25 with timestamp 442943e1
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 24 ID 26 with timestamp 442943e2
Cleaning up request 25 ID 27 with timestamp 442943e2
Cleaning up request 26 ID 28 with timestamp 442943e2
Sending Access-Reject of id 28 to 172.18.251.101 port 20474
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 27 ID 28 with timestamp 442943e4
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20475, id=29, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021a001301434852545c6a706272756e61696e
Message-Authenticator = 0x359cf0de67c0f2de228577278dc9a9ac
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 29
rlm_eap: EAP packet type response id 26 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 29
modcall: leaving group authorize (returns updated) for request 29
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 29
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 29
modcall: leaving group authenticate (returns handled) for request 29
Sending Access-Challenge of id 29 to 172.18.251.101 port 20475
EAP-Message = 0x011b00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x322a73669ca0f3ce4d6a252806e977cf
Finished request 29
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20476, id=30, length=268
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x322a73669ca0f3ce4d6a252806e977cf
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021b007019800000006616030100610100005d0301442943a47bc0408ebf662e1ce92ace90b224ab5d85761ef3faee62e66845066920aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae6001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x3fd57f6dbcdb9276d10cb29cbb9b9263
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 30
rlm_eap: EAP packet type response id 27 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 30
modcall: leaving group authorize (returns updated) for request 30
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 30
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 30
modcall: leaving group authenticate (returns handled) for request 30
Sending Access-Challenge of id 30 to 172.18.251.101 port 20476
EAP-Message = 0x011c03ee19c0000006af160301004a020000460301442943ebdaeed985a32af2b02d303a5d06abb4a1c17be7afe36d180edb1aaa6420aad5ac3d9732b6835975855c46600869cc5aedbdf3a281341efedf3294f5a54200040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1dce43f93c3fe1a1312dfd06a97f59d4
Finished request 30
Going to the next request
Cleaning up request 28 ID 28 with timestamp 442943e6
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20477, id=31, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x1dce43f93c3fe1a1312dfd06a97f59d4
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021c00061900
Message-Authenticator = 0xfd07ee2ad5595e1e4187ef653fefd0c6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 31
rlm_eap: EAP packet type response id 28 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 31
modcall: leaving group authorize (returns updated) for request 31
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 31
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 31
modcall: leaving group authenticate (returns handled) for request 31
Sending Access-Challenge of id 31 to 172.18.251.101 port 20477
EAP-Message = 0x011d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69176e87a3e323e5cd7165fa76a14333
Finished request 31
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20478, id=32, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x69176e87a3e323e5cd7165fa76a14333
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021d00c01980000000b616030100861000008200807ab61726a8f7e95c6b192e9fe405e146fad8bf30e4a54b3b2705dc9b6baf84ec6627698647c430466def3fab192865ac5a8e5187e9f945e5ef8c0596b04f02475f7b4b7267c3be0f10c2df4d3fb8e559cff58fe3dcbe78b0ba5f52f02ae92c300a3cd3b04363caaf16da2b2304f36976914b7a0177d59120faa03836cb14480e14030100010116030100205928d3fc004fb057ef1e1dfd3a4b1b305ca9e246abac357799c9a36ef8ded3bc
Message-Authenticator = 0x383f85d64c9aec75a69bf89c323f6e53
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 32
rlm_eap: EAP packet type response id 29 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 32
modcall: leaving group authorize (returns updated) for request 32
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 32
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 32
modcall: leaving group authenticate (returns handled) for request 32
Sending Access-Challenge of id 32 to 172.18.251.101 port 20478
EAP-Message = 0x011e003119001403010001011603010020dd76265ab54e8b6ce1962314a32241d9f5275ad5eb4612be85237d0a9a036a36
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3fa40ecd9420b456866dc141b7cb427b
Finished request 32
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20479, id=33, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3fa40ecd9420b456866dc141b7cb427b
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021e00061900
Message-Authenticator = 0x467019c438198219aae15ecfc44eddee
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 33
rlm_eap: EAP packet type response id 30 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 33
modcall: leaving group authorize (returns updated) for request 33
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 33
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 33
modcall: leaving group authenticate (returns handled) for request 33
Sending Access-Challenge of id 33 to 172.18.251.101 port 20479
EAP-Message = 0x011f002019001703010015e09f6c2c955acf6b83998832c94f879a67d16479d8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6
