Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
April 2006
- 177 participants
- 352 discussions
Hi all
I'm having major issues with getting Freeradius to authenticate from a Cisco
7204 that is terminating an L2TP tunnel and sending radius auth to a
FreeRadius server.
Using a default install of Freeradius and configuring it to accept auth
requests from the Cisco in clients.conf it just fails on authentication.
Even though the username and password in the users files is correct, proven
using radtest.
>From radius -X without changing any config options it gives me Login is
incorrect sending a plain text password.
No matter what I change in the config files it always fails.
I've tried adding Auth-Type's to the users entry such as Local and this
gives me things like no password is configured for the user.
Removing the "Default Auth-Type" from the top of the users file and setting
an Auth-Type in the users entry gives me no Auth-Type set.
Really not sure where the error is.
So I guess my question is does anyone use FreeRadius to authenticate from a
Cisco 7200 series with success?
If so is it possible to supply:
- The virtual template section that specifies the ppp authentication?
- A copy of the radius.conf file?
- The users file with an example users entry that works.
Then I can see if I've got it all setup correctly.
This used to work fine when I was using a Linux server to terminate the L2TP
tunnel, I used L2TPNS to do the termination and it sent radius
authentication to the FreeRadius server.
Thanks
Tony
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
2
4
Greetings,
A few more questions :)
I've now gone through the book ( I feel like such a snob reading it
on the bus ==) and have a better understanding of how Freeradius
works. I have gotten it to search for an attribute in LDAP and return
it the NAS. What I would like to do is to have it be able to query
the memberOf attribute in the acrtive directory server and then
verify if the user is in any of those groups and than permit access
based on that membership. Heres what im wondering
a) When I query the attribute it returns multiple cn=... results. In
the debug log I see it setting this as xxx.xxxx which is understood
by our nas equipment. It does it four times, But in the reply packet
I only see it sending one and not four. Am I correct to assume that
it will only send one of the responses to the Nas.
b) I think I can use the Users file to determine which group the user
is a member of and then have it send an attribute back to the Nas
telling it which role to set. Is the the attribute returning multiple
groups a problem (not multiple attributes, one attribute several bits
of data seperated by a delimiter) ?
c) can I strip the leading cn= bit from the response the ldap server
sends ( I saw an article somewhere about using an operator in the
LDAP.attrmap file) and once thats done can it use the groups
returned in the users file?
Thanks!
Liz
2
2
hi, i have a reporting system, this will perform intensive calculations,
agregate functions etc using accounting data, so i dont want to run this
system in the same server where the account is stored, i plan to use the
sql_log/sql-relay combo, however i do need that the account data be
stored online in the database running in the radius server, because i
have triggers in the stoptable that calculate the h323-credit-amount
using a modified excelent peter nixon's voip schema.
the line in radius.conf says
accounting {
#
# Instead of sending the query to the SQL server,
# write it into a log file.
#
sql_log
}
cant i have both sql account feature and sql_log at the same time?
---
Miguel
2
1
Hi All,
Installed freeradius 1.1.0-1 on debian system (2.6.15-1-686). The radius server
started automatically well each time when the system booting. But I wanted to stop
it to do some testing using my modified configuration files. I tried to stop the
server using command: 'freeradius stop' ('radiusd' doesn't work on this debian -
anyone knows why??)
But so werid, no matter what command I gave, with parameter stop|start|restart, the
server ALWAYS goes to START again!! even from the /etc/init.d/freeradius I can read
that the 'stop' param should stop the server! Can anyone tell me why the command
couldn't stop the server?? and how should I stop it??
The log file shows entries like this for each of my trying, even the command viven
was to "stop":
Tue Apr 4 01:14:13 2006 : Info: Using deprecated naslist file. Support for this
will go away soon.
Tue Apr 4 01:14:13 2006 : Error: There appears to be another RADIUS server running
on the authenticat
What is happenning here? (I couldn't top the running deamon, so is the 2nd line
above)
Also, from the log file I noticed: even when the system automatically started the
freeradius server deamon, it was "Using deprecated naslist file". Log entries show
like this:
Fri Mar 31 13:51:54 2006 : Info: Using deprecated naslist file. Support for this
will go away soon.
Fri Mar 31 13:51:54 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you
mean output=none?
Fri Mar 31 13:51:55 2006 : Info: Ready to process requests.
Can anyone tell me what is happenning here?? Why it's using the deprecating naslist
file? The installed radiusd.conf file doesn't show the server will use the naslist
file at all! from where I can stop the server to use this deprecating file? Also
what does the 2nd line of the above log entries mean?
Any help would be greatly appreciated! Thank you so much for help in advance!!
