Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
May 2006
- 196 participants
- 329 discussions
Dear FR users,
I'm new in this field . I need your help.
When I execute at root - #radiusd -X the following error message is returned.
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1798] Unknown module "sql".
radiusd.conf[1727] Failed to parse authorize section.
I've done all the steps that stated on Onlamp's webpage.
Could you pls help me out and guide me with full linux command?
I'm looking for your kind
Thank you.
3
6
I have tried running tcpdump, and I am getting packets from the client to the server:
09:38:42.376543 IP 10.10.1.1.bpmd > 10.10.1.102.radius: RADIUS, Access Request (1), id: 0x00 length: 131
09:38:42.376543 IP 10.10.1.1.bpmd > 10.10.1.102.radius: RADIUS, Access Request (1), id: 0x00 length: 129
Here is the output I get when I start the server in debug mode:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = yes
mschap: require_strong = yes
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "peap"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem"
tls: private_key_password = "whatever"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
peap: default_eap_type = "mschapv2"
peap: copy_request_to_tunnel = no
peap: use_tunneled_reply = no
peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
When I run nmap on the Radius server, just watching port 1812, I get conflicting results depending on what machine I run nmap on. When I test the port from the client machine, it returns saying the port is filtered, but when I run nmap on the actual server, it returns that the port is closed. Not sure if this is normal or not.
Thanks again,
Simon
>Comments below....
>
>--- simon(a)434canada.com wrote:
>
>> Hi,
>>
>> I think I have my radius server configured properly
>> (I followed the configuration advice in
>> http://tldp.org/HOWTO/html_single/8021X-HOWTO/)
>>
>> I can get it running (using radiusd -X) and see all
>> the expected output.
>
>Please post this output, even if it's just the server
>startup info.
>
>>
>> I have also configured my AP to point to the correct
>> location, and it is pingable from the radius server.
>>
>
>So, the AP is configured with the RADIUS server's IP,
>you have configured your FR "clients.conf" file with
>the APs information and the shared secret is correct
>on both devices?
>
>Does your AP have any ping functionality? If so, can
>it ping the RADIUS server? Does the AP provide any
>logging data indicating it connected to the RADIUS
>server? Sounds suspiciously as if the RADIUS box's
>firewall settings may be at fault.
>
>Laker
>
>> However, when I try to connect, user validation
>> always fails. And the radius server (which is in
>> debug mode) doesn't show me anything. It's like
>> nothing is connecting to it at all. I also tried to
>> test it using NTRadPing, and his won't connect
>> either.
>>
>> Any help or suggestions here would be appreciated. I
>> am running version 1.1.1 of freeRADIUS.
>>
>> Thanks,
>>
>> Simon
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around
>http://mail.yahoo.com
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
3
2
Hi
Good Morning.
I updated the openser server in US server.
When I making a calls from here(India). Its gives the log messages,
which are mentioned below and its say " logining Time out ! contact
Network Admin ". Its means its not register and server is not
responded.
______________________________________________________
(c) 2004 Xten Networks, Inc. All rights reserved.
X-Lite release 1105d build stamp 99999
License key: 6FCCC0CC7D9B0017E322142CCDFC1071
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5060
Attempting SIP protocol listen on: 192.168.2.55:5061
Established SIP protocol listen on: 192.168.2.55:5061
NAT firewall type discovered is forced.
SIP: 192.168.2.55:5061
RTP: 192.168.2.55:8000
NAT: 61.17.248.68
PROXY#0: 24.98.157.209:5060 (inbound proxy server)
OUTBOUND-PROXY#0: 24.98.157.209:5060 (outbound proxy server)
SEND TIME: 1619765420
SEND >> 24.98.157.209:5060
REGISTER sip:24.98.157.209 SIP/2.0
Via: SIP/2.0/UDP
192.168.2.55:5061;rport;branch=z9hG4bK7A9AF049E03A84E1671601A7F2B7900C
From: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>;tag=1069014297
To: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>
Contact: "sam" <sip:test2@192.168.2.55<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
:5061>
Call-ID: 61886BDAE211AFF5EF8B8774BD2A59D3(a)24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
CSeq: 27109 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
SEND TIME: 1619766930
SEND >> 24.98.157.209:5060
REGISTER sip:24.98.157.209 SIP/2.0
Via: SIP/2.0/UDP
192.168.2.55:5061;rport;branch=z9hG4bK7A9AF049E03A84E1671601A7F2B7900C
From: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>;tag=1069014297
To: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>
Contact: "sam" <sip:test2@192.168.2.55<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
:5061>
Call-ID: 61886BDAE211AFF5EF8B8774BD2A59D3(a)24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
CSeq: 27109 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
SEND TIME: 1619769953
SEND >> 24.98.157.209:5060
REGISTER sip:24.98.157.209 SIP/2.0
Via: SIP/2.0/UDP
192.168.2.55:5061;rport;branch=z9hG4bK7A9AF049E03A84E1671601A7F2B7900C
From: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>;tag=1069014297
To: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>
Contact: "sam" <sip:test2@192.168.2.55<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
:5061>
Call-ID: 61886BDAE211AFF5EF8B8774BD2A59D3(a)24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
CSeq: 27109 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
SEND TIME: 1619776003
SEND >> 24.98.157.209:5060
REGISTER sip:24.98.157.209 SIP/2.0
Via: SIP/2.0/UDP
192.168.2.55:5061;rport;branch=z9hG4bK7A9AF049E03A84E1671601A7F2B7900C
From: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>;tag=1069014297
To: sam <sip:test2@24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
>
Contact: "sam" <sip:test2@192.168.2.55<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
:5061>
Call-ID: 61886BDAE211AFF5EF8B8774BD2A59D3(a)24.98.157.209<https://email.secureserver.net/view.php?folder=INBOX.Sent_Items&uid=51#Comp…>
CSeq: 27109 REGISTER
Expires: 1800
Max-Forwards: 70
User-Agent: X-Lite release 1105d
Content-Length: 0
______________________________________________________________
Here, in Local Network working fine with My openser server.
What is nat traversal, outbound proxy server , inbound proxy server , is
it need in openser and softphone ...
Please help me.
--
Thanks and Regards with cheers
Sunkara Ravi Prakash (Voip Developer)
Hyperion Technology
www.hyperion-tech.com
<b>
1
0
hello all,
I used freeradius to config my radius server,and now i need a radius
client to communicate with radius server.I search through google and have
not any idea,can someone give any suggestions?
3xs
eric
_________________________________________________________________
与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn
3
2
Dear all,
I use a WindowsXP, EAP-Type MD5-challenge as supplicant and a Cisco Catalyst Switch 3750 as authenticator and i want that user hugo will be mapped in VLAN 50 on the switch. This works properly.
Every other user should be mapped in VLAN 999, my guest-vlan. I try this with a DEFAULT-entry, but this does not work, the switch does not accept any other user, in my case user nobody is unauthorized for my authenticator.
My other configuration files are seen at the end of this text.
Thanks in advance...
