Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
August 2008
- 153 participants
- 244 discussions
Hello All
We are using version 2.0.5 with a mysql backend. 99.9% of the radius
service is working as expected :-)
However I'm trying to also use the "users" file so I can give some
default answers back to a particular NAS, I have set "fall-through =
No" but it still falls through to the sql server and provides the sql
info back too, if the user is not also in the sql table it only
provides the correct info.
from my users file
DEFAULT Client-IP-Address =~ "82.1x.x.130\$", Auth-Type := Accept
Tunnel-Type = "L2TP",
Tunnel-Medium-Type = "IP",
Service-Type := Framed-User,
Tunnel-Password := "radadmin",
Tunnel-Server-Endpoint := "82.x.x.253",
# Tunnel-Client-Auth-ID := "",
Fall-Through = No
Should it fall through to the sql module even with fall-through set at
no or have I misunderstood it.
Thanks
Wayne
2
1
Hi, I'm trying to implement FreeRadius to authenticate Wireless
CLient based on MAC address only, unfortunately all my wireless client
using EAP/TLS (Windows XP SP2) . I found that tutorials and doc are
not leading me to the right direction. Besides, I will not burden my
Windows XP SP2 client to search hotfix for EAP/TLS compatibility with
FreeRadius.
After digging more, I realize that Authorization using checkval module
is enough to verified valid MAC address from Wireless Client. But my
question is how can I use only Authorization where Authentication will
always return Access-Accept.
Here is my radiusd -X output:
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.2 port 1027, id=183, length=199
User-Name = "PIDEL-3C5B30E9C\\Administrator"
NAS-IP-Address = 10.0.0.2
NAS-Port = 0
Called-Station-Id = "00-1E-E5-9D-61-85:DEL_LR1"
Calling-Station-Id = "00-21-00-0B-68-E3"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x0201002201504944454c2d3343354233304539435c41646d696e6973747261746f72
Message-Authenticator = 0x891b437263cd48909255484bb081c823
+- entering group authorize
++[preprocess] returns ok
....
....
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-21-00-0B-68-E3
++[checkval] returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Sending Access-Reject of id 183 to 10.0.0.2 port 1027
Finished request 0.
Thanks in advance.
Ramot Lubis.
7
19
Hi,
to everyone. I know this is an OT post but i don't know where post.
I have a freeradius server that's work fine.
I have a tslp that's work fine (with passwd user) (it's and ubuntu
8.04 with ltsp correctly installed)
Now I want use freeradius to autenticate user in tslp desktop.
So, I think to install http://freeradius.org/pam_radius_auth but no
request is sent to freeradius server.
The questions:
1. where install pam_radius_auth? In /etc or in /opt/ltsp/i386/etc?
2. how to configure for ltsp?
Thanks in advance
v.
2
1
Hello Gurus.
Apologies if this mail arrives twice, the first time i did send it (05/Jul/08), nothing showed on the list nor the archive.
I'm new to freeradius 2.0.5, compiled it from sources and installed on CentOS v5.0, xp sp2 clients authenticate without problems with PEAP, but xp sp3 don't.
I've searched the entire list, but none reference to xp sp3.
Has anybody achieved to authenticate xp sp3 with default 802.1x client to freeradius ? Haven't yet tried Vista, but suspect will have the same problem.....
This is the log:
Best regards.
Oxiel
[root@radius ~]# radiusd -X
FreeRADIUS Version 2.0.5, for host x86_64-redhat-linux-gnu, built on Jul 5 2008 at 10:14:20
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/snmp.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/sql/mysql/counter.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.100.245 {
require_message_authenticator = no
secret = "secreto"
shortname = "192.168.100.245"
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --username=%{mschap:User-Name} --request-nt-key --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/cert-srv.pem"
certificate_file = "/etc/raddb/certs/cert-srv.pem"
CA_file = "/etc/raddb/certs/demoCA/cacert.pem"
private_key_password = "*l4Pr0.14"
dh_file = "/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
}
WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!