Best regrads,
leo
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
9
18
Hello,
I used a FR 1.1.0 under FreeBSD 6.0
I configure it to PEAP auth against a windows 2003 AD through ntlm_auth
(samba 3.0.21b).
Everything works fine, user auth, machine auth...
The problem is that for some obscur reasons, some users ("jpbrunain" in
this case) are unable to log in.
This problem concerns only 2 users out of 20... and I don't see
anything "special" concerning them on the 2003 AD...
As I saw in the radius.log, I got:
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
Well, I know that the password typed was good. Moreover, if I run
"ntlm_auth --request-nt-key --domain=CHRT --username=jpbrunain" with the
good password, I got this message:
"NT_STATUS_OK: Success (0x0)"... So I think I have permission to
authenticate against AD.
I also try :
"ntlm_auth --request-nt-key --username=jpbrunain
--challenge=d8a9272386722a12"
This one succeeded after entering the good password.
and:
"ntlm_auth --request-nt-key --username=jpbrunain
--challenge=d8a9272386722a12
--nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2"
That one failed, even with the good password... the error code returned
was: "Logon failure (0xc000006d)".
Where do these parameters (challenge and nt-response) come from ? What
does it mean ? How to solve this ?
Regards,
Jeremy
rad_recv: Access-Request packet from host 172.18.251.101:20455, id=13, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020a001301434852545c6a706272756e61696e
Message-Authenticator = 0xc7366f11cef5ff3477a0b52e2bf1b9bf
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
rlm_eap: EAP packet type response id 10 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 9
modcall: leaving group authorize (returns updated) for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 9
modcall: leaving group authenticate (returns handled) for request 9
Sending Access-Challenge of id 13 to 172.18.251.101 port 20455
EAP-Message = 0x010b00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe4f6154c4a3c46701a092952d021ef82
Finished request 9
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20456, id=14, length=236
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xe4f6154c4a3c46701a092952d021ef82
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020b005019800000004616030100410100003d030144294391e4b90042d8267e308d211edaacb81edba9e9d006c990fbb5688a87ae00001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x81443eb638857b7d502e43b65585e85e
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 10
rlm_eap: EAP packet type response id 11 length 80
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 10
modcall: leaving group authorize (returns updated) for request 10
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 10
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 10
modcall: leaving group authenticate (returns handled) for request 10
Sending Access-Challenge of id 14 to 172.18.251.101 port 20456
EAP-Message = 0x010c03ee19c0000006af160301004a020000460301442943d77f7d9d36b1f871da1349572bb879667447ca41bcd3e731806484a1fd20a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b8800040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6
Finished request 10
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20457, id=15, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020c00061900
Message-Authenticator = 0x414515df20242ea5466fb3e69f60830b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 11
rlm_eap: EAP packet type response id 12 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 11
modcall: leaving group authorize (returns updated) for request 11
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 11
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 11
modcall: leaving group authenticate (returns handled) for request 11
Sending Access-Challenge of id 15 to 172.18.251.101 port 20457
EAP-Message = 0x010d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x22e8cc4cb36b4b466039f940c1949a64
Finished request 11
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20458, id=16, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x22e8cc4cb36b4b466039f940c1949a64
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020d00c01980000000b6160301008610000082008036af7754e77c6abb07461769945991d7fa6ff009390cf14c1ac60c17ab0f99100457696bbf239a6364bce049d00300c5bdcba7a595dbbd44ca238f9a30e8a0ed4cfc9b70902a448ccd37c42ed763a58c6ebac68bf05daaf4274f90f399a66228ff16a1cf341962df328735117ec39b293db78bf154e0d729ae7de799a5257a8b1403010001011603010020acca8cf619a568355f55042b6b63f55bf75e71b8556d22a98128e02b76d6bf33
Message-Authenticator = 0x2f8f571838c46c8e220f8c427bb62d61
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 12
rlm_eap: EAP packet type response id 13 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 12
modcall: leaving group authorize (returns updated) for request 12
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 12
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 12
modcall: leaving group authenticate (returns handled) for request 12
Sending Access-Challenge of id 16 to 172.18.251.101 port 20458
EAP-Message = 0x010e003119001403010001011603010020538b404830b7626241e73023c3481089bcb745935e1a87d70a07306ee4ef5b5f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x922d6bc463165090d03b4ebb3a04c243
Finished request 12
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20459, id=17, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x922d6bc463165090d03b4ebb3a04c243
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020e00061900
Message-Authenticator = 0x0363020fb7079adf3733134cd56780b0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
rlm_eap: EAP packet type response id 14 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 13
modcall: leaving group authorize (returns updated) for request 13
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 13
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 13
modcall: leaving group authenticate (returns handled) for request 13
Sending Access-Challenge of id 17 to 172.18.251.101 port 20459
EAP-Message = 0x010f002019001703010015b9c346ac5589ce348dc831b3045da67715f06e116d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80d26d2b5771117f089d50dbd0c186a7
