Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
March 2008
- 138 participants
- 202 discussions
Hello,
I'm trying to compile freeradius 1.1.7 on a redhat 7.1 box w/gcc 3.4.3 and am getting the following error;
creating .libs/radiusdS.c
(cd .libs && gcc -g -O2 -c -fno-builtin "radiusdS.c")
rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT
gcc .libs/radiusdS.o -pie -o .libs/radiusd .libs/acct.o .libs/auth.o .libs/client.o .libs/conffile.o .libs/exec.o .libs/files.o .lib
s/log.o .libs/mainconfig.o .libs/modules.o .libs/modcall.o .libs/nas.o .libs/proxy.o .libs/radiusd.o .libs/radius_snmp.o .libs/request
_list.o .libs/session.o .libs/smux.o .libs/threads.o .libs/util.o .libs/valuepair.o .libs/version.o .libs/timestr.o .libs/xlat.o -
Wl,--export-dynamic -lnsl -lresolv -lpthread ../lib/.libs/libradius.so -lcrypt /usr/lib/libltdl.so -ldl -Wl,--rpath -Wl,/usr/local/lib
.libs/threads.o: In function `request_handler_thread':
/home/freerad/freeradius-1.1.7/src/main/threads.c:590: undefined reference to `ERR_remove_state'
/home/freerad/freeradius-1.1.7/src/main/threads.c:590: undefined reference to `ERR_remove_state'
.libs/threads.o: In function `thread_pool_init':
/home/freerad/freeradius-1.1.7/src/main/threads.c:210: undefined reference to `CRYPTO_num_locks'
/home/freerad/freeradius-1.1.7/src/main/threads.c:216: undefined reference to `CRYPTO_num_locks'
/home/freerad/freeradius-1.1.7/src/main/threads.c:220: undefined reference to `CRYPTO_set_id_callback'
/home/freerad/freeradius-1.1.7/src/main/threads.c:221: undefined reference to `CRYPTO_set_locking_callback'
collect2: ld returned 1 exit status
gmake[4]: *** [radiusd] Error 1
gmake[4]: Leaving directory `/home/freerad/freeradius-1.1.7/src/main'
gmake[3]: *** [common] Error 2
gmake[3]: Leaving directory `/home/freerad/freeradius-1.1.7/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/home/freerad/freeradius-1.1.7/src'
gmake[1]: *** [common] Error 2
gmake[1]: Leaving directory `/home/freerad/freeradius-1.1.7'
make: *** [all] Error 2
Does anyone know what package I need to upgrade/install?
Thanks,
Ben
2
1
Another question.
We can only get our radius authentication to work on our webserver when it is outside of our internal firewall ie it has a static ip address of what is specified on the radius server.
The current setup is that it is behind a firewall which translates the external ip address with the internal ip address of the linux apache web server on an internal local network, this allows for other internal operations to take place, however this causes authentication to fail with a 401 error reported on the webpage.
is there any further configuration I can do on my linux web server to translate authentication from the external ipaddress of the web server to the internal ip address. or any rules extra rules I need to add to my firewall.
hope this makes sense.
Charnjit
Charnjit Sidhu
Computing Officer
Birmingham University Imaging Centre
School of Psychology
University of Birmingham
Tel: +44 (0)121 4143857
E-mail: c.sidhu(a)bham.ac.uk <mailto:c.sidhu@bham.ac.uk>
2
1
upgrade broke the users file - being read only partially - FR1.1.7 to FR2.0.2
by Agent Smith 07 Mar '08
by Agent Smith 07 Mar '08
07 Mar '08
Note: forwarded message attached.
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
5
8
HI,
As advice by Ivan Kalik I've add a table and put username and password
only, but still the problem is there, and the output is like this. Please
let me know how to used the customized table.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32791, id=197,
length=57
User-Name = "david"
User-Password = "david"
NAS-IP-Address = 192.168.1.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = "david", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
expand: %{User-Name} -> david
rlm_sql (sql): sql_set_user escaped user --> 'david'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT usernames,passwords FROM userpass WHERE usernames =
'%{SQL-User-Name}' -> SELECT usernames,passwords FROM userpass WHERE
usernames = 'david'
query: SELECT usernames,passwords FROM userpass WHERE usernames = 'david'
rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
++[sql] returns fail
Invalid user: [david/david] (from client localhost port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> david
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 197 to 127.0.0.1 port 32791
Waking up in 4.9 seconds.
Cleaning up request 0 ID 197 with timestamp +86
Ready to process requests.
Regards
Elangbam Johnson
2
1
I fail to authenticate my user, and it seems to me that it's a problem
with the certificates
Could you please check the attached radius log to see if that is the
real problem
I am interested in the user having the mac:00-1D-E1-00-EA-02
Thank you in advance
Cristian NOVAC
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = "ttls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/usr/local/etc/raddb/certs/server-key.pem"
tls: certificate_file = "/usr/local/etc/raddb/certs/server.pem"
tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/ca-cert.pem"
tls: private_key_password = "asb#1234"
tls: dh_file = "/usr/local/etc/raddb/certs/dh"
tls: random_file = "/usr/local/etc/raddb/certs/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
tls: session_resume = 1
rlm_eap: Loaded and initialized type tls
ttls: default_eap_type = "mschapv2"
ttls: copy_request_to_tunnel = no
ttls: use_tunneled_reply = yes
rlm_eap: Loaded and initialized type ttls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
sim: fast_reauth = no
sim: success_notification = no
rlm_eap_sim: fast_reauth = 0
rlm_eap_sim: success_notification = 0
rlm_eap: Loaded and initialized type sim
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/usr/local/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Thread spawned new child 1. Total threads in pool: 1
Thread spawned new child 2. Total threads in pool: 2
Thread spawned new child 3. Total threads in pool: 3
Thread spawned new child 4. Total threads in pool: 4
Thread spawned new child 5. Total threads in pool: 5
Thread pool initialized
Listening on authentication *:1812
Listening on accounting *:1813
Listening on proxy *:1814
Ready to process requests.