WARNING: Fix this by running the OpenSSL command listed in eap.conf
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
}
}
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=218, length=286
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "2"
User-Name = "COSMART\\jat"
NAS-Identifier = "001cc5363882"
NAS-Port = 268439554
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=2"
NAS-Port-Type = Ethernet
Calling-Station-Id = "0050-bac5-dfa5"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Acct-Session-Id = "110500010555d"
NAS-IP-Address = 192.168.100.245
Event-Timestamp = "Jan 1 2005 01:57:37 BOT"
Acct-Session-Time = 119
Acct-Delay-Time = 39
Acct-Input-Octets = 3232
Acct-Input-Packets = 43
Acct-Output-Octets = 8326
Acct-Output-Packets = 71
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Terminate-Cause = Lost-Carrier
3Com-Connect_Id = 81
3com-Attr-29 = 0x00000000
3Com-VLAN-Name = "\000\000\000\000"
3Com-Encryption-Type = "\000\000\000\000"
3Com-Time-Of-Day = "\000\000\000\000"
3com-Attr-22 = 0x00000000
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 268439554,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010555d",User-Name = "COSMART\\jat"'
rlm_acct_unique: Acct-Unique-Session-ID = "ea36fd6add7d8838".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "COSMART\jat", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705
expand: %t -> Sat Jul 5 14:30:23 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> COSMART\jat
++[radutmp] returns ok
expand: %{User-Name} -> COSMART\jat
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 218 to 192.168.100.245 port 5001
Finished request 0.
Cleaning up request 0 ID 218 with timestamp +2
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=0, length=240
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0201001b01686f73742f63616a6130322e636f736d6172742e626f
Message-Authenticator = 0xf1acdc9cf04cb956900a1812f75fc8e0
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 27
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.100.245 port 5001
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5073b7a3e2254835034dd3ceef
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=1, length=311
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0202005019800000004616030100410100003d0301486fbdd4eecfde254716f92a39b631a3684a00787d5d6b063ba9c81cd22e195300001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0xbec7d6563e28ca88de7723c45425b6a4
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5073b7a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0666], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.100.245 port 5001
EAP-Message = 0x0103040019c0000006c3160301004a020000460301486fbdc4c5c76a2564aa4f526c944a51a1302a3c659a0b0961427630875f60f92028b6d005458c6b196869a0d631f1ce41013c4514747eeebbdd80e7b4bc5969af00040016030106660b00066200065f0002b9308202b53082021ea003020102020104300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f
EAP-Message = 0x72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333833325a170d3138303633303231333833325a308195310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311a3018060355040313117261646975732e636f736d6172742e626f311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100cbeb8d00c58afe573130
EAP-Message = 0x546535d403e375d6bd47f46e40c177715d4ecab36ec81bd674cf9e85001a18c8dff1f6a3c36157c4ae0b1081b6a09d177dd4e43da1feab1ad3611da0b973cc5e69d4ed7ddd58147c6ea6666c86d074dce2b4819153f104b1ce41c4c549231e386a04f5123ae40191488aaf93362f09b31eef336682470203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810035fdfe43e521364d5c730005b1307d1ed1fb9bbeb88cec2be4e362fe3779c4dd1196f0e5b0bb41cde48da1e7392549e989d1ea0e3af59191d05be8991ced0b557b2ea643c160b150e7c83ab667414bb8b670c1193c53
EAP-Message = 0xae386773f3124b7803f6ada10aa517a81bfa0cfe66d5a557da43773eafabe10cbd705a52e5303e0282c90003a03082039c30820305a003020102020900e224351ea6a8c75e300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333435365a170d3138
EAP-Message = 0x303633303231333435365a30
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5072b6a3e2254835034dd3ceef
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=2, length=237
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020300061900
Message-Authenticator = 0x2690776a323a61b010a03df037aec344
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5072b6a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.100.245 port 5001
EAP-Message = 0x010402d319008191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100a646305a573ba9462e50379658300d0d0d8af89c4c30d84d160cde108867f5008c5d5476b473d60cc52067227194c9d8cb838e251fad331103a0ef6b82d2fc1c775065420d91f1
EAP-Message = 0x69d61d23088d5d2fcaca82b78d432ae2e5a7bc2128ab1489512d0d5df2dc8057bcf5ecf9e5c1be94088977ffa69885442de5967c302cbb3a750203010001a381f93081f6301d0603551d0e0416041473a2a24959f00db826a07cf8489b046784765ead3081c60603551d230481be3081bb801473a2a24959f00db826a07cf8489b046784765eada18197a48194308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e69
