Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2006
- 173 participants
- 245 discussions
Hi all,
I'm new to this list. I have spent hours searching
Google but still cant not find the solution for my
problem so I decide it's time for the first post.
I follow instructions from
http://www.linuxjournal.com/article/8017 with the
following configuration (instead of WLAN, I'm going to
secure my LAN so no access point here) :
- Authentication server: Freeradius 1.1.2 + OpenSSL
0.9.8a. The server is my laptop running Ubuntu 6.06.
The IP address is 192.168.22.180
- Authenticator: Cisco Catalyst 2950 whose IP is
192.168.22.23
- Suppliant: WinXP service pack 2
This setup never works as expected. WinXP kept
complaining "Unable to join to the network". I could
not figure out what was the problem. There were no
clue in freeradiusd's logfile and ethereal's dumpfile.
Or maybe I'm no expert on this subject to see the
clue. Please help. You can grab all of my freeradius's
configuration, logfile and ethernet's dumpfile from
http://innology.com.vn/8021x.tar.gz. Please take a
look at it.
TIA,
Thai Duong.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
5
15
Hello,
My log is full of this kind of errors:
Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 27 due to unfinished request 11$
Wed Jul 26 02:56:16 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 28 due to unfinished request 11$
Wed Jul 26 02:57:12 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 30 due to unfinished request 11$
Wed Jul 26 02:57:16 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 31 due to unfinished request 11$
Wed Jul 26 02:57:18 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 32 due to unfinished request 11$
Wed Jul 26 02:59:14 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 36 due to unfinished request 11$
Wed Jul 26 10:47:53 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 19 due to unfinished request 12$
Wed Jul 26 10:47:55 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 20 due to unfinished request 12$
Wed Jul 26 15:10:32 2006 : Error: Discarding duplicate request from client
APTrkaliste:1026 - ID: 93 due to unfinished reques$
Wed Jul 26 19:35:58 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 203 due to unfinished request 1$
Wed Jul 26 20:31:30 2006 : Error: Discarding duplicate request from client
APJankaVeselinovica:2051 - ID: 74 due to unfinishe$
Please for some help!
Kind Regards,
Aleksandar Stojilkovic
8
19
Hi all
Is there any way that the Radius server could instruct the Acess Point to assign a range of IP Adresses for a specific VLAN. Or this coniguration needs to be done in the Acess Point itself. I couldnt find any option to do this in the Acess Point. btw I use Proxim4000. Pls throw some light on this
Thanks
Radhika
---------------------------------
See the all-new, redesigned Yahoo.com. Check it out.
2
1
Hi,
I'm trying to use rlm_dbm for authorization, and discovered that the
rlm_dbm_parser program won't allow an entry to have an empty
check-items list. You can't have, for instance:
foo ;
;
or
foo
;
You must have
foo some_junk == here
;
if foo is to be added to the resulting users.dbm database.
To be more precise, you can't have empty check-items AND empty
reply-items, which I think one should be allowed to have... :)
The attached patch fixes that, and allows rlm_dbm_parser to process
a source file with empty check- and reply-items.
I created the patch against the latest cvs snapshot (jul. 27).
Please apply, or let me know why you think it's a bad idea... :)
Thanks,
Gabriel
1
0
Hello,
My log is full of this kind of errors:
Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 27 due to unfinished request 11$
Wed Jul 26 02:56:16 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 28 due to unfinished request 11$
Wed Jul 26 02:57:12 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 30 due to unfinished request 11$
Wed Jul 26 02:57:16 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 31 due to unfinished request 11$
Wed Jul 26 02:57:18 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 32 due to unfinished request 11$
Wed Jul 26 02:59:14 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 36 due to unfinished request 11$
Wed Jul 26 10:47:53 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 19 due to unfinished request 12$
Wed Jul 26 10:47:55 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 20 due to unfinished request 12$
Wed Jul 26 15:10:32 2006 : Error: Discarding duplicate request from client
APTrkaliste:1026 - ID: 93 due to unfinished reques$
Wed Jul 26 19:35:58 2006 : Error: Discarding duplicate request from client
APMajur:2048 - ID: 203 due to unfinished request 1$
Wed Jul 26 20:31:30 2006 : Error: Discarding duplicate request from client
APJankaVeselinovica:2051 - ID: 74 due to unfinishe$
Please for some help!
Kind Regards,
Aleksandar Stojilkovic
1
0
Hi,
I am using freeradius-0.9.3 with postgres 7.4.11. I have the following issue:
The radius message from a client has Event-Timestamp displayed as
local EDT time, but when Radiusd proccesses the message, the
Event-Timestamp was converted to UTC time (as shown in the radacct
detail log files). How can I disable this? I checked the timezone
setting on the freeradius server machine, and it was set to EDT. Is
there a config parameter that tells freeradius not to alter the
Event-Timestamp?
Thanks,
Khoa
2
1
Hi,
What the best FreeRadius with MYSQL databases FrontEnd for a Wireless ISP
(Comercial, Freeware ou Open Source)?
Tks
Wagner
2
1
Dear all,
does anyone here use *bubua with Freeradius?