Thread 1 waiting to be assigned a request
Thread 2 waiting to be assigned a request
Thread 3 waiting to be assigned a request
Thread 4 waiting to be assigned a request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36611, id=3, length=127
--- Walking the entire request list ---
Thread 1 got semaphore
Waking up in 31 seconds...
Thread 1 handling request 0, (1 handled so far)
Threads: total/active/spare threads = 5/1/4
Calling-Station-Id = "00-1D-E1-00-EA-02"
Message-Authenticator = 0x8291dad6df5836811819e1c7ad74d3f2
EAP-Message = 0x0210001601616e6f6e796d6f7573406173622e636f6d
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: EAP packet type response id 16 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 0
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: try to find eap sim reauthentication_id anonymous(a)asb.com
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 0
modcall: group authenticate returns handled for request 0
Sending Access-Challenge of id 3 to 192.168.73.154:36611
EAP-Message = 0x011100061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xaac1d9c8da1dcb338e7e990cf2f0b979
Finished request 0
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36611, id=4, length=183
--- Walking the entire request list ---
Thread 2 got semaphore
Waking up in 5 seconds...
Thread 2 handling request 1, (1 handled so far)
Calling-Station-Id = "00-1D-E1-00-EA-02"
Message-Authenticator = 0xda4401f2ac6586c7d17cf733d18bad33
EAP-Message = 0x0211003c150016030100310100002d0301884dc646a52fdd3582d4e9de7a868ef81d7eabd82c706922b81f0fafc3f18cc9000006002f000400050100
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0xaac1d9c8da1dcb338e7e990cf2f0b979
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
modcall[authorize]: module "chap" returns noop for request 1
modcall[authorize]: module "mschap" returns noop for request 1
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
rlm_eap: EAP packet type response id 17 length 60
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 1
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 1
modcall: group authorize returns updated for request 1
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0031], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 046a], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
handler->eap_ds->request->code 1
modcall[authenticate]: module "eap" returns handled for request 1
modcall: group authenticate returns handled for request 1
Sending Access-Challenge of id 4 to 192.168.73.154:36611
EAP-Message = 0x0112040a15c0000004c7160301004a02000046030147d010aff8795486d6bdf04c53bed2570bec9c3d28bfd6ef37eb108bd29a09bf2062ebd0824b607bc5ad276a2b6a6bccd344273b70eeec3517ff345b784189adc5002f00160301046a0b000466000463000226308202223082018b020101300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313434335a170d30383035
EAP-Message = 0x33313138313434335a3051310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d415830819f300d06092a864886f70d010101050003818d0030818902818100d2f0f90c8642ec9c13507f01fc6cb2f985d3a5a076e6e7a9471d0ffd3677dd32bd27d80f60ed533860acbc5c83a6dd7a17a50415ddd6dc7cfa0b6af26b531245618b4061e243b9200bedf395896ce843df685565c665be33e3a956a42dd043d7b577f7831a09d20528c247c9a0409b1fbfd172c55b23392de4e8288b346debdf02030100
EAP-Message = 0x01300d06092a864886f70d01010405000381810024fc81e502a0b181ef90cd78fb14895e1af9d772e0af8cb31e8d2af1456e8569785a37e4fb6e9d44612d65640e28405c18fa351dd16265456ff5effdc781b510858a15ff39de9885d2767981289869bed93b57305ef358bebb146e1d4e8cb6a17bde2c92112b749ae6bbf7c27ea7babc9ef336a3e166256921bbbbf3734c4c87000237308202333082019c020100300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b
EAP-Message = 0x130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313432375a170d3038303533313138313432375a3062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d0603550403130650696572726530819f300d06092a864886f70d010101050003818d0030818902818100cf3db5db748b10fe1ce2594cefeb8861531c9c72fca5913ae4427569fe588c6042347f2e01265171e4d6d4b471b077bebbabfecf2b0b23587e9189b4b1d7d17bc145133b
EAP-Message = 0x32b59832859af826c0cd6f485b9667d8e679bc577438
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xc08c7dcc952a42b2812bfffc783cee12
Finished request 1
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36611, id=5, length=129
Waking up in 5 seconds...
Thread 3 got semaphore
Threads: total/active/spare threads = 5/0/5
Thread 3 handling request 2, (1 handled so far)
Calling-Station-Id = "00-1D-E1-00-EA-02"
Message-Authenticator = 0x5f6607a53f8ea2386219a99131f58800
EAP-Message = 0x021200061500
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0xc08c7dcc952a42b2812bfffc783cee12
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 2
rlm_eap: EAP packet type response id 18 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 2
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns updated for request 2
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 2
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
handler->eap_ds->request->code 1
modcall[authenticate]: module "eap" returns handled for request 2
modcall: group authenticate returns handled for request 2
Sending Access-Challenge of id 5 to 192.168.73.154:36611
EAP-Message = 0x011300d11580000004c7eefd87743d27254bfd37b497b52f4594d138e842abfd73bf76056e03cbe568395d1f61ee91210203010001300d06092a864886f70d0101040500038181009d3f0c63a2c40e5cc595dc7a139b4354075294e108bc0692e8ba090f2d2f725d6e8cfa57087fad5d05022579a6a26d2698de1e20907775c427aa7ded1fe3f591ea18a3db3688717ab25fb56e2c75170b54fccfb134708a044aa6661180bc4a6abc5054c7786ca7021fc4d89172ca7eb28d19f3c2064986a3a36e359cfea29ac616030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x32455d7cb5e959632d4d8d952c8259cf
Finished request 2
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36611, id=6, length=136
--- Walking the entire request list ---
Thread 4 got semaphore
Waking up in 4 seconds...