Finished request 13
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20460, id=18, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f089d50dbd0c186a7
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020f002a1900170301001f2a0d362ea93bcf666c36de8e81ef412ca4291ac21d909692799fbee14f769d
Message-Authenticator = 0xce8f4d77be356287f155846ab659406d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 15 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
rlm_eap: EAP packet type response id 15 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 14
modcall: leaving group authorize (returns updated) for request 14
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 14
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 14
modcall: leaving group authenticate (returns handled) for request 14
Sending Access-Challenge of id 18 to 172.18.251.101 port 20460
EAP-Message = 0x0110003f19001703010034f161b5d813faa4725b1c6ec2bd3c43f8c12464b5e04a1006d8867596d879df1ab2967449bc0acd071f366b794c6e7c0791bc46be
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x852c958213278c063a659f68a55c7088
Finished request 14
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20461, id=19, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x852c958213278c063a659f68a55c7088
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02100060190017030100553d1214b66fde907d54fdb5704e84a60f00090bd0ef2890fa62421ca3734188f9ace62392b8ecefa5b39e1987411025b16cd1ab1a24afcc40447dc82ab09744f230c8ed8d7be905d26fcb08d7fb57fccdc4c383f1ec
Message-Authenticator = 0x414433b19a8188e7f32a13f5a43fb8b6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 16 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 3f ca
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
rlm_eap: EAP packet type response id 16 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 15
modcall: leaving group authorize (returns updated) for request 15
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 15
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 15
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 03
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 15
modcall: leaving group MS-CHAP (returns reject) for request 15
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 15
modcall: leaving group authenticate (returns reject) for request 15
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 15
modcall: leaving group authenticate (returns handled) for request 15
Sending Access-Challenge of id 19 to 172.18.251.101 port 20461
EAP-Message = 0x011100261900170301001bae6c352b3d9c79275a20cddcf2e57dee34c7c51f06104bb90f377c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3aacd993356b12d976db330a090b4527
Finished request 15
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20462, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 16
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 16
modcall: leaving group authorize (returns updated) for request 16
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 16
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 16
modcall: leaving group authenticate (returns invalid) for request 16
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 16 for 1 seconds
Finished request 16
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20463, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 17
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 17
modcall: leaving group authorize (returns updated) for request 17
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 17
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 17
modcall: leaving group authenticate (returns invalid) for request 17
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 17 for 1 seconds
Finished request 17
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 20 to 172.18.251.101 port 20462
EAP-Message = 0x04110004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 20 to 172.18.251.101 port 20463
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20464, id=20, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3aacd993356b12d976db330a090b4527
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624
Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 18
rlm_eap: EAP packet type response id 17 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 18
modcall: leaving group authorize (returns updated) for request 18
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 18
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 18
modcall: leaving group authenticate (returns invalid) for request 18
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 18 for 1 seconds
Finished request 18
Going to the next request
Cleaning up request 9 ID 13 with timestamp 442943d7
Cleaning up request 10 ID 14 with timestamp 442943d7
Cleaning up request 11 ID 15 with timestamp 442943d7
Cleaning up request 12 ID 16 with timestamp 442943d7
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 13 ID 17 with timestamp 442943d8
Cleaning up request 14 ID 18 with timestamp 442943d8
Cleaning up request 15 ID 19 with timestamp 442943d8
Cleaning up request 16 ID 20 with timestamp 442943d8
Sending Access-Reject of id 20 to 172.18.251.101 port 20464
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 17 ID 20 with timestamp 442943da
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20465, id=21, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0212001301434852545c6a706272756e61696e
Message-Authenticator = 0x103c1d9b52a3f14e61de997e0575d2bb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 19
rlm_eap: EAP packet type response id 18 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 19
modcall: leaving group authorize (returns updated) for request 19
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 19
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 19
modcall: leaving group authenticate (returns handled) for request 19
Sending Access-Challenge of id 21 to 172.18.251.101 port 20465
EAP-Message = 0x011300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f
Finished request 19
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20466, id=22, length=268