Robert
My entire users file:
======================
hugo User-Password == "hugo01" # line 54
Tunnel-Type = VLAN,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-ID = 50
DEFAULT Auth-Type := Accept # line 69
Tunnel-Type = VLAN,
Tunnel-Medium-Type = 6,
Tunnel-Private-Group-ID = 999
My radiusd output for user nobody, (my authenticator do not accept this):
==========================================================================
rad_recv: Access-Request packet from host 10.187.0.15:1645, id=218, length=127
NAS-IP-Address = 10.187.0.15
NAS-Port = 50103
NAS-Port-Type = Ethernet
User-Name = "nobody"
Called-Station-Id = "00-14-69-5B-8B-03"
Calling-Station-Id = "00-0B-5D-84-AE-CA"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x0203000b016e6f626f6479
Message-Authenticator = 0x48b3cb8e3c0c39e55e33121529f28c7d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "nobody", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 3 length 11
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 69
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 218 to 10.187.0.15 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "999"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 218 with timestamp 4472b042
Nothing to do. Sleeping until we see a request.
My radiusd output for user hugo (that works, accepted from authenticator):
==========================================================================
rad_recv: Access-Request packet from host 10.187.0.15:1645, id=215, length=123
NAS-IP-Address = 10.187.0.15
NAS-Port = 50103
NAS-Port-Type = Ethernet
User-Name = "hugo"
Called-Station-Id = "00-14-69-5B-8B-03"
Calling-Station-Id = "00-0B-5D-84-AE-CA"
Service-Type = Framed-User
Framed-MTU = 1500
EAP-Message = 0x02000009016875676f
Message-Authenticator = 0xc8b883765bb2789fe6eac6542635ab5c
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "hugo", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 0 length 9
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry hugo at line 54
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0
Sending Access-Challenge of id 215 to 10.187.0.15 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc95b59f55ecae07a3f817b60bfa8f6a5
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.187.0.15:1645, id=216, length=138
NAS-IP-Address = 10.187.0.15
NAS-Port = 50103
NAS-Port-Type = Ethernet
User-Name = "hugo"
Called-Station-Id = "00-14-69-5B-8B-03"
Calling-Station-Id = "00-0B-5D-84-AE-CA"
Service-Type = Framed-User
Framed-MTU = 1500
State = 0xc95b59f55ecae07a3f817b60bfa8f6a5
EAP-Message = 0x020100060304
Message-Authenticator = 0x802ecba91167f7fc5bec047d099a492b
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: No '@' in User-Name = "hugo", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 1 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry hugo at line 54
modcall[authorize]: module "files" returns ok for request 1
modcall: leaving group authorize (returns updated) for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/md5
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
modcall[authenticate]: module "eap" returns handled for request 1
modcall: leaving group authenticate (returns handled) for request 1
Sending Access-Challenge of id 216 to 10.187.0.15 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x010200160410d9fe422e4ec87bdd6789e712124f70e7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x41f8f0e651189f71392e9acc4206fa15
Finished request 1
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.187.0.15:1645, id=217, length=158
NAS-IP-Address = 10.187.0.15
NAS-Port = 50103
NAS-Port-Type = Ethernet
User-Name = "hugo"
Called-Station-Id = "00-14-69-5B-8B-03"
Calling-Station-Id = "00-0B-5D-84-AE-CA"
Service-Type = Framed-User
Framed-MTU = 1500
State = 0x41f8f0e651189f71392e9acc4206fa15
EAP-Message = 0x0202001a0410a130883073b273fecdbbd25be5b1e0796875676f
Message-Authenticator = 0x59b3fc40c7b1f1430ffd68be05001e7f
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '@' in User-Name = "hugo", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 2 length 26
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry hugo at line 54
modcall[authorize]: module "files" returns ok for request 2
modcall: leaving group authorize (returns updated) for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/md5
rlm_eap: processing type md5
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 2
modcall: leaving group authenticate (returns ok) for request 2
Sending Access-Accept of id 217 to 10.187.0.15 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "50"
EAP-Message = 0x03020004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "hugo"
Finished request 2
Going to the next request
Waking up in 6 seconds...
My entire eap.conf:
======================
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = whatever
private_key_file = ${raddbdir}/certs/cert-srv.pem
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
fragment_size = 1024
include_length = yes
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
}
mschapv2 {
}
}
My entire radiusd.conf:
========================
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/freeradius
raddbdir = /etc/freeradius
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/freeradius
log_file = ${logdir}/radius.log
libdir = /usr/lib/freeradius
pidfile = ${run_dir}/freeradius.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
modules {
pap {
encryption_scheme = crypt
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
shadow = /etc/shadow
radwtmp = ${logdir}/radwtmp
}
$INCLUDE ${confdir}/eap.conf
mschap {
authtype = MS-CHAP
use_mppe = no
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}"
}
ldap {
server = "ldap.your.domain"
basedn = "o=My Org,c=UA"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
access_attr = "dialupAccess"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
realm IPASS {
format = prefix
delimiter = "/"
ignore_default = no
ignore_null = no
}
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
realm realmpercent {
format = suffix
delimiter = "%"
ignore_default = no
ignore_null = no
}
realm ntdomain {
format = prefix
delimiter = "\\"
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
sqlcounter dailycounter {
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
exec
expr
}
authorize {
preprocess
chap
mschap
suffix
eap
files
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
unix
eap
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
unix
radutmp
}
session {
radutmp
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}
Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur 44,85 inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2
3
2
----- Original Nachricht ----
Von: A.L.M.Buxey(a)lboro.ac.uk
An: FreeRadius users mailing list <freeradius-users(a)lists.freeradius.org>
Datum: 23.05.2006 09:46
Betreff: Re: VLAN-mapping by DEFAULT Entry fails
> Hi,
>
> > I use a WindowsXP, EAP-Type MD5-challenge as supplicant and a Cisco
> Catalyst Switch 3750 as authenticator and i want that user hugo will be
> mapped in VLAN 50 on the switch. This works properly.
> >
> > Every other user should be mapped in VLAN 999, my guest-vlan. I try this
> with a DEFAULT-entry, but this does not work, the switch does not accept any
> other user, in my case user nobody is unauthorized for my authenticator.
>
> those who dont have dot1x supplicant wouldnt be able to be put onto this
> VLAN
i agree, we try to solve this problem with the new Cisco feature mac authentication bypass, e.g for printers without dot1x supplicant.
> though as there would be no do1x exchange...surely?
>
Hm, but i have a dot1x supplicant and try an authentication with username and password, not
listet in users file. In my case user nobody, password abc. I ask myself how to deal with Default-entries and tell the switch the right Tunnel-Private-Group-Id.
I wonder why the Default-entry say in the debug-output that everthing is okay and accepted
-------------------------snip----------------------------------------
rad_check_password: Found Auth-Type Accept
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 218 to 10.187.0.15 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "999"
--------------------------snap------------------------------------------
but my switch ignore it
robert
> surely using the built in guest VLAN facility of the switch itself
> is the best way to achieve this aim?
>
> eg in the interface configuration
>
> dot1x guest-vlan 999
>
> ?
>
yes, i agree. This works fine, if there is no xsupplicant sending a dot1x answer
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur 44,85 inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2
1
0
Hi people,
I use freeradius-1.1.0 for several months. I have several types of prepaid
accounts, these accounts are limited in time, but I want some accounts are
only allow in some hotspots, and they are forbiden in the rest.