Thread 4 handling request 3, (1 handled so far)
Threads: total/active/spare threads = 5/1/4
Calling-Station-Id = "00-1D-E1-00-EA-02"
Message-Authenticator = 0xd5d1c6b781c0e5d4c99ea02cb7890da8
EAP-Message = 0x0213000d15001503010002022e
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0x32455d7cb5e959632d4d8d952c8259cf
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 3
rlm_eap: EAP packet type response id 19 length 13
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 3
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert read:fatal:certificate unknown
TLS_accept:failed in SSLv3 read client certificate A
6040:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1052:SSL alert number 46
6040:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:837:
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
rlm_eap_tls: BIO_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
handler->eap_ds->request->code 4
rlm_eap: Freeing handler
?rlm_eap: Request code is 4
?rlm_eap: Request type is 0
modcall[authenticate]: module "eap" returns reject for request 3
modcall: group authenticate returns reject for request 3
auth: Failed to validate the user.
Delaying request 3 for 1 seconds
Finished request 3
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36611, id=6, length=136
Sending Access-Reject of id 6 to 192.168.73.154:36611
EAP-Message = 0x04130004
Message-Authenticator = 0x00000000000000000000000000000000
--- Walking the entire request list ---
Waking up in 1 seconds...
Threads: total/active/spare threads = 5/0/5
--- Walking the entire request list ---
Cleaning up request 0 ID 3 with timestamp 47d010ae
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 4 with timestamp 47d010af
Cleaning up request 2 ID 5 with timestamp 47d010af
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 3 ID 6 with timestamp 47d010b0
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.73.154:36612, id=3, length=149
--- Walking the entire request list ---
Thread 5 got semaphore
Waking up in 31 seconds...
Thread 5 handling request 4, (1 handled so far)
Threads: total/active/spare threads = 5/1/4
User-Name = "anonymous"
NAS-IP-Address = 192.168.73.154
Calling-Station-Id = "00-17-C4-07-A7-6F"
Acct-Status-Type = Stop
Acct-Session-Id = "e776c547bc080000"
Acct-Input-Octets = 0
Acct-Output-Octets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Input-Packets = 0
Acct-Output-Packets = 0
Acct-Session-Time = 812
Acct-Terminate-Cause = User-Request
Framed-IP-Address = 192.168.247.8
WiMAX-Attr-46 = 0x00313131383838
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 4
modcall[preacct]: module "preprocess" returns noop for request 4
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.73.154,NAS-IP-Address = 192.168.73.154,Acct-Session-Id = "e776c547bc080000",User-Name = "anonymous"'
rlm_acct_unique: Acct-Unique-Session-ID = "b21ad07d157778ed".
modcall[preacct]: module "acct_unique" returns ok for request 4
rlm_realm: No '@' in User-Name = "anonymous", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 4
modcall[preacct]: module "files" returns noop for request 4
modcall: group preacct returns ok for request 4
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 4
radius_xlat: '/usr/local/var/log/radius/radacct/192.168.73.154/detail-20080306'
rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.73.154/detail-20080306
modcall[accounting]: module "detail" returns ok for request 4
modcall[accounting]: module "unix" returns noop for request 4
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'anonymous'
rlm_radutmp: Logout entry for NAS WAC4 port 0 has wrong ID
modcall[accounting]: module "radutmp" returns ok for request 4
modcall: group accounting returns ok for request 4
Sending Accounting-Response of id 3 to 192.168.73.154:36612
Finished request 4
Going to the next request
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36613, id=3, length=127
--- Walking the entire request list ---
Thread 1 got semaphore
Cleaning up request 4 ID 3 with timestamp 47d010be
Thread 1 handling request 5, (2 handled so far)
Waking up in 5 seconds...
Calling-Station-Id = "00-17-C4-07-A7-6F"
Message-Authenticator = 0xebfdba29e1618b09fd0c8ead8d908cce
EAP-Message = 0x0239001601616e6f6e796d6f7573406173622e636f6d
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 5
modcall[authorize]: module "preprocess" returns ok for request 5
modcall[authorize]: module "chap" returns noop for request 5
modcall[authorize]: module "mschap" returns noop for request 5
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 5
rlm_eap: EAP packet type response id 57 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 5
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 5
modcall: group authorize returns updated for request 5
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_eap: EAP Identity
rlm_eap: try to find eap sim reauthentication_id anonymous(a)asb.com
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module "eap" returns handled for request 5
modcall: group authenticate returns handled for request 5
Sending Access-Challenge of id 3 to 192.168.73.154:36613
EAP-Message = 0x013a00061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x68b1a4e9a6996bfdbb4c6244a6485cca
Finished request 5
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36613, id=4, length=231
Waking up in 5 seconds...