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0213007019800000006616030100610100005d03014429439badcc7ddf0ce12e4247b275210ae294c4733a77b6bfc2fcecb9aaef5420a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b88001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x9515f46c42517aeeb8150569aac6d49f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 20
rlm_eap: EAP packet type response id 19 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 20
modcall: leaving group authorize (returns updated) for request 20
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 20
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 20
modcall: leaving group authenticate (returns handled) for request 20
Sending Access-Challenge of id 22 to 172.18.251.101 port 20466
EAP-Message = 0x011403ee19c0000006af160301004a020000460301442943e117b292931eccbd9bd3ff55e39319b003f5a6b17ae4443a29bd726d9320aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae600040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfbea7da3a4587e91b468a709f3f2007c
Finished request 20
Going to the next request
Cleaning up request 18 ID 20 with timestamp 442943dc
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20467, id=23, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xfbea7da3a4587e91b468a709f3f2007c
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021400061900
Message-Authenticator = 0xd5a7d0d0c5e010ad6c4cfc4dabcb6da6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 21
rlm_eap: EAP packet type response id 20 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 21
modcall: leaving group authorize (returns updated) for request 21
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 21
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 21
modcall: leaving group authenticate (returns handled) for request 21
Sending Access-Challenge of id 23 to 172.18.251.101 port 20467
EAP-Message = 0x011502d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd9f07414fa772228cad6a9d7d2bc2de5
Finished request 21
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20468, id=24, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xd9f07414fa772228cad6a9d7d2bc2de5
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021500c01980000000b61603010086100000820080308b48c8a794eed1bd11cc5f94f0b68937d1138dc95c7cbac72fece10a246cf464c67c3ffa363e267bc31b5ff117b9db169b7690c663e7b9fe7c2fcab67c221b444cecd19bafaa57928bd581be61d84d28d520b2a0926912e82854005e5e089baeccff7b8ff193df9fee5ec779cfa2e37aab68b291a38473958fcbb9550bb06e14030100010116030100203408da38252b9d8396b8962b7cafee82e7f92c02f5bc6ca3fb04c2974381a7dc
Message-Authenticator = 0x31ac3dcc6cd07a2059b19089f1d7a619
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 22
rlm_eap: EAP packet type response id 21 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 22
modcall: leaving group authorize (returns updated) for request 22
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 22
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 22
modcall: leaving group authenticate (returns handled) for request 22
Sending Access-Challenge of id 24 to 172.18.251.101 port 20468
EAP-Message = 0x0116003119001403010001011603010020216a2fa917c56880e9d8bfb3ae50ff7a19c40bbed89bf78631000c061356b06a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe23dfb3b27929274e85f3a7e6d9cfe28
Finished request 22
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20469, id=25, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xe23dfb3b27929274e85f3a7e6d9cfe28
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021600061900
Message-Authenticator = 0xd855b1a4ed2987ead99e79efd43279bc
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 23
rlm_eap: EAP packet type response id 22 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 23
modcall: leaving group authorize (returns updated) for request 23
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 23
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 23
modcall: leaving group authenticate (returns handled) for request 23
Sending Access-Challenge of id 25 to 172.18.251.101 port 20469
EAP-Message = 0x011700201900170301001541948caebfdb7bce995e12515e333e57835c6eb971
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3c43164879792e9ed60aa36fafed4e9d
Finished request 23
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20470, id=26, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3c43164879792e9ed60aa36fafed4e9d
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x0217002a1900170301001f1065287fee5eb7343cb84c8dad2d4959249e5520f45fdb0c24de2d2e2dd21e
Message-Authenticator = 0xcdd242f83636fb700f907a9e4dda2a14
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 23 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
rlm_eap: EAP packet type response id 23 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 24
modcall: leaving group authorize (returns updated) for request 24
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 24
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 24
modcall: leaving group authenticate (returns handled) for request 24
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 24
modcall: leaving group authenticate (returns handled) for request 24
Sending Access-Challenge of id 26 to 172.18.251.101 port 20470
EAP-Message = 0x0118003f1900170301003428f7e2f09ec64fefc7ccb1336e1e10440c21e04eacb8b716c2b3bc48dd8216df9ee97a081e3423b31653c6696cbc62601faaef94
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80997b6e9e8cb85758ca6d5fd1b74563
Finished request 24
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20471, id=27, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80997b6e9e8cb85758ca6d5fd1b74563
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021800601900170301005550c4dd66b9b564842e95761b9f4a245fa8a7947974227fe090706e808e20f713d618b981a7123922835cf19c71371fe81af763c48d78366ba468bf9037820e7092cc06fb34c38253ff5135621c6f026ebee91a8b32
Message-Authenticator = 0xbfc073342d6935e06d672999f45885f2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 25
rlm_eap: EAP packet type response id 24 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 25
modcall: leaving group authorize (returns updated) for request 25
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 2f 78
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 25
