Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
October 2010
- 119 participants
- 160 discussions
Dears,
I am using freeradius with wichorus ASN-GW (WiMAX), I have problem with
Calling-Station-Id value
The ASN-GW sent Calling-Station-Id in binary format like
this "\000&\031\001\000K"
I checked the debug radius -X result and I found the AAA got
the correct value for Calling-Station-Id but when insert it to database it's
will be empty value like
Calling-Station-Id='' (Empty Value)
What's the problem? And how can insert the
Calling-Station-Id value to radacct table?
The SQL statement for accounting_start_query for example is:
accounting_start_query = "INSERT into ${acct_table1}
(AccStatusType, AcctSessionId, AcctUniqueId, UserName, \
NASIPAddress, NASPortId, NASPortType,
WiMAXGMTTimezoneoffset, WiMAXBSId, EventTimestamp, CallingStationId, \
AcctStartTime, AcctStopTime, AcctSessionTime,
AcctInputOctets, \
AcctOutputOctets, AcctTerminateCause, FramedIPAddress ) \
select '%{Acct-Status-Type}', '%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%{WiMAX-GMT-Timezone-offset}', \
'%{WiMAX-BS-Id}', '%{Event-Timestamp}',
'%{Calling-Station-Id}', '%S', '0', '0', '0', '0','', \
'%{Framed-IP-Address}' from dual where not exists (select *
from ${acct_table1} where UserName='%{SQL-User-Name}' and
AcctSessionId='%{Acct-Session-Id}' \
and AcctStartTime='%S')"
Regards,
Moayad
2
1
Hi All,
I'm following along with the docs for Autz-Type in freeradius-2.1.8,
specifically the section about selecting between multiple instances of a
module.
In users.conf I have:
DEFAULT Realm == "siteone.edu", Autz-Type := siteone_ldap, Auth-Type :=
siteone_ldap
In sites-enabled/default I have:
authorize{
preprocess
chap
mscap
suffix
ntdomain
Autz-Type siteone_ldap{
siteone_ldap
}
...
}
authenticate{
...
Auth-Type siteone_ldap {
siteone_ldap
}
}
In proxy.conf I have:
realm "siteone.edu" {
authhost = LOCAL
accthost = LOCAL
}
When I run radiusd -XC I get the following parse error:
/etc/raddb/users[205]: Parse error (check) for entry DEFAULT: Unknown
value siteone_ldap for attribute Autz-Type
Errors reading /etc/raddb/users
As far as I can tell I'm following the example verbatim. Can someone
shed some light on why I'm getting the parse error?
Below if full debug output:
[root@avocet raddb]# radiusd -XC
FreeRADIUS Version 2.1.8, for host i386-redhat-linux-gnu, built on Jan
19 2010 at 18:23:59
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration
file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/siteone_ntlm_auth
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/siteone_ldap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm siteone.edu {
authhost = LOCAL
accthost = LOCAL
}
realm siteone {
authhost = LOCAL
accthost = LOCAL
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Skipping instantiation of expiration
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Skipping instantiation of mschap
Module: Linked to module rlm_ldap
Module: Skipping instantiation of ldap
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/radius.siteone.edu-key.pem"
certificate_file = "/etc/raddb/certs/radius.siteone.edu-cert.pem"
CA_file = "/etc/pki/tls/cert.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Instantiating ntdomain
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
/etc/raddb/users[205]: Parse error (check) for entry DEFAULT: Unknown
value siteone_ldap for attribute Autz-Type
Errors reading /etc/raddb/users
/etc/raddb/modules/files[7]: Instantiation failed for module "files"
/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module
"files".
/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize
section.
3
5
awesome.. Thanks!
> David Bird wrote:
> > Be sure to upgrade your rlm_jradius ! (probably the most common issue we
> > hear about; I submitted a patch a while back, but haven't followed it
> > up)
>
> I'll get it into 2.1.11.
>
> Alan DeKok.
>
>
1
0
Hi all,
Currently when users connect to our WLAN they enter their username thus:- firstname.lastname(a)mydomain.ox.ac.uk
Is there a way I can strip everything after the @ out (ie the domain) - so they are forced to authenticate against the domain I specify.