I notice that when *bubua want to get the Session-Timeout values, *bubua
will send the following message to radius servers(Here I use Freeradius):
rad_recv: Access-Request packet from host 59.64.180.238:33150, id=57,
length=246
Cisco-Call-Type = "VoIP"
Calling-Station-Id = "005001"
Called-Station-Id = "005000"
Cisco-NAS-Port = "SIP/59.64.141.26-b7b13d20"
Cisco-AVPair = "call-codec=ulaw;useragent=X-Lite release 1105x;"
h323-call-origin = "originate"
User-Name = "005001"
NAS-Identifier = "Asterisk"
Framed-IP-Address = 59.64.141.26
NAS-IP-Address = 59.64.180.238
NAS-Port = 5060
h323-conf-id = 4C6B297B-8DC5-41A5-A6B8-C285B04BEF00(a)59.64.203.93
Here is the problem: the message didn't contain any password information (in
fact *bubua won't send the password), and then Freeradius will reject the
request because of lack of password. The Freeradius debug information is:
auth: No User-Password or CHAP-Password attribute in the request
auth: Failed to validate the user.
My question is how to make the radius server accept the request which do not
contain the password and reply the Session-Timeout to the *b2bua?
Thanks!
8
11
I have came thru a number of references which states that LDAP are
specialised database and optimized for read.
Would that make it a good idea to authenticate thru LDAP *but* the
accounting is handled thru mySQL ? Anybody have done this or am I
talking nonsense here?
(am 2 days old with RADIUS)
4
6
Hello to all,
Here is my dillema:
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding
tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Tunneled data is valid.
rlm_eap_peap: Had sent TLV failure. User was
rejcted rejected earlier in this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
as you can see the tlv failure during peap handshake.
I have seen the previous post and I have heeded their
warning of making sure the mschap module is
configured, but when I have configured these settings
I have no luck. I am attaching my eap.conf and
radius.conf files
as well as the below output for radius -X.
**************************************************
Wed Jul 26 06:38:27 2006 : Info: Starting - reading
configuration files ...
Wed Jul 26 06:38:27 2006 : Debug: reread_config:
reading radiusd.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/proxy.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/clients.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/snmp.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/eap.conf
Wed Jul 26 06:38:27 2006 : Debug: Config: including
file: /usr/local/etc/raddb/sql.conf
Wed Jul 26 06:38:27 2006 : Debug: main: prefix =
"/usr/local"
Wed Jul 26 06:38:27 2006 : Debug: main: localstatedir
= "/usr/local/var"
Wed Jul 26 06:38:27 2006 : Debug: main: logdir =
"/usr/local/var/log/radius"
Wed Jul 26 06:38:27 2006 : Debug: main: libdir =
"/usr/local/lib"
Wed Jul 26 06:38:27 2006 : Debug: main: radacctdir =
"/usr/local/var/log/radius/radacct"
Wed Jul 26 06:38:27 2006 : Debug: main:
hostname_lookups = no
Wed Jul 26 06:38:27 2006 : Debug: main:
max_request_time = 30
Wed Jul 26 06:38:27 2006 : Debug: main: cleanup_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug: main: max_requests
= 1024
Wed Jul 26 06:38:27 2006 : Debug: main:
delete_blocked_requests = 0
Wed Jul 26 06:38:27 2006 : Debug: main: port = 0
Wed Jul 26 06:38:27 2006 : Debug: main:
allow_core_dumps = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_stripped_names = no
Wed Jul 26 06:38:27 2006 : Debug: main: log_file =
"/usr/local/var/log/radius/radius.log"
Wed Jul 26 06:38:27 2006 : Debug: main: log_auth = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_auth_badpass = no
Wed Jul 26 06:38:27 2006 : Debug: main:
log_auth_goodpass = no
Wed Jul 26 06:38:27 2006 : Debug: main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
Wed Jul 26 06:38:27 2006 : Debug: main: user =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: main: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: main: usercollide =
no
Wed Jul 26 06:38:27 2006 : Debug: main: lower_user =
"no"
Wed Jul 26 06:38:27 2006 : Debug: main: lower_pass =
"no"
Wed Jul 26 06:38:27 2006 : Debug: main: nospace_user
= "no"
Wed Jul 26 06:38:27 2006 : Debug: main: nospace_pass
= "no"
Wed Jul 26 06:38:27 2006 : Debug: main: checkrad =
"/usr/local/sbin/checkrad"
Wed Jul 26 06:38:27 2006 : Debug: main:
proxy_requests = yes
Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_delay
= 5
Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_count
= 3
Wed Jul 26 06:38:27 2006 : Debug: proxy: synchronous
= no
Wed Jul 26 06:38:27 2006 : Debug: proxy:
default_fallback = yes
Wed Jul 26 06:38:27 2006 : Debug: proxy: dead_time =
120
Wed Jul 26 06:38:27 2006 : Debug: proxy:
post_proxy_authorize = no
Wed Jul 26 06:38:27 2006 : Debug: proxy:
wake_all_if_all_dead = no
Wed Jul 26 06:38:27 2006 : Debug: security:
max_attributes = 200
Wed Jul 26 06:38:27 2006 : Debug: security:
reject_delay = 1
Wed Jul 26 06:38:27 2006 : Debug: security:
status_server = no
Wed Jul 26 06:38:27 2006 : Debug: main: debug_level =
0
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading dictionary
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading naslist
Wed Jul 26 06:38:27 2006 : Info: Using deprecated
naslist file. Support for this will go away soon.
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading clients
Wed Jul 26 06:38:27 2006 : Debug: read_config_files:
reading realms
Wed Jul 26 06:38:27 2006 : Debug: radiusd: entering
modules setup
Wed Jul 26 06:38:27 2006 : Debug: Module: Library
search path is /usr/local/lib
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded exec
Wed Jul 26 06:38:27 2006 : Debug: exec: wait = yes
Wed Jul 26 06:38:27 2006 : Debug: exec: program =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: exec: input_pairs =
"request"
Wed Jul 26 06:38:27 2006 : Debug: exec: output_pairs
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: exec: packet_type =
"(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_exec: Wait=yes
but no output defined. Did you mean output=none?