I read it is possoble from huntgroup file. But is it possible to pick up
these data from my DB??
How??? Because I don't know what attribute I have to put in radgroupcheck.
_________________________________________________________________
Un amor, una aventura, compañía para un viaje. Regístrate gratis en MSN Amor
& Amistad. http://match.msn.es/match/mt.cfm?pg=channel&tcid=162349
1
0
Hi Antonio,
> > ldap: compare_check_items = no
You need to set "compare_check_items = yes" in the ldap module
configuration? The default is "no".
regards,
Mike
> -----Original Message-----
> From:
> freeradius-users-bounces+michael.mitchell=team.telstra.com@lis
> ts.freeradius.org
> [mailto:freeradius-users-bounces+michael.mitchell=team.telstra
> .com(a)lists.freeradius.org] On Behalf Of Antonio Matera
> Sent: Tuesday, 16 May 2006 8:53 PM
> To: FreeRadius users mailing list
> Subject: Re: LDAP check attributes
>
> Anyone can help me?
>
> Thanks, bye Antonio
>
> on 15/05/2006 11.06 Antonio Matera said the following:
> > Hallo, I have a problem with the LDAP attributes.
> > I want set an ssid check in my radius authentication.
> > If I do it with the user file all works fine.
> > Now I want to insert this attribute in the ldap schema.
> > I have inserted a new attribute radiusCisco-AVpair in my
> schema with
> > value ssid=VLAN3 and in the ldap.attrmap file I have inserted the
> > following row:
> >
> > checkItem Cisco-AVPair radiusCiscoAVpair
> >
> > and the ldap module is:
> >
> > ldap {
> > server = "localhost"
> > basedn = "dc=create-net,dc=org"
> > password_attribute = userPassword
> > start_tls = no
> > ldap_connections_number = 5
> > }
> >
> >
> >
> > but with this configuration my LDAP user is always
> authenticate with any
> > ssid. What is wrong? Thanks
> >
> > This is my log file:
> >
> >
> > Starting - reading configuration files ...
> > reread_config: reading radiusd.conf
> > Config: including file: /usr/local/etc/raddb/proxy.conf
> > Config: including file: /usr/local/etc/raddb/clients.conf
> > Config: including file: /usr/local/etc/raddb/snmp.conf
> > Config: including file: /usr/local/etc/raddb/eap.conf
> > Config: including file: /usr/local/etc/raddb/sql.conf
> > main: prefix = "/usr/local"
> > main: localstatedir = "/usr/local/var"
> > main: logdir = "/usr/local/var/log/radius"
> > main: libdir = "/usr/local/lib"
> > main: radacctdir = "/usr/local/var/log/radius/radacct"
> > main: hostname_lookups = no
> > main: max_request_time = 30
> > main: cleanup_delay = 5
> > main: max_requests = 1024
> > main: delete_blocked_requests = 0
> > main: port = 1812
> > main: allow_core_dumps = no
> > main: log_stripped_names = no
> > main: log_file = "/usr/local/var/log/radius/radius.log"
> > main: log_auth = yes
> > main: log_auth_badpass = yes
> > main: log_auth_goodpass = yes
> > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> > main: bind_address = 192.168.20.2 IP address [192.168.20.2]
> > main: user = "(null)"
> > main: group = "(null)"
> > main: usercollide = no
> > main: lower_user = "no"
> > main: lower_pass = "no"
> > main: nospace_user = "no"
> > main: nospace_pass = "no"
> > main: checkrad = "/usr/local/sbin/checkrad"
> > main: proxy_requests = no
> > proxy: retry_delay = 5
> > proxy: retry_count = 3
> > proxy: synchronous = no
> > proxy: default_fallback = yes
> > proxy: dead_time = 120
> > proxy: post_proxy_authorize = no
> > proxy: wake_all_if_all_dead = no
> > security: max_attributes = 200
> > security: reject_delay = 1
> > security: status_server = yes
> > main: debug_level = 0
> > read_config_files: reading dictionary
> > read_config_files: reading naslist
> > Using deprecated naslist file. Support for this will go away soon.
> > read_config_files: reading clients
> > read_config_files: reading realms
> > radiusd: entering modules setup
> > Module: Library search path is /usr/local/lib
> > Module: Loaded exec
> > exec: wait = yes
> > exec: program = "(null)"
> > exec: input_pairs = "request"
> > exec: output_pairs = "(null)"
> > exec: packet_type = "(null)"
> > rlm_exec: Wait=yes but no output defined. Did you mean output=none?
> > Module: Instantiated exec (exec)
> > Module: Loaded expr
> > Module: Instantiated expr (expr)
> > Module: Loaded CHAP
> > Module: Instantiated chap (chap)
> > Module: Loaded MS-CHAP
> > mschap: use_mppe = yes
> > mschap: require_encryption = no
> > mschap: require_strong = no
> > mschap: with_ntdomain_hack = no
> > mschap: passwd = "(null)"
> > mschap: authtype = "MS-CHAP"
> > mschap: ntlm_auth = "(null)"
> > Module: Instantiated mschap (mschap)
> > Module: Loaded LDAP
> > ldap: server = "localhost"
> > ldap: port = 389
> > ldap: net_timeout = 1
> > ldap: timeout = 4
> > ldap: timelimit = 3
> > ldap: identity = ""
> > ldap: tls_mode = no
> > ldap: start_tls = no
> > ldap: tls_cacertfile = "(null)"
> > ldap: tls_cacertdir = "(null)"
> > ldap: tls_certfile = "(null)"
> > ldap: tls_keyfile = "(null)"
> > ldap: tls_randfile = "(null)"
> > ldap: tls_require_cert = "allow"
> > ldap: password = ""
> > ldap: basedn = "dc=create-net,dc=org"
> > ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> > ldap: base_filter = "(objectclass=radiusprofile)"
> > ldap: default_profile = "(null)"
> > ldap: profile_attribute = "(null)"
> > ldap: password_header = "(null)"
> > ldap: password_attribute = "userPassword"
> > ldap: access_attr = "(null)"
> > ldap: groupname_attribute = "cn"
> > ldap: groupmembership_filter =
> >
> "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(obje
> ctClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
> >
> > ldap: groupmembership_attribute = "(null)"
> > ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
> > ldap: ldap_debug = 0
> > ldap: ldap_connections_number = 5
> > ldap: compare_check_items = no
> > ldap: access_attr_used_for_allow = yes
> > ldap: do_xlat = yes
> > ldap: set_auth_type = yes
> > rlm_ldap: Registering ldap_groupcmp for Ldap-Group
> > rlm_ldap: Registering ldap_xlat with xlat_name ldap
> > rlm_ldap: reading ldap<->radius mappings from file
> > /usr/local/etc/raddb/ldap.attrmap
> > rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
> > rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
> > rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
> > rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS
> Simultaneous-Use
> > rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
> Called-Station-Id
> > rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS
> Calling-Station-Id
> > rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
> > rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
> > rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
> > rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
> > rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
> > rlm_ldap: LDAP radiusCisco-AVpair mapped to RADIUS Cisco-AVPair
> > rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
> > rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
> > rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS
> Framed-IP-Address
> > rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS
> Framed-IP-Netmask
> > rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
> > rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
> > rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
> > rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
> > rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS
> Framed-Compression
> > rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
> > rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
> > rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
> > rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
> > rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
> > rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS
> Framed-IPX-Network
> > rlm_ldap: LDAP radiusClass mapped to RADIUS Class
> > rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
> > rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
> > rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS
> Termination-Action
> > rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS
> Login-LAT-Service
> > rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
> > rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
> > rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS
> > Framed-AppleTalk-Link
> > rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
> > Framed-AppleTalk-Network
> > rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS
> > Framed-AppleTalk-Zone
> > rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
> > rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
> > rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
> > conns: 0x9730f88
> > Module: Instantiated ldap (ldap)
> > Module: Loaded eap
> > eap: default_eap_type = "tls"
> > eap: timer_expire = 60
> > eap: ignore_unknown_eap_types = no
> > eap: cisco_accounting_username_bug = no
> > rlm_eap: Loaded and initialized type md5
> > rlm_eap: Loaded and initialized type leap
> > gtc: challenge = "Password: "
> > gtc: auth_type = "PAP"
> > rlm_eap: Loaded and initialized type gtc
> > tls: rsa_key_exchange = no
> > tls: dh_key_exchange = yes
> > tls: rsa_key_length = 512
> > tls: dh_key_length = 512
> > tls: verify_depth = 0
> > tls: CA_path = "/usr/local/etc/raddb/certs/masterkeys2/"
> > tls: pem_file_type = yes
> > tls: private_key_file =
> > "/usr/local/etc/raddb/certs/masterkeys2/cert-srv.pem"
> > tls: certificate_file =
> > "/usr/local/etc/raddb/certs/masterkeys2/cert-srv.pem"
> > tls: CA_file = "/usr/local/etc/raddb/certs/masterkeys2/root.pem"
> > tls: private_key_password = "whatever"
> > tls: dh_file = "/usr/local/etc/raddb/certs/dh"
> > tls: random_file = "/usr/local/etc/raddb/certs/random"
> > tls: fragment_size = 1024
> > tls: include_length = yes
> > tls: check_crl = yes
> > tls: check_cert_cn = "%{User-Name}"
> > rlm_eap_tls: Loading the certificate file as a chain
> > rlm_eap: Loaded and initialized type tls
> > peap: default_eap_type = "mschapv2"
> > peap: copy_request_to_tunnel = yes
> > peap: use_tunneled_reply = no
> > peap: proxy_tunneled_request_as_eap = yes
> > rlm_eap: Loaded and initialized type peap
> > mschapv2: with_ntdomain_hack = no
> > rlm_eap: Loaded and initialized type mschapv2
> > Module: Instantiated eap (eap)
> > Module: Loaded preprocess
> > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> > preprocess: hints = "/usr/local/etc/raddb/hints"
> > preprocess: with_ascend_hack = no
> > preprocess: ascend_channels_per_line = 23
> > preprocess: with_ntdomain_hack = no
> > preprocess: with_specialix_jetstream_hack = no
> > preprocess: with_cisco_vsa_hack = yes
> > Module: Instantiated preprocess (preprocess)
> > Module: Loaded realm
> > realm: format = "suffix"
> > realm: delimiter = "@"
> > realm: ignore_default = no
> > realm: ignore_null = no
> > Module: Instantiated realm (suffix)
> > Module: Loaded files
> > files: usersfile = "/usr/local/etc/raddb/users"
> > files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> > files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> > files: compat = "no"
> > Module: Instantiated files (files)
> > Module: Loaded Acct-Unique-Session-Id
> > acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> > Client-IP-Address, NAS-Port"
> > Module: Instantiated acct_unique (acct_unique)
> > Module: Loaded detail
> > detail: detailfile =
> >
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> > detail: detailperm = 384
> > detail: dirperm = 493
> > detail: locking = no
> > Module: Instantiated detail (detail)
> > Module: Loaded System
> > unix: cache = no
> > unix: passwd = "(null)"
> > unix: shadow = "/etc/shadow"
> > unix: group = "(null)"
> > unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> > unix: usegroup = no
> > unix: cache_reload = 600
> > Module: Instantiated unix (unix)
> > Module: Loaded radutmp
> > radutmp: filename = "/usr/local/var/log/radius/radutmp"
> > radutmp: username = "%{User-Name}"
> > radutmp: case_sensitive = yes
> > radutmp: check_with_nas = yes
> > radutmp: perm = 384
> > radutmp: callerid = yes
> > Module: Instantiated radutmp (radutmp)
> > Listening on authentication 192.168.20.2:1812
> > Listening on accounting 192.168.20.2:1813
> > Ready to process requests.
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=86,
> > length=164
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x8a43703112607b7280aeb5b4e4198e80
> > EAP-Message = 0x0201000f0174657374726164697573
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 0
> > modcall[authorize]: module "preprocess" returns ok for request 0
> > modcall[authorize]: module "mschap" returns noop for request 0
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 0
> > rlm_eap: EAP packet type response id 1 length 15
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 0
> > modcall[authorize]: module "files" returns notfound for request 0
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: attempting LDAP reconnection
> > rlm_ldap: (re)connect to localhost:389, authentication 0
> > rlm_ldap: bind as / to localhost:389
> > rlm_ldap: waiting for bind result ...