At the moment in my test environment, as long as I DONT specify the domain it works - so I'm looking to strip out the domain name if they DO specify it.
Cheers,
Mark
5
10
Hello,
For those using rlm_jradius, there is a new release of the JRadius
server: http://www.coova.org/JRadius
Be sure to upgrade your rlm_jradius ! (probably the most common issue we
hear about; I submitted a patch a while back, but haven't followed it
up)
Get it from (also included in java distro):
http://dev.coova.org/svn/cjradius/trunk/freeradius/rlm_jradius/
There have also been improvements with the RADIUS simulator/client in
supporting RadSec, EAP-TLS, EAP-TTLS/PAP, and PEAP. Screen shots and
basic info: http://coova-docs.s3.amazonaws.com/JRadiusSimulator.pdf
Cheers,
David
2
1
Hi,
I am trying to configure netscreen 208 firewall to authenticate and
account for users traffic when they login via the captive portal. I
have installed freeradius 2.1.9 on Fedora core 13.
in the /etc/raddusers I added the bellow entry for rsa
rsa Cleartext-Password := "nopass"
Service-Type = Framed-User
in the /etc/raddb/clients.conf I added
client 193.188.129.33 {
nastype = other
secret = 12345
shortname = vdk-u-nsaaa
when user rsa logs in to the captive portal the authentication is
successful however user rsa still can not access the internet
rad_recv: Access-Request packet from host 193.188.129.33 port 49715,
id=1, length=49
User-Name = "rsa"
User-Password = "nopass"
NAS-IP-Address = 193.188.129.33
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "rsa", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry rsa at line 70
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "nopass"
[pap] Using clear text password "nopass"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 1 to 193.188.129.33 port 49715
Service-Type = Framed-User
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 1 ID 1 with timestamp +135
Ready to process requests.
thank you for your help
Regards,
Ramzi
3
2
EAP-TLS authentication allows me to authenticate with invalid certificate.
by Terry Simons 13 Oct '10
by Terry Simons 13 Oct '10
13 Oct '10
Hi,
I'm running into an issue where FreeRADIUS allows an invalid certificate (one not signed by my configured CA) to successfully authenticate to EAP-TLS.
There's a message in the log that clearly indicates that the CA wasn't found (--> verify error:num=20:unable to get local issuer certificate) , yet my authentication succeeds.
I'm using FreeRADIUS version 2.1.10 with a largely default configuration (home-grown certificates).
I want this authentication to fail because the certificate that the client is using was not signed by the CA that I have configured with the CA_file directive, therefore it should be considered an invalid EAP-TLS attempt.
Has anyone seen this before?
I couldn't find any related messages in the FreeRADIUS archive.
Thanks,
Here's the log:
rad_recv: Access-Request packet from host 192.168.19.12 port 1035, id=39, length=189
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02000013014175746f6d6174696f6e55736572
Message-Authenticator = 0xebf0b398f32dc38984552b06634ef90e
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 0 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[opendirectory] The host 192.168.19.12 does not have an access group.
++[opendirectory] returns ok
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 39 to 192.168.19.12 port 1035
EAP-Message = 0x010100060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2fcae5dd2fda306cc163ff247674563
Finished request 37.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.19.12 port 1035, id=40, length=352
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100a40d800000009a16030100950100009103014cb5184f29200ee95888008e509e4cf7d61e39b9688acd0a179f3f12fd982b03000056c00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a00170019000101000012000a00080006001700180019000b00020100
State = 0xd2fcae5dd2fda306cc163ff247674563
Message-Authenticator = 0xbaf4c3763aa24c9f8ecb1bc1695bfbe4
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 1 length 164
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[opendirectory] The host 192.168.19.12 does not have an access group.