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
exec (exec)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded expr
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
expr (expr)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded PAP
Wed Jul 26 06:38:27 2006 : Debug: pap:
encryption_scheme = "crypt"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
pap (pap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded CHAP
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
chap (chap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
MS-CHAP
Wed Jul 26 06:38:27 2006 : Debug: mschap: use_mppe =
yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
require_encryption = yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
require_strong = yes
Wed Jul 26 06:38:27 2006 : Debug: mschap:
with_ntdomain_hack = no
Wed Jul 26 06:38:27 2006 : Debug: mschap: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: mschap: ntlm_auth =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
mschap (mschap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded
System
Wed Jul 26 06:38:27 2006 : Debug: unix: cache = no
Wed Jul 26 06:38:27 2006 : Debug: unix: passwd =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: shadow =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: group =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: unix: radwtmp =
"/usr/local/var/log/radius/radwtmp"
Wed Jul 26 06:38:27 2006 : Debug: unix: usegroup = no
Wed Jul 26 06:38:27 2006 : Debug: unix: cache_reload
= 600
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
unix (unix)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded LDAP
Wed Jul 26 06:38:27 2006 : Debug: ldap: server =
"56.207.1.134"
Wed Jul 26 06:38:27 2006 : Debug: ldap: port = 389
Wed Jul 26 06:38:27 2006 : Debug: ldap: net_timeout =
1
Wed Jul 26 06:38:27 2006 : Debug: ldap: timeout = 4
Wed Jul 26 06:38:27 2006 : Debug: ldap: timelimit = 3
Wed Jul 26 06:38:27 2006 : Debug: ldap: identity =
"CN=SVTest45,OU=Users,OU=Surface Visibility
POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_mode = no
Wed Jul 26 06:38:27 2006 : Debug: ldap: start_tls =
no
Wed Jul 26 06:38:27 2006 : Debug: ldap:
tls_cacertfile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertdir
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_certfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_keyfile =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_randfile
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
tls_require_cert = "allow"
Wed Jul 26 06:38:27 2006 : Debug: ldap: password =
"Ytilibis6"
Wed Jul 26 06:38:27 2006 : Debug: ldap: basedn =
"OU=Users,OU=Surface Visibility POC,OU=Server
Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov"
Wed Jul 26 06:38:27 2006 : Debug: ldap: filter =
"(&(sAMAccountName=%{user-name}))"
Wed Jul 26 06:38:27 2006 : Debug: ldap: base_filter =
"(objectclass=radiusprofile)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
default_profile = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
profile_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
password_header = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
password_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr =
"dialupAccess"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupname_attribute = "cn"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
groupmembership_attribute = "(null)"
Wed Jul 26 06:38:27 2006 : Debug: ldap:
dictionary_mapping =
"/usr/local/etc/raddb/ldap.attrmap"
Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_debug =
0
Wed Jul 26 06:38:27 2006 : Debug: ldap:
ldap_connections_number = 5
Wed Jul 26 06:38:27 2006 : Debug: ldap:
compare_check_items = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap:
access_attr_used_for_allow = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap: do_xlat = yes
Wed Jul 26 06:38:27 2006 : Debug: ldap: set_auth_type
= yes
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_groupcmp for Ldap-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap:
Registering ldap_xlat with xlat_name ldap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: reading
ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCheckItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyItem mapped to RADIUS $GENERIC$
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusAuthType mapped to RADIUS Auth-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSimultaneousUse mapped to RADIUS
Simultaneous-Use
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCalledStationId mapped to RADIUS
Called-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallingStationId mapped to RADIUS
Calling-Station-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
lmPassword mapped to RADIUS LM-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
ntPassword mapped to RADIUS NT-Password
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusExpiration mapped to RADIUS Expiration
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusNASIpAddress mapped to RADIUS NAS-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusServiceType mapped to RADIUS Service-Type
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedProtocol mapped to RADIUS Framed-Protocol
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPAddress mapped to RADIUS
Framed-IP-Address
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPNetmask mapped to RADIUS
Framed-IP-Netmask
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRoute mapped to RADIUS Framed-Route
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedRouting mapped to RADIUS Framed-Routing
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFilterId mapped to RADIUS Filter-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedMTU mapped to RADIUS Framed-MTU
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedCompression mapped to RADIUS
Framed-Compression
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginIPHost mapped to RADIUS Login-IP-Host
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginService mapped to RADIUS Login-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackNumber mapped to RADIUS Callback-Number
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusCallbackId mapped to RADIUS Callback-Id
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedIPXNetwork mapped to RADIUS
Framed-IPX-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusClass mapped to RADIUS Class