> > rlm_ldap: Bind was successful
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 0
> > modcall: leaving group authorize (returns updated) for request 0
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 0
> > rlm_eap: EAP Identity
> > rlm_eap: processing type tls
> > rlm_eap_tls: Requiring client certificate
> > rlm_eap_tls: Initiate
> > rlm_eap_tls: Start returned 1
> > modcall[authenticate]: module "eap" returns handled for request 0
> > modcall: leaving group authenticate (returns handled) for request 0
> > Sending Access-Challenge of id 86 to 192.168.20.4 port 1645
> > EAP-Message = 0x010200060d20
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xaa71830b1f63ad0e089e958ae1747901
> > Finished request 0
> > Going to the next request
> > --- Walking the entire request list ---
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=87,
> > length=173
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x7531829c87b90b64accabf5f409e414f
> > EAP-Message = 0x020200060319
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xaa71830b1f63ad0e089e958ae1747901
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 1
> > modcall[authorize]: module "preprocess" returns ok for request 1
> > modcall[authorize]: module "mschap" returns noop for request 1
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 1
> > rlm_eap: EAP packet type response id 2 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 1
> > modcall[authorize]: module "files" returns notfound for request 1
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 1
> > modcall: leaving group authorize (returns updated) for request 1
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 1
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP NAK
> > rlm_eap: EAP-NAK asked for EAP-Type/peap
> > rlm_eap: processing type tls
> > rlm_eap_tls: Initiate
> > rlm_eap_tls: Start returned 1
> > modcall[authenticate]: module "eap" returns handled for request 1
> > modcall: leaving group authenticate (returns handled) for request 1
> > Sending Access-Challenge of id 87 to 192.168.20.4 port 1645
> > EAP-Message = 0x010300061920
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xca42865dfd4dc652e2dbb7797bb58dfe
> > Finished request 1
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=88,
> > length=273
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x4ddfc31c44b93297b86317355163cef7
> > EAP-Message =
> >
> 0x0203006a198000000060160301005b0100005703014468424202d927a51c
> ba80f4ed1c4c6c915225855eac3333887cf4ddb8fbb55f0000300039003800
> 3500160013000a00330032002f006600050004006500640063006200600015
> 0012000900140011000800030100
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xca42865dfd4dc652e2dbb7797bb58dfe
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 2
> > modcall[authorize]: module "preprocess" returns ok for request 2
> > modcall[authorize]: module "mschap" returns noop for request 2
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 2
> > rlm_eap: EAP packet type response id 3 length 106
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 2
> > modcall[authorize]: module "files" returns notfound for request 2
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 2
> > modcall: leaving group authorize (returns updated) for request 2
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 2
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > rlm_eap_tls: Length Included
> > eaptls_verify returned 11
> > (other): before/accept initialization
> > TLS_accept: before/accept initialization
> > rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello
> > TLS_accept: SSLv3 read client hello A
> > rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
> > TLS_accept: SSLv3 write server hello A
> > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0673], Certificate
> > TLS_accept: SSLv3 write certificate A
> > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
> > TLS_accept: SSLv3 write server done A
> > TLS_accept: SSLv3 flush data
> > TLS_accept:error in SSLv3 read client certificate A
> > In SSL Handshake Phase
> > In SSL Accept mode
> > eaptls_process returned 13
> > rlm_eap_peap: EAPTLS_HANDLED
> > modcall[authenticate]: module "eap" returns handled for request 2
> > modcall: leaving group authenticate (returns handled) for request 2
> > Sending Access-Challenge of id 88 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x0104040a19c0000006d0160301004a0200004603014468421cd606fdf6d2
> 884ee1929a642d6cf16a294f91cd1276014a2ce34e76bf207fdcc6c15ac392
> 2d301d419b812c0d1a773845fc9db81baff1645e5ded4a9c52003500160301
> 06730b00066f00066c0002bd308202b930820222a003020102020101300d06
> 092a864886f70d0101050500308194310b3009060355040613024954310e30
> 0c060355040813054974616c79310f300d060355040713065472656e746f31
> 133011060355040a130a4352454154452d4e455431133011060355040b130a
> 4352454154452d4e4554310d300b06035504031304524f4f54312b30290609
> 2a864886f70d
> >
> > EAP-Message =
> >
> 0x010901161c616e746f6e696f2e6d6174657261406372656174652d6e6574
> 2e6974301e170d3036303331353135313230345a170d303730333135313531
> 3230345a308196310b3009060355040613024954310e300c06035504081305
> 4974616c79310f300d060355040713065472656e746f31133011060355040a
> 130a4352454154452d4e455431133011060355040b130a4352454154452d4e
> 4554310f300d06035504031306534552564552312b302906092a864886f70d
> 010901161c616e746f6e696f2e6d6174657261406372656174652d6e65742e
> 697430819f300d06092a864886f70d010101050003818d0030818902818100
> e81d9a2a8804
> >
> > EAP-Message =
> >
> 0x4b630c0153075c2a1dc066c99392cc5af660adbbad91ef4eeff866c5f20f
> a2c5fb7965a3c12b674f90f04985eab710cd97852b1ce3e08f04aa06d47172
> 54338f62a05d6344c311578a02f9fae0aca2aa336ed9121874c86c1124fd4a
> 7f8832b652be20f2c3ad20951e1099300f4d6c27a695aeb757501c36383d02
> 03010001a317301530130603551d25040c300a06082b06010505070301300d
> 06092a864886f70d01010505000381810026e9f99eee1bd9d0a221d725e9da
> d88ad2b9d1385db136076fda84de1ccfc1e2a5a3fa237fd9c88c4fb98267dd
> 827f96418a007782246380e2c488310eb1df77e5fda4b05143777dcd627fe6
> f6a948be43e0
> >
> > EAP-Message =
> >
> 0x377fa815cd412cb80b442714852fe94cb9aae46c08f2e84cc7092bdf887d
> 069e2ab1fd2cf56c9332b87e83990d670003a9308203a53082030ea0030201
> 02020900d6c51af184c17a13300d06092a864886f70d010105050030819431
> 0b3009060355040613024954310e300c060355040813054974616c79310f30
> 0d060355040713065472656e746f31133011060355040a130a435245415445
> 2d4e455431133011060355040b130a4352454154452d4e4554310d300b0603
> 5504031304524f4f54312b302906092a864886f70d010901161c616e746f6e
> 696f2e6d6174657261406372656174652d6e65742e6974301e170d30363033
> 313531353130
> >
> > EAP-Message = 0x30305a170d3038303331343135313030305a30819431
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xf0f16fc3f467b1f240f723dfa11b62f3
> > Finished request 2
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=89,
> > length=173
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0xc86b8dcf602273235ee20371bf31cd64
> > EAP-Message = 0x020400061900
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xf0f16fc3f467b1f240f723dfa11b62f3
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 3
> > modcall[authorize]: module "preprocess" returns ok for request 3
> > modcall[authorize]: module "mschap" returns noop for request 3
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 3
> > rlm_eap: EAP packet type response id 4 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 3
> > modcall[authorize]: module "files" returns notfound for request 3
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 3
> > modcall: leaving group authorize (returns updated) for request 3
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 3
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > rlm_eap_tls: Received EAP-TLS ACK message
> > rlm_eap_tls: ack handshake fragment handler
> > eaptls_verify returned 1
> > eaptls_process returned 13
> > rlm_eap_peap: EAPTLS_HANDLED
> > modcall[authenticate]: module "eap" returns handled for request 3
> > modcall: leaving group authenticate (returns handled) for request 3
> > Sending Access-Challenge of id 89 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x010502d619000b3009060355040613024954310e300c0603550408130549
> 74616c79310f300d060355040713065472656e746f31133011060355040a13
> 0a4352454154452d4e455431133011060355040b130a4352454154452d4e45
> 54310d300b06035504031304524f4f54312b302906092a864886f70d010901
> 161c616e746f6e696f2e6d6174657261406372656174652d6e65742e697430
> 819f300d06092a864886f70d010101050003818d0030818902818100b9d2e4
> 970beba1cac75125d76679fcede5da675985ae70ca7a7414cca08fa27f7de5
> 77e293ad03a5217d3d5c8f48a3d39ed4579e38ac4e7fbf650f80d3b8025368
> 3e15948edebf
> >
> > EAP-Message =
> >
> 0x789e3379e90e8eb5690af994d98cc6d4e702e96db90bbb1bfc642b2ddbdd
> 026812efdcd22664bf27ae6b5cd56737db61cf5b22c2eaa415ce0b02030100
> 01a381fc3081f9301d0603551d0e04160414f877a449a82f70e28ff7d3238e
> d22fca5f76d7b43081c90603551d230481c13081be8014f877a449a82f70e2
> 8ff7d3238ed22fca5f76d7b4a1819aa48197308194310b3009060355040613
> 024954310e300c060355040813054974616c79310f300d0603550407130654