rlm_eap: EAP packet type response id 24 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 25
modcall: leaving group authorize (returns updated) for request 25
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 25
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 25
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 13
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 25
modcall: leaving group MS-CHAP (returns reject) for request 25
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 25
modcall: leaving group authenticate (returns reject) for request 25
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 25
modcall: leaving group authenticate (returns handled) for request 25
Sending Access-Challenge of id 27 to 172.18.251.101 port 20471
EAP-Message = 0x011900261900170301001b07fdaf03cc726ee647e6193f16f212aff7689a48545fdc3d15e590
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
Finished request 25
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20472, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 26
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 26
modcall: leaving group authorize (returns updated) for request 26
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 26
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 26
modcall: leaving group authenticate (returns invalid) for request 26
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 26 for 1 seconds
Finished request 26
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20473, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 27
modcall: leaving group authorize (returns updated) for request 27
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 27
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 27
modcall: leaving group authenticate (returns invalid) for request 27
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 27 for 1 seconds
Finished request 27
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 28 to 172.18.251.101 port 20472
EAP-Message = 0x04190004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 28 to 172.18.251.101 port 20473
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20474, id=28, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x8d4d81c226bd7a23a7e7db1f5755e578
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63
Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 28
rlm_eap: EAP packet type response id 25 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 28
modcall: leaving group authorize (returns updated) for request 28
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 28
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 28
modcall: leaving group authenticate (returns invalid) for request 28
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 28 for 1 seconds
Finished request 28
Going to the next request
Cleaning up request 19 ID 21 with timestamp 442943e1
Cleaning up request 20 ID 22 with timestamp 442943e1
Cleaning up request 21 ID 23 with timestamp 442943e1
Cleaning up request 22 ID 24 with timestamp 442943e1
Cleaning up request 23 ID 25 with timestamp 442943e1
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 24 ID 26 with timestamp 442943e2
Cleaning up request 25 ID 27 with timestamp 442943e2
Cleaning up request 26 ID 28 with timestamp 442943e2
Sending Access-Reject of id 28 to 172.18.251.101 port 20474
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 27 ID 28 with timestamp 442943e4
Waking up in 2 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20475, id=29, length=157
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021a001301434852545c6a706272756e61696e
Message-Authenticator = 0x359cf0de67c0f2de228577278dc9a9ac
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 29
rlm_eap: EAP packet type response id 26 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 29
modcall: leaving group authorize (returns updated) for request 29
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 29
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 29
modcall: leaving group authenticate (returns handled) for request 29
Sending Access-Challenge of id 29 to 172.18.251.101 port 20475
EAP-Message = 0x011b00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x322a73669ca0f3ce4d6a252806e977cf
Finished request 29
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20476, id=30, length=268
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x322a73669ca0f3ce4d6a252806e977cf
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021b007019800000006616030100610100005d0301442943a47bc0408ebf662e1ce92ace90b224ab5d85761ef3faee62e66845066920aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae6001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x3fd57f6dbcdb9276d10cb29cbb9b9263
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 30
rlm_eap: EAP packet type response id 27 length 112
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 30
modcall: leaving group authorize (returns updated) for request 30
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 30
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 30
modcall: leaving group authenticate (returns handled) for request 30
Sending Access-Challenge of id 30 to 172.18.251.101 port 20476
EAP-Message = 0x011c03ee19c0000006af160301004a020000460301442943ebdaeed985a32af2b02d303a5d06abb4a1c17be7afe36d180edb1aaa6420aad5ac3d9732b6835975855c46600869cc5aedbdf3a281341efedf3294f5a54200040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e
EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55
EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1dce43f93c3fe1a1312dfd06a97f59d4
Finished request 30
Going to the next request
Cleaning up request 28 ID 28 with timestamp 442943e6
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20477, id=31, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x1dce43f93c3fe1a1312dfd06a97f59d4
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021c00061900
Message-Authenticator = 0xfd07ee2ad5595e1e4187ef653fefd0c6
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 31
rlm_eap: EAP packet type response id 28 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 31
modcall: leaving group authorize (returns updated) for request 31
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 31