++[opendirectory] returns ok
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 154
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0095], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 069f], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 00af], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 40 to 192.168.19.12 port 1035
EAP-Message = 0x010204000dc000000787160301002a0200002603014cb5183db33a52670f42ebf1dd1d323435c9d1727572176f37deae32bcdf256400002f00160301069f0b00069b0006980002cf308202cb30820234a003020102020101300d06092a864886f70d010105050030819c310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311530130603550403130c4175746f6d6174696f6e43413125302306092a864886f70d010901161674657272792e73696d6f6e7340
EAP-Message = 0x6170706c652e636f6d301e170d3130313031303033313233365a170d3230313030393033313233365a3081a0310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d73514131193017060355040313104175746f6d6174696f6e5365727665723125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d30819f300d06092a864886f70d010101050003818d00308189028181009c863c44ddc7f8e2d9153ce65d246a4576e7cad0
EAP-Message = 0x693a37f44cf8e71fbd4010fb0287128c6e4a5eae040a9d806ba510d76026c536a6e44a1341630f76a472f3a324aff010ccf26e168a523e9dac5b131512b6534209c4ddf0059e456767fef96ab15996e3e9e6d8c06aed16032ed09ec81a79e5cf2fcad21d43f93a382ef64afd0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003818100b3ab384f900eb95db0b5f932639f532d7993d262e5d4f95b0caf2f6778dc3f7ead0361033974828f3a564aa7642760c93c5f3293c69f4f13ed309bee53a0dcee4a07d59994d34a7e51ddef376f87c8ab8614f9e14dd233d1c7f7cb3af4dc571b
EAP-Message = 0x2c456a6e2a857a132a9d26d2acc4be820b7c6265a0b541f3f31067a8ce921b7a0003c3308203bf30820328a003020102020900aee0069109e88a1e300d06092a864886f70d010105050030819c310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311530130603550403130c4175746f6d6174696f6e43413125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d301e170d3130313031303033303831335a170d32
EAP-Message = 0x30313030393033303831335a
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2fcae5dd3fea306cc163ff247674563
Finished request 38.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.19.12 port 1035, id=41, length=194
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200060d00
State = 0xd2fcae5dd3fea306cc163ff247674563
Message-Authenticator = 0xa475a2642ff359874a9fc61a5522e311
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 2 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[opendirectory] The host 192.168.19.12 does not have an access group.
++[opendirectory] returns ok
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 41 to 192.168.19.12 port 1035
EAP-Message = 0x0103039b0d800000078730819c310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311530130603550403130c4175746f6d6174696f6e43413125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100eba6920d4e7026b5b56be1ffe4a92657531f57f5ec3151a3b08536f2c15ac37e6ca83945576dc7fa534379f00849d14f3ccb630c0cceff
EAP-Message = 0x7c032eeedceda81ede4979d9c11aa32b94e13d2c55911c8910d74fe834a062c563b76f66377ba558adf01c29ad786385dcf067324f087f4e62f9bce9f1a15c0238d7068e6bff2436910203010001a382010530820101301d0603551d0e041604143d14bac4f677ed18b87223f0ef167fa28fb245a03081d10603551d230481c93081c680143d14bac4f677ed18b87223f0ef167fa28fb245a0a181a2a4819f30819c310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d
EAP-Message = 0x735141311530130603550403130c4175746f6d6174696f6e43413125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d820900aee0069109e88a1e300c0603551d13040530030101ff300d06092a864886f70d010105050003818100e533646f2f3626e199b1617ea96c40568f8c210f770373587881beb74e8c5b439c6b43e075567d0fba0bcfdcf62e70bdca8240ca0156ea160648f09650898f1e4569aaccd3108a95d94a07f59f60b127626399f132d34825e5100c9986d7754d2a45b743d8b75037f032cb30e071a1128486e433f69a6039f6c06926a88e777716030100af0d0000a70301024000a100
EAP-Message = 0x9f30819c310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311530130603550403130c4175746f6d6174696f6e43413125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d0e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2fcae5dd0ffa306cc163ff247674563
Finished request 39.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.19.12 port 1035, id=42, length=1274