> 72656e746f31133011060355040a130a4352454154452d4e45543113301106
> 0355040b130a4352454154452d4e4554310d300b06035504031304524f4f54
> 312b30290609
> >
> > EAP-Message =
> >
> 0x2a864886f70d010901161c616e746f6e696f2e6d61746572614063726561
> 74652d6e65742e6974820900d6c51af184c17a13300c0603551d1304053003
> 0101ff300d06092a864886f70d0101050500038181009afe6349178f519662
> 93fa52eafafe825e9441722f5f86ebb1e995589569640a40f04f3c969ea631
> 73a875d9f055a0b19dc2c463a1c5de3a447dc04f369d5fb56fdff6bca5ef16
> e785a46f3646e062ac0c7cacc7cbfd163ccbb314bc66e8bbc68ac6d594e47d
> 0cd76d66aec45508952892553bbe957973f8e6c5ac901f86881b1603010004
> 0e000000
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x6e149fab9e804ff893086dc63288956c
> > Finished request 3
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=90,
> > length=375
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x2b8da6bb902efbb45870bfb4ee8d4721
> > EAP-Message =
> >
> 0x020500d01980000000c616030100861000008200809c9bc5e92e77cd8e43
> f601da17d92b70c3102f4177f73cdd2200af4fb429d2b9e6c89c04a11054b6
> 3541143bfd4df19f9abe4597ca56f06cf6384abce4342eb3c882515c6e7bd4
> 1c042390cb35f0a2e78023aecca90cdeb8ed53ce0329752e0dfbd145e0a60f
> 5cde8b952f6b056f56fa50dfb9a09e09becd16790b8c5f5f744b1403010001
> 011603010030493ada867a57f10f420cf922d875cd8252176dd386a93444f7
> db712fa0c130f2f6910c7d33f7d7d3639f8415ad40827b
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0x6e149fab9e804ff893086dc63288956c
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 4
> > modcall[authorize]: module "preprocess" returns ok for request 4
> > modcall[authorize]: module "mschap" returns noop for request 4
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 4
> > rlm_eap: EAP packet type response id 5 length 208
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 4
> > modcall[authorize]: module "files" returns notfound for request 4
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 4
> > modcall: leaving group authorize (returns updated) for request 4
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 4
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > rlm_eap_tls: Length Included
> > eaptls_verify returned 11
> > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086],
> ClientKeyExchange
> > TLS_accept: SSLv3 read client key exchange A
> > rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
> > rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
> > TLS_accept: SSLv3 read finished A
> > rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
> > TLS_accept: SSLv3 write change cipher spec A
> > rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
> > TLS_accept: SSLv3 write finished A
> > TLS_accept: SSLv3 flush data
> > (other): SSL negotiation finished successfully
> > SSL Connection Established
> > eaptls_process returned 13
> > rlm_eap_peap: EAPTLS_HANDLED
> > modcall[authenticate]: module "eap" returns handled for request 4
> > modcall: leaving group authenticate (returns handled) for request 4
> > Sending Access-Challenge of id 90 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x0106004119001403010001011603010030294ac923e9c7ee0c1317386255
> a5314fed93bdb0072dd4a1f17f415ae73c7fcf9cf766a41acbf5cfd2efb8c7
> 175c7bcd
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x9ce29ff8d1c3357e90aed9aa66af7cca
> > Finished request 4
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=91,
> > length=173
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x63027bb2608f1b908972d531373bde2e
> > EAP-Message = 0x020600061900
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0x9ce29ff8d1c3357e90aed9aa66af7cca
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 5
> > modcall[authorize]: module "preprocess" returns ok for request 5
> > modcall[authorize]: module "mschap" returns noop for request 5
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 5
> > rlm_eap: EAP packet type response id 6 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 5
> > modcall[authorize]: module "files" returns notfound for request 5
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 5
> > modcall: leaving group authorize (returns updated) for request 5
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 5
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > rlm_eap_tls: Received EAP-TLS ACK message
> > rlm_eap_tls: ack handshake is finished
> > eaptls_verify returned 3
> > eaptls_process returned 3
> > rlm_eap_peap: EAPTLS_SUCCESS
> > modcall[authenticate]: module "eap" returns handled for request 5
> > modcall: leaving group authenticate (returns handled) for request 5
> > Sending Access-Challenge of id 91 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x010700501900170301002028b8b716334e409d6941093bd92fde78c605f6
> 10518815d093df4b5de567bc481703010020aa5243bab5bb677ac1248b22a3
> c3469d1069bfbb38d31d829a3eaeb438d708a3
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xb7f85f0bfdaf582686c515bef2f8e139
> > Finished request 5
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=92,
> > length=247
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0xe6cf0d19621b9acd7ad16f3e000e0f57
> > EAP-Message =
> >
> 0x02070050190017030100209c304a7e5af6573629b8effb46b67e30c4770e
> ad531f3d76451253ff5318efaa17030100207cf3dd4e003a6ec8108e24b883
> 8364fd51eebb2e92459f76d33071a1bde600f7
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xb7f85f0bfdaf582686c515bef2f8e139
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 6
> > modcall[authorize]: module "preprocess" returns ok for request 6
> > modcall[authorize]: module "mschap" returns noop for request 6
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 6
> > rlm_eap: EAP packet type response id 7 length 80
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 6
> > modcall[authorize]: module "files" returns notfound for request 6
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 6
> > modcall: leaving group authorize (returns updated) for request 6
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 6
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Decoding tunneled attributes.
> > rlm_eap_peap: Identity - testradius
> > rlm_eap_peap: Tunneled data is valid.
> > PEAP: Got tunneled identity of testradius
> > PEAP: Setting default EAP type for tunneled EAP session.
> > PEAP: Setting User-Name to testradius
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 6
> > modcall[authorize]: module "preprocess" returns ok for request 6
> > modcall[authorize]: module "mschap" returns noop for request 6
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 6
> > rlm_eap: EAP packet type response id 7 length 15
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 6
> > modcall[authorize]: module "files" returns notfound for request 6
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 6
> > modcall: leaving group authorize (returns updated) for request 6
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 6
> > rlm_eap: EAP Identity
> > rlm_eap: processing type mschapv2
> > rlm_eap_mschapv2: Issuing Challenge
> > modcall[authenticate]: module "eap" returns handled for request 6
> > modcall: leaving group authenticate (returns handled) for request 6
> > PEAP: Got tunneled Access-Challenge
> > modcall[authenticate]: module "eap" returns handled for request 6
> > modcall: leaving group authenticate (returns handled) for request 6
> > Sending Access-Challenge of id 92 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x01080070190017030100203d185202b13b4febb5cc464d0b36377b81c831
> 095d55011f9b6421cd28f4a43217030100405c277680c403d05e9c33482b00
> 1a6bc8c0eb28e221aed09fa965843bf26d689bae1f84df2d3c276ce32be058
> a876a9ea89e779235df581de93d77bc360b5c50a
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0x41c9a9d8a10b154234a868b611c49edd
> > Finished request 6
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=93,
> > length=311
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0x54dbe70cf63e03e9b0e87a7ffb56f620
> > EAP-Message =
> >
> 0x0208009019001703010020d57d28136594254ec829db59670b1142027f03
> 2a88e0ab4e339392d13036f97b170301006058d5a177e8bbd8b16da599810d
> 51ee4032d4c9ffe4dc11c97015c32331df8aca4b8fb339af0377eafce00e7e
> e23dd7f3cf984d6af8a5a71162f3daecec2f1654852e1ecfec560aee33cb22
> c72b7a31d394456d9e1508051c75b1498e234182b7
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0x41c9a9d8a10b154234a868b611c49edd
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 7
> > modcall[authorize]: module "preprocess" returns ok for request 7
> > modcall[authorize]: module "mschap" returns noop for request 7
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 7
> > rlm_eap: EAP packet type response id 8 length 144
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 7
> > modcall[authorize]: module "files" returns notfound for request 7
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 7
> > modcall: leaving group authorize (returns updated) for request 7
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 7
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Decoding tunneled attributes.
