Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
July 2009
- 146 participants
- 237 discussions
Hi list,
Looking for some pointers if this is possible and to some documentation
on howto if it is.
I have EAP-PEAP working and would like a second layer of security by
locking access to only allowed MAC addresses. Ideally a file containing
a MAC address on each line. If the MAC address is in the file then allow
it to connect (providing the authentication is also correct) but if the
MAC address isn't in the file then deny access regardless of authentication.
Thanks
Steve
--
Steven Carr
Systems Development Officer
SLS/ITS/Systems - (0191) 515 3953
1
0
Hi all,
I am newbie trying to make freeradius work with mysql and daloradius.
First my system info:
===================
OS: CentOS 5.3
mysql: 5.0.45 came with CentOS installation
freeRadius: version freeradius2-2.1.6-2 (tried to install via yum but
yum rejected telling that package is not signed so I went to rpm
installation method, which worked fine
daloRadius: version daloradius-0.9-8
I used the schema from daloradius : fr2-mysql-daloradius-and-freeradius.sql
====================
Tested freeradius in debug mode and went fine.
Now there are few things which is not clear to me is:
what conf files I need to modify?
What I understand is if I am using user information in mysql database,
I don't need to touch "users" right?
This is what I did:
changed the "sql.conf" to change the user, password and db settings
plus made "readclients = yes"
and modified the "sites-enabled/default" file and unchecked the sql
sections in authorize, session and post-auth
now when I try to start the radiusd -X, it won't start with following
Error message
====================
/etc/raddb/sites-enabled/default[161]: Failed to find module "sql".
/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section.
Errors initializing modules
====================
I check the modules directory and didn't find anything called "sql"
At this point I don't know what I am doing. I am following a tutorial.
So what is this sites-enabled thing is all about? plus
What am I missing?
Any suggestion highly appreciated
==============================
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==============================
5
11
I've now enabled ntdomain in sites-available/inner-tunnel and
after that modification, authorization of Vista user succeeded.
Thank you very much.
I would to like to add MAC address authorization. For this purpose
I've added MAC address to users file like this:
oreshkin Cleartext-Password := "some_password", Calling-Station-Id ==
"00-16-EA-8A-DE-38"
However authorization failed, the result of /usr/local/sbin/radiusd -fX
is provided below.
---------------------------------
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=0, length=235
Message-Authenticator = 0xab90b4e8f45b2157028e895bf7f9ffdc
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.14.240 port 1072
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841cd95ccb36bc9cf89bd12b63
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=1, length=359
Message-Authenticator = 0xe9dc83dc1457486ee19d0330fcb4e25e
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841cd95ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201008419800000007a16030100750100007103014a5b3da7091178c5ce612e30c36477888f6351b2a4ec4d31d47d537d05a18634000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.14.240 port 1072
EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b3d483bb3aa596d4ba334157d9f6cdf6639eaf9a88abe2eb765ab6255c24a00002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51
EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29
EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204
EAP-Message = 0x973082037fa0030201020201
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841dda5ccb36bc9cf89bd12b63
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=2, length=233
Message-Authenticator = 0x6e4c448152aff4fd62c9fa4cb4908f2c
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841dda5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.14.240 port 1072
EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577
EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1
EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975
EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa
EAP-Message = 0xde231ca42761b9ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841edb5ccb36bc9cf89bd12b63
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=3, length=233
Message-Authenticator = 0x80e476011f2a99d8957c70f5b74469e6
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841edb5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.14.240 port 1072
EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841fdc5ccb36bc9cf89bd12b63
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=4, length=565
Message-Authenticator = 0x772a2a7cde5ab90adf1339ea4504e5a4
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841fdc5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0204015019800000014616030101061000010201007e0ad7dd41a084eb878c4e68afb68bf014a9f7c1f3e239845a2d3c683d0e0768d016e78891c09881ee0d7a8e7ce2c36d2eb9bc120fa3f3f00e461919d881829dd800ee1056bcb575feb18dcaa3c737fe5d8dad26192d39ae4b2db88d753420e750780d180f65253a3e72a72e54aeedd754966ed6727bbfb7ea1d07b5e63b5b96477f2ade51a4b385bbf7cf60eb3ea4f2fdddd13d595230ac701c5995c3097270174cbbf06f73b892f450df27c09267dd250fa560e2e09fef12a49588199615e49944cdbc198e99c327b6366201bd2604f6754d8558edb48d38e1becdcdd34da54fb942d5467276a2
EAP-Message = 0x979f449ded68c732c69107cb0cc5831df7865a7b971f99c91403010001011603010030448cc2e576a615f1026d6e6ca6882439eb3bbfe1802a7c536aae7e8a58dd488073b99646cf5ff348715aff4d7636efff
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.14.240 port 1072
EAP-Message = 0x01050041190014030100010116030100309b044cc51fa4953a63d076b0bf983a8da597f4a0c74479ca71ebd2d725e0a9175492362068f5b0af5ac669b952d43946
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd8458418dd5ccb36bc9cf89bd12b63
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=5, length=233
Message-Authenticator = 0x368d297a7de5efd4ecf20c5609bdeec9
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd8458418dd5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020500061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.14.240 port 1072
EAP-Message = 0x0106002b19001703010020c6fb5d7268ec78ef1f9d3671de356278fd67065c9cf012d0c1de36c6afbd70b4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd8458419de5ccb36bc9cf89bd12b63
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=6, length=286
Message-Authenticator = 0x550e2114fae741954504321d47da07bd
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd8458419de5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206003b19001703010030805ecc8cfaac3addedb0a50794219e83a270716f48eeb8e60a0c3ab3fed53c5198b105fbb713b908f6f8d93e6d536622
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - csd-notebook\oreshkin
[peap] Got tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
server {
PEAP: Got tunneled identity of csd-notebook\oreshkin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin"
[ntdomain] Found realm "DEFAULT"
[ntdomain] Adding Stripped-User-Name = "oreshkin"
[ntdomain] Adding Realm = "DEFAULT"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 6 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107002f1a0107002a100251dc4f5cece54da2b8881378dd444c6373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86b209f786b51352b3578e7a38b869c7
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107002f1a0107002a100251dc4f5cece54da2b8881378dd444c6373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x86b209f786b51352b3578e7a38b869c7
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.14.240 port 1072
EAP-Message = 0x0107004b1900170301004026664765ea523fba2ed015d3248195d02b335d7579ca0921452aaa563aa2c3a3a50bb02aca55a3cb8db677961421a3580157bbdb57a56a1ac143c69282ad8133
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841adf5ccb36bc9cf89bd12b63
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=7, length=334
Message-Authenticator = 0x65f839b7d5eac06c3a75e2138584465b
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841adf5ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0207006b1900170301006009cf68bc35f1789bb629f7cc6d1dc521f8abe45174ee9ec287237f97a3bad789635c92bc033059ac8e946446e7e0b324748de27694f96a2bf214b2d76e6c826eda7b897c26ed974ed4d2dd73c6c6058942661082dbb9d5a4388f32a96d14348c
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700431a0207003e31543b42e36c388e9b55a8ddbfeb34b90a0000000000000000e406ca6b04ef491b2ef4d0b1d86507ad62c94c09492ed747006f726573686b696e
server {
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x020700431a0207003e31543b42e36c388e9b55a8ddbfeb34b90a0000000000000000e406ca6b04ef491b2ef4d0b1d86507ad62c94c09492ed747006f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
State = 0x86b209f786b51352b3578e7a38b869c7
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[ntdomain] Looking up realm "csd-notebook" for User-Name = "csd-notebook\oreshkin"
[ntdomain] Found realm "DEFAULT"
[ntdomain] Adding Stripped-User-Name = "oreshkin"
[ntdomain] Adding Realm = "DEFAULT"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[control] returns ok
[eap] EAP packet type response id 7 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.14.240 port 1072
EAP-Message = 0x0108002b19001703010020f53ff8fc7bf5c304bfca89826b65c7d28c735a30e86689c6af72a02d870916b7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1cd845841bd05ccb36bc9cf89bd12b63
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 1072, id=8, length=270
Message-Authenticator = 0xd5b9303bee9ed637d8fa83cd14602a75
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0x1cd845841bd05ccb36bc9cf89bd12b63
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002b1900170301002054077a731a80335cfc0c20507b5d608c8d3c489203490c87691ccfdcda252bd5
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 8 to 192.168.14.240 port 1072
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
------------------------------------------
What's wrong ? Is there any other ways of performing such authorization ?
Thanks.
On Mon, 13 Jul 2009, Ivan Kalik wrote:
> Date: Mon, 13 Jul 2009 12:08:42 +0100 (BST)
> From: Ivan Kalik <tnt(a)kalik.net>
> To: Anatoly Oreshkin <Anatoly.Oreshkin(a)pnpi.spb.ru>
> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
>
>>
>> I've configured realm DEFAULT in proxy.conf again:
>>
>> realm DEFAULT {
>> type = radius
>> authhost = LOCAL
>> accthost = LOCAL
>> }
>>
>> and deleted realm csd-notebook because csd-notebook is notebook name
>> rather than domain name.
>>
>> Also I 've disabled suffix in sites-available/inner-tunnel
>
> But didn't enable ntdomain there (you have enabled it in default virtual
> server).
>
> On the other hand, if you configure XP supplicant properly (ie. not to
> send Windows logon name) you won't need any of this.
>
> Ivan Kalik
> Kalik Informatika ISP
>
1
0
In FC-4 with radius version 0.9 it is working properly. now it is time to upgrade.
in FC-10
Even after making it 720 sec, it is not working. :-(
--- On Mon, 7/13/09, Ivan Kalik <tnt(a)kalik.net> wrote:
From: Ivan Kalik <tnt(a)kalik.net>
Subject: Re: Acct-Interim-Interval not working.
To: "FreeRadius users mailing list" <freeradius-users(a)lists.freeradius.org>
Date: Monday, July 13, 2009, 4:43 PM
> I have freeradius version 2.1.1-7 running on fedora core 10. with mysql
> and rp-pppoe.
>
> I am getting log entry in radacct table when i connect thro' pppoe dialer.
> and it updates stoptime, input-octets, output-octets when i disconnect.
>
> but during live session it is not updating acct-input/ouput-octets and
> session time on every 60 sec.
>
> what should i change/look into to resolv this issue?. please help.
The penguin. Does it know what updates are? Does it have a minimum
acceptable value for that attribute (60 is quite low)?
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1
0
Hi,
I have freeradius version 2.1.1-7 running on fedora core 10. with mysql and rp-pppoe.
In table radgroupreply
1
DEFAULT
Service-Type
==
Framed-User
2
DEFAULT
Framed-Protocol
=
PPP
3
DEFAULT
Acct-Interim-Interval
=
60
4
DEFAULT
NAS-Port-Type
=
15
5
DEFAULT
Acct-Status-Type
=
Interim-Update
I am getting log entry in radacct table when i connect thro' pppoe dialer. and it updates stoptime, input-octets, output-octets when i disconnect.
but during live session it is not updating acct-input/ouput-octets and session time on every 60 sec.
what should i change/look into to resolv this issue?. please help.
Thanks and regards,
Nirmal Patel | Mumbai
2
1
I've configured realm DEFAULT in proxy.conf again:
realm DEFAULT {
type = radius
authhost = LOCAL
accthost = LOCAL
}
and deleted realm csd-notebook because csd-notebook is notebook name
rather than domain name.
Also I 've disabled suffix in sites-available/inner-tunnel
However the authorization failed.
Users file is as follows:
oreshkin Cleartext-Password := "some_password"
The output of /usr/local/sbin/radiusd -fX see below
----------------------------------------------
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=0, length=235
Message-Authenticator = 0xc7b72f8f44b9019d1e6596594bee47ce
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.14.240 port 4644
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=1, length=359
Message-Authenticator = 0x4291c54604eda73b733a699e7063b775
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e5d7e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b22bd585bc9fb874faddead5575b817db8addcd1c81e00b2c281afb9c1000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.14.240 port 4644
EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b0451d55d4a1629bfbae5b8a3ed01eaf71a929de6299ea93781a8bce6f9b700002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51
EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29
EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204
EAP-Message = 0x973082037fa0030201020201
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=2, length=233
Message-Authenticator = 0x9eb9f47a1942a94307aff7182503f53e
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e4d4e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.14.240 port 4644
EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577
EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1
EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975
EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa
EAP-Message = 0xde231ca42761b9ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=3, length=233
Message-Authenticator = 0xd5ba7ca4e10b42c6e58c221070724350
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e7d5e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.14.240 port 4644
EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=4, length=565
Message-Authenticator = 0xa2a61477a53b60b658354bcf5a5dd1d2
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e6d2e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0204015019800000014616030101061000010201006dc028926cb1603933da4f210b3255d7a12d0ae72ee0811c273846a08724f231a18f3234e3a0dc4ec9b97a5baeef3b94e574590d44c9d06362bd891a4971ee8a6882588dc9f20864932bc353adfe3593775356e1606cd69d4dc645a4209ea24ab9ea0fc1d6d3b5f5ba9f26b0f9cda2769cf5f2c7b5ecac183e4c12d94a3faf17193ba155c5f04e9180674473120fc12baca8a23d23f5f5207aee91dabba4848ad63c6097e91a75d253e656e3a1cd798caeff7ec76c936cc032a2e6db5efb79fb16f6577323039643289ccd091cfccdd2a48f55fe4fc4b779c85c597de1244af6e8062792374383f8
EAP-Message = 0xee13454f13c06f49eca30911f9ed0d48533b39011022aee714030100010116030100301b63e8378975cda4e824697202ab6aa211661792844f1b666230910a68d6b56770e93c18625038edec24b5e6e64d1961
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.14.240 port 4644
EAP-Message = 0x010500411900140301000101160301003018a79818d8a3a008ef8e73a60a5d08280ba0ea795698935644d2fb8596e06b974a3f645bb4dc20a023403bc2dc50bd34
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=5, length=233
Message-Authenticator = 0xad23b6d52887e419b59bf9786ae1c5a7
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e1d3e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020500061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.14.240 port 4644
EAP-Message = 0x0106002b19001703010020bdd18c77fc0f277e30704f01adb57a6b05d27093451ea712885b3b88a4ebf50b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815
Finished request 5.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=6, length=286
Message-Authenticator = 0xc85239940218f11c33907f886e24d8a4
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e0d0e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206003b19001703010030f1d0da27fcb26de2e167c397e95a6d85e67407f10a14d668ff1e99b2412e5755d3cede615b2248e760e3735a49ac2cbc
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - csd-notebook\oreshkin
[peap] Got tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
server {
PEAP: Got tunneled identity of csd-notebook\oreshkin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 6 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25d25b2625d541006018ba988c44b193
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107002f1a0107002a101349bdaaaaafb0f149a6ffffc555a9936373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x25d25b2625d541006018ba988c44b193
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.14.240 port 4644
EAP-Message = 0x0107004b19001703010040fbe95e817667101c89d2412ecd203190dac86403936911f6272afdd47ba71bd6c25e35d72c87d2fad10875f9be2cc13e0624b276bcdad6957fd87178a7360bf7
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=7, length=334
Message-Authenticator = 0x2d76e9d19d4ac72f118f8ca7901ed8ef
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e3d1e4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0207006b190017030100607c2da2c02f50b65226c6daf7da0b7319fb3cc73466aaf89c4f7d2f64f2af18bfe61540b809390fbf8b2f803aa6e39d7c0ceac7b04f9c12a420fd41f49b344d3801d16774aa3712feec81441cec6bb69ecf1029e4a98e077cd2cb4e191efd5cf8
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e
server {
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x020700431a0207003e3113ab0a37dbe447b4e2a1c9678b28ea6e0000000000000000c2a3d793f1c46fd7c1ac8798b529a3910c940bc0e06c6b1b006f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
State = 0x25d25b2625d541006018ba988c44b193
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 7 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.14.240 port 4644
EAP-Message = 0x0108002b19001703010020e115ecd70a889350618f29e8f4a572cd7c64594ae44e91e6055f135741eaecaa
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xe5d6fd38e2dee4a1475d0e8cf897c815
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4644, id=8, length=270
Message-Authenticator = 0xecdae1b55152a8a2ef087d9bd8a66196
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xe5d6fd38e2dee4a1475d0e8cf897c815
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002b1900170301002052aa1efefa6381f26fd8b080dbca42aec420f9ecdd25202ae99be921f5c87946
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 8 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 8
Sending Access-Reject of id 8 to 192.168.14.240 port 4644
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=0, length=235
Message-Authenticator = 0x82ce06670e9708994657db6e99797f0f
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001a016373642d6e6f7465626f6f6b5c6f726573686b696e
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 0 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 159
[files] users: Matched entry DEFAULT at line 178
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.14.240 port 4645
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
EAP-Message = 0x010100061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d4d40aa04898feef3a314aec
Finished request 9.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=1, length=359
Message-Authenticator = 0xdfc6e3ae05b7b29a3804a7ceb87aa21a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d4d40aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0201008419800000007a16030100750100007103014a5b04b7104b1f57bc93e28b85523b677cdf26bdc4b525bf8d2dbd576305c308000018002f00350005000ac009c00ac013c0140032003800130004010000300000001a00180000156373642d6e6f7465626f6f6b5c6f726573686b696e000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 132
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 122
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0075], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 084e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.14.240 port 4645
EAP-Message = 0x0102040019c00000088b160301002a0200002603014a5b045614a6324f3c131733e1656d36c7cdc05d3e7efc26f0dafe308a3e167100002f00160301084e0b00084a0008470003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3039303632353038343934325a170d3130303632353038343934325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100afa137c1faa18184c11783fd931dbf08e3b3aab700e05e2d16471c85e470302c6d9db3068b833e463ff3cdaa6b2140447d2b7d151704863ad7439873ea51
EAP-Message = 0xe98c8abecfdd6268e021a8a17fb6966857f052859cef7a6bdcec12d2127ab2bc72c2b785a25f33c61aec0ff80079a53fb35cdbaebbfa29de9b24841a9a6c46a08073d66b09f3149fc840696c56ef61943d5e2679be18fc2733a012e261b9e9e6ae20c7ba01e2c6e4bfb3ce39325000bc51a2230319e4f8b16bffa46deb80631149f3e97333105b307b101958e9b83407c4398deb9cb32f7c23bdba70c091e79258f0c191edd239290beb26d0aaa8adf6f5ece5f633aef45ef0d4fea2c52b56fc39110203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100973882c5663e2d6b29
EAP-Message = 0xf37acb064274e515f88c05490e81fcb594b8678a665ae9d17134a3e3fdb2df801547f84071730fa696eef58f5c1d73841e52aa2c9a4074cf288ef7158e4f3ae68db182c1798f3da6d86bda0a8a9c54de39f2d94d3e0687a8fa46faedcd36bcc64fd9f2cd74055682782684f674d377c0e2457f5ad4efa4ec460c7527c80769a270128e0a6d12cb79d0bb12fe0a1bb81f6c20b98873ac6718cd0d02ebb7de1cdd720360252cc736c2e84bfe1c87a695dcb7e2b4d982f0736305017d65ec72506bed1578f806479bedc2b5bfa83f0e15ccc03bbe908e734351e5843806e9dcb659b98056909aeed953e9e24d7e0e1f8163deb5f4f5076e5c00049b308204
EAP-Message = 0x973082037fa0030201020201
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d5d70aa04898feef3a314aec
Finished request 10.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=2, length=233
Message-Authenticator = 0xe9705077e183f8e0b2606d2a3c3c459a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d5d70aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020200061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.14.240 port 4645
EAP-Message = 0x010303fc194000300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303632353038343934325a170d3130303632353038343934325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d6577
EAP-Message = 0x6865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a056d1cfe5b95120cfb2ad67638c20cceb3feca1d22665f5d0379648340127cf5ffe26f48f46c04a1132b032d93b7f49417851f2e110fee7b457fbe2f99b47d3389b630dd2f78acf290b4ecb6d43466a19cb17063f1b2a1eefe1e6f34e1b0a20fa92fa17809a58e7120bc1a87db8865230df04775af5e1
EAP-Message = 0x16b46a471819383d8be674378c3d33bdc0a8d6686542a3ba1c32a97249786aea2c38a22a49992fcfaf54806b50415060a433e9dc013696f9c0240657098f46782b1d0536f691d9667f6c153a4d2982cb2f75a3a9ebfa4831caea445f4bff1ae6fe4ad8eec82213b2a20d02dd1b6cb2dc425698f21ede7c2917aa6f103749084b755046bb83a3746e2f0203010001a381f33081f0301d0603551d0e04160414d64b150fdb7f312ac6c3982680da07466046ab9f3081c00603551d230481b83081b58014d64b150fdb7f312ac6c3982680da07466046ab9fa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975
EAP-Message = 0x733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d010104050003820101008d3084a08170518ab145f6969d1e61d2a228d5ffa21a60c154ab30774674df42fb32f5a22dad55d75ef2c7f44c93bb3e52c92763901b1299530780e1f195a85ccbbd78d8b527b3263bfa340a459ac472b90360b4408e11c10e81afbc325c10ec91fa
EAP-Message = 0xde231ca42761b9ba
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d6d60aa04898feef3a314aec
Finished request 11.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=3, length=233
Message-Authenticator = 0x1e2ff4b489a4de159827aab639bd6890
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d6d60aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.14.240 port 4645
EAP-Message = 0x010400a51900504fbacfc37f212076882bd7b098391319a08e59fc4d3dee5493579716c999ee20be7eed64f3b465e8ff5b718e9751b2c4ca5d1cd6700ccf0341f6a270aed40707094b7b6c39c78c581fa330b26bfb74042202fde6398f0fa591d0e164f5980d197175a49c7b9769cebfa4eef1f5527383f230b4df20935fa3903e171a05d038c6effefc1bf76e95dd86d637a53fc8ae83bdc13ea56d16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d7d10aa04898feef3a314aec
Finished request 12.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=4, length=565
Message-Authenticator = 0xe0f7604deb4ffea48fad72630295746a
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d7d10aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02040150198000000146160301010610000102010040a0bbd21114460374ea847a8cfb452d4a76957a8bbe24215e8c7ef45558e784673cd14ffa782c9ec28d2396dfe1d68527fafa1488398c2659a3871717572c755762577cf4735a574e09bd839f3ef640d659fa63d343c3af3ddb936f044d553d748586a6ec3bc3e40567b7adfecb3d66f3c5f35d0adbf167dfa59c6aa80eee03d77a28027b2c79f6b3fa8726f1560af0662ba3cf48887af153a0a8b02b9a884ebd8e0d9ed03891b8aa38c80ca82130cad1bceffc26c009c8efc4afe6ccfbc02b8c046c5ae4148c808239cb717bdcddfa31b2fe53ba02663131314f14b2a165722f687aa151f71473
EAP-Message = 0xd666cd73db54137a1615b073781cb99cbc1eda54a289a91d1403010001011603010030dbec19a1707dbc6463870f29c6814ace6d586965b688ce398c1fd5f4e5d3ce007c9344b2b8d0099f13f6904b33a753e3
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.14.240 port 4645
EAP-Message = 0x0105004119001403010001011603010030c7541f4c6b1d38fe80f877cee878439df3d490a4efc2633091bc615343fc3839d5c7642f6591cc2f9879d62a1705f080
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d0d00aa04898feef3a314aec
Finished request 13.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=5, length=233
Message-Authenticator = 0x11eebe0d6cdaf85b60ca227fe26f9e84
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d0d00aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020500061900
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.14.240 port 4645
EAP-Message = 0x0106002b19001703010020eb441efea0fb1cfba98cf447d294850f6713eb7802f73c7c9509cf3225be6520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d1d30aa04898feef3a314aec
Finished request 14.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=6, length=286
Message-Authenticator = 0xc9779862b2bb4b963b789b4f1caff461
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d1d30aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0206003b19001703010030ee00f29c7e81a1b74d61b660b055be4853409b7d94398107e66e0077c86a9ef97c0cdcd6017a2742364a38cb761ae602
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 6 length 59
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - csd-notebook\oreshkin
[peap] Got tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
server {
PEAP: Got tunneled identity of csd-notebook\oreshkin
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x0206001a016373642d6e6f7465626f6f6b5c6f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 6 length 26
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafd8dd7aafdfc7b171389911d924f927
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x0107002f1a0107002a102cd45b6af0a1f7d81c120b577cf2f2786373642d6e6f7465626f6f6b5c6f726573686b696e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafd8dd7aafdfc7b171389911d924f927
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 6 to 192.168.14.240 port 4645
EAP-Message = 0x0107004b190017030100407cab0f0bf7be50c85590a26810487d488811ae73028ee037e8f69b61f505d7392fc41fde69904f28d019f676647ef8cf4ea3fbe981cc4c5f107482bb4273fe84
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d2d20aa04898feef3a314aec
Finished request 15.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=7, length=334
Message-Authenticator = 0x84f664bee88394ee0715e23758f1f5fa
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d2d20aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0207006b19001703010060886abf524a168b8fff75dec933bda3fd512fe4c2a9e429daa6fb69ec3aaa701fcdc25254ad1d301a7dd7c8489c5ecc5ca4dee27db7ef7f24a3849c163a9154f02c8361f7d3e6903ac465cc05f0d09d5aaa1441c1fd807508913321e88d6e37bf
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e
server {
PEAP: Setting User-Name to csd-notebook\oreshkin
Sending tunneled request
EAP-Message = 0x020700431a0207003e318450a1f8aa898e39afb2a151ccb8854b00000000000000004c32004e25b15ce4783eafe8f220005a911c0230901abf59006f726573686b696e
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "csd-notebook\\oreshkin"
State = 0xafd8dd7aafdfc7b171389911d924f927
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
++[control] returns notfound
[eap] EAP packet type response id 7 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 159
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for oreshkin with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\007E=691 R=1"
EAP-Message = 0x04070004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 7 to 192.168.14.240 port 4645
EAP-Message = 0x0108002b19001703010020ab648c0254fc31a1d201e50cec71b9b2ada1e22adbf6d28f3d43a98e1e8cafda
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd4d513f8d3dd0aa04898feef3a314aec
Finished request 16.
Going to the next request
rad_recv: Access-Request packet from host 192.168.14.240 port 4645, id=8, length=270
Message-Authenticator = 0xac3aecf22d6a5d03e4f588afbbb5e559
Service-Type = Framed-User
User-Name = "csd-notebook\\oreshkin"
Framed-MTU = 1488
State = 0xd4d513f8d3dd0aa04898feef3a314aec
Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
Calling-Station-Id = "00-16-EA-8A-DE-38"
NAS-Identifier = "3Com Access Point 7760"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0208002b19001703010020395ac391ddc6dff81a2db59e5d67b7c823bf07a6baaa24e022620012e56e4b22
NAS-IP-Address = 192.168.14.240
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "csd-notebook\oreshkin", looking up realm NULL
[suffix] Found realm "DEFAULT"
[suffix] Adding Stripped-User-Name = "csd-notebook\oreshkin"
[suffix] Adding Realm = "DEFAULT"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Had sent TLV failure. User was rejected earlier in this session.
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> csd-notebook\oreshkin
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 17 for 1 seconds
Going to the next request
Cleaning up request 0 ID 0 with timestamp +11
Cleaning up request 1 ID 1 with timestamp +11
Cleaning up request 2 ID 2 with timestamp +11
Cleaning up request 3 ID 3 with timestamp +11
Cleaning up request 4 ID 4 with timestamp +11
Cleaning up request 5 ID 5 with timestamp +11
Cleaning up request 6 ID 6 with timestamp +11
Cleaning up request 7 ID 7 with timestamp +11
Waking up in 0.8 seconds.
Sending delayed reject for request 17
Sending Access-Reject of id 8 to 192.168.14.240 port 4645
EAP-Message = 0x04080004
Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 0.1 seconds.
Cleaning up request 8 ID 8 with timestamp +11
Waking up in 3.8 seconds.
---------------------------------------------
What's wrong ? May be you would like to see my radius config files for
checking ?
Thanks.
On Fri, 10 Jul 2009, Ivan Kalik wrote:
> Date: Fri, 10 Jul 2009 18:10:12 +0100 (BST)
> From: Ivan Kalik <tnt(a)kalik.net>
> To: Anatoly Oreshkin <Anatoly.Oreshkin(a)pnpi.spb.ru>
> Subject: Re: FreeRadius 2.1.6 + EAP-PEAP issue
>
>> and added domain in proxy.conf
>>
>> realm csd-notebook {
>> type = radius
>> authhost = LOCAL
>> accthost = LOCAL
>> }
>>
>> All the same Vista client could not connect to WiFi network though radius
>> server sent Access-Accept. See output of /usr/local/sbin/radiusd -fX
>> below.
>
> Debug AP and see why Vista failed to connect.
>
>>
>> But csd-notebook is not domain name, it is a computer name which can be
>> random name. Also we do not use NTLM authorisation.
>> What way to choose ?
>
> Enable DEFAULT realm (and dsable suffix in inner-tunnel):
>
> realm DEFAULT {
> }
>
> That should ake care of any notebook name.
>
>>
>>
>> ----------------------------------------------------------------------
>> rad_recv: Access-Request packet from host 192.168.14.240 port 4177, id=20,
>> length=235
>> Message-Authenticator = 0x6754868faae917f8ecf1de1b88ffbbff
>> Service-Type = Framed-User
>> User-Name = "csd-notebook\\oreshkin"
>> Framed-MTU = 1488
>> Called-Station-Id = "00-18-6E-8F-73-40:200901azk71And"
>> Calling-Station-Id = "00-16-EA-8A-DE-38"
>> NAS-Identifier = "3Com Access Point 7760"
>> NAS-Port-Type = Wireless-802.11
>> Connect-Info = "CONNECT 54Mbps 802.11g"
>> EAP-Message = 0x0214001a016373642d6e6f7465626f6f6b5c6f726573686b696e
>> NAS-IP-Address = 192.168.14.240
>> NAS-Port = 1
>> NAS-Port-Id = "STA port # 1"
> ...
>> Sending Access-Accept of id 29 to 192.168.14.240 port 4177
>> MS-MPPE-Recv-Key =
>> 0xc12171c0071fd6f4098e5f68b570202b25bbc5d89f31d63e13645dd645e87a6d
>> MS-MPPE-Send-Key =
>> 0x5b383c69c087a07603a627033e58f4bf17fcf505f534f1c85117f22acf0d1ec3
>> EAP-Message = 0x031d0004
>> Message-Authenticator = 0x00000000000000000000000000000000
>> User-Name = "oreshkin"
>
> Connection problem might have to do with User-Name being altered. EAP
> *really* dislike that.
>
> Ivan Kalik
> Kalik Informatika ISP
>
2
1
Hi,
I have a user with "Max-All-Session" attribute set to 3600. When
trying to connect, server is rejecting the user with following error
===========
rlm_sql: Failed to create the pair: Invalid octet string "3600" for
attribute name "Max-All-Session"
rlm_sql (sql): Error getting data from database
[sql] SQL query error; rejecting user
...
...
...
=============
What is this error means and how to solve this?
Other related questions:
=====
1. What is the measurement value for "Max-All-Session"? Seconds?
2. I tried searching the wiki relating to this and found some
instructions about creating sqlcounter.conf at
http://wiki.freeradius.org/Rlm_sqlcounter. I am using current version
of freeradius 2.1.6 so Do I have to go through these steps? I am
asking this because I found the "counter.conf" in
/etc/raddb/sql/mysql/ which seems to be similar to what is in wiki.
This is a newbie question, so please be patient with me. I did few
mispost in daloradius forum recently expecting the answer about
freeradius.
Thanks
--
==============================
Registered Linux User #460714
Currently Using Fedora 10, CentOS 5.3
==============================
2
4
how i can in sshd pam_radius_auth to do authentication , without checking
the user in /etc/passwd? If i not define user with empty password, the
authentication with pam_radius_auth.so is failed.
Max
3
2
Hi,
I need a help in defining new Attribute in freeradius.
I have added a new attribute Foundry-INM-Role-AOR-List as string in
dictionary and I'm trying to set this attribute for a user. With the
below configuration radius server is not coming up.
Any help in resolving this issue will be greatly appreciated.
My changes are
In users
=-========
"ila" User-Password := "ila123"
Foundry-INM-Privilege:= 4,
Foundry-INM-Role-AOR-List := "InmRoles=Fremont ;
InmAORs=AOR1"
In dictionary.foundry
=-==============
ATTRIBUTE Foundry-INM-Role-AOR-List 9 string
When I start the server, it gives the below message.
/etc/raddb/users[107]: Parse error (reply) for entry ila: Invalid octet
string "InmRoles=Fremont ; InmAORs=AOR1" for attribute name
"Foundry-INM-Role-AOR-List"
Errors reading /etc/raddb/users
/etc/raddb/modules/files[7]: Instantiation failed for module "files"
/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module
"files".
/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize
section.
}
Thanks,
Ila.
1
0
strange behavior in proxy when some backend servers down
by travis+ml-freeradius-users@subspacefield.org 11 Jul '09
by travis+ml-freeradius-users@subspacefield.org 11 Jul '09
11 Jul '09
Hello,
I've just been assigned a task regarding a problem with freeradius.
Bear with me if my understanding of freeradius terminology is a bit
weak, as I have just started familiarizing myself with this software
today.
The situation is that we have a freeradius instance running as a
proxy.
This instance is configured to proxy requests to a pool of four
freeradius servers.
Right now three are down, so we are testing the failover conditions.
IIUC, the desired behavior is that it tries one backend server, and
fails, marks it as a zombie, and then upon receiving another request
from the user logging in, it should try a different backend server.
What we're seeing is that once no response comes back from a server,
it marks the server as a zombie, but it marks the request as completed.
Subsequent authentication requests that come in are looked up in the
response hash, finds that the response has been completed, and ignores
the request.
I could use any help in tracking this down. If it requires a code
change to fix, I'll be contributing that back to the project.
Does anyone have any suggestions on how to track this down?
--
Obama Nation | My emails do not have attachments; it's a digital signature
that your mail program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john(a)subspacefield.org to get blacklisted.
3
2