EAP-Message = 0x73747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d820900e224351ea6a8c75e300c0603551d13040530030101ff300d06092a864886f70d010105050003818100012eb34d9f4d44275d7141f817f9754d61b51a1205fe9326b51df1985a69c664e5a572a408ac098247e82621c48c097c72230ef3d4d4607636e721213b3a6bcae16cb65033eb9793e4bad604c5f8a4bd25638163cd556f283862542654cbcae9b86573ac3668cfad36b8b643abedbeb7a1ffb440c3af91d1a3a76d67ac84a2f016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5071b1a3e2254835034dd3ceef
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=3, length=423
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020400c01980000000b616030100861000008200800d05f33fc8ee7d6b891fd473b79cbd08c00029c400a4a8b4f66a043855312f1ae4c9ebc4d5935b3dd33a2f8c43a91f5268b8c6feeb2045eb683a038e92faad3c109b80d461449c916764451ae0ad1d9cc5adc79124b328a9e1240a83ffa8cef0833a8f218ce6cffe3c92e4a3a2e421e5d3e31c47deeafb370be2c2ae35840013140301000101160301002071ab2c4c5ef80026ece917f82faa9c4bf68ea263927572bcf2eff9dbc1b51e93
Message-Authenticator = 0x9d34a0ceab1dba8f46192d60879ce9e6
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5071b1a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 192
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 182
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.100.245 port 5001
EAP-Message = 0x01050031190014030100010116030100208af84b95006d4b91fba9d7169d916eb6809c68b34efddd8d7bb978243d04922e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5070b0a3e2254835034dd3ceef
Finished request 4.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=4, length=237
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020500061900
Message-Authenticator = 0xfb42b30cdfd2f35fc4e94d6b7b571349
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5070b0a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.100.245 port 5001
EAP-Message = 0x0106002019001703010015bc754e60e537bc8fb1c7d29c5758b542685f2a6b11
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5077b3a3e2254835034dd3ceef
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=5, length=281
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x02060032190017030100272290fc8604f7a51d1b40db4729ff215118019fc7cab898e7f7d59299b9ba138f63ad3698ff0d0d
Message-Authenticator = 0xdc1ac64c77e6220711e5b9da5a1483c7
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5077b3a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 50
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - host/caja02.cosmart.bo
PEAP: Got tunneled identity of host/caja02.cosmart.bo
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 6 length 27
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.100.245 port 5001
EAP-Message = 0x010700471900170301003c1e6805da43586305dd52fac9e77e5c0f59cf439f63276da038654693c461d78f2dff4238725874cbf4b94708899dcd5c661d56d09d4ef789e6c8d8ad
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5076b2a3e2254835034dd3ceef
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=6, length=335
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020700681900170301005dd9e8df11c1c77181e304f5804625cc6d44f9ab95418534bff216737d94c26604aad2c35ddf65bccfedc9ee52b023fda66d370b6767fd533860ea5b75eb2cdaf251db63feb3991bc812f10e8b41a96942b928746d8e124cd3ff02208321
Message-Authenticator = 0x189158927107c3cc4dbfb70ddcec6879
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5076b2a3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 104
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 7 length 81
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for host/caja02.cosmart.bo with NT-Password
expand: --username=%{mschap:User-Name} -> --username=caja02$
expand: --domain=%{mschap:NT-Domain} -> --domain=cosmart
mschap2: ca
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=2ee635f36876e135
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=3e2799722d4ae64a874fca7144dc868ba821b45ab8d3e5c9
Exec-Program output: NT_KEY: 2C5558B32AB95B9348365F364D596970
Exec-Program-Wait: plaintext: NT_KEY: 2C5558B32AB95B9348365F364D596970
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.100.245 port 5001
EAP-Message = 0x0108004a1900170301003f5b72a242149b0c849225ef274c8f16078a490d8b7017a19218015a39d51e11d4e4b5ec95727149d5d2d108ca87be5ac4572a1326c0be8912899588ed1dc79d
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5075bda3e2254835034dd3ceef
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=7, length=260
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x0208001d19001703010012729a793115410148fb3e1894728ed9dd43a2
Message-Authenticator = 0xc0038ec1fb0e803e1447e0c672705c8c
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5075bda3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 29
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to host/caja02.cosmart.bo
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
rlm_eap: Freeing handler
++[eap] returns ok
PEAP: Tunneled authentication was successful.