> > rlm_eap_peap: EAP type mschapv2
> > rlm_eap_peap: Tunneled data is valid.
> > PEAP: Setting User-Name to testradius
> > PEAP: Adding old state with 0e 6d
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 7
> > modcall[authorize]: module "preprocess" returns ok for request 7
> > modcall[authorize]: module "mschap" returns noop for request 7
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 7
> > rlm_eap: EAP packet type response id 8 length 69
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 7
> > modcall[authorize]: module "files" returns notfound for request 7
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 7
> > modcall: leaving group authorize (returns updated) for request 7
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 7
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/mschapv2
> > rlm_eap: processing type mschapv2
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group MS-CHAP for request 7
> > rlm_mschap: Told to do MS-CHAPv2 for testradius with NT-Password
> > rlm_mschap: adding MS-CHAPv2 MPPE keys
> > modcall[authenticate]: module "mschap" returns ok for request 7
> > modcall: leaving group MS-CHAP (returns ok) for request 7
> > MSCHAP Success
> > modcall[authenticate]: module "eap" returns handled for request 7
> > modcall: leaving group authenticate (returns handled) for request 7
> > PEAP: Got tunneled Access-Challenge
> > modcall[authenticate]: module "eap" returns handled for request 7
> > modcall: leaving group authenticate (returns handled) for request 7
> > Sending Access-Challenge of id 93 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x010900801900170301002008739fac8dfedd4813968370d0fc326c59a8e7
> 4d8db02be5127a4de5e1f8697b17030100509bc8996b8c9173e78fc71777ec
> 3bd5d4865b28c1d637047803876e08e95d1cbaaab70917fdbdae3691e9b6ec
> 36edcedd48cd74607e54dc80aefc5bb87474fc1740d64e3b3db8bc8a6f0846
> bea8659ceb
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xe242737767a1d4a377058568d102c376
> > Finished request 7
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=94,
> > length=247
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0xa84673f1253b4bb56d4067a2ee5a6007
> > EAP-Message =
> >
> 0x0209005019001703010020b0205b783726a7e63c0dfbbc6e32dc9bf96f59
> dc53e711f8f5245fa3a767ca95170301002007f2dbd650ad2653a4b49a3006
> c8c7d977fd18e395d41732719fc83739aeedbe
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xe242737767a1d4a377058568d102c376
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 8
> > modcall[authorize]: module "preprocess" returns ok for request 8
> > modcall[authorize]: module "mschap" returns noop for request 8
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 8
> > rlm_eap: EAP packet type response id 9 length 80
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 8
> > modcall[authorize]: module "files" returns notfound for request 8
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 8
> > modcall: leaving group authorize (returns updated) for request 8
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 8
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Decoding tunneled attributes.
> > rlm_eap_peap: EAP type mschapv2
> > rlm_eap_peap: Tunneled data is valid.
> > PEAP: Setting User-Name to testradius
> > PEAP: Adding old state with 34 97
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 8
> > modcall[authorize]: module "preprocess" returns ok for request 8
> > modcall[authorize]: module "mschap" returns noop for request 8
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 8
> > rlm_eap: EAP packet type response id 9 length 6
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 8
> > modcall[authorize]: module "files" returns notfound for request 8
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 8
> > modcall: leaving group authorize (returns updated) for request 8
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 8
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/mschapv2
> > rlm_eap: processing type mschapv2
> > rlm_eap: Freeing handler
> > modcall[authenticate]: module "eap" returns ok for request 8
> > modcall: leaving group authenticate (returns ok) for request 8
> > Login OK: [testradius/<no User-Password attribute>] (from client
> > cn-radius port 289 cli 000c.f135.f1ba)
> > PEAP: Tunneled authentication was successful.
> > rlm_eap_peap: SUCCESS
> > modcall[authenticate]: module "eap" returns handled for request 8
> > modcall: leaving group authenticate (returns handled) for request 8
> > Sending Access-Challenge of id 94 to 192.168.20.4 port 1645
> > EAP-Message =
> >
> 0x010a005019001703010020dc74f623a748e6c82d95b4dc908f8831d572eb
> f662ebe3287f774a191d83c25717030100202b4207d67864ce764fe7fe0d17
> c29afc6da54a36fe11e961edde3c4f01ac4505
> >
> > Message-Authenticator = 0x00000000000000000000000000000000
> > State = 0xafb670111e339beb53b8dcaa76cbe11c
> > Finished request 8
> > Going to the next request
> > Waking up in 6 seconds...
> > rad_recv: Access-Request packet from host 192.168.20.4:1645, id=95,
> > length=247
> > User-Name = "testradius"
> > Framed-MTU = 1400
> > Called-Station-Id = "0012.dacb.8420"
> > Calling-Station-Id = "000c.f135.f1ba"
> > Cisco-AVPair = "ssid=cn-test"
> > Service-Type = Login-User
> > Message-Authenticator = 0xc45e189222dd876003933eb16e724bc4
> > EAP-Message =
> >
> 0x020a005019001703010020a740106e429d51742e3dfe82eeb24d4df3511b
> 9f061d8bc0ccd297532bb6fd29170301002001e0cc2468fcaa795254710a0a
> 7ad1ed8d2e7e3d27727e8501f87739b9ee017c
> >
> > NAS-Port-Type = Wireless-802.11
> > Cisco-NAS-Port = "289"
> > NAS-Port = 289
> > State = 0xafb670111e339beb53b8dcaa76cbe11c
> > NAS-IP-Address = 192.168.20.4
> > NAS-Identifier = "ap"
> > Processing the authorize section of radiusd.conf
> > modcall: entering group authorize for request 9
> > modcall[authorize]: module "preprocess" returns ok for request 9
> > modcall[authorize]: module "mschap" returns noop for request 9
> > rlm_realm: No '@' in User-Name = "testradius", looking
> up realm NULL
> > rlm_realm: No such realm "NULL"
> > modcall[authorize]: module "suffix" returns noop for request 9
> > rlm_eap: EAP packet type response id 10 length 80
> > rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
> > modcall[authorize]: module "eap" returns updated for request 9
> > modcall[authorize]: module "files" returns notfound for request 9
> > rlm_ldap: - authorize
> > rlm_ldap: performing user authorization for testradius
> > radius_xlat: '(uid=testradius)'
> > radius_xlat: 'dc=create-net,dc=org'
> > rlm_ldap: ldap_get_conn: Checking Id: 0
> > rlm_ldap: ldap_get_conn: Got Id: 0
> > rlm_ldap: performing search in dc=create-net,dc=org, with filter
> > (uid=testradius)
> > rlm_ldap: Added password testradius in check items
> > rlm_ldap: looking for check items in directory...