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 31
modcall: leaving group authenticate (returns handled) for request 31
Sending Access-Challenge of id 31 to 172.18.251.101 port 20477
EAP-Message = 0x011d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35
EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330
EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x69176e87a3e323e5cd7165fa76a14333
Finished request 31
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20478, id=32, length=348
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x69176e87a3e323e5cd7165fa76a14333
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021d00c01980000000b616030100861000008200807ab61726a8f7e95c6b192e9fe405e146fad8bf30e4a54b3b2705dc9b6baf84ec6627698647c430466def3fab192865ac5a8e5187e9f945e5ef8c0596b04f02475f7b4b7267c3be0f10c2df4d3fb8e559cff58fe3dcbe78b0ba5f52f02ae92c300a3cd3b04363caaf16da2b2304f36976914b7a0177d59120faa03836cb14480e14030100010116030100205928d3fc004fb057ef1e1dfd3a4b1b305ca9e246abac357799c9a36ef8ded3bc
Message-Authenticator = 0x383f85d64c9aec75a69bf89c323f6e53
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 32
rlm_eap: EAP packet type response id 29 length 192
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 32
modcall: leaving group authorize (returns updated) for request 32
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 32
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
modcall[authenticate]: module "eap" returns handled for request 32
modcall: leaving group authenticate (returns handled) for request 32
Sending Access-Challenge of id 32 to 172.18.251.101 port 20478
EAP-Message = 0x011e003119001403010001011603010020dd76265ab54e8b6ce1962314a32241d9f5275ad5eb4612be85237d0a9a036a36
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x3fa40ecd9420b456866dc141b7cb427b
Finished request 32
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20479, id=33, length=162
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x3fa40ecd9420b456866dc141b7cb427b
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021e00061900
Message-Authenticator = 0x467019c438198219aae15ecfc44eddee
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 33
rlm_eap: EAP packet type response id 30 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 33
modcall: leaving group authorize (returns updated) for request 33
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 33
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
modcall[authenticate]: module "eap" returns handled for request 33
modcall: leaving group authenticate (returns handled) for request 33
Sending Access-Challenge of id 33 to 172.18.251.101 port 20479
EAP-Message = 0x011f002019001703010015e09f6c2c955acf6b83998832c94f879a67d16479d8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6
Finished request 33
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20480, id=34, length=198
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x021f002a1900170301001f8ca91d215ea2959c27a4f7d471e20b24dd243c1feef109ece18b8bccfba33d
Message-Authenticator = 0xbac1a462b2a82798eb178b317fe72db0
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 34
rlm_eap: EAP packet type response id 31 length 42
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 34
modcall: leaving group authorize (returns updated) for request 34
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 34
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - CHRT\jpbrunain
rlm_eap_peap: Tunneled data is valid.
PEAP: Got tunneled identity of CHRT\jpbrunain
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to CHRT\jpbrunain
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 34
rlm_eap: EAP packet type response id 31 length 19
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 34
modcall: leaving group authorize (returns updated) for request 34
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 34
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 34
modcall: leaving group authenticate (returns handled) for request 34
PEAP: Got tunneled Access-Challenge
modcall[authenticate]: module "eap" returns handled for request 34
modcall: leaving group authenticate (returns handled) for request 34
Sending Access-Challenge of id 34 to 172.18.251.101 port 20480
EAP-Message = 0x0120003f1900170301003459a241cac39875b281b420941ede68b48bae3f2f6494d1771830412f9ee6f6a309c8ea2c4a49d9b85bda83e3dfa8c48d44f846bd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5ee3922d6bc46316c899f122df145e63
Finished request 34
Going to the next request
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20481, id=35, length=252
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x5ee3922d6bc46316c899f122df145e63
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022000601900170301005541c6c18fcff5d5bec63f9a4d02fc99cef8c88746cb5c581e4b8b33cd3a79fa574dcfdce7c6d2304e7e4b83e638803f2081e21164cbd4a9aab51e126fd6d4e6b91f0cf8875e9628f4c8c7e0a23ad4722455b97fbb17
Message-Authenticator = 0x5d4a41e23f2d28e2b1faa27af7fc79bb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 35
rlm_eap: EAP packet type response id 32 length 96
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 35
modcall: leaving group authorize (returns updated) for request 35
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
rlm_eap_peap: Tunneled data is valid.
PEAP: Setting User-Name to CHRT\jpbrunain
PEAP: Adding old state with 22 e8
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 35
rlm_eap: EAP packet type response id 32 length 73
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 35
modcall: leaving group authorize (returns updated) for request 35
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 35
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 35
rlm_mschap: No User-Password configured. Cannot create LM-Password.
rlm_mschap: No User-Password configured. Cannot create NT-Password.
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password
radius_xlat: Running registered xlat function of module mschap for string 'User-Name'
radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain'
radius_xlat: Running registered xlat function of module mschap for string 'Challenge'
mschap2: 4a
rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack?