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusSessionTimeout mapped to RADIUS Session-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusIdleTimeout mapped to RADIUS Idle-Timeout
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusTerminationAction mapped to RADIUS
Termination-Action
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATService mapped to RADIUS
Login-LAT-Service
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATNode mapped to RADIUS Login-LAT-Node
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkLink mapped to RADIUS
Framed-AppleTalk-Link
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkZone mapped to RADIUS
Framed-AppleTalk-Zone
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusPortLimit mapped to RADIUS Port-Limit
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusLoginLATPort mapped to RADIUS Login-LAT-Port
Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP
radiusReplyMessage mapped to RADIUS Reply-Message
Wed Jul 26 06:38:27 2006 : Debug: conns: 0x8139828
Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated
ldap (ldap)
Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded eap
Wed Jul 26 06:38:27 2006 : Debug: eap:
default_eap_type = "peap"
Wed Jul 26 06:38:27 2006 : Debug: eap: timer_expire =
60
Wed Jul 26 06:38:27 2006 : Debug: eap:
ignore_unknown_eap_types = no
Wed Jul 26 06:38:27 2006 : Debug: eap:
cisco_accounting_username_bug = no
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type md5
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type leap
Wed Jul 26 06:38:27 2006 : Debug: gtc: challenge =
"Password: "
Wed Jul 26 06:38:27 2006 : Debug: gtc: auth_type =
"PAP"
Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and
initialized type gtc
Wed Jul 26 06:38:27 2006 : Debug: tls:
rsa_key_exchange = no
Wed Jul 26 06:38:27 2006 : Debug: tls:
dh_key_exchange = yes
Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_length
= 512
Wed Jul 26 06:38:27 2006 : Debug: tls: verify_depth =
0
Wed Jul 26 06:38:27 2006 : Debug: tls: CA_path =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls: pem_file_type
= yes
Wed Jul 26 06:38:27 2006 : Debug: tls:
private_key_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls:
certificate_file =
"/usr/local/etc/raddb/certs/server_keycert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls: CA_file =
"/usr/local/etc/raddb/certs/cacert.pem"
Wed Jul 26 06:38:27 2006 : Debug: tls:
private_key_password = ""
Wed Jul 26 06:38:27 2006 : Debug: tls: dh_file =
"/usr/local/etc/raddb/certs/dh"
Wed Jul 26 06:38:27 2006 : Debug: tls: random_file =
"/usr/local/etc/raddb/certs/random"
Wed Jul 26 06:38:27 2006 : Debug: tls: fragment_size
= 1024
Wed Jul 26 06:38:27 2006 : Debug: tls: include_length
= yes
Wed Jul 26 06:38:27 2006 : Debug: tls: check_crl = no
Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_cn
= "(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls: cipher_list =
"(null)"
Wed Jul 26 06:38:27 2006 : Debug: tls:
check_cert_issuer = "(null)"
Wed Jul 26 06:38:27 2006 : Info: rlm_eap_tls: Loading
the certificate file as a chain
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type tls
Wed Jul 26 06:38:28 2006 : Debug: peap:
default_eap_type = "mschapv2"
Wed Jul 26 06:38:28 2006 : Debug: peap:
copy_request_to_tunnel = yes
Wed Jul 26 06:38:28 2006 : Debug: peap:
use_tunneled_reply = yes
Wed Jul 26 06:38:28 2006 : Debug: peap:
proxy_tunneled_request_as_eap = yes
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type peap
Wed Jul 26 06:38:28 2006 : Debug: mschapv2:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and
initialized type mschapv2
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
eap (eap)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
preprocess
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
huntgroups = "/usr/local/etc/raddb/huntgroups"
Wed Jul 26 06:38:28 2006 : Debug: preprocess: hints =
"/usr/local/etc/raddb/hints"
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_ascend_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
ascend_channels_per_line = 23
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_ntdomain_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_specialix_jetstream_hack = no
Wed Jul 26 06:38:28 2006 : Debug: preprocess:
with_cisco_vsa_hack = no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
preprocess (preprocess)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded realm
Wed Jul 26 06:38:28 2006 : Debug: realm: format =
"suffix"
Wed Jul 26 06:38:28 2006 : Debug: realm: delimiter =
"@"
Wed Jul 26 06:38:28 2006 : Debug: realm:
ignore_default = no
Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_null
= no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
realm (suffix)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded files
Wed Jul 26 06:38:28 2006 : Debug: files: usersfile =
"/usr/local/etc/raddb/users"
Wed Jul 26 06:38:28 2006 : Debug: files:
acctusersfile = "/usr/local/etc/raddb/acct_users"
Wed Jul 26 06:38:28 2006 : Debug: files:
preproxy_usersfile =
"/usr/local/etc/raddb/preproxy_users"
Wed Jul 26 06:38:28 2006 : Debug: files: compat =
"no"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
files (files)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
Acct-Unique-Session-Id
Wed Jul 26 06:38:28 2006 : Debug: acct_unique: key =
"User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
acct_unique (acct_unique)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
detail
Wed Jul 26 06:38:28 2006 : Debug: detail: detailfile
=
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
Wed Jul 26 06:38:28 2006 : Debug: detail: detailperm
= 384
Wed Jul 26 06:38:28 2006 : Debug: detail: dirperm =
493
Wed Jul 26 06:38:28 2006 : Debug: detail: locking =
no
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
detail (detail)
Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded
radutmp
Wed Jul 26 06:38:28 2006 : Debug: radutmp: filename =
"/usr/local/var/log/radius/radutmp"
Wed Jul 26 06:38:28 2006 : Debug: radutmp: username =
"%{User-Name}"
Wed Jul 26 06:38:28 2006 : Debug: radutmp:
case_sensitive = yes
Wed Jul 26 06:38:28 2006 : Debug: radutmp:
check_with_nas = yes
Wed Jul 26 06:38:28 2006 : Debug: radutmp: perm = 384
Wed Jul 26 06:38:28 2006 : Debug: radutmp: callerid =
yes
Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated
radutmp (radutmp)
Wed Jul 26 06:38:28 2006 : Debug: Listening on
authentication *:1812
Wed Jul 26 06:38:28 2006 : Debug: Listening on
accounting *:1813
Wed Jul 26 06:38:28 2006 : Info: Ready to process
requests.