rlm_eap_peap: SUCCESS
Saving tunneled attributes for later
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.100.245 port 5001
EAP-Message = 0x010900261900170301001be69227ae08e478000a3caae737a96433d8bb3a4ff3a53f1fbb7c0c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x73b5ba5074bca3e2254835034dd3ceef
Finished request 8.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=8, length=269
User-Name = "host/caja02.cosmart.bo"
EAP-Message = 0x020900261900170301001b3916275431b7332459f3aaa1643e31720bc6ac34c224b51e2693c3
Message-Authenticator = 0x7093c15fac997292a12f6fc80059160c
NAS-IP-Address = 192.168.100.245
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "0050-bac5-dfa5"
State = 0x73b5ba5074bca3e2254835034dd3ceef
3Com-Connect_Id = 83
3Com-Product-ID = "5500G-EI"
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
3Com-NAS-Startup-Timestamp = 1104537612
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Success
Using saved attributes from the original Access-Accept
rlm_eap: Freeing handler
++[eap] returns ok
+- entering group post-auth
++[exec] returns noop
Sending Access-Accept of id 8 to 192.168.100.245 port 5001
User-Name = "host/caja02.cosmart.bo"
MS-MPPE-Recv-Key = 0xbc92e431af5c7ffb4d5b7995391751603d37b0f0ff4b90fbfecd1785d2d987b9
MS-MPPE-Send-Key = 0x298436d731ecef7178d901f10b1654124cb4b52e1e1ed23fd33b1ec32476b480
EAP-Message = 0x03090004
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 9.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=219, length=228
User-Name = "host/caja02.cosmart.bo"
NAS-Identifier = "001cc5363882"
NAS-Port = 268439553
NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1"
NAS-Port-Type = Ethernet
Calling-Station-Id = "0050-bac5-dfa5"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "110500010558e"
NAS-IP-Address = 192.168.100.245
Event-Timestamp = "Jan 1 2005 01:58:37 BOT"
3Com-Connect_Id = 83
3com-Attr-29 = 0x00000000
3Com-VLAN-Name = "\000\000\000\000"
3Com-Encryption-Type = "\000\000\000\000"
3Com-Time-Of-Day = "\000\000\000\000"
3com-Attr-22 = 0x00000000
3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5"
+- entering group preacct
++[preprocess] returns ok
rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010558e",User-Name = "host/caja02.cosmart.bo"'
rlm_acct_unique: Acct-Unique-Session-ID = "b9beac104c297af0".
++[acct_unique] returns ok
rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
+- entering group accounting
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705
expand: %t -> Sat Jul 5 14:30:28 2008
++[detail] returns ok
++[unix] returns ok
expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
expand: %{User-Name} -> host/caja02.cosmart.bo
++[radutmp] returns ok
expand: %{User-Name} -> host/caja02.cosmart.bo
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 219 to 192.168.100.245 port 5001
Finished request 10.
Cleaning up request 10 ID 219 with timestamp +7
Going to the next request
Waking up in 4.2 seconds.
Cleaning up request 1 ID 0 with timestamp +6
Cleaning up request 2 ID 1 with timestamp +7
Cleaning up request 3 ID 2 with timestamp +7
Cleaning up request 4 ID 3 with timestamp +7
Cleaning up request 5 ID 4 with timestamp +7
Cleaning up request 6 ID 5 with timestamp +7
Waking up in 0.1 seconds.
Cleaning up request 7 ID 6 with timestamp +7
Cleaning up request 8 ID 7 with timestamp +7
Cleaning up request 9 ID 8 with timestamp +7
Ready to process requests.
______________________________________________
Enviado desde Correo Yahoo! La bandeja de entrada más inteligente.
10
14
I'm setting up a new freeradius setup using many different authorization
modules. Mostly ldap and sql modules. For authentication I'm hoping to use
the default and as few custom as possible but I have to use some of the ldap
backends for authentication as well. (simple bind)
I wonder what are the best configuration practices. I've heard Alan DeKok
many times;
http://deployingradius.com/documents/configuration/setup.html. So I want to
change the default config as little as possible.
I was thinking to start adding a few custom files to include in the default
config.
$raddb/custom_mods.conf : the custom ldap and sql module definitions
$raddb/custom_auth.conf : custom authentication entries
$raddb/custom_autz.conf : custom authorization entries
I'm using realms to link the different authorization modules. If I'm correct
I need to add every realm to the proxy.conf file and set it to LOCAL. Is
this really needed?
realm test.com {
type = radius
authhost = LOCAL
accthost = LOCAL
}
Finally I need to add the realms to users file
DEFAULT Realm == "test.com", Autz-Type := test.com
(Auth-Type should be figured out by freeradius)
Is this the best way to setup a decent configuration? I'd like to skip the
proxy.conf configuration since it's saying the same for all realms. Anyone
some suggestions?
Rg,
Arnaud Loonstra
--
View this message in context: http://www.nabble.com/Best-config-practices--tp18922693p18922693.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
3
5
Re: 2.0.5 on Solaris, openssl 0.9.8h ---> does support sha256 ?
by patrice.oliverï¼ ch-beaune.fr 11 Aug '08
by patrice.oliverï¼ ch-beaune.fr 11 Aug '08
11 Aug '08
Bonjour,
je suis actuellement en cong�s pour 3 semaines.
Je suis de retour le 1er septembre 2008.
En cas d'urgence, vous pouvez contacter Monsieur Tixier au 03 80 24 44 27 ou la maintenance informatique au 03 80 24 45 84.
Cordialement.
5
4
> Did you set "use_tunneled_reply" in eap.conf? This is also in 1.1.x.
> Alan DeKok.
Yeah!, it works if "use_tunneled_reply" is set to "yes" (though tunneled
data is -in my case- the same). Thank you very much!
If this can help: I've run FR1.1 (various versions, last one v1.1.5),
with this attribute unset, as in per default conf file, and it worked!.