> > rlm_ldap: Adding radiusCisco-AVpair as Cisco-AVPair, value
> ssid=VLAN3 &
> > op=21
> > rlm_ldap: looking for reply items in directory...
> > rlm_ldap: user testradius authorized to use remote access
> > rlm_ldap: ldap_release_conn: Release Id: 0
> > modcall[authorize]: module "ldap" returns ok for request 9
> > modcall: leaving group authorize (returns updated) for request 9
> > rad_check_password: Found Auth-Type EAP
> > auth: type "EAP"
> > Processing the authenticate section of radiusd.conf
> > modcall: entering group authenticate for request 9
> > rlm_eap: Request found, released from the list
> > rlm_eap: EAP/peap
> > rlm_eap: processing type peap
> > rlm_eap_peap: Authenticate
> > rlm_eap_tls: processing TLS
> > eaptls_verify returned 7
> > rlm_eap_tls: Done initial handshake
> > eaptls_process returned 7
> > rlm_eap_peap: EAPTLS_OK
> > rlm_eap_peap: Session established. Decoding tunneled attributes.
> > rlm_eap_peap: Received EAP-TLV response.
> > rlm_eap_peap: Tunneled data is valid.
> > rlm_eap_peap: Success
> > rlm_eap: Freeing handler
> > modcall[authenticate]: module "eap" returns ok for request 9
> > modcall: leaving group authenticate (returns ok) for request 9
> > Login OK: [testradius/<no User-Password attribute>] (from client
> > ap-test-ivan port 289 cli 000c.f135.f1ba)
> > Sending Access-Accept of id 95 to 192.168.20.4 port 1645
> > MS-MPPE-Recv-Key =
> > 0x0b16dbbed96d2863ebde1df32222e6a8930a6876e2ae7e2c85288ae313d2cdc1
> > MS-MPPE-Send-Key =
> > 0x429669acf3e571f6fb7b6fbce51ef9bbb8cd9678885f5c52ab5355ce43727c9c
> > EAP-Message = 0x030a0004
> > Message-Authenticator = 0x00000000000000000000000000000000
> > User-Name = "testradius"
> > Finished request 9
> > Going to the next request
> > Waking up in 6 seconds...
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
3
8
Am getting this below error message when i ran the 'make' command and i configured it using the below command.
./configure --enable-slapd=no -enable-slurpd=no --with-threads=no --with-openssl-includes=/usr/local/openssl/include --with-openssl-libraries=/usr/local/openssl/lib
Can someone help me how to resolve this issue, aint find anything interesting on net. have installed krb lib and develop rpm but even that too didnt work. Please help me !!!
make > makefrmay21-1.log
In file included from eap_peap.h:25,
from rlm_eap_peap.c:24:
../../libeap/eap_tls.h:138: syntax error before "SSL"
../../libeap/eap_tls.h:138: warning: no semicolon at end of struct or union
../../libeap/eap_tls.h:141: syntax error before '*' token
../../libeap/eap_tls.h:141: warning: type defaults to `int' in declaration of `into_ssl'
../../libeap/eap_tls.h:141: warning: data definition has no type or storage class
../../libeap/eap_tls.h:142: syntax error before '*' token
../../libeap/eap_tls.h:142: warning: type defaults to `int' in declaration of `from_ssl'
../../libeap/eap_tls.h:142: warning: data definition has no type or storage class
../../libeap/eap_tls.h:172: syntax error before '}' token
../../libeap/eap_tls.h:172: warning: type defaults to `int' in declaration of `tls_session_t'
../../libeap/eap_tls.h:172: warning: data definition has no type or storage class
../../libeap/eap_tls.h:182: syntax error before "tls_session_t"
../../libeap/eap_tls.h:186: syntax error before "SSL"
../../libeap/eap_tls.h:188: syntax error before '*' token
../../libeap/eap_tls.h:371: syntax error before "SSL_CTX"
../../libeap/eap_tls.h:371: warning: no semicolon at end of struct or union
../../libeap/eap_tls.h:372: warning: type defaults to `int' in declaration of `eap_tls_t'
../../libeap/eap_tls.h:372: warning: data definition has no type or storage class
../../libeap/eap_tls.h:383: warning: type defaults to `int' in declaration of `SSL'
../../libeap/eap_tls.h:383: syntax error before '*' token
../../libeap/eap_tls.h:384: syntax error before "X509_STORE_CTX"
../../libeap/eap_tls.h:386: syntax error before "SSL"
../../libeap/eap_tls.h:387: syntax error before '*' token
../../libeap/eap_tls.h:387: syntax error before '*' token
../../libeap/eap_tls.h:387: warning: type defaults to `int' in declaration of `cbtls_rsa'
../../libeap/eap_tls.h:387: warning: data definition has no type or storage class
../../libeap/eap_tls.h:390: syntax error before '*' token
../../libeap/eap_tls.h:390: syntax error before '*' token
../../libeap/eap_tls.h:390: warning: type defaults to `int' in declaration of `eaptls_new_session'
../../libeap/eap_tls.h:390: warning: data definition has no type or storage class
../../libeap/eap_tls.h:391: syntax error before '*' token
../../libeap/eap_tls.h:392: syntax error before '*' token
../../libeap/eap_tls.h:393: syntax error before '*' token
../../libeap/eap_tls.h:397: syntax error before '*' token
../../libeap/eap_tls.h:398: syntax error before '*' token
In file included from rlm_eap_peap.c:24:
eap_peap.h:52:2: invalid preprocessing directive #int
rlm_eap_peap.c: In function `eappeap_authenticate':
rlm_eap_peap.c:165: `tls_session' undeclared (first use in this function)
rlm_eap_peap.c:165: (Each undeclared identifier is reported only once
rlm_eap_peap.c:165: for each function it appears in.)
rlm_eap_peap.c:165: syntax error before ')' token
rlm_eap_peap.c:242: warning: implicit declaration of function `eappeap_process'
gmake[9]: *** [rlm_eap_peap.lo] Error 1
gmake[8]: *** [common] Error 2
gmake[7]: *** [all] Error 2
gmake[6]: *** [common] Error 2
gmake[5]: *** [common] Error 2
gmake[4]: *** [all] Error 2
gmake[3]: *** [common] Error 2
gmake[2]: *** [all] Error 2
gmake[1]: *** [common] Error 2
make: *** [all] Error 2
--
_______________________________________________
Search for businesses by name, location, or phone number. -Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.as…
2
1
Can you listen for both auth and acct packets on the same port? If so,
how do you express that config in radiusd.conf
-Jason Ellison
3
4