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=96, length=142
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x9f1c51bffb5629597ad2b909fd38c9b4
EAP-Message = 0x0203000d017376746573743231
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 3 length 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 0
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 0
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type tls
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Initiate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Start
returned 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 0
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 0
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 0
Sending Access-Challenge of id 96 to 170.248.233.102
port 21645
EAP-Message = 0x010400061920
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x29ca0021777c690970b4a5471a00217b
Wed Jul 26 06:38:57 2006 : Debug: Finished request 0
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=97, length=253
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x88d642315545479df646345555800e93
EAP-Message =
0x0204006a198000000060160301005b0100005703011c65d617c07403a366a2f3b6de705e884da5fd14fbdb9cf0d0df33bfc72f8eca20a34c239b5b06e80ed486fd8dadac40a1485d19d957e58d20b52c8859b8180b71001000040005000a000900640062000300060100
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x29ca0021777c690970b4a5471a00217b
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 4 length 106
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 1
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 1
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length
Included
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 11
Wed Jul 26 06:38:57 2006 : Debug: (other):
before/accept initialization
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
before/accept initialization
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 005b], ClientHello
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read client hello A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 004a], ServerHello
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write server hello A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 04b3], Certificate
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write certificate A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0004], ServerHelloDone
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write server done A
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 flush data
Wed Jul 26 06:38:57 2006 : Error: TLS_accept:error
in SSLv3 read client certificate A
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: In SSL Handshake
Phase
Wed Jul 26 06:38:57 2006 : Debug: In SSL Accept mode
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 1
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 1
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 1
Sending Access-Challenge of id 97 to 170.248.233.102
port 21645
EAP-Message =
0x0105040a19c000000510160301004a02000046030144c75451b02d92afcc20f4bfec1431803916822f1e67ae67bb168cd36ae3781420ff042ce2de3d04fef6469395e00f0b4645de855ae3345e0dca33873b5e1da24000040016030104b30b0004af0004ac000216308202123082017ba003020102020101300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313630335a170d3037303732353230313630335a304c310b3009060355040613025553310b30090603550408130244
EAP-Message =
0x43311d301b060355040a1314535631412061746c20656e7669726f6e6d656e743111300f06035504031308737631612e61746c30819f300d06092a864886f70d010101050003818d0030818902818100d026b1347e5fca59da1a427f07370f05445287b8f01a6d12f4577cb529b4dffe3dae2daeabfd2df7312eb97bc10cf73404c337e26bf70b9b13927c9862bcad706325f743685725808b823dc84967582da67ce2bec405ea60a35bdada7926c4a0b2fe3f9a0e1ffa0a56426199381aaf4e15a39b951aab58d368a579563018678b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500
EAP-Message =
0x03818100d6ce9ff21b40746b76f18af5a0e80bc090171bee7d777371035b02f7b2b8ef1fab3da34c0021e5f8b414c7b5e55ba7c8780d6c7dfdca776da44cd927bd6616fdeade53adcf5b7716f2ed067184489262c99b26b699d901c241db457aad494f780e33787f63f3d95757f5a15b8c16ccbd09ec653e24c82e8fec0ce602a0be019f0002903082028c308201f5a003020102020900c9abfb98ff97b24c300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313233395a170d30
EAP-Message =
0x37303732353230313233395a3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e7430819f300d06092a864886f70d010101050003818d0030818902818100d8cdddeec55c7306f917a047380659df940a0b96f3f2f576c91b6b6d7747eb0bc2d1bef222dfaa423a8c18f202e92ccef8f6d72b3526432cd4aee488d7d8c9b431f73429468b22cccf63aceb530f4e3b5262a35e5e22e51046594d6c91aca5f056982de1acc5a26480c4eac144cb4be74185df3ce999d574a30f28acfd1f9d750203010001a3819b308198301d0603551d0e04160414682319
EAP-Message =
0x51745c11e5fd6f7155d54baba5f067ea053069060355
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x498b302c3c413c59d2b3adf67bbc1530
Wed Jul 26 06:38:57 2006 : Debug: Finished request 1
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=98, length=153
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x8fdcb1d1de429fbc882c9013f501fdcd
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x498b302c3c413c59d2b3adf67bbc1530
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 5 length 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 2
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack
handshake fragment handler
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 1
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 2
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 2
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 2
Sending Access-Challenge of id 98 to 170.248.233.102
port 21645
EAP-Message =
0x0106011619001d2304623060801468231951745c11e5fd6f7155d54baba5f067ea05a13da43b3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74820900c9abfb98ff97b24c300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008a788b3b91705246ab003c122a42a3fb149874df853c1f93a2795fdc5b1aa5cddecd2186ffe71fcb52fb5d743ead84a7e048e208c7ad094c9fa2399316be0f28eb493779a06158dc9ac392d222e1aed63a5dd8e777ff732889080dd2fe018edd6125d4c3305aa7684b64676530258eb4
EAP-Message =
0xb7281afd5b9d99013d400bf868323f7716030100040e000000
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x2d8cf9192d110361c694d24de7cdbdcb
Wed Jul 26 06:38:57 2006 : Debug: Finished request 2
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=99, length=339
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x577ebfac24aca5a457822e75d9c31c9a
EAP-Message =
0x020600c01980000000b616030100861000008200802bce54d10c0c817b71cdbd91c896ebad0cdc051937e0da1262ac04109f34cb9a96cccf31d124ebfaf28f76a8fc1439f6d99c32df59ea9978238a8b772bd8911804ee7ec9395d0113cf158f355433885581aa136a7f4f93ddf11cd77e91e45da81f9892c5f9c71b955604d3f9692d2747b674d08f488486c16835b67dd1a483cb14030100010116030100207feb620c9d4e1bd873ba0e6a5ee8e501066967ac10d6e7d0696263466cf12ab4
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x2d8cf9192d110361c694d24de7cdbdcb
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 6 length 192
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 3
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length
Included
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 11
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0086], ClientKeyExchange
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read client key exchange A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 ChangeCipherSpec [length 0001]
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<<
TLS 1.0 Handshake [length 0010], Finished
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 read finished A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 ChangeCipherSpec [length 0001]
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write change cipher spec A
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>>
TLS 1.0 Handshake [length 0010], Finished
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 write finished A
Wed Jul 26 06:38:57 2006 : Debug: TLS_accept:
SSLv3 flush data
Wed Jul 26 06:38:57 2006 : Debug: (other): SSL
negotiation finished successfully
Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error
error:00000000:lib(0):func(0):reason(0)
Wed Jul 26 06:38:57 2006 : Debug: SSL Connection
Established
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_HANDLED
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 3
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 3
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 3
Sending Access-Challenge of id 99 to 170.248.233.102
port 21645
EAP-Message =
0x0107003119001403010001011603010020d8095d07b6faed0612c8cc397d7585f0435501e4a1d7e201ff89e8f9cbf87a46
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x33722640f43f50eda977125b0e4f529e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 3
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=100, length=153
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0xdedb196149d987712093702f74fd8fc4