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020304360d800000042c16030102d60b0002d20002cf0002cc308202c830820231a003020102020102300d06092a864886f70d010105050030819b310b3009060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311430120603550403130b526f7474656e4170706c653125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d301e170d3130313031323138333633355a170d3230313031313138333633355a30819e310b3009
EAP-Message = 0x060355040613025553311330110603550408130a43616c69666f726e69613112301006035504071309437570657274696e6f31143012060355040a130b4170706c652c20496e632e3110300e060355040b1307436f6d6d735141311730150603550403130e4175746f6d6174696f6e557365723125302306092a864886f70d010901161674657272792e73696d6f6e73406170706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db2c1fc69d20a42a3101c93df6d6db4fab40fb77fdefd5334ba3ccfca3032417aefb71deb9ef75f51182010940a03c618ca1a879af099d1470fc8d8fcfd3d4d9cc3d1672bb7f
EAP-Message = 0xed5c015ef660cbdb2f75eae83c658683164773db3ba34782fbba6ead164839b6b555c94fc355d24228545474a2d7a4ae732982ebffdaf3bb20fd0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d010105050003818100505a1fcf9aa9fc38d3cc0fb6f6e2edfe0ab50af4aa358726dfd784e69461e3f0c539360a94995cce8bf85bf4f1cc53bd8eda704b135a698e89d157d042d602d1f78c2bbb4a3f2cc2fb9113b9d03f71f731c71cd9360ef4f762403e7c14fcd112401c7217321dbc1d2fb8b2168c0651c2eaade2f1292f4a7c5f8904a2c1844cfd16030100861000008200801ef0cf7c185512
EAP-Message = 0x86b4f42b2374ad3345f22e10c90614b872fa5688df1621c9acadc08593d71659adf9cce1550e199d0e0da86d99e25bab70888873d38f07f42e0c4a344fb5d3fc5788de9cacf4c182fb06fd176afd9a65d9297bea1e73acd3ffa6dfbc70e1014a2c7f6cf8f3d5342d96aaa32a1311b89e455586816c7b57564516030100860f0000820080a9de35c71327f318ebb962597c6f6503e073afe5aa279c1822463224fe189022c50ec10a915947ae451e3d39d798106d9ff5bfe7600ad6ce0da735ba4613898facdb2889ac642ed2efc1ca6e81b79594678e055fba42fddd1d16634b85b641587d349fe39e127080b9f8695a962c8ca0480f7b52cf6cbafa1e
EAP-Message = 0x5ff67080001aa11403010001011603010030a11644efce0b94b9179c2e9aa9eb472e0869267e0bf174beae262e5f4e4bd0583db05bd6bf51fba61ba940eca8e658b0
State = 0xd2fcae5dd0ffa306cc163ff247674563
Message-Authenticator = 0x2a124c92c4da145bbd47a068a71f4293
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 3 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[opendirectory] The host 192.168.19.12 does not have an access group.
++[opendirectory] returns ok
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 1068
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] <<< TLS 1.0 Handshake [length 02d6], Certificate
--> verify error:num=20:unable to get local issuer certificate
[tls] TLS_accept: SSLv3 read client certificate A
[tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[tls] TLS_accept: SSLv3 read client key exchange A
[tls] <<< TLS 1.0 Handshake [length 0086], CertificateVerify
[tls] TLS_accept: SSLv3 read certificate verify A
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[tls] <<< TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 read finished A
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[tls] TLS_accept: SSLv3 write change cipher spec A
[tls] >>> TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 write finished A
[tls] TLS_accept: SSLv3 flush data
[tls] (other): SSL negotiation finished successfully
SSL Connection Established
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 42 to 192.168.19.12 port 1035
EAP-Message = 0x010400450d800000003b14030100010116030100308aeb9012d08c6b2e742f6f6defcbe397ce58cb4911aeeba0c6c2ac6d4e45b941898218a5e1bf55e35ed26ee1a29b3464
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xd2fcae5dd1f8a306cc163ff247674563
Finished request 40.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.19.12 port 1035, id=43, length=194
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
Framed-MTU = 1500
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400060d00
State = 0xd2fcae5dd1f8a306cc163ff247674563
Message-Authenticator = 0x34e48ce176b27309dbd3b53091ad3816
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 4 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[opendirectory] The host 192.168.19.12 does not have an access group.