Thread 2 got semaphore
Threads: total/active/spare threads = 5/0/5
Thread 2 handling request 6, (2 handled so far)
Calling-Station-Id = "00-17-C4-07-A7-6F"
Message-Authenticator = 0x8abf7d43aa46780dae5f9ee6a38a58e5
EAP-Message = 0x023a006c150016030100610100005d030147d010c1062e8b77cc914707647119a6738f9ef01a6e9b54e2e2ade4c6f3f04f00003600390038003500160013000a00330032002f0007006600050004006300620061001500120009006500640060001400110008000600030100
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0x68b1a4e9a6996bfdbb4c6244a6485cca
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
modcall[authorize]: module "preprocess" returns ok for request 6
modcall[authorize]: module "chap" returns noop for request 6
modcall[authorize]: module "mschap" returns noop for request 6
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 6
rlm_eap: EAP packet type response id 58 length 108
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 6
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 6
modcall: group authorize returns updated for request 6
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 6
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 046a], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 010d], ServerKeyExchange
TLS_accept: SSLv3 write key exchange A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept:error in SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
hit in SSL is 0
eaptls_process returned 13
handler->eap_ds->request->code 1
modcall[authenticate]: module "eap" returns handled for request 6
modcall: group authenticate returns handled for request 6
Sending Access-Challenge of id 4 to 192.168.73.154:36613
EAP-Message = 0x013b040a15c0000005d9160301004a02000046030147d010c256d25c1c72c637fafe2b7975eb9a2e593ec9a090f93ae6951ec984b2204cfd7c3b3f67d40f929634c91bafe5fc517a11007b5f9c117b5f4d22a1dee994003900160301046a0b000466000463000226308202223082018b020101300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313434335a170d30383035
EAP-Message = 0x33313138313434335a3051310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d415830819f300d06092a864886f70d010101050003818d0030818902818100d2f0f90c8642ec9c13507f01fc6cb2f985d3a5a076e6e7a9471d0ffd3677dd32bd27d80f60ed533860acbc5c83a6dd7a17a50415ddd6dc7cfa0b6af26b531245618b4061e243b9200bedf395896ce843df685565c665be33e3a956a42dd043d7b577f7831a09d20528c247c9a0409b1fbfd172c55b23392de4e8288b346debdf02030100
EAP-Message = 0x01300d06092a864886f70d01010405000381810024fc81e502a0b181ef90cd78fb14895e1af9d772e0af8cb31e8d2af1456e8569785a37e4fb6e9d44612d65640e28405c18fa351dd16265456ff5effdc781b510858a15ff39de9885d2767981289869bed93b57305ef358bebb146e1d4e8cb6a17bde2c92112b749ae6bbf7c27ea7babc9ef336a3e166256921bbbbf3734c4c87000237308202333082019c020100300d06092a864886f70d01010405003062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b
EAP-Message = 0x130557694d4158310f300d06035504031306506965727265301e170d3037303630313138313432375a170d3038303533313138313432375a3062310b3009060355040613024652310f300d060355040813064672616e6365310f300d0603550407130656656c697a793110300e060355040a1307416c636174656c310e300c060355040b130557694d4158310f300d0603550403130650696572726530819f300d06092a864886f70d010101050003818d0030818902818100cf3db5db748b10fe1ce2594cefeb8861531c9c72fca5913ae4427569fe588c6042347f2e01265171e4d6d4b471b077bebbabfecf2b0b23587e9189b4b1d7d17bc145133b
EAP-Message = 0x32b59832859af826c0cd6f485b9667d8e679bc577438
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x7eac65a87a64bfb068586cc5410ded4b
Finished request 6
Going to the next request
Thread 2 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36613, id=5, length=129
--- Walking the entire request list ---
Thread 3 got semaphore
Waking up in 5 seconds...
Thread 3 handling request 7, (2 handled so far)
Threads: total/active/spare threads = 5/1/4
Calling-Station-Id = "00-17-C4-07-A7-6F"
Message-Authenticator = 0xebde58a5ab3de6dc4ffb02b3dcf36bd7
EAP-Message = 0x023b00061500
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0x7eac65a87a64bfb068586cc5410ded4b
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 7
modcall[authorize]: module "preprocess" returns ok for request 7
modcall[authorize]: module "chap" returns noop for request 7
modcall[authorize]: module "mschap" returns noop for request 7
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 7
rlm_eap: EAP packet type response id 59 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 7
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 7
modcall: group authorize returns updated for request 7
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 7
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
handler->eap_ds->request->code 1
modcall[authenticate]: module "eap" returns handled for request 7
modcall: group authenticate returns handled for request 7
Sending Access-Challenge of id 5 to 192.168.73.154:36613
EAP-Message = 0x013c01e31580000005d9eefd87743d27254bfd37b497b52f4594d138e842abfd73bf76056e03cbe568395d1f61ee91210203010001300d06092a864886f70d0101040500038181009d3f0c63a2c40e5cc595dc7a139b4354075294e108bc0692e8ba090f2d2f725d6e8cfa57087fad5d05022579a6a26d2698de1e20907775c427aa7ded1fe3f591ea18a3db3688717ab25fb56e2c75170b54fccfb134708a044aa6661180bc4a6abc5054c7786ca7021fc4d89172ca7eb28d19f3c2064986a3a36e359cfea29ac6160301010d0c0001090040ddbe40a44987b7a1a0ee13b17ae444df43f2006b89991366bf2ea5f44da06caf96b284371bcacda5a95c
EAP-Message = 0xaaad5c4d9ebfcebdb8631e454ce6b52c40b959cdf43f0001050040197efd9ce37c443fca870d69508d6283a6db0ab9b4df6f4b39698751bc4135d7bcc5f36f5da577cfc54a3df3376f68d61c560d8a8d49a761e362f45979b3958b0080ac876398d0ed832f42dd5534071b140101816413a85344f60c5cf6e6ba6519b1686ed03e27ff2b630df24a270a9b5ab58cdaf509bcdeeea28fd6938e35d8e24317f168d853b3244ed54c9a2fa9abd6a4e8e97c9017eeaadc024ab0ec58086e03c70f8980836a8d025c5ec8069a25a2d5717728d3b888a66f959d374ac1aa4e4216030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x02cf9c6a9b021fede7ca3d03b3974231
Finished request 7
Going to the next request
Thread 3 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36613, id=6, length=263
Waking up in 5 seconds...
Thread 4 got semaphore
Threads: total/active/spare threads = 5/0/5
Thread 4 handling request 8, (2 handled so far)
Calling-Station-Id = "00-17-C4-07-A7-6F"
Message-Authenticator = 0xebb84710d8e1ee326582b244334ceaab
EAP-Message = 0x023c008c15001603010046100000420040a8d9095e782bb3e8f1e27782efbbd97fd2238c95a80293f2e49dbf0eb2e77f8483b4e4acd4096ab35508e3900277bcd103f04bbe56e02b8f97b7a66d6d85ab301403010001011603010030f12358f1c2e40f67e44110cde63c151be35e78e8ff3837cc293d036a0edc91aa3991636a170690fb35f21d63fea60de9
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0x02cf9c6a9b021fede7ca3d03b3974231
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 8
modcall[authorize]: module "preprocess" returns ok for request 8
modcall[authorize]: module "chap" returns noop for request 8
modcall[authorize]: module "mschap" returns noop for request 8
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 8
rlm_eap: EAP packet type response id 60 length 140
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 8
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 8
modcall: group authorize returns updated for request 8
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
sesssion resume success is 0
hit in SSL is 0
eaptls_process returned 13
handler->eap_ds->request->code 1
modcall[authenticate]: module "eap" returns handled for request 8
modcall: group authenticate returns handled for request 8
Sending Access-Challenge of id 6 to 192.168.73.154:36613
EAP-Message = 0x013d004515800000003b1403010001011603010030ebbc6c474a922d584bd02c05514784da8a2eb181ada3001188dd5c975880e6b1bc5891c8614c64da0858eab3a49187ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x5198c6819e3056ec67259b521453ca30
Finished request 8
Going to the next request
Thread 4 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.73.154:36613, id=7, length=283
Waking up in 5 seconds...