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x33722640f43f50eda977125b0e4f529e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 7 length 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 4
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 4
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
Received EAP-TLS ACK message
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack
handshake is finished
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 3
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 3
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_SUCCESS
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 4
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 4
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 4
Sending Access-Challenge of id 100 to 170.248.233.102
port 21645
EAP-Message =
0x010800201900170301001584f67b6b13ffeffe18862f7659b9a66c4a8e4b996a
Message-Authenticator =
0x00000000000000000000000000000000
State = 0xdd383d12bf43f94234041e3c55ca3ad2
Wed Jul 26 06:38:57 2006 : Debug: Finished request 4
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=101, length=183
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x6f47dd19e1bd452975489d9ec5395fb9
EAP-Message =
0x02080024190017030100195e17a3dd5ae16018a9127bd42ab172908103052ca1cb861bd6
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0xdd383d12bf43f94234041e3c55ca3ad2
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 8 length 36
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Identity - svtest21
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled
identity of svtest21
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
default EAP type for tunneled EAP session.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 8 length 13
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 5
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 5
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
Identity
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Info: rlm_eap_mschapv2:
Issuing Challenge
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled
Access-Challenge
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 5
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 5
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 5
Sending Access-Challenge of id 101 to 170.248.233.102
port 21645
EAP-Message =
0x010900391900170301002e31ec119dd45b49159e2e527731844ab3c0e71c00ac7fe0b3dbd8013265ccbd9c45669b8a7f8f93b2abe77640bce3
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x04f10b8ab1550375bf94e3b173867c1e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 5
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=102, length=237
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x6cddd56e038eeeeb62b8d2b97207575d
EAP-Message =
0x0209005a1900170301004f7ebe8c95ba80a65659e251d4be48f417110e8259b3bd8da9941229cd56c49dc70cec66fe0744d7386212187e0fa66b5324340dbb71fcde3c038d9440eb2b9c732c9aea2ef4a4d94639d6d05eab8d9b
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x04f10b8ab1550375bf94e3b173867c1e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 9 length 90
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAP
type mschapv2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting
User-Name to svtest21
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Adding old
state with 1a 55
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 9 length 67
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
EAP/mschapv2
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type mschapv2
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group MS-CHAP for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling mschap (rlm_mschap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No
User-Password configured. Cannot create LM-Password.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No
User-Password configured. Cannot create NT-Password.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: Told
to do MS-CHAPv2 for svtest21 with NT-Password
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap:
FAILED: No NT/LM-Password. Cannot perform
authentication.
Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap:
FAILED: MS-CHAP2-Response is incorrect
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from mschap
(rlm_mschap) for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "mschap" returns reject
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group MS-CHAP (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Freeing
handler
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns reject for
request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns reject) for request 6
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug: PEAP: Tunneled
authentication was rejected.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
FAILURE
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 6
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns handled
for request 6
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns handled) for request 6
Sending Access-Challenge of id 102 to 170.248.233.102
port 21645
EAP-Message =
0x010a00261900170301001b233d655aa5fa5426d55aef5a34e07a87d731e1bbe2f875598be5af
Message-Authenticator =
0x00000000000000000000000000000000
State = 0x5dc9719865b138594344825c77fe148e
Wed Jul 26 06:38:57 2006 : Debug: Finished request 6
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
User-Name = "svtest21"
Framed-MTU = 1400
Called-Station-Id = "0014.f213.f740"
Calling-Station-Id = "0002.7848.9017"
Service-Type = Login-User
Message-Authenticator =
0x57ad285f9dcb4ce9f76d13fc72ae4152
EAP-Message =
0x020a00261900170301001b0c3225d3742832f0f869716ddf76a1852229df75c229af8417b16a
NAS-Port-Type = Wireless-802.11
NAS-Port = 549
State = 0x5dc9719865b138594344825c77fe148e
NAS-IP-Address = 170.248.233.102
NAS-Identifier = "SV1ATESTENVIRON"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authorize section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authorize for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from preprocess
(rlm_preprocess) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "preprocess" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling chap (rlm_chap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from chap (rlm_chap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "chap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling mschap (rlm_mschap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from mschap
(rlm_mschap) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "mschap" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling suffix (rlm_realm) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
'@' in User-Name = "svtest21", looking up realm NULL
Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No
such realm "NULL"
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from suffix (rlm_realm)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "suffix" returns noop for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP
packet type response id 10 length 38
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP
Start, assuming it's an on-going EAP conversation
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "eap" returns updated for
request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: calling files (rlm_files) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: users: Matched
entry DEFAULT at line 215
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authorize]: returned from files (rlm_files)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authorize]: module "files" returns ok for
request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authorize (returns updated) for request 7
Wed Jul 26 06:38:57 2006 : Debug:
rad_check_password: Found Auth-Type EAP
Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP"
Wed Jul 26 06:38:57 2006 : Debug: Processing the
authenticate section of radiusd.conf
Wed Jul 26 06:38:57 2006 : Debug: modcall: entering
group authenticate for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: calling eap (rlm_eap) for
request 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request
found, released from the list
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap:
processing type peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Authenticate
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls:
processing TLS
Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done
initial handshake
Wed Jul 26 06:38:57 2006 : Debug: eaptls_process
returned 7
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
EAPTLS_OK
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Session established. Decoding tunneled attributes.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Received EAP-TLV response.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap:
Tunneled data is valid.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Had
sent TLV failure. User was rejcted rejected earlier
in this session.