++[opendirectory] returns ok
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 43 to 192.168.19.12 port 1035
MS-MPPE-Recv-Key = 0x08d815790ebfb9a13cc81f79b0c756c8126e52f63338fd882c458eb019a48533
MS-MPPE-Send-Key = 0x1bc9637fd958191a0127c04a9b84812644caba495fcfc5ec3d3b02edc08fd72e
EAP-Message = 0x03040004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "AutomationUser"
Finished request 41.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Accounting-Request packet from host 192.168.19.12 port 1031, id=44, length=169
Acct-Session-Id = "4CB26D4B-0000007B"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "AutomationUser"
NAS-IP-Address = 192.168.19.12
NAS-Identifier = "honeybutter"
NAS-Port = 0
Called-Station-Id = "00-19-77-1F-8A-D1:HiveAP120-WPA2"
Calling-Station-Id = "00-25-00-43-5E-13"
NAS-Port-Type = Wireless-802.11
Connect-Info = "11ng"
Vendor-26928-Attr-1 = 0x00000000
# Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 192.168.19.12,NAS-IP-Address = 192.168.19.12,Acct-Session-Id = "4CB26D4B-0000007B",User-Name = "AutomationUser"'
[acct_unique] Acct-Unique-Session-ID = "246d28e49e4f15d2".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "AutomationUser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.19.12/detail-20101012
[detail] /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.19.12/detail-20101012
[detail] expand: %t -> Tue Oct 12 19:23:57 2010
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> AutomationUser
++[radutmp] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> AutomationUser
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 44 to 192.168.19.12 port 1031
Finished request 42.
Cleaning up request 42 ID 44 with timestamp +371
Going to the next request
Waking up in 4.7 seconds.
2
1
Is there a typical way to set an ŒAuth-Type := Kerberos¹ when a user is part
of a specific realm? For testing purposes, I am able to add this to the
Œusers¹ file:
DEFAULT Auth-Type := Kerberos
But, will need something based on realm in the future.
3
5
OK, getting somewhere, but still won't let me connect. I can't see in the debug output why it fails.
I'm trying to authenticate against AD, using PEAP-MSCHAPv2
I have checked ntlm_auth is working by
ntlm_auth --request-nt-key --domain=MYDOMAIN --username=testuser --password=password
and I get (NT_STATUS_OK)
my /modules/ntlm_auth looks like this:-
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
}
and modules/mschap looks like this
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-NUFFIELDCOLLEGE} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response$
}
In the debug output I can see this - should authentication realm = LOCAL as below?
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
When I paste the debug into the checker it highlights this:-
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
But not sure I need to worry about that as I'm not doing PAP
Can't see anything else in there indicating a problem, but when I try to connect a device (my iPhone) it just returns a 'cannot connect to' message
What am I missing? No doubt something obvious....
Debug output
------------
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = no
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm mydomain.ox.ac.uk {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.30.1 {
require_message_authenticator = no
secret = "6_5EsC=Vv&y$pK27"
shortname = "192.168.30.1"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} "
}
Module: Instantiating ntlm_auth
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/raddb/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating attr_filter.access_reject
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating detail
detail {
detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=0, length=226
Message-Authenticator = 0x23034f1c4e3f45f152d1c4fb279f8f73
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001901686f6c6d6573406e7566662e6f782e61632e756b
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 25
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.30.1 port 1160
EAP-Message = 0x0101001604100d3dfd867b801639e3c581bfcdcfaf13
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236936ea7140d04af0873965b7
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=1, length=225
Message-Authenticator = 0x6cca649f78174a259d2c601dd67257ed
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0x6937ee236936ea7140d04af0873965b7
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020100060319