Thread 5 got semaphore
Thread 5 handling request 9, (2 handled so far)
Calling-Station-Id = "00-17-C4-07-A7-6F"
Message-Authenticator = 0xe56ca5a60040e21c24a97be9df7715e7
EAP-Message = 0x023d00a0150017030100204b1e4addbd6af56259877143afecec118a792b91a52bb94dfc865c94d5c06bfa170301007081cbe09cd68f5633c9842c9fc3d691d9734b4a26d5847154aa65672ae8665e3728d221e03b91e66e72201f00037ad5b324ad88a4069b17e1a5900f6c0ecf1bc025e426f0a883bc9ff78f895b895b835516e04441587a8f8cef3c1a1a9917c8b36de5a3ba5c0b17ae8851640da1e251b6
Framed-MTU = 3795
User-Name = "anonymous(a)asb.com"
NAS-IP-Address = 192.168.73.154
State = 0x5198c6819e3056ec67259b521453ca30
WiMAX-Attr-46 = 0x00313131383838
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
modcall[authorize]: module "chap" returns noop for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: Looking up realm "asb.com" for User-Name = "anonymous(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "anonymous"
rlm_realm: Proxying request from user anonymous to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: EAP packet type response id 61 length 160
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
rlm_eap: try to find eap sim reauthentication_id anonymous
rlm_eap_sim: Entering find_eap_sim_peer_by_reauth_id
modcall[authorize]: module "eap" returns updated for request 9
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns updated for request 9
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 9
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
handler->eap_ds->request->code 0
rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes.
before BIO_write in eapttls_process,data_len is 154
after SSL_read in eapttls_process,err is 80
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 9
modcall[authorize]: module "preprocess" returns ok for request 9
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 9
modcall[authorize]: module "mschap" returns noop for request 9
rlm_realm: Looking up realm "asb.com" for User-Name = "OnAir_20_10(a)asb.com"
rlm_realm: Found realm "asb.com"
rlm_realm: Adding Stripped-User-Name = "OnAir_20_10"
rlm_realm: Proxying request from user OnAir_20_10 to realm asb.com
rlm_realm: Adding Realm = "asb.com"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 9
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 9
users: Matched entry DEFAULT at line 1095
users: Matched entry DEFAULT at line 1279
users: Matched entry DEFAULT at line 1522
users: Matched entry DEFAULT at line 1706
users: Matched entry DEFAULT at line 1899
users: Matched entry OnAir_20_10 at line 2291
modcall[authorize]: module "files" returns ok for request 9
modcall: group authorize returns ok for request 9
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
TTLS: Got tunneled Access-Accept
modcall[authenticate]: module "eap" returns ok for request 9
modcall: group authenticate returns ok for request 9
Sending Access-Accept of id 7 to 192.168.73.154:36613
Session-Timeout = 1800000000
Termination-Action = RADIUS-Request
3GPP2-Service-Option-Profile = 0x000000020104a70101048101
Service-Flow-Descriptor += 0x000104000102040001040303050304060301070301080302
QoS-Descriptor += 0x000103010403020503000606009c40000806000027100c0302
QoS-Descriptor += 0x000103020403020503000606013880000806000027100c0302
MS-MPPE-Recv-Key = 0x027c610548c499a519e16785b4d14b19ca57b2ba7fd5b974da26cdc43a415211
MS-MPPE-Send-Key = 0x9f2a3801203ed2746de3f1bdadc187dcc2b713733ba89a61a2810b70d386a9ab
EAP-Message = 0x033d0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
State = 0xea057d6c7d9c28ca4932f91de9a5b888
Finished request 9
Going to the next request
Thread 5 waiting to be assigned a request
2
1
Hi,
Could checkval work with mysql instead of LDAP?
If so could someone elaborate on it.
Thanks,
rsg
2
1
Hi!
I have a Domino (6.5.4FP3) ldap which I would like to use as a backend
for freeradius.
My clients (winxp) uses eap-mschapv2, would it be possible for
freeradius to match the password from the domino with the one supplied
by the client?
If it ain't possible what would it take to achieve it?
I'm sorry if the question has been asked too many times, but I can't
find a answer on the net or in this list....
Thanks
-CP
3
4
Hi again,
I am trying to configure FreeRadius to require a Certificate AND a
username/password to accept a User.
My clients are Macs (10.4.11).
I want TTLS to require a certificate so I've set:
EAP-TLS-Require-Client-Cert := Yes
in the control items of the request.
If I configure the client to do TLS only, it works fine.
See -X log at: http://www.beutelfrosch.de/ReqTLS.txt
So the certs seem OK to me.
If I configure the client to do TTLS only (after disabling the
"EAP-TLS-Require-Client-Cert" control item), it works fine.
See -X log at: http://www.beutelfrosch.de/TTLS.txt
So the user/password-part seems OK to me.
Now I set the client to do TLS (for the cert) and TTLS (for the
password).
What I get is the log below.
The Client does'nt send the certificate.
My wild speculation, which is a pure guess of a newbie:
Is the Client in some sort of "TTLS-Mode", where he can't send a
client-certificate, because
Sending Access-Challenge of id 183 to 192.168.1.24 port 1104
EAP-Message = 0x011000061520
tells him to do TTLS (Type 0x15)?