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Handler
failed in EAP/peap
Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Failed in
EAP select
Wed Jul 26 06:38:57 2006 : Debug:
modsingle[authenticate]: returned from eap (rlm_eap)
for request 7
Wed Jul 26 06:38:57 2006 : Debug:
modcall[authenticate]: module "eap" returns invalid
for request 7
Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving
group authenticate (returns invalid) for request 7
Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to
validate the user.
Wed Jul 26 06:38:57 2006 : Debug: Delaying request 7
for 1 seconds
Wed Jul 26 06:38:57 2006 : Debug: Finished request 7
Wed Jul 26 06:38:57 2006 : Debug: Going to the next
request
Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6
seconds...
rad_recv: Access-Request packet from host
170.248.233.102:21645, id=103, length=185
Sending Access-Reject of id 103 to 170.248.233.102
port 21645
EAP-Message = 0x040a0004
Message-Authenticator =
0x00000000000000000000000000000000
Wed Jul 26 06:39:02 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:02 2006 : Debug: Waking up in 1
seconds...
Wed Jul 26 06:39:03 2006 : Debug: --- Walking the
entire request list ---
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
0 ID 96 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
1 ID 97 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
2 ID 98 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
3 ID 99 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
4 ID 100 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
5 ID 101 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
6 ID 102 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request
7 ID 103 with timestamp 44c75451
Wed Jul 26 06:39:03 2006 : Debug: Nothing to do.
Sleeping until we see a request.
******************************************************
eap.conf
******************************************************
# -*- text -*-
#
# Whatever you do, do NOT set 'Auth-Type := EAP'.
The server
# is smart enough to figure this out on its own. The
most
# common side effect of setting 'Auth-Type := EAP' is
that the
# users then cannot use ANY other authentication
method.
#
# $Id: eap.conf,v 1.4.4.3 2006/04/28 18:25:03 aland
Exp $
#
eap {
# Invoke the default supported EAP type when
# EAP-Identity response is received.
#
# The incoming EAP messages DO NOT specify which
EAP
# type they will be using, so it MUST be set here.
#
# For now, only one default EAP type may be used at
a time.
#
# If the EAP-Type attribute is set by another
module,
# then that EAP type takes precedence over the
# default type configured here.
#
default_eap_type = peap
# A list is maintained to correlate EAP-Response
# packets with EAP-Request packets. After a
# configurable length of time, entries in the list
# expire, and are deleted.
#
timer_expire = 60
# There are many EAP types, but the server has
support
# for only a limited subset. If the server
receives
# a request for an EAP type it does not support,
then
# it normally rejects the request. By setting this
# configuration to "yes", you can tell the server
to
# instead keep processing the request. Another
module
# MUST then be configured to proxy the request to
# another RADIUS server which supports that EAP
type.
#
# If another module is NOT configured to handle the
# request, then the request will still end up being
# rejected.
ignore_unknown_eap_types = no
# Cisco AP1230B firmware 12.2(13)JA1 has a bug.
When given
# a User-Name attribute in an Access-Accept, it
copies one
# more byte than it should.
#
# We can work around it by configurably adding an
extra
# zero byte.
cisco_accounting_username_bug = no
# Supported EAP-types
#
# We do NOT recommend using EAP-MD5 authentication
# for wireless connections. It is insecure, and
does
# not provide for dynamic WEP keys.
#
md5 {
}
# Cisco LEAP
#
# We do not recommend using LEAP in new
deployments. See:
# http://www.securiteam.com/tools/5TP012ACKE.html
#
# Cisco LEAP uses the MS-CHAP algorithm (but not
# the MS-CHAP attributes) to perform it's
authentication.
#
# As a result, LEAP *requires* access to the
plain-text
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
leap {
}
# Generic Token Card.
#
# Currently, this is only permitted inside of
EAP-TTLS,
# or EAP-PEAP. The module "challenges" the user
with
# text, and the response from the user is taken to
be
# the User-Password.
#
# Proxying the tunneled EAP-GTC session is a bad
idea,
# the users password will go over the wire in
plain-text,
# for anyone to see.
#
gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
# The plain-text response which comes back
# is put into a User-Password attribute,
# and passed to another module for
# authentication. This allows the EAP-GTC
# response to be checked against plain-text,
# or crypt'd passwords.
#
# If you say "Local" instead of "PAP", then
# the module will look for a User-Password
# configured for the request, and do the
# authentication itself.
#
auth_type = PAP
}
## EAP-TLS
#
# To generate ctest certificates, run the script
#
# ../scripts/certs.sh
#
# The documents on http://www.freeradius.org/doc
# are old, but
may be helpful.