radius_xlat: Running registered xlat function of module mschap for string 'NT-Response'
radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9'
Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9
Exec-Program output: Logon failure (0xc000006d)
Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Exec-Program: returned: 1
rlm_mschap: External script failed.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
modcall[authenticate]: module "mschap" returns reject for request 35
modcall: leaving group MS-CHAP (returns reject) for request 35
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns reject for request 35
modcall: leaving group authenticate (returns reject) for request 35
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
modcall[authenticate]: module "eap" returns handled for request 35
modcall: leaving group authenticate (returns handled) for request 35
Sending Access-Challenge of id 35 to 172.18.251.101 port 20481
EAP-Message = 0x012100261900170301001b8d7866547bb9857c550a9a8324a37bc33f3d10274012c2e0d6800c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x80d26d2b5771117f704883beae4915d8
Finished request 35
Going to the next request
--- Walking the entire request list ---
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20482, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 36
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 36
modcall: leaving group authorize (returns updated) for request 36
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 36
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure, rejecting.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
modcall[authenticate]: module "eap" returns invalid for request 36
modcall: leaving group authenticate (returns invalid) for request 36
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 36 for 1 seconds
Finished request 36
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20483, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 37
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 37
modcall: leaving group authorize (returns updated) for request 37
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 37
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 37
modcall: leaving group authenticate (returns invalid) for request 37
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 37 for 1 seconds
Finished request 37
Going to the next request
--- Walking the entire request list ---
Sending Access-Reject of id 36 to 172.18.251.101 port 20482
EAP-Message = 0x04210004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 36 to 172.18.251.101 port 20483
Waking up in 1 seconds...
rad_recv: Access-Request packet from host 172.18.251.101:20484, id=36, length=194
User-Name = "CHRT\\jpbrunain"
NAS-IP-Address = 172.18.251.101
Called-Station-Id = "00:A0:F8:E6:63:0C"
Calling-Station-Id = "00:14:A5:2E:AF:B8"
NAS-Identifier = "WS5000"
Vendor-388-Attr-2 = 0x43485254
NAS-Port = 29
Framed-MTU = 1000
State = 0x80d26d2b5771117f704883beae4915d8
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a
Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 38
rlm_eap: EAP packet type response id 33 length 38
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 38
modcall: leaving group authorize (returns updated) for request 38
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 38
rlm_eap: Request not found in the list
rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 38
modcall: leaving group authenticate (returns invalid) for request 38
auth: Failed to validate the user.
Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8)
Delaying request 38 for 1 seconds
Finished request 38
Going to the next request
Cleaning up request 29 ID 29 with timestamp 442943eb
Cleaning up request 30 ID 30 with timestamp 442943eb
Cleaning up request 31 ID 31 with timestamp 442943eb
Cleaning up request 32 ID 32 with timestamp 442943eb
Cleaning up request 33 ID 33 with timestamp 442943eb
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 34 ID 34 with timestamp 442943eb
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 35 ID 35 with timestamp 442943ec
Cleaning up request 36 ID 36 with timestamp 442943ec
Sending Access-Reject of id 36 to 172.18.251.101 port 20484
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 37 ID 36 with timestamp 442943ee
Waking up in 2 seconds...
1
0
Hello,
What kind of magic tricks are needed to get Auth-Type = System to work?
Running FreeRADIUS Version 1.0.4 on SuSE 10 with MD5 and shadow
passwords, using the following 'users' file:
DEFAULT Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Port-Limit = 2,
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 1500
Now, I restart radiusd and test it:
# echo "User-Name = ###, User-Password = ###" | radclient -x localhost
auth ###
Sending Access-Request of id 151 to 127.0.0.1:1645
User-Name = "###"
User-Password = "###"
rad_recv: Access-Reject packet from host 127.0.0.1:1645, id=151, length=20
I get this in my radius log:
Fri Apr 7 14:39:01 2006 : Auth: rlm_unix: [###]: invalid password
Running radiusd in -X mode, I get this:
rad_recv: Access-Request packet from host 127.0.0.1:32926, id=131,
length=46
User-Name = "###"
User-Password = "###"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "###", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry DEFAULT at line 5
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_unix: [###]: invalid password
modcall[authenticate]: module "unix" returns reject for request 0
modcall: group authenticate returns reject for request 0
auth: Failed to validate the user.
Been banging my head against the wall over this problem for almost two
weeks now, and getting a bit desperate for a solution....
-Andreas.
4
3
HI:
I put in my radiusd.conf the line below:
snmp = yes
But when I query (walk) OID 1.3.6.1.2.1.67 I have no answer
Any ideas?
Thanks in advance and sorry for my poor English
Regards
Germán P. Santillán
Administrador de Redes
Responsable Dpto. Técnico
DESETech Argentina S.A.