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.30.1 port 1160
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236835f77140d04af0873965b7
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=2, length=355
Message-Authenticator = 0x5736800352fb2d51bdf61a2734312f8a
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0x6937ee236835f77140d04af0873965b7
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0202008819800000007e16030100790100007503014cb45b46608d363ac5c8d26e33dd43898b655a06cfdf1574be1a913ac88c202300003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 136
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 126
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.30.1 port 1160
EAP-Message = 0x0103040019c00000089b160301002a0200002603014cb45afd189372e4b4f769dceeb3dd3b4c12aae9755f82d1f38514c1fbc92a4b00002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3130313030383038303330305a170d3131313030383038303330305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a54b5f62df88fd8c40af44e08894fc03b93b4fe3398e73bd9a4b2523201ee5ca8ea4cde0baf8f2145206b0d5080cfd9d3ebb78c5769244e940fbb4b4785e
EAP-Message = 0x2bbc2468354892e36418dc2438870e708d32b65a26bb0189ed92bb0b2e73aa54949a3ae224a8813d4b0584a27f46d87b47e16418fba9f4349f1c111b39964d336a09552febc2977f17c4006e7c407b3dee162ac726a396d32a635358c1354cd988d9a57368f38fb5f1cf85f3a86845c72cda61e75d17f81a997b2b18a354b8ffef04cbba6eecb2c9c8f1f630fb8be772036396f2965da709763c59897784eeb39c2a3937d76cedd84eced714c47e6528c7f7db164fe5980cac38a27b3884953084810203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010024d7663b23e20ea49c
EAP-Message = 0x2c40f762adbbf7dac736a1afce560919ac0dd9bc564c992caf1de58aa446b33dd07f6622c247844c194d6d7e6f88170933cd5a6c452969c9120eaf6d41ff573c7892297065c2e8551b37a72efa6d221b5db3f510beef81a05466f7715041b43469e9abb93d90b0d5083c5a91406fddd1693f5cfea9b8d421848f5ddc75efe21dfcf81e27434e5a3b471096d7a1717a4261eb0330387818e9672f160ea63320bfa39d485e99a422eb7295c08a90e8cc945cd5955649a636c6ddf55062cb2de6b330c211d11b397bffb58d4cb638a7b521e003d4698d16806040fc7a97f066bd74ec706041ad3304b7f8c721f9c6dba1ce69b41c66c190750004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236b34f77140d04af0873965b7
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=3, length=225
Message-Authenticator = 0x2576586942c102d3255acbf7f9e7551e
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0x6937ee236b34f77140d04af0873965b7
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.30.1 port 1160
EAP-Message = 0x010403fc194000a47119ce17378229300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130313030383038303330305a170d3131313030383038303330305a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a91f6a34ac1dca5dcf80c8eeb8a2375dee9f7a33ae057cf0ba81d4ce7930c2029b726416032bfe97cb9adef0813f16202666f9fb92092720fd76c0f467c4b3fea50aa22a92e70b771eced4d91dd659f1c8e9d33bce65a2c0372befe5544ea3ddefc67d135d2bc7a9987ea470bd01d7
EAP-Message = 0xdf79e0fa3c90185057a35624c09b40c2f01889fef159ae567190869e1ad449c58534977edfd31d2432471a73460429821c3b32f2a6bcf17afed6c709354032dbd172ea5b69f1273b3ee5a92195999f52567d55cef4ccf64ae63999c5bbd6e1edb6e1c0c8b5b1badda1dbd8f59550824aa6bb08b3e4161a2226beff4dcff7868f413dab72bd3d294ddab63facc03becee630203010001a381fb3081f8301d0603551d0e041604140ebb1810e4029362b0d95e2dc4b7e6b8a0ffd1eb3081c80603551d230481c03081bd80140ebb1810e4029362b0d95e2dc4b7e6b8a0ffd1eba18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a47119ce17378229300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100990aa4f637ef2cf9c4e408e3320971661d72852178457650e03fad1ae4d4fa01c05d0b30c777c702ecf0b3f37b2bd1e1064ce353ac4e70f6bc5745d30fef61c872f3b4c088ab376f04e287526e99b027de00
EAP-Message = 0x1829b09aaa230ef9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236a33f77140d04af0873965b7
Finished request 3.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=4, length=225
Message-Authenticator = 0x6f2d1194ed5104fbddac935348770d23
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0x6937ee236a33f77140d04af0873965b7
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400061900
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.30.1 port 1160
EAP-Message = 0x010500b519003302ce0e0fc291a6d96b7d48ee73196ba6bd4dc1f482f212668469e57b39e7a43b8911798e16f4d667a4133677ef3b262a0cefa7bb3a2f93fc41a553e1ff1d42df892e8febb86910e1836ecf18128eb24e23608b9e4e7ffb71cfd48da75a5b417362db9b375e21f7384816cdd5779000d167455a927c243356a8c2485489283a74d948616dfe29804da6c776fbef1237bfd67629668ac63328df37a16e53695de443b288c87e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236d32f77140d04af0873965b7