#
# See also:
#
#
http://www.dslreports.com/forum/remark,9286052~mode=flat
#
tls {
private_key_password =
private_key_file =
${raddbdir}/certs/server_keycert.pem
# If Private key & Certificate are located in
# the same file, then private_key_file &
# certificate_file must contain the same file
# name.
certificate_file =
${raddbdir}/certs/server_keycert.pem
# Trusted Root CA list
CA_file = ${raddbdir}/certs/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
#
# This can never exceed the size of a RADIUS
# packet (4096 bytes), and is preferably half
# that, to accomodate other attributes in
# RADIUS packet. On most APs the MAX packet
# length is configured between 1500 - 1600
# In these cases, fragment size should be
# 1024 or less.
#
fragment_size = 1024
# include_length is a flag which is
# by default set to yes If set to
# yes, Total Length of the message is
# included in EVERY packet we send.
# If set to no, Total Length of the
# message is included ONLY in the
# First packet of a fragment series.
#
include_length = yes
# Check the Certificate Revocation List
#
# 1) Copy CA certificates and CRLs to same
directory.
# 2) Execute 'c_rehash <CA certs&CRLs Directory>'.
# 'c_rehash' is OpenSSL's command.
# 3) Add 'CA_path=<CA certs&CRLs directory>'
# to radiusd.conf's tls section.
# 4) uncomment the line below.
# 5) Restart radiusd
# check_crl = yes
#
# If check_cert_issuer is set, the value
will
# be checked against the DN of the issuer in
# the client certificate. If the values do
not
# match, the cerficate verification will
fail,
# rejecting the user.
#
# check_cert_issuer =
"/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd"
#
# If check_cert_cn is set, the value will
# be xlat'ed and checked against the CN
# in the client certificate. If the values
# do not match, the certificate verification
# will fail rejecting the user.
#
# This check is done only if the previous
# "check_cert_issuer" is not set, or if
# the check succeeds.
#
# check_cert_cn = %{User-Name}
#
# Set this option to specify the allowed
# TLS cipher suites. The format is listed
# in "man 1 ciphers".
# cipher_list = "DEFAULT"
}
# The TTLS module implements the EAP-TTLS protocol,
# which can be described as EAP inside of Diameter,
# inside of TLS, inside of EAP, inside of RADIUS...
#
# Surprisingly, it works quite well.
#
# The TTLS module needs the TLS module to be
installed
# and configured, in order to use the TLS tunnel
# inside of the EAP packet. You will still need to
# configure the TLS module, even if you do not want
# to deploy EAP-TLS in your network. Users will
not
# be able to request EAP-TLS, as it requires them
to
# have a client certificate. EAP-TTLS does not
# require a client certificate.
#
#ttls {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# TTLS tunnel, we recommend using EAP-MD5.
# If the request does not contain an EAP
# conversation, then this configuration entry
# is ignored.
# default_eap_type = md5
# The tunneled authentication request does
# not usually contain useful attributes
# like 'Calling-Station-Id', etc. These
# attributes are outside of the tunnel,
# and normally unavailable to the tunneled
# authentication request.
#
# By setting this configuration entry to
# 'yes', any attribute which NOT in the
# tunneled authentication request, but
# which IS available outside of the tunnel,
# is copied to the tunneled request.
#
# allowed values: {no, yes}
# copy_request_to_tunnel = no
# The reply attributes sent to the NAS are
# usually based on the name of the user
# 'outside' of the tunnel (usually
# 'anonymous'). If you want to send the
# reply attributes based on the user name
# inside of the tunnel, then set this
# configuration entry to 'yes', and the reply
# to the NAS will be taken from the reply to
# the tunneled request.
#
# allowed values: {no, yes}
# use_tunneled_reply = no
#}
#
# The tunneled EAP session needs a default EAP type
# which is separate from the one for the
non-tunneled
# EAP module. Inside of the TLS/PEAP tunnel, we
# recommend using EAP-MS-CHAPv2.
#
# The PEAP module needs the TLS module to be
installed
# and configured, in order to use the TLS tunnel
# inside of the EAP packet. You will still need to
# configure the TLS module, even if you do not want
# to deploy EAP-TLS in your network. Users will
not
# be able to request EAP-TLS, as it requires them
to
# have a client certificate. EAP-PEAP does not
# require a client certificate.
#
peap {
# The tunneled EAP session needs a default
# EAP type which is separate from the one for
# the non-tunneled EAP module. Inside of the
# PEAP tunnel, we recommend using MS-CHAPv2,
# as that is the default type supported by
# Windows clients.
default_eap_type = mschapv2
# the PEAP module also has these configuration
# items, which are the same as for TTLS.
copy_request_to_tunnel = yes
use_tunneled_reply = yes
# When the tunneled session is proxied, the
# home server may not understand EAP-MSCHAP-V2.
# Set this entry to "no" to proxy the tunneled
# EAP-MSCHAP-V2 as normal MSCHAPv2.
# proxy_tunneled_request_as_eap = yes
}
#
# This takes no configuration.
#
# Note that it is the EAP MS-CHAPv2 sub-module, not
# the main 'mschap' module.
#
# Note also that in order for this sub-module to
work,
# the main 'mschap' module MUST ALSO be configured.
#
# This module is the *Microsoft* implementation of
MS-CHAPv2
# in EAP. There is another (incompatible)
implementation
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS
does not
# currently support.
#
mschapv2 {
}
}
*****************************************************
Thanks,
Damon
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
3
5