Finished request 33
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20480, id=34, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021f002a1900170301001f8ca91d215ea2959c27a4f7d471e20b24dd243c1feef109ece18b8bccfba33d
Message-Authenticator = 0xbac1a462b2a82798eb178b317fe72db0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 34
rlm_eap: EAP packet type response id 31 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 34
modcall: leaving group authorize (returns updated) for request 34
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 34
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 34
rlm_eap: EAP packet type response id 31 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 34
modcall: leaving group authorize (returns updated) for request 34
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 34
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 34
modcall: leaving group authenticate (returns handled) for request 34
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 34
modcall: leaving group authenticate (returns handled) for request 34
Sending Access-Challenge of id 34 to 172.18.251.101 port 20480
EAP-Message = 0x0120003f1900170301003459a241cac39875b281b420941ede68b48bae3f2f6494d1771830412f9ee6f6a309c8ea2c4a49d9b85bda83e3dfa8c48d44f846bd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5ee3922d6bc46316c899f122df145e63
Finished request 34
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20481, id=35, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x5ee3922d6bc46316c899f122df145e63
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022000601900170301005541c6c18fcff5d5bec63f9a4d02fc99cef8c88746cb5c581e4b8b33cd3a79fa574dcfdce7c6d2304e7e4b83e638803f2081e21164cbd4a9aab51e126fd6d4e6b91f0cf8875e9628f4c8c7e0a23ad4722455b97fbb17
Message-Authenticator = 0x5d4a41e23f2d28e2b1faa27af7fc79bb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 35
rlm_eap: EAP packet type response id 32 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 35
modcall: leaving group authorize (returns updated) for request 35
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 22 e8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 35
rlm_eap: EAP packet type response id 32 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 35
modcall: leaving group authorize (returns updated) for request 35
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 35
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 4a
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 35
modcall: leaving group MS-CHAP (returns reject) for request 35
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 35
modcall: leaving group authenticate (returns reject) for request 35
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 35
modcall: leaving group authenticate (returns handled) for request 35
Sending Access-Challenge of id 35 to 172.18.251.101 port 20481
EAP-Message = 0x012100261900170301001b8d7866547bb9857c550a9a8324a37bc33f3d10274012c2e0d6800c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80d26d2b5771117f704883beae4915d8
Finished request 35
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20482, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 36
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 36
modcall: leaving group authorize (returns updated) for request 36
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 36
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 36
modcall: leaving group authenticate (returns invalid) for request 36
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 36 for 1 seconds
Finished request 36
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20483, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 37
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 37
modcall: leaving group authorize (returns updated) for request 37
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 37
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 37
modcall: leaving group authenticate (returns invalid) for request 37
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 37 for 1 seconds
Finished request 37
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 36 to 172.18.251.101 port 20482
EAP-Message = 0x04210004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 36 to 172.18.251.101 port 20483
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20484, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 38
modcall: leaving group authorize (returns updated) for request 38
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 38
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 38
modcall: leaving group authenticate (returns invalid) for request 38
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 38 for 1 seconds
Finished request 38
Going to the next request
Cleaning up request 29 ID 29 with timestamp 442943eb
Cleaning up request 30 ID 30 with timestamp 442943eb
Cleaning up request 31 ID 31 with timestamp 442943eb
Cleaning up request 32 ID 32 with timestamp 442943eb
Cleaning up request 33 ID 33 with timestamp 442943eb
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 34 ID 34 with timestamp 442943eb
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 35 ID 35 with timestamp 442943ec
Cleaning up request 36 ID 36 with timestamp 442943ec
Sending Access-Reject of id 36 to 172.18.251.101 port 20484
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 37 ID 36 with timestamp 442943ee
Waking up in 2 seconds...
2
1