Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
March 2009
- 178 participants
- 250 discussions
Hi all,
Since several months ago, I've been developing two new freeradius
modules, a non-eap module and a EAP module. I made my development in
Freeradius 2.0.2 and all work fine, today I've decided to migrate my
modules to the new Freeradius version 2.1.4, no problems with the
migration. Compilation and installation successfully.
After the installation, I run my modules but a strange error has appear.
Whether I run my non-EAP module without load my EAP module it works fine
but whether I load my EAP module the non-EAP module crash. Showing this
message:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1212175680 (LWP 19702)]
0xb7c781ec in ?? () from /lib/tls/i686/cmov/libc.so.6
So, I don't know what is happening. The EAP module works properly with
the non-EAP module loaded. The modules haven't dependencies between each
other.
What could be happening? Why when the EAP module is loaded the non-EAP
module crash in libc.so.6?? Any ideas?
In freeradius 2.0.2 works prefectly. why in 2.1.4 fails?
2
2
17 Mar '09
Hi
I spent 3 weeks trying to make FreeRadius work with PEAPv0 and WinXP SP3
native supplicant. I can authenticate using local flat file or ntlm_auth but
authentication from WinXP doesn't work.
Here's the log:
FreeRADIUS Version 2.1.5, for host i486-pc-linux-gnu, built on Mar 13 2009
at 19:44:44
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/radutmp
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/control-socket
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
group = freerad
user = freerad
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 10.112.250.66 {
require_message_authenticator = no
secret = "XXXXXXXX"
shortname = "XXXXXXXX"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth =
"/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name}
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "XXXXXXXX"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/etc/freeradius/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
}
}
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
}
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/freeradius/freeradius.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/freeradius/freeradius.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=153,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x5baffb9dd034cd9aa3cb29a45831918b
EAP-Message = 0x0201000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 153 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cdfc3973f250f474980ad2ad
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=154,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x722d94e3ceca44322ee60ba3bc0e13df
EAP-Message =
0x0202005019800000004616030100410100003d030149bf736722dcce9632a19c40c8caac0b9ac85b77726a8e2a55e2fef92ab5db2200001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cdfc3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 154 to 10.112.250.68 port 1645
EAP-Message =
0x0103040019c00000092e160301002a02000026030149bf736738a1795e83e117ee5d27d262d6f7af42b18f18a9925a94c6d2d1d3000000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065ccfd3973f250f474980ad2ad
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=155,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xd0131129f48c7f344a6d29179fc4adba
EAP-Message = 0x020300061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065ccfd3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 155 to 10.112.250.68 port 1645
EAP-Message =
0x010403fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cffa3973f250f474980ad2ad
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=156,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x7a6f3b1b53834e2106f048f4218e8fdc
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cffa3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 156 to 10.112.250.68 port 1645
EAP-Message =
0x010501481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cefb3973f250f474980ad2ad
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=157,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xab5bdc9d3518e5ff8322121b07cd24f1
EAP-Message =
0x0205014019800000013616030101061000010201001e7cd090ff71bf192b8cdc4b91cd2b54c0934456f9e035acc7374c09873d855badaf066e3c9aac495ca867532f2bc0b14b291b2b518497991f12cdc908b2a6f18f23f636c2be3fea94c876feca9534fcb0279764c69b050d11e1963a8d93e64e83802927a7bb646fc2aa7126dbdb0903f2e400a1843921e97db7f31813a1504e79b2c1081c1faba8fa6fab41e426a2059ee10f14e75d991a00ea67d47c5bfc047d585b239c90a7548b3258b88c1e5aa38073ec9c957c01e379d0178001a4f251eac068b24ddf5cefa362116e0b68aa518da2d9cb214da11796cf49337fc6c5581e44c11173f10d79
EAP-Message =
0x5ba4e12506fad7fb811e6786855ef98f9f9fbd8c3f8140ac14030100010116030100208c79d5a0fe46df96051e904c0b9980fc6fb0ff0e4b181cec34f6d74da4f4a16f
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cefb3973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 157 to 10.112.250.68 port 1645
EAP-Message =
0x0106003119001403010001011603010020b6916cdea4d91c27b28b16722d40ca38b7e83bc89a7936c95fdafc48c86d8883
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065c9f83973f250f474980ad2ad
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=158,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x44325309820ffa12b30c214d2694708d
EAP-Message = 0x020600061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065c9f83973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 158 to 10.112.250.68 port 1645
EAP-Message =
0x010700201900170301001535401f02148f70a1bda51fa3b69abb7dc556d20673
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065c8f93973f250f474980ad2ad
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=159,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x3b372e42aa519786123f192e486d2982
EAP-Message =
0x020700261900170301001bab7b003deb0b93e4d5ce89d15660b21eefa1929c675a008d180777
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065c8f93973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0207000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0207000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010800241a0108001f10335a4805c94f167ffc24ceaae6a242d45456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c851c73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 159 to 10.112.250.68 port 1645
EAP-Message =
0x0108003b19001703010030bef0b99fb4258235bc8654c2dae2d201c3530fd9ebaa29893a52f6ab129eb45585066c663582c6e0bc7b3f3be28205f8
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065cbf63973f250f474980ad2ad
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=160,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xfd2b892111c1f12c1e60fb4820524b78
EAP-Message =
0x0208005c1900170301005161f7025ea840d7f5823c98e467db708e6fbdfa2ce84fc8dddfdef59c419b2c1734b908b114fee270d140e76d2fdd604b262cf5018e4b3286cff5c09f0f50790b51047b0e94e5957bca3eda76c63f882238
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
State = 0xcdfe2065cbf63973f250f474980ad2ad
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020800451a02080040318c57226b5d6ea2d975f66b2a193e898800000000000000005fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x8514698c851c73de6383db5f8319a5b1
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3472
NAS-Port-Id = "3472"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: 33
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=665a186a2744c21d
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=5fd207a2e06e9ae0a6371e143604d1f928e75a713807c66a
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900331a0308002e533d44433931383941374635313542394346464639383937373438323335334139383045384331343134
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x8514698c841d73de6383db5f8319a5b1
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 160 to 10.112.250.68 port 1645
EAP-Message =
0x0109004a1900170301003f6145ec30002debef77be6fabe99fbe76b3510591ae8dfd4bb27523dbefd8970ce673f9bcd55ac41603f5163ef61aaba69c074a5cb60d0c7b9c23856fe47a96
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcdfe2065caf73973f250f474980ad2ad
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 153 with timestamp +11
Cleaning up request 1 ID 154 with timestamp +11
Cleaning up request 2 ID 155 with timestamp +11
Cleaning up request 3 ID 156 with timestamp +11
Cleaning up request 4 ID 157 with timestamp +11
Cleaning up request 5 ID 158 with timestamp +11
Cleaning up request 6 ID 159 with timestamp +12
Cleaning up request 7 ID 160 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=161,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xe228fa4baf34109d516a99e37534a781
EAP-Message = 0x0202000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 161 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a576992b17b71cf6b836ab72
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=162,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xa4c8094461a7f9af463251323caf79f6
EAP-Message =
0x0203005019800000004616030100410100003d030149bf7385ae4924e8192fd3dfa74c41b19ad157988c44e52d14e99da996adc3b400001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a576992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 162 to 10.112.250.68 port 1645
EAP-Message =
0x0104040019c00000092e160301002a02000026030149bf738605a363453e465ca291b4794959af9290b7601d1a37417a2b497a03ce0000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a471992b17b71cf6b836ab72
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=163,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xb6ff7161df8db2ae677dcebd84a53b85
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a471992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 163 to 10.112.250.68 port 1645
EAP-Message =
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a770992b17b71cf6b836ab72
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=164,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xdfe51030a315137a4132e7287254ce08
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a770992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 164 to 10.112.250.68 port 1645
EAP-Message =
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a673992b17b71cf6b836ab72
Finished request 11.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=165,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xb4de6a4ff4348463155fd850059775a1
EAP-Message =
0x0206014019800000013616030101061000010201004f4ae73fe1be7d30acfd1cb5a4389a1f9de8785911af2ca4fdb8ac00d7945565c11a43c810a30f76a3b167c95717b0639300061a901da1ce8b6485c461c3ddd413b691826bd1a9ab56a73fc38e61a1f518098a6ee597295239cb068fb70703755917e1b67fa3e66c52e8833ba3becb330065fefe7ed93bf5f653033cdaa015d1d9746f839c7e39e23b050406a51e6ea5f0e391fe57e0e4d8358aec30dd9a908155cc500ea2bc3d16da296bf140206575d391fea4c6380e799cd5f7fb51bf6c5c5bfa34c9eaac8be334db2c36fc30e59d5b9ebf0d0bfa358e6336d72762f47e063298fe22ce1d23bf
EAP-Message =
0xfaad05baf0aa757cc3496a509087ec213d36bcdec3745d601403010001011603010020f1de6fa684e1822b016ea76bf478b7332fb9d7178ba963452ee3a0d0ef1c2170
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a673992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 165 to 10.112.250.68 port 1645
EAP-Message =
0x010700311900140301000101160301002007a07f19ed77680ef286f39db5f72d84904e2ce4f18605a26a891c830f788118
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a172992b17b71cf6b836ab72
Finished request 12.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=166,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xba106d6ac81c2ab2d2af33203af59dfb
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a172992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 166 to 10.112.250.68 port 1645
EAP-Message =
0x0108002019001703010015d29cdc6fce0a9cafb6f20924de3208174b6df7b2f1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a07d992b17b71cf6b836ab72
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=167,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x2705336f241836f6b24f00b588e13b73
EAP-Message =
0x020800261900170301001b1ad7c2bfa6dd0cf866701399664bc207fa635e0dda7be377e9f3e9
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a07d992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0208000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0208000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10fb8f03dc689de41ef22260b1da587a7d5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58652c4af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 167 to 10.112.250.68 port 1645
EAP-Message =
0x0109003b19001703010030567f55f1c932102a7393dd1788f03f0c56caa83abba0a9dea8ae9efd076672556c04f662912c3a591557a46d00dc0bb9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a37c992b17b71cf6b836ab72
Finished request 14.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=168,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x51f11715a3fd4e4b3f4f60e94f2ec217
EAP-Message =
0x0209005c190017030100516108e772ad1a8697bd98eb78aa5a6ddd1ce48bbd3f5806b8976c07e1d8075fbf2b446ac911cf3d9c32dc87a9fbbb74fc4e78f278669f21845f60bb2396bc4a9fbb911b08264853bb1eb7692701c52caa07
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
State = 0xa5758044a37c992b17b71cf6b836ab72
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020900451a020900403129739db92821f571fdc45b2527a4a8710000000000000000a3a3783202886260550809a31b871ef23053c43001e5ac32005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x52cdb58652c4af523153f09f4bdf6cdf
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3473
NAS-Port-Id = "3473"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: fb
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3fd187592f201e30
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=a3a3783202886260550809a31b871ef23053c43001e5ac32
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d42394142373544343636363846334341393643424445424444414632363045373245414244463433
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x52cdb58653c7af523153f09f4bdf6cdf
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 168 to 10.112.250.68 port 1645
EAP-Message =
0x010a004a1900170301003f7cf22b3d3b98defde4a8507f1d8a31afc97dcbeb2dbfee786dfafacde6932185a0d25b034e2adea0a020d3893597c210a797cc4a9ebc8cd55def9c36429564
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xa5758044a27f992b17b71cf6b836ab72
Finished request 15.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 8 ID 161 with timestamp +42
Cleaning up request 9 ID 162 with timestamp +42
Cleaning up request 10 ID 163 with timestamp +42
Cleaning up request 11 ID 164 with timestamp +42
Cleaning up request 12 ID 165 with timestamp +42
Cleaning up request 13 ID 166 with timestamp +42
Cleaning up request 14 ID 167 with timestamp +42
Cleaning up request 15 ID 168 with timestamp +42
Ready to process requests.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=169,
length=249
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x3be0e1f7c4bdcd75667064f66e9619ce
EAP-Message = 0x0202000f015456505c703734303038
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 169 to 10.112.250.68 port 1645
Session-Timeout = 3600
EAP-Message = 0x010300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
Finished request 16.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=170,
length=332
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xbf6cb6e421103d910c3c82c82f88bd5f
EAP-Message =
0x0203005019800000004616030100410100003d030149bf739e913e31e053095a9e843be3c58f034a298848371dd1c09614cd391e4f00001600040005000a000900640062000300060013001200630100
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e0dcdd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 80
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 70
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0041], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 08f1], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate
A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 170 to 10.112.250.68 port 1645
EAP-Message =
0x0104040019c00000092e160301002a02000026030149bf739fccc26f0bff62d4adf8845c4e97faa5044de6a40cbc6a3d141df295460000040016030108f10b0008ed0008ea0003dd308203d9308202c1a003020102020101300d06092a864886f70d01010405003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b7261
EAP-Message =
0x6b6f7720574c414e20436572746966696361746520417574686f72697479301e170d3039303331333139343734305a170d3134303331323139343734305a308194310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b6131243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f776965312330210603550403131a4f545456204b72616b6f7720436f72706f7261746520574c414e3125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c30820122300d06092a864886f70d01010105000382010f003082010a0282010100cb94763022b3c6
EAP-Message =
0xc8fb624f88051de436ab68daa6337e9651681c041774298017c975951b69af0db156d36f5c89a9aca1e3cfc2ed94a401cab977f773d777545d93e1b89a147293fc007c7f430b32a6571dad42780cf2f10ba8426d3564a3e0ac7a4fe6fb8ab29b198d981527b711511d68ce781506c1de95a73416bf6190d1f1e9a8e966c3b9c6ed255ca425b584d1e5c56bebc7018c572dfb4807a06fce838f7955e6738e63a8f77fff1705d0586873c889371c760f8c7c7d7ddea44d55787aa2d9cae6ec758593b7cf786ee273a8e1c26787c3b079d5004eba727138b0a2e63204150371128539a5929c6608d9dcd150d7f0e131630bf16cdd197ffabe3ac902030100
EAP-Message =
0x01a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101000b78e764dbef55bf1619d6370342300e3984fe95e776c2b83da4cfb70708291d4dcff3d4e1d57bcb204425f061d9f8c93f508709f62f962379102657d97cf57bb6f27b71dd0113a1bc58300bdcbb2b604e91dec6c4ae6dc355667cf3f8ceb69bd835aa6f0f1ca19c9e86c02931ce858cdae616bae2ba8c3f124a27fe9dba81b9b9feae14c185cbf0f370db636d0e49391b74d11599571534ffdab883f5dd353cb4dbff78b08afe50ae2c60030ba4bf860086fe96d647c3d4979628648a96719bcab70fcc0063fb84d94d01dddf1106
EAP-Message = 0x28079b2e590993d13d8ea1c9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
Finished request 17.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=171,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x5bd29e753b5b6c6911fe48ea4d2bfa97
EAP-Message = 0x020400061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e1dbdd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 171 to 10.112.250.68 port 1645
EAP-Message =
0x010503fc1940dcb923e62a2c202cfbf4bf2957a0548cc6ec8748575710b3fde68ed8407dec549008d4ff9100050730820503308203eba003020102020900fb9bbf04976fd24f300d06092a864886f70d01010505003081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361
EAP-Message =
0x746520417574686f72697479301e170d3039303331333139343731375a170d3134303331323139343731375a3081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e20436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02
EAP-Message =
0x82010100a7709bd94da4f418d294a64b97237ced1d2a387c1b04f71cbfb83ad4e7e836434ab03803591d4b910416e220f828edb45c88c19388a18f18b8d2d13c05b2def935c933530d5c3ebdd1f7b1e52a152e57363666a1570917729d557238fb6f0966deca221b616db9b233b0481c25594fb3905ecd3fa84d9e613f17fda120c6a5ce6c84333808d6f6563343d8e8e9f09e716a1150826ce597bd5bb68fe183e2930c6e73d9b5c7bc24073966d167ecd43a40434a932b734215b59c62d9d73d55fe83f805fcfa3457419a8c791fa97a341da0e4f8ba686a6fbd444b003282eccbac2736ac1064cc0a2004a49039542a2eedd3ce9030a9e678f813a9
EAP-Message =
0x46a655822310830203010001a382011a30820116301d0603551d0e04160414202b154eae3366bb57fcef4354931344ad46ebc63081e60603551d230481de3081db8014202b154eae3366bb57fcef4354931344ad46ebc6a181b7a481b43081b1310b300906035504061302504c311330110603550408130a4d616c6f706f6c736b61310f300d060355040713064b72616b6f7731243022060355040a131b54565020532e412e204f64647a69616c2077204b72616b6f7769653125302306092a864886f70d0109011616696e666f726d6174796b615f6b7261407476702e706c312f302d060355040313264f545456204b72616b6f7720574c414e2043
EAP-Message = 0x6572746966696361
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
Finished request 18.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=172,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x899989aaeffc2cf16fbb292d1c60c2d1
EAP-Message = 0x020500061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e2dadd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 172 to 10.112.250.68 port 1645
EAP-Message =
0x010601481900746520417574686f72697479820900fb9bbf04976fd24f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010034c4ad48839646c827f9c305dd3c0022d2aac1eb9b851a49641e1ed21bbf7830e81f1b68250406be4f0ad10fda8485b962909964f37108f512aba53c499f87e792b38f96ec6821391c416b1f4b8180124d97593e74868f5dffbfb7df0b7f0ba29edfc0a8874de412a43ece2f1a923d8b81a4bcecb776bd481b325c7ed74a13a94bee5b7100aab8f5b37cac048ef2bd1f0d2fca70aa6c445b1fd02b55ad2516981cd1ff0b4116a1e160ace99750ee8621609ec7074d74fbbe050b2aa6e9d3
EAP-Message =
0xb8cfed563ce6e451ca10eb24f4fdc853710c798e9bd95e9e744d4558ffb0ebbff1c8ca152d4a408663ffdd8bae920b174f56d59fab227ac3fae92494122b4455a67816030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
Finished request 19.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=173,
length=574
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x8cfa2e92c1c9550959ecb56811542921
EAP-Message =
0x02060140198000000136160301010610000102010057de7fce03ef2b8da4e5b4a105a4938396646061d6bf4486715999c867fc99da6069907e919d977bfac45d0d866bed53b3c13df4acc7dbcf1f7de7e8e57c93656969653b30d7e96f85a8e4122e1997a86e43cfd9039e445be035d2434f9ad1f44261415ccd9c125d686ba6de81672a600dae2d4a067bc8198ea5e9a5055e0fc2f2e605e29c39af8e97ee074e666b9bdc52166efbc09204d164498d78ae57083eed44122760b6eb502fc7d24ea6184b9cf0d7a61b180116f437ce830d8df884ac7f2cda98c7ba4f234a5f160935eed729268888b8c83c23b360886bcfe0653fb9ced420787dd421ea
EAP-Message =
0x841df0bb7038200cdf994122a71503bf9e1794d4f88ea851140301000101160301002040d928941d205e02f0ac96dd252e0e9e806618aff68a50fd862e43bed90802a6
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e3d9dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 6 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 310
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 173 to 10.112.250.68 port 1645
EAP-Message =
0x0107003119001403010001011603010020acaa165528e5d93a321a708cf754e35cca549e7643dfef26ac19d55ccbeb412c
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
Finished request 20.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=174,
length=258
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0xa7fab4ed557ac954fe15e673b18d8597
EAP-Message = 0x020700061900
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e4d8dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 7 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 174 to 10.112.250.68 port 1645
EAP-Message =
0x010800201900170301001566c7f1fc2634b5b865e8288393a6cbc7af0a1d9880
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
Finished request 21.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=175,
length=290
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x87b7cd805492d90012ee6fe3840fbe74
EAP-Message =
0x020800261900170301001b8c1f3e834415347b60d0401abab425d2419ebc2ca5a39c71617b70
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e5d7dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 38
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - XXXXXXXX\XXXXXXXX
[peap] Got tunneled request
EAP-Message = 0x0208000f015456505c703734303038
server {
PEAP: Got tunneled identity of XXXXXXXX\XXXXXXXX
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message = 0x0208000f015456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 15
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010900241a0109001f10ebc5d28109e59877ad0eb6e5ed998a3a5456505c703734303038
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0702199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 175 to 10.112.250.68 port 1645
EAP-Message =
0x0109003b19001703010030d6bbeeb624eae82978780dceba30ccf11d56eb19b12b72bef613865766c35f15dfe3a9861a6227996556d195699cfb17
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
Finished request 22.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.112.250.68 port 1645, id=176,
length=344
User-Name = "XXXXXXXX\\XXXXXXXX"
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
Message-Authenticator = 0x34211457b4aa30443e0504e440f2edaf
EAP-Message =
0x0209005c1900170301005119ca998b681a059cc2e26e22eb36b08ee9a8122b45113dc28fac5da0ff4cabccdfa8310120f9c7e9f836c48018cabcf1ac6a50aa7080793c5cd352ea5939b1ce08ba92b090626e199f46b847df9c026bfd
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
State = 0xe0dfc443e6d6dd5bdcf2e1539bf5f4d5
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 9 length 92
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
server {
PEAP: Setting User-Name to XXXXXXXX\XXXXXXXX
Sending tunneled request
EAP-Message =
0x020900451a0209004031d57addd65a1fd2c4f3ca6a5cb544c0270000000000000000c6bf5111c616439e7175f41b9924336435d4d9446152b20c005456505c703734303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "XXXXXXXX\\XXXXXXXX"
State = 0x070b039c0702199a3e8b7d3fe7983ece
Framed-MTU = 1400
Called-Station-Id = "0024.148d.8271"
Calling-Station-Id = "001c.bf4a.53f8"
Cisco-AVPair = "ssid=XXXXXXXX"
WISPr-Location-Name = "XXXXXXXX"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 3474
NAS-Port-Id = "3474"
NAS-IP-Address = 10.112.250.68
NAS-Identifier = "XXXXXXXX"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "XXXXXXXX\XXXXXXXX", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 9 length 69
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 213
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for XXXXXXXX with NT-Password
[mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=XXXXXXXX
[mschap] expand: --username=%{mschap:User-Name} -> --username=XXXXXXXX
[mschap] mschap2: eb
[mschap]
expand: --challenge=%{mschap:Challenge:-00} -> --challenge=ba92db7b369561bd
[mschap]
expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=c6bf5111c616439e7175f41b9924336435d4d9446152b20c
Exec-Program output: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program-Wait: plaintext: NT_KEY: 39E301D7C5784FF05A264D7627CE81FB
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled reply RADIUS code 11
Session-Timeout = 3600
EAP-Message =
0x010a00331a0309002e533d35363744444133313030464533303236383636343737433830413935373733304642353544303938
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x070b039c0601199a3e8b7d3fe7983ece
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 176 to 10.112.250.68 port 1645
EAP-Message =
0x010a004a1900170301003f01156130446ebb52b406e3df036bca41381aa01ab7af3b1de37099bc1e1e348cf7745608f1e03fd226d5e92f44622ca20a02c09289e4fb9aa04f9211b285cc
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe0dfc443e7d5dd5bdcf2e1539bf5f4d5
Finished request 23.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 16 ID 169 with timestamp +67
Cleaning up request 17 ID 170 with timestamp +67
Cleaning up request 18 ID 171 with timestamp +67
Cleaning up request 19 ID 172 with timestamp +67
Cleaning up request 20 ID 173 with timestamp +67
Cleaning up request 21 ID 174 with timestamp +67
Cleaning up request 22 ID 175 with timestamp +67
Cleaning up request 23 ID 176 with timestamp +67
Ready to process requests.
Any ideas?
Thanks in advance,
Mateusz
2
2
Hello, all.
It's a question to all members of freeradius community :) I'm going to use
freeradius in my billing system. That's why i'd like to know, what is the
maximum loading on the freeradius-server (average number of online users
during the day, total number of users, interval of alive packets etc.).
Maybe there is some tests of freeradius's perfornance or maybe someone is
using freeradius in his billing system... It would be very interesting for
all members of community.
Thanks beforehand.
6
10
Please link me to a resources on how to make FreeRadius to work with postgreSQL on Ubuntu 8.04 LTS?
5
5
I want to make it so that users who use eap-peapv0 have to be in the
wireless group to logon. I have this set in the users file:
DEFAULT Called-Station-Id =~ "CCISD-REMC1", Group != "wireless",
Auth-Type := Reject
This works great buuut I have successfully setup eap-tls. What is the
appropriate way to continue to limit users to be in the wireless group
to connect?
I have the common name of the certificate set to the users login so if a
user logs in with the username "josh" then that is the common name of
the certificate. Will Freeradius use this same username to check against
the wireless group?
I dont want to break eap-tls with the above DEFAULT statement. Any
advice would be appreciated.
Thanks for your time!!! -Josh
2
1
Hi,
I have used an outside certificate authority and have few clients that
have the certicifates' subject similar to:
E = user-name(a)domain.tld
CN = Some-constant-text
CN is constant on all certificates.
Freeradius gets the User-name attribute set to CN.
Any way to substitute the User-name attribute with the email?
Or have it al least logged with other attributes in detailed log?
Cheers,
Piotr Janusz.
2
1
Hello again
Following up on the previous thread, I am looking for a possibility to
assign different DNS servers and DNS suffixes to clients based on the
Unix group they are in.
I have found the MS-Primary-DNS-Server and MS-Secondary-DNS-Server
attribute, which I assume will control the client's DNS server
assignment, but I can't make out which attribute might contain the DNS
suffix the client will get sent. Is there any?
kind regards
Markus
2
1
I configured what I thought were two identical FreeRadus 2.1.3 servers.
I'm attempting to do MS-CHAP2 authentication on both, one is working, the
other is not. For the life of me I can't find any difference in their
configuration.
On my client, I switch the host name between the two servers, everything
else stays the same. One works, one fails, and I don't know why. Below is
the debug output for both the failure and success. PAP authentication
works fine on both with the same id. What the heck have I missed?
This is the one that fails:
rad_recv: Access-Request packet from host 192.168.2.15 port 2357, id=26,
length=127
NAS-Identifier = "test-cam1"
NAS-IP-Address = 192.168.2.15
MS-CHAP-Challenge = 0xbd4261d677c0d793ee781d7a032218df
MS-CHAP2-Response =
0xa300ac9567587df3e83b3799dc49a53f433000000000000000007e0e6320a093349fbd0afc94436ed32e1258e26c5463147b
User-Name = "test26"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "test26", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for test26 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Failed to authenticate the user.
Login incorrect: [test26] (from client 192.168.2.15 port 0)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test26
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 26 to 192.168.2.15 port 2357
Waking up in 4.9 seconds.
Cleaning up request 7 ID 26 with timestamp +1885
Ready to process requests.
This one works:
rad_recv: Access-Request packet from host 192.168.2.15 port 2358, id=115,
length=127
NAS-Identifier = "test-cam1"
NAS-IP-Address = 192.168.2.15
MS-CHAP-Challenge = 0xfdd0ccd7059225f80093cea2929eb415
MS-CHAP2-Response =
0x780017ff811e7761fc6bd332fb45f4f6b3f50000000000000000b6834efb6626804caf2aa055c5a157851e9bc927698cf23f
User-Name = "test26"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
[mschap] Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
++[mschap] returns ok
[suffix] No '@' in User-Name = "test26", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 5
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = MSCHAP
+- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for test26 with NT-Password
[mschap] expand: --username=%{mschap:User-Name:-None} ->
--username=test26
[mschap] No NT-Domain was found in the User-Name.
[mschap] expand: --domain=%{mschap:NT-Domain:-ap1} -> --domain=ap1
[mschap] mschap2: fd
[mschap] expand: --challenge=%{mschap:Challenge:-00} ->
--challenge=cc26ba941d6d9678
[mschap] expand: --nt-response=%{mschap:NT-Response:-00} ->
--nt-response=b6834efb6626804caf2aa055c5a157851e9bc927698cf23f
Exec-Program output: NT_KEY: D3D489B13ACA7C5E93887C212EFCCB0B
Exec-Program-Wait: plaintext: NT_KEY: D3D489B13ACA7C5E93887C212EFCCB0B
Exec-Program: returned: 0
++[mschap] returns ok
Login OK: [test26] (from client 192.168.2.15 port 0)
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 115 to 192.168.2.15 port 2358
MS-CHAP2-Success =
0x78533d41453631324635393130344535373132364133414234374339463844443541453538384142453943
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 5 ID 115 with timestamp +1773
Ready to process requests.
-Mike
2
1
16 Mar '09
Hi,
When Post-Auth-Type REJECT is executed I need to insert two or more
rows into a SQL data base.
here is what I have at present
sites-enabled/default
Post-Auth-Type REJECT {
sql
}
sql.conf -> sql/mysql/dialup.conf
postauth_query = "INSERT INTO ${authcheck_table} VALUES
(NULL,'%{User-Name}','Password', '==',
'%{User-Password:-Chap-Password}');"
postauth_query = "INSERT INTO ${usergroup_table} values
('%{User-Name}','Dynamic','');"
The FIRST insert runs, but the second one doesn't.
mucho thanks in advance
6
8
Hi all.
This is probably a silly question but i can't solve it by myself. I
have a couple of WLANS (Proxim AP4000), works great with FR but im
having some accounting trouble (guessing), i get a lot of these in my
log:
Mon Mar 16 14:01:43 2009 : Error: rlm_radutmp: Logout entry for NAS
wlan-serverummet port 9 has wrong ID
Mon Mar 16 14:02:46 2009 : Error: rlm_radutmp: Logout entry for NAS
wlan-konferens port 9 has wrong ID
Mon Mar 16 14:02:47 2009 : Error: rlm_radutmp: Logout entry for NAS
wlan-access-happy port 9 has wrong ID
Mon Mar 16 14:03:02 2009 : Error: rlm_radutmp: Logout entry for NAS
wlan-konferens port 9 has wrong ID
One of my clients in client.conf
client 10.0.4.190 {
secret = xxxxx
shortname = wlan-xxxx
nastype = other # localhost isn't usually a NAS...
}
I tripplechecked the shared secret.
The authentication works, clients can connect.
What does rlm_radutmp do? Could i turn it off in my config (what would
happened)?
Should i specify different NAS-PORTS for each NAS-server? I feels like
this is the problem but i can't find any info on how to do this. I
glanced att the huntgroups-file but that doesn't feel like the place
to solve this. I have googled for this problem but haven't found
anything.
OR - could it just be that Proxim AP4000 is not handling these logouts
correctly, a hardware problem?
Regards
p
2
1