And how do I tell the server, that a valid certificate is not enough to
get in?
In the first log-file, you see that the client can disable ttls and
still is accepted.
Thank you very much for any hint.
Regards
Wolfgang Burger
FreeRADIUS Version 2.0.2, for host powerpc-apple-darwin8.11.0, built on
Feb 14 2008 at 15:25:18
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file //etc/raddb/radiusd.conf
including configuration file //etc/raddb/proxy.conf
including configuration file //etc/raddb/clients.conf
including configuration file //etc/raddb/snmp.conf
including configuration file //etc/raddb/eap.conf
including configuration file //etc/raddb/sql.conf
including configuration file //etc/raddb/sql/mysql/dialup.conf
including configuration file //etc/raddb/sql/mysql/counter.conf
including configuration file //etc/raddb/policy.conf
including files in directory //etc/raddb/sites-enabled/
including configuration file //etc/raddb/sites-enabled/default
including dictionary file //etc/raddb/dictionary
main {
prefix = "/"
localstatedir = "//var"
logdir = "//var/log/radius"
libdir = "//lib"
radacctdir = "//var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "//var/run/radiusd/radiusd.pid"
checkrad = "//sbin/checkrad"
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client 192.168.1.24 {
require_message_authenticator = no
secret = "testing123"
shortname = "netgear1"
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
use_open_directory = yes
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "//var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "//etc/raddb/mpiibcerts/Mac339.pem"
certificate_file = "//etc/raddb/mpiibcerts/Mac339.pem"
CA_file = "//etc/raddb/mpiibcerts/root.pem"
private_key_password = "password"
dh_file = "//etc/raddb/mpiibcerts/dh"
random_file = "//etc/raddb/mpiibcerts/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "//etc/raddb/mpiibcerts/bootstrap"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = yes
use_tunneled_reply = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "//etc/raddb/huntgroups"
hints = "//etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Instantiating eapguest
eap eapguest {
default_eap_type = "ttls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "//etc/raddb/mpiibcerts/Mac339.pem"
certificate_file = "//etc/raddb/mpiibcerts/Mac339.pem"
CA_file = "//etc/raddb/mpiibcerts/root.pem"
private_key_password = "password"
dh_file = "//etc/raddb/mpiibcerts/dh"
random_file = "//etc/raddb/mpiibcerts/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "//etc/raddb/mpiibcerts/bootstrap"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = yes
use_tunneled_reply = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Linked to module rlm_passwd
Module: Instantiating guestlist
passwd guestlist {
filename = "/etc/raddb/guestlist"
format = "*User-Name:Cleartext-Password"
delimiter = ":"
ignorenislike = yes
ignoreempty = yes
allowmultiplekeys = no
hashsize = 100
}
rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no
Module: Instantiating eapuser
eap eapuser {
default_eap_type = "tls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "//etc/raddb/mpiibcerts/Mac339.pem"
certificate_file = "//etc/raddb/mpiibcerts/Mac339.pem"
CA_file = "//etc/raddb/mpiibcerts/root.pem"
private_key_password = "password"
dh_file = "//etc/raddb/mpiibcerts/DH"
random_file = "//etc/raddb/mpiibcerts/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = yes
use_tunneled_reply = no
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "//etc/raddb/users"
acctusersfile = "//etc/raddb/acct_users"
preproxy_usersfile = "//etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"//var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "//var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "//etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "//etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=216, length=170
Message-Authenticator = 0x913ef4c34c0f80839a70351ae8eb6834
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
Called-Station-Id = "00184DFCC7B8:Test-U"
Calling-Station-Id = "0017F2ECCC75"
NAS-Identifier = "netgear1"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0205000a01776f6c6c65
NAS-IP-Address = 192.168.1.24
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (Called-Station-ID =~ /:Test-G$/)
? Evaluating (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-U$/)
? Evaluating (Called-Station-ID =~ /:Test-U$/) -> TRUE
++? if (Called-Station-ID =~ /:Test-U$/) -> TRUE
++- entering if (Called-Station-ID =~ /:Test-U$/)
rlm_eap: EAP packet type response id 5 length 10
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
+++[eapuser] returns updated
rlm_passwd: Added Cleartext-Password: 'testpass' to config_items
+++[guestlist] returns ok
++- if (Called-Station-ID =~ /:Test-U$/) returns updated
++[unix] returns notfound
expand: %{Called-Station-Id} -> 00184DFCC7B8:Test-U
users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 216 to 192.168.1.24 port 1106
EAP-Message = 0x010600061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f2598221f238d94c802e19d0ec60b5d
Finished request 0.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=217, length=296
Message-Authenticator = 0x460a3c952cafdd2107e36a413f3ad6c1
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
State = 0x1f2598221f238d94c802e19d0ec60b5d
Called-Station-Id = "00184DFCC7B8:Test-U"
Calling-Station-Id = "0017F2ECCC75"
NAS-Identifier = "netgear1"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x0206007615800000006c160301006701000063030147ceb8eb288253896e35e7a251c8
da7950171d5d832eb698dbd5db48ab4b2c5600003c002f000500040035000aff830009ff
82000300080006ff8000320033003400380039003a001600150014001300120011001800
1b001a0017001900010100
NAS-IP-Address = 192.168.1.24
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (Called-Station-ID =~ /:Test-G$/)
? Evaluating (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-U$/)
? Evaluating (Called-Station-ID =~ /:Test-U$/) -> TRUE
++? if (Called-Station-ID =~ /:Test-U$/) -> TRUE
++- entering if (Called-Station-ID =~ /:Test-U$/)
rlm_eap: EAP packet type response id 6 length 118
rlm_eap: Continuing tunnel setup.