San Martín 133 - CP: B8000FIC
Bahía Blanca - Argentina
Tel/Fax: +54 (291) 456-5642
gsantillan(a)desetech.com.ar
http://www.desetech.com.ar
2
1
I've a FR and LDAP server configured that seems to be performing nicely
except for one small issue where an 'Auth-Type := Reject' in my users
file seems to have little affect. In brief, I want users not caught by
the following users file:
*** START ***
DEFAULT Ldap-Group == "disabled", Auth-Type := Reject
Reply-Message = "Your account has been disabled.",
Fall-Through = No
DEFAULT Ldap-Group == vpn, Service-Type == Framed-User, Framed-Protocol
= PPP, NAS-Port-Type = Virtual, NAS-IP-Address = 192.168.9.41
Service-Type == Framed-User,
Framed-Protocol = PPP,
NAS-Port-Type = Virtual,
NAS-IP-Address = 192.168.9.41,
Framed-MTU = 1453,
Fall-Through = No
DEFAULT Ldap-Group == eng
Fall-Through = No
DEFAULT Auth-Type := Reject
Reply-Message = "You are not permitted to access this device.",
Fall-Through = No
*** END ***
...but I'm finding that after processing the users file, my system
continues to mschap section and makes a match there, as shown by this
debug output:
*** START ***
rad_recv: Access-Request packet from host 192.168.9.41:1026, id=133,
length=178
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 105
NAS-Port-Type = Virtual
User-Name = "someuser"
Calling-Station-Id = "192.168.9.168"
Called-Station-Id = "192.168.9.129"
MS-CHAP-Challenge = 0x607a4a1f3f48e0381d09e53ee7ef6e03
MS-CHAP2-Response =
0x01005c3c70b1b3a11f639e4e5f2bf0f6bd470000000000000000eb8ff1d6edf5e9776a113fa99055f11c98fc14c00862a039
NAS-Identifier = "MTFWB1"
NAS-IP-Address = 192.168.9.41
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'dc=example,dc=com'
radius_xlat: '(uid=someuser)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=example,dc=com/alphacubed to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=example,dc=com, with filter (uid=someuser)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat: '(&(uid=someuser)(objectclass=radiusprofile))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=example,dc=com, with filter
(&(radiusGroupName=vpn)(&(uid=someuser)(objectclass=radiusprofile)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=someuser,ou=Users,dc=example,dc=com,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group vpn not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: Entering ldap_groupcmp()
radius_xlat: 'dc=example,dc=com'
radius_xlat: '(&(uid=someuser)(objectclass=radiusprofile))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=example,dc=com, with filter
(&(radiusGroupName=eng)(&(uid=someuser)(objectclass=radiusprofile)))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in uid=someuser,ou=Users,dc=example,dc=com,
with filter (objectclass=*)
rlm_ldap::groupcmp: Group eng not found ????or user not a member
rlm_ldap: ldap_release_conn: Release Id: 0
users: Matched entry DEFAULT at line 20
modcall[authorize]: module "files" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for someuser
radius_xlat: '(uid=someuser)'
radius_xlat: 'dc=example,dc=com'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=example,dc=com, with filter (uid=someuser)
rlm_ldap: Added password somepassword in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user someuser authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 0
rlm_mschap: Told to do MS-CHAPv2 for someuser with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok for request 0
modcall: leaving group MS-CHAP (returns ok) for request 0
radius_xlat: 'You are not permitted to access this device.'
Login OK: [someuser/<no User-Password attribute>] (from client MTFWB1
port 105 cli 192.168.9.168)
Sending Access-Accept of id 133 to 192.168.9.41 port 1026
Reply-Message = "You are not permitted to access this device."
MS-CHAP2-Success =
0x01533d46433044334636383834393332343331323831464645453543413830433631304144374134383143
MS-MPPE-Recv-Key = 0x74266040b72c4528a1cb85a696516b97
MS-MPPE-Send-Key = 0x782ad9e71513837630833dcc9845612c
MS-MPPE-Encryption-Policy = 0x00000001
MS-MPPE-Encryption-Types = 0x00000006
Finished request 0
Going to the next request
*** END ***
How can I stop processing after the reject message in the users file??
Many thanks.
Iain.
2
1
I am not in the office and have no access to my e-mails.
I will be back from holidays till the 22nd of April 2006.
Thank you for your understanding that your e-mail will be answered after my return to the office. This e-mail will not be forwarded.
Best regards
Olaf Becker
1
0
I know, I know, I'm very tedious....
How can we programme the pre-proxy stage of a freeRADIUS proxy PC in order
to reject the request if the domain of the user doesn't have quota (in a
proxy's MySQL database table) ?
I've been looking for two days the answer:
a) rlm_exec module in a pre-proxy stage returning "exit 1" if a local MySQL
query doen't return positive quota. --> PROBLEM: No way of return a
REPLY-Message with the termination cause
b) our own module rlm_X from rlm_example -->> PROBLEM: return to my C
acknowledgements and back to compiling, buffffff ...
c) Trying to do in some way a mapping between a realm and 2 authservs (1 is
local mysql) and get the authentication from a AND function of both answers.
Isn't there a better solution???? Please help us, we can't find much clear
information about freeradius, neither in the Wiki!
_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor
& Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349
2
5