The only thing I can imagine is that previous versions had a different
default value (?).
Thanks again!
1
0
Hello All,
I have an Active Directory on window 2k3 and I want to use the free radius on Linux machine for authenticating users domain. I tried to configure free radius with ntlm_auth for working auth but it not work.
Although on free radius i can auth successful for domain user by command: ntlm_auth --domain=ABC --username=test ---> result: auth sucess (...), but on the auth client when i checked with the wrong name/pass it still showed message "auth sucess" after that this user/pass cannot login to device on domain.
Can anybody help me on this and share me how to configure freeradius for authenticating domain uses?
Thanks
3
7
>> rlm_ldap: Added User-Password = Testing10 in check items
>> ---------------------------------------------------------------
>> clearly freeradius can see the password and also it clear text :)
>> below i also add samba schema that contain LM and NT password
>>
> ...
>
>> -------------------------------------------------------------------
>> mschap module say no clear text pasword and also can't create LM and NT
>> password
>> -------------------------------------------------------------------
>> +- entering group MS-CHAP
>> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
>> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
>>
>
> Please post ALL of the debug output. I suspect that you are doing the
> ldap lookups OUTSIDE of the TLS tunnel rather than INSIDE.
>
> Alan DeKok.
>
definitely my mistake again sorry for your inconvenience
I didn't include all the debug, because it was so large... anyway here
the debug :
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0201000c0174657374696e67
Message-Authenticator = 0xb3af6d24481b168d63e57489e22a2458
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.7:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 14340
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 14340
EAP-Message = 0x0102001604108dedf8c669040a1bcd0115afdf91dbdc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11fa52425bd7da50678295fc0
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11fa52425bd7da50678295fc0
EAP-Message = 0x020200060319
Message-Authenticator = 0x76203b9931bdb50a703f0f50746f7ee3
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 14340
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 14340
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ea43925bd7da50678295fc0
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ea43925bd7da50678295fc0
EAP-Message =
0x0203005019800000004616030100410100003d0301489aa4c688ae33dab29d1f856cc286c03cc9db7bf7cad627057407ea7ae7ff7600001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x281bfb9a23c4dbe800b5e8ddb8a1e450
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0104040019c0000008bb160301004a020000460301489a9df62033f257b37183b77110cc422d4e261ec2937a49c010c2094c03402720184330036434a2cf4ed6df923cc2dbfed170e04bc387b206ddfb5f91dbd5224e000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad
EAP-Message =
0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c
EAP-Message = 0xe7889fcefb2540ca2a830a91
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11da33925bd7da50678295fc0
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11da33925bd7da50678295fc0
EAP-Message = 0x020400061900
Message-Authenticator = 0x30262688a22da1c1ee098b29dead42c4
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6
EAP-Message =
0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0
EAP-Message =
0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1
EAP-Message = 0x2f31d1264b04c5b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ca23925bd7da50678295fc0
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ca23925bd7da50678295fc0
EAP-Message = 0x020500061900
Message-Authenticator = 0x59d74248b0aadbf3119dbb3eeb19b42e
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ba13925bd7da50678295fc0
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ba13925bd7da50678295fc0
EAP-Message =
0x02060140198000000136160301010610000102010068ae16d861e6d0176177801ef590398287377ea6ae9a1cfd9e0b3f4e625327a010a5d554c73483273a477798edc6bd1eaa432232961de9e7075661ff9e90fb678fd8e9a6687c44d19ff9449be9b7336779175b780d08f3c9fa16c7defe05e2c42d480d633f375406c53486a487caa06358e52d72ab25fabfd960bff9271db83261783b026b500d2a14191890487de5bb545b8fe9be3aa055f3a516928cd891b9362090b986037ed516866ffafb8d14dae8baa94ab96ee893290a624b62d9f856dd3b7c4e0357a02998b1837aa538849aa0177846cee6b5f0f149ffe1cb6f5ce1866c3a325d65509b
EAP-Message =
0x74c24b32e27592aae4cf5f300d2c0ff6d2270d6d517e354a14030100010116030100200893d8c86f803d129370aa7f4d74ed825f64654040243375124d284762011ac7
Message-Authenticator = 0x3b0313d80ad2d14931da58b07de881c8
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls:
<<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read
finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept:
SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0107003119001403010001011603010020ad9ae7e64760bfd2d6f845bb0d3bbc2d52fd692106a9eb9ed4cb34064db2b864
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11aa03925bd7da50678295fc0
Finished request 9.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11aa03925bd7da50678295fc0
EAP-Message = 0x020700061900
Message-Authenticator = 0x11836c23f609b5c4d3211d9b1f1f27f7
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0108002019001703010015f4ce316d1638ae01c009d50bcc9ebce4724655b215
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c119af3925bd7da50678295fc0
Finished request 10.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c119af3925bd7da50678295fc0
EAP-Message =
0x0208002319001703010018a04db0485b87de4eb7d2eddc7a5ce6a50d14325deef1bd91
Message-Authenticator = 0x2debf67f813086666dc007c59a814494
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 35
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testing
PEAP: Got tunneled identity of testing
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010900381900170301002d93de421ad659f0beec711c64baecd2841ee70b243fb51b315798646770e2eb873dcc3fe78aa54d2094030f54c2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c118ae3925bd7da50678295fc0
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c118ae3925bd7da50678295fc0
EAP-Message =
0x020900591900170301004eed1ff2effc4e1752902dee5fd3d3f56281045c8aea4fd46077f8f2f1afff31459f86f4a8fbb3e149d7ea91ce2bacd815be3a82d279f0533b969fe6383bdbbc520661151b64e5d073ebe9d0ed7258
Message-Authenticator = 0xea29d99ebda12bc8cee708264041d3a1
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 89
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 66
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010a00261900170301001bf310bdd3b5003f17e6b384f8d72a7a9c7a874b3b2ae817450b07cd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c117ad3925bd7da50678295fc0
Finished request 12.
Going to the next request
Waking up in 4.6 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c117ad3925bd7da50678295fc0
EAP-Message =
0x020a00261900170301001bc69a12bf5d23b5dedc2c6c8d537f8577436b7bded7dee8eb290178
Message-Authenticator = 0x2a7e10fb4deef91301ba11f38f970f39
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this
session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port
1 cli 00-16-36-5a-f1-e4)
} # server nispdot1x
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 13
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.6 seconds.
Cleaning up request 4 ID 9 with timestamp +540
Cleaning up request 5 ID 10 with timestamp +540
Waking up in 0.1 seconds.
Cleaning up request 6 ID 11 with timestamp +540
Cleaning up request 7 ID 12 with timestamp +540
Cleaning up request 8 ID 13 with timestamp +540
Cleaning up request 9 ID 14 with timestamp +540
Cleaning up request 10 ID 15 with timestamp +540
Cleaning up request 11 ID 16 with timestamp +540
Cleaning up request 12 ID 17 with timestamp +540
Waking up in 1.0 seconds.
Cleaning up request 13 ID 18 with timestamp +540
Ready to process requests.
Thank You
Ryan Setiawan H
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
1
0
> ...
>
>> rlm_ldap: Added User-Password = Testing10 in check items
>> ---------------------------------------------------------------
>> clearly freeradius can see the password and also it clear text :)
>> below i also add samba schema that contain LM and NT password
>>
> ...
>
>> -------------------------------------------------------------------
>> mschap module say no clear text pasword and also can't create LM and NT
>> password
>> -------------------------------------------------------------------
>> +- entering group MS-CHAP
>> rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
>> rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
>>
>
> Please post ALL of the debug output. I suspect that you are doing the
> ldap lookups OUTSIDE of the TLS tunnel rather than INSIDE.
>
> Alan DeKok.
>
I'm sorry I didn't include all the debug, because it was so large...
anyway here the debug :
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
EAP-Message = 0x0201000c0174657374696e67
Message-Authenticator = 0xb3af6d24481b168d63e57489e22a2458
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 1 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0
rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to
192.168.11.7:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 14340
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 14340
EAP-Message = 0x0102001604108dedf8c669040a1bcd0115afdf91dbdc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11fa52425bd7da50678295fc0
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11fa52425bd7da50678295fc0
EAP-Message = 0x020200060319
Message-Authenticator = 0x76203b9931bdb50a703f0f50746f7ee3
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 2 length 6
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
users: Matched entry DEFAULT at line 183
++[files] returns ok
++- entering redundant-load-balance group redundant-load-balance
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testing
expand: (uid=%u) -> (uid=testing)
expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter
(uid=testing)
rlm_ldap: checking if remote access for testing is allowed by uid
rlm_ldap: Added User-Password = Testing10 in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time
== "Wk0800-1800"
rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password ==
0x54657374696e6731
rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute
Calling-Station-Id == "00-16-36-5a-f1-e5"
rlm_ldap: looking for reply items in directory...
rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute
Tunnel-Private-Group-Id:0 = "101"
rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute
Tunnel-Medium-Type:0 = IEEE-802
rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute
Tunnel-Type:0 = VLAN
rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute
Framed-Protocol = PPP
rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute
Service-Type = Framed-User
rlm_ldap: user testing authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
+++[ldap_instance100] returns ok
++- redundant-load-balance group redundant-load-balance returns ok
++[expiration] returns noop
rlm_logintime: Checking Login-Time: 'Wk0800-1800'
rlm_logintime: timestr returned accept
rlm_logintime: Session-Timeout set to: 14340
++[logintime] returns ok
rlm_pap: Found existing Auth-Type, not changing it.
++[pap] returns noop
rad_check_password: Found Auth-Type EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with
Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known
good" !!!
!!! clear text password is in Cleartext-Password, and not in
User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP NAK
rlm_eap: EAP-NAK asked for EAP-Type/peap
rlm_eap: processing type tls
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
++[eap] returns handled
} # server nispdot1x
Framed-Compression = Van-Jacobson-TCP-IP
Tunnel-Private-Group-Id:0 = "101"
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Framed-Protocol = PPP
Service-Type = Framed-User
Session-Timeout = 14340
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ea43925bd7da50678295fc0
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ea43925bd7da50678295fc0
EAP-Message =
0x0203005019800000004616030100410100003d0301489aa4c688ae33dab29d1f856cc286c03cc9db7bf7cad627057407ea7ae7ff7600001600040005000a000900640062000300060013001200630100
Message-Authenticator = 0x281bfb9a23c4dbe800b5e8ddb8a1e450
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 3 length 80
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 70
rlm_eap_tls: Length Included
eaptls_verify returned 11
(other): before/accept initialization
TLS_accept: before/accept initialization
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello
TLS_accept: SSLv3 read client hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello
TLS_accept: SSLv3 write server hello A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate
TLS_accept: SSLv3 write certificate A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
TLS_accept: SSLv3 write server done A
TLS_accept: SSLv3 flush data
TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0104040019c0000008bb160301004a020000460301489a9df62033f257b37183b77110cc422d4e261ec2937a49c010c2094c03402720184330036434a2cf4ed6df923cc2dbfed170e04bc387b206ddfb5f91dbd5224e000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504
EAP-Message =
0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad
EAP-Message =
0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505
EAP-Message =
0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c
EAP-Message = 0xe7889fcefb2540ca2a830a91
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11da33925bd7da50678295fc0
Finished request 6.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11da33925bd7da50678295fc0
EAP-Message = 0x020400061900
Message-Authenticator = 0x30262688a22da1c1ee098b29dead42c4
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 4 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603
EAP-Message =
0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6
EAP-Message =
0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0
EAP-Message =
0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1
EAP-Message = 0x2f31d1264b04c5b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ca23925bd7da50678295fc0
Finished request 7.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ca23925bd7da50678295fc0
EAP-Message = 0x020500061900
Message-Authenticator = 0x59d74248b0aadbf3119dbb3eeb19b42e
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 5 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake fragment handler
eaptls_verify returned 1
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11ba13925bd7da50678295fc0
Finished request 8.
Going to the next request
Waking up in 4.8 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11ba13925bd7da50678295fc0
EAP-Message =
0x02060140198000000136160301010610000102010068ae16d861e6d0176177801ef590398287377ea6ae9a1cfd9e0b3f4e625327a010a5d554c73483273a477798edc6bd1eaa432232961de9e7075661ff9e90fb678fd8e9a6687c44d19ff9449be9b7336779175b780d08f3c9fa16c7defe05e2c42d480d633f375406c53486a487caa06358e52d72ab25fabfd960bff9271db83261783b026b500d2a14191890487de5bb545b8fe9be3aa055f3a516928cd891b9362090b986037ed516866ffafb8d14dae8baa94ab96ee893290a624b62d9f856dd3b7c4e0357a02998b1837aa538849aa0177846cee6b5f0f149ffe1cb6f5ce1866c3a325d65509b
EAP-Message =
0x74c24b32e27592aae4cf5f300d2c0ff6d2270d6d517e354a14030100010116030100200893d8c86f803d129370aa7f4d74ed825f64654040243375124d284762011ac7
Message-Authenticator = 0x3b0313d80ad2d14931da58b07de881c8
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 6 length 253
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
TLS Length 310
rlm_eap_tls: Length Included
eaptls_verify returned 11
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
TLS_accept: SSLv3 read client key exchange A
rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001]
rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 read finished A
rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001]
TLS_accept: SSLv3 write change cipher spec A
rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
rlm_eap_peap: EAPTLS_HANDLED
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0107003119001403010001011603010020ad9ae7e64760bfd2d6f845bb0d3bbc2d52fd692106a9eb9ed4cb34064db2b864
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c11aa03925bd7da50678295fc0
Finished request 9.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c11aa03925bd7da50678295fc0
EAP-Message = 0x020700061900
Message-Authenticator = 0x11836c23f609b5c4d3211d9b1f1f27f7
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 7 length 6
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Received EAP-TLS ACK message
rlm_eap_tls: ack handshake is finished
eaptls_verify returned 3
eaptls_process returned 3
rlm_eap_peap: EAPTLS_SUCCESS
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x0108002019001703010015f4ce316d1638ae01c009d50bcc9ebce4724655b215
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c119af3925bd7da50678295fc0
Finished request 10.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c119af3925bd7da50678295fc0
EAP-Message =
0x0208002319001703010018a04db0485b87de4eb7d2eddc7a5ce6a50d14325deef1bd91
Message-Authenticator = 0x2debf67f813086666dc007c59a814494
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 8 length 35
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Identity - testing
PEAP: Got tunneled identity of testing
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 8 length 12
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: EAP Identity
rlm_eap: processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
PEAP: Got tunneled Access-Challenge
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010900381900170301002d93de421ad659f0beec711c64baecd2841ee70b243fb51b315798646770e2eb873dcc3fe78aa54d2094030f54c2
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c118ae3925bd7da50678295fc0
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c118ae3925bd7da50678295fc0
EAP-Message =
0x020900591900170301004eed1ff2effc4e1752902dee5fd3d3f56281045c8aea4fd46077f8f2f1afff31459f86f4a8fbb3e149d7ea91ce2bacd815be3a82d279f0533b969fe6383bdbbc520661151b64e5d073ebe9d0ed7258
Message-Authenticator = 0xea29d99ebda12bc8cee708264041d3a1
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 9 length 89
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: EAP type mschapv2
PEAP: Setting User-Name to testing
+- entering group authorize
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
rlm_eap: EAP packet type response id 9 length 66
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm!
Cancelling invalid proxy request.
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/mschapv2
rlm_eap: processing type mschapv2
+- entering group MS-CHAP
rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password.
rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password.
rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password
rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication.
rlm_mschap: FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
rlm_eap: Freeing handler
++[eap] returns reject
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0)
PEAP: Tunneled authentication was rejected.
rlm_eap_peap: FAILURE
++[eap] returns handled
} # server nispdot1x
EAP-Message =
0x010a00261900170301001bf310bdd3b5003f17e6b384f8d72a7a9c7a874b3b2ae817450b07cd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1fa720c117ad3925bd7da50678295fc0
Finished request 12.
Going to the next request
Waking up in 4.6 seconds.
Framed-MTU = 1480
NAS-IP-Address = 192.168.12.130
NAS-Identifier = "ProCurve Switch 2650"
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 1
NAS-Port-Type = Ethernet
NAS-Port-Id = "1"
Called-Station-Id = "00-1c-2e-73-85-00"
Calling-Station-Id = "00-16-36-5a-f1-e4"
Connect-Info = "CONNECT Ethernet 100Mbps Full duplex"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "1"
State = 0x1fa720c117ad3925bd7da50678295fc0
EAP-Message =
0x020a00261900170301001bc69a12bf5d23b5dedc2c6c8d537f8577436b7bded7dee8eb290178
Message-Authenticator = 0x2a7e10fb4deef91301ba11f38f970f39
server nispdot1x {
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = "testing", looking up realm NULL
rlm_realm: No such realm "NULL"
++[suffix] returns noop
rlm_eap: EAP packet type response id 10 length 38
rlm_eap: Continuing tunnel setup.
++[eap] returns ok
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
+- entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP/peap
rlm_eap: processing type peap
rlm_eap_peap: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK
rlm_eap_peap: Session established. Decoding tunneled attributes.
rlm_eap_peap: Received EAP-TLV response.
rlm_eap_peap: Had sent TLV failure. User was rejected earlier in
this session.
rlm_eap: Handler failed in EAP/peap
rlm_eap: Failed in EAP select
++[eap] returns invalid
auth: Failed to validate the user.
Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port
1 cli 00-16-36-5a-f1-e4)
} # server nispdot1x
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} -> testing
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 13 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 13
EAP-Message = 0x040a0004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.6 seconds.
Cleaning up request 4 ID 9 with timestamp +540
Cleaning up request 5 ID 10 with timestamp +540
Waking up in 0.1 seconds.
Cleaning up request 6 ID 11 with timestamp +540
Cleaning up request 7 ID 12 with timestamp +540
Cleaning up request 8 ID 13 with timestamp +540
Cleaning up request 9 ID 14 with timestamp +540
Cleaning up request 10 ID 15 with timestamp +540
Cleaning up request 11 ID 16 with timestamp +540
Cleaning up request 12 ID 17 with timestamp +540
Waking up in 1.0 seconds.
Cleaning up request 13 ID 18 with timestamp +540
Ready to process requests.
Thank You
Ryan Setiawan H
--
DISCLAIMER:
The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.
1
0