+++[eapuser] returns ok
++- if (Called-Station-ID =~ /:Test-U$/) returns ok
++[unix] returns notfound
expand: %{Called-Station-Id} -> 00184DFCC7B8:Test-U
users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 108
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0067], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0719], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 00c6], CertificateRequest
TLS_accept: SSLv3 write certificate request A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 217 to 192.168.1.24 port 1106
EAP-Message =
0x0107040015c000000838160301004a02000046030147ceb8ec1d13a000cfd0e9896d6e
83deb6fe0ce6ad96b9b2a30540e409bba1be202d747526607c2a6b447509e47e164e3d4f
cc7af2378732f100e838063ff4374b002f0016030107190b000715000712000301308202
fd30820266a003020102020900de377817340de54b300d06092a864886f70d0101040500
3081b4310b3009060355040613024445311b301906035504081312426164656e2d577565
727474656d626572673111300f060355040713084672656962757267312d302b06035504
0a13244d61782d506c616e636b2d496e73746974757420662e20496d6d756e62696f6c6f
6769
EAP-Message =
0x65310c300a060355040b13034544563111300f060355040313084d504949422d434131
25302306092a864886f70d010901161673797374656d40696d6d756e62696f2e6d70672e
6465301e170d3038303330333135343134375a170d3039303330333135343134375a3081
b2310b3009060355040613024445311b301906035504081312426164656e2d5775657274
74656d626572673111300f060355040713084672656962757267312d302b060355040a13
244d61782d506c616e636b2d496e73746974757420662e20496d6d756e62696f6c6f6769
65310c300a060355040b1303454456310f300d060355040313064d616333333931253023
0609
EAP-Message =
0x2a864886f70d010901161673797374656d40696d6d756e62696f2e6d70672e64653081
9f300d06092a864886f70d010101050003818d00308189028181009b0c3f1c54dda34fce
85f6abd123b8d9c93b1e6ce46e3a05fc4f64cf15e164717fa863e1a920f3b24ab9574af2
749b0b9b647bfe37b27c2a0ea0ec252865aeb0b9de8dab965ede3a528dd07543092d2cd0
6f6a00dafa726f70b3198c2ec381fab1077897dfdeb920a7399697d0f6b3ae2544f8a2a0
1eb00bdcfecf3d7536acdd0203010001a317301530130603551d25040c300a06082b0601
0505070301300d06092a864886f70d0101040500038181007428219fda7670c04068e341
0c2e
EAP-Message =
0xf3e47e1c57e4f53b16c78038601f68de6bd9736e5500b3cc1a8f4bc4d27c16651b6ac9
a0186a76108cf36e62a5ce16a4ca311e4c97741f1dfe47f0c4867d8d217e8bf4b21ba07f
5a361039c00e3935ca18480788d4b8f38cb3c759bdc8c279cc17aedf9a364c0e8645f64e
371154cc20f5f700040b3082040730820370a003020102020900de377817340de54a300d
06092a864886f70d01010405003081b4310b3009060355040613024445311b3019060355
04081312426164656e2d577565727474656d626572673111300f06035504071308467265
6962757267312d302b060355040a13244d61782d506c616e636b2d496e73746974757420
662e
EAP-Message = 0x20496d6d756e62696f6c6f67
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f2598221e228d94c802e19d0ec60b5d
Finished request 1.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=218, length=184
Message-Authenticator = 0xe53c465131756f24b24c53e007a46747
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
State = 0x1f2598221e228d94c802e19d0ec60b5d
Called-Station-Id = "00184DFCC7B8:Test-U"
Calling-Station-Id = "0017F2ECCC75"
NAS-Identifier = "netgear1"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020700061500
NAS-IP-Address = 192.168.1.24
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (Called-Station-ID =~ /:Test-G$/)
? Evaluating (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-U$/)
? Evaluating (Called-Station-ID =~ /:Test-U$/) -> TRUE
++? if (Called-Station-ID =~ /:Test-U$/) -> TRUE
++- entering if (Called-Station-ID =~ /:Test-U$/)
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
+++[eapuser] returns ok
++- if (Called-Station-ID =~ /:Test-U$/) returns ok
++[unix] returns notfound
expand: %{Called-Station-Id} -> 00184DFCC7B8:Test-U
users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 218 to 192.168.1.24 port 1106
EAP-Message =
0x0108040015c0000008386965310c300a060355040b13034544563111300f0603550403
13084d504949422d43413125302306092a864886f70d010901161673797374656d40696d
6d756e62696f2e6d70672e6465301e170d3038303330333135343131305a170d31383033
30313135343131305a3081b4310b3009060355040613024445311b301906035504081312
426164656e2d577565727474656d626572673111300f0603550407130846726569627572
67312d302b060355040a13244d61782d506c616e636b2d496e73746974757420662e2049
6d6d756e62696f6c6f676965310c300a060355040b13034544563111300f060355040313
084d
EAP-Message =
0x504949422d43413125302306092a864886f70d010901161673797374656d40696d6d75
6e62696f2e6d70672e646530819f300d06092a864886f70d010101050003818d00308189
02818100d88f0fc2064b0964747d6e93a2e5e8210f29b03c4f59c3a17f20e3a014aa236e
b2e7a0dd7b42ec38e46d60ffe5ba22780af5f96e7d777566b566917925d56d4921a6d610
d0900314fd5e4106d4310f333dc2cc03357da3e48fd05cb50f0a031c98a448cb39d1795b
5de9f5e4647ce2b97aefc10edc63c39249ef2a14daf7ca9d0203010001a382011d308201
19301d0603551d0e04160414f286c59fa1ed8050fe30064d247303a0472b143c3081e906
0355
EAP-Message =
0x1d230481e13081de8014f286c59fa1ed8050fe30064d247303a0472b143ca181baa481
b73081b4310b3009060355040613024445311b301906035504081312426164656e2d5775
65727474656d626572673111300f060355040713084672656962757267312d302b060355
040a13244d61782d506c616e636b2d496e73746974757420662e20496d6d756e62696f6c
6f676965310c300a060355040b13034544563111300f060355040313084d504949422d43
413125302306092a864886f70d010901161673797374656d40696d6d756e62696f2e6d70
672e6465820900de377817340de54a300c0603551d13040530030101ff300d06092a8648
86f7
EAP-Message =
0x0d0101040500038181000d9c69e325f19a11f2f57ededc9a9d752a6bc9f3fd9b0ea58d
1fdac2a7eb51a3f67a39bcfa63df7f3a7052657365508be4d8e734caec7578e179cd80ae
b49fc5d83f67039b3ad82c5dba6c6bc4b669be77ab8d69cc7b933fd58e08d888ef7be814
e6f0cbf1b179aa2a7e80c729c581f31881ad9498af35594060f4349a9bf5b216030100c6
0d0000be02010200b900b73081b4310b3009060355040613024445311b30190603550408
1312426164656e2d577565727474656d626572673111300f060355040713084672656962
757267312d302b060355040a13244d61782d506c616e636b2d496e73746974757420662e
2049
EAP-Message = 0x6d6d756e62696f6c6f676965
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f2598221d2d8d94c802e19d0ec60b5d
Finished request 2.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=219, length=184
Message-Authenticator = 0x10021b18c69f6674b4c22b5df88ac275
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
State = 0x1f2598221d2d8d94c802e19d0ec60b5d
Called-Station-Id = "00184DFCC7B8:Test-U"
Calling-Station-Id = "0017F2ECCC75"
NAS-Identifier = "netgear1"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020800061500
NAS-IP-Address = 192.168.1.24
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (Called-Station-ID =~ /:Test-G$/)
? Evaluating (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-U$/)
? Evaluating (Called-Station-ID =~ /:Test-U$/) -> TRUE
++? if (Called-Station-ID =~ /:Test-U$/) -> TRUE
++- entering if (Called-Station-ID =~ /:Test-U$/)
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: Continuing tunnel setup.
+++[eapuser] returns ok
++- if (Called-Station-ID =~ /:Test-U$/) returns ok
++[unix] returns notfound
expand: %{Called-Station-Id} -> 00184DFCC7B8:Test-U
users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 219 to 192.168.1.24 port 1106
EAP-Message =
0x01090056158000000838310c300a060355040b13034544563111300f06035504031308
4d504949422d43413125302306092a864886f70d010901161673797374656d40696d6d75
6e62696f2e6d70672e64650e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1f2598221c2c8d94c802e19d0ec60b5d
Finished request 3.
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=220, length=398
Message-Authenticator = 0xf8d34b0f029f66155f8d4f2342d049fe
Service-Type = Framed-User
User-Name = "testuser"
Framed-MTU = 1488
State = 0x1f2598221c2c8d94c802e19d0ec60b5d
Called-Station-Id = "00184DFCC7B8:Test-U"
Calling-Station-Id = "0017F2ECCC75"
NAS-Identifier = "netgear1"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x020900dc1580000000d216030100070b00000300000016030100861000008200803dc4
432d3ec3d26bab634466e4e08d43679c147f48139ebfacf3e77cb047fd585c192d53abf9
f1594b0bfdf10aeecf2bbeab9544047b911c6b387ef0038e9302e544564e6212bce27dea
4d905da64183b2a29c73237eda2d28fcf455bfa83cb969c1be7beacf2acf77494d3721f8
54f66845c53b1f4dcd8dfd8cdb37f5c4acd41403010001011603010030b18484fd108ed5
68b015b74200fd01bcb52b3896be8abfbeb9301e7ef7bd1eb7d4ddc150b648697379fca4
441fff4429
NAS-IP-Address = 192.168.1.24
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++? if (Called-Station-ID =~ /:Test-G$/)
? Evaluating (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-G$/) -> FALSE
++? if (Called-Station-ID =~ /:Test-U$/)
? Evaluating (Called-Station-ID =~ /:Test-U$/) -> TRUE
++? if (Called-Station-ID =~ /:Test-U$/) -> TRUE
++- entering if (Called-Station-ID =~ /:Test-U$/)
rlm_eap: EAP packet type response id 9 length 220
rlm_eap: Continuing tunnel setup.
+++[eapuser] returns ok
++- if (Called-Station-ID =~ /:Test-U$/) returns ok
++[unix] returns notfound
expand: %{Called-Station-Id} -> 00184DFCC7B8:Test-U
users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
TLS Length 210
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0007], Certificate
rlm_eap_tls: >>> TLS 1.0 Alert [length 0002], fatal handshake_failure
TLS Alert write:fatal:handshake failure
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails.
eaptls_process returned 13
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [testuser/<via Auth-Type = EAP>] (from client netgear1
port 1 cli 0017F2ECCC75)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> testuser
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.24 port 1106,
id=220, length=398
Waiting to send Access-Reject to client netgear1 port 1106 - ID: 220
Sending delayed reject for request 4
Sending Access-Reject of id 220 to 192.168.1.24 port 1106
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
Cleaning up request 0 ID 216 with timestamp +13
Cleaning up request 1 ID 217 with timestamp +13
Cleaning up request 2 ID 218 with timestamp +13
Cleaning up request 3 ID 219 with timestamp +13
Waking up in 1.0 seconds.
Cleaning up request 4 ID 220 with timestamp +13
Ready to process requests.
2
3
hi,
I am using Free radius 2.0 and Ms Sql 2000.I need to used my own
customised table schema rather than the default table which comes along with
the radius server in schema.conf. To do so is it necessary to connect
through rlm_perl and deactivate the sql module in the sites-enabled/default.
If I am using perl script do I have to specify all the parameters that is
specified in the dialup.conf. I mean do I have to specify all the database
connection parameters in the perl, or is there any other means like as we do
in the sql.conf.
Regards
Elangbam Johnson
3
2
Hallow everyone, I´m network admin I need to know how
edit de src files of freeradius-1.0.x to not log
certains login matching with my username ´s
friends, please help me in that. excuse my poor
english.
thanks before it.
______________________________________________
LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
http://es.voice.yahoo.com
1
0