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1160, id=5, length=557
Message-Authenticator = 0x3646336058803ed4629d9489a5a2024e
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0x6937ee236d32f77140d04af0873965b7
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02050150198000000146160301010610000102010008d8bd49ab6625b5af898ffcb60388542832c73a5c0b6ae8e5b2e80044077cffec863406332408828820fb844c050be02f67e7d78887119e784add3135b7fe7d5c6651151cfe6b567d394ff6605656a7efa5b051af5113db31813e6f2b57b293a07f72f29510821d1a6671f1d64ef88eb7ece4366e88eb740bb50c9e5f6518cdc64a7abac1bce332bbf542367c676c61ac7d85ca62b28685b06d8e6d91bb118ddb7f59fd934885d52e026b4b4372a2a2fdaa03b92149d5daa6a86c067a9ef42ed73b8eb5290ba381395a6138d438c43600607fe678e5d0d206c7ab166d8868e17012174c97301176
EAP-Message = 0xdd352cb41686de425e8514b1a9b629f01e4117775e2a754f14030100010116030100307cc4d403526e0aa85b56c969bea377bd4c2c1518f91751664bd178ced86e29fbb1109030b638d768e118d710e5e29ba4
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.30.1 port 1160
EAP-Message = 0x01060041190014030100010116030100300ce01663c1ce145d63c96447d3d07cf68e95c24295d97affe9bc36864795bdb88e70c74afb4355ff222162b72c963dcd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x6937ee236c31f77140d04af0873965b7
Finished request 5.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 0 with timestamp +5
Cleaning up request 1 ID 1 with timestamp +5
Cleaning up request 2 ID 2 with timestamp +5
Cleaning up request 3 ID 3 with timestamp +5
Cleaning up request 4 ID 4 with timestamp +5
Cleaning up request 5 ID 5 with timestamp +5
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=0, length=226
Message-Authenticator = 0x14baebdd1574b1ac2231ae94c3cf4706
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200001901686f6c6d6573406e7566662e6f782e61632e756b
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 25
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 0 to 192.168.30.1 port 1162
EAP-Message = 0x0101001604102922a8dc5552088852ca5c41f1c42f06
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cbc7ff83c4bf33c60bc849290
Finished request 6.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=1, length=225
Message-Authenticator = 0xc2a17c9f5948eec45c5759a39cfa444c
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0xbc7efc4cbc7ff83c4bf33c60bc849290
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020100060319
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 1 to 192.168.30.1 port 1162
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cbd7ce53c4bf33c60bc849290
Finished request 7.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=2, length=355
Message-Authenticator = 0x18edcd6024ca02642f216f90a64303fd
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0xbc7efc4cbd7ce53c4bf33c60bc849290
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0202008819800000007e16030100790100007503014cb45b53574671267b35847b4edcbfd00fcb35f11867fa6fa24c9d9642f0079e00003ac00ac009c007c008c013c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009000300080033003900160015001401000012000a00080006001700180019000b00020100
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 2 length 136
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 126
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0079], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 2 to 192.168.30.1 port 1162
EAP-Message = 0x0103040019c00000089b160301002a0200002603014cb45b0a96b3f24de22ab96beb85391d297e50327f2de5aa54651481a8fca31700002f00160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479
EAP-Message = 0x301e170d3130313030383038303330305a170d3131313030383038303330305a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a54b5f62df88fd8c40af44e08894fc03b93b4fe3398e73bd9a4b2523201ee5ca8ea4cde0baf8f2145206b0d5080cfd9d3ebb78c5769244e940fbb4b4785e
EAP-Message = 0x2bbc2468354892e36418dc2438870e708d32b65a26bb0189ed92bb0b2e73aa54949a3ae224a8813d4b0584a27f46d87b47e16418fba9f4349f1c111b39964d336a09552febc2977f17c4006e7c407b3dee162ac726a396d32a635358c1354cd988d9a57368f38fb5f1cf85f3a86845c72cda61e75d17f81a997b2b18a354b8ffef04cbba6eecb2c9c8f1f630fb8be772036396f2965da709763c59897784eeb39c2a3937d76cedd84eced714c47e6528c7f7db164fe5980cac38a27b3884953084810203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010024d7663b23e20ea49c
EAP-Message = 0x2c40f762adbbf7dac736a1afce560919ac0dd9bc564c992caf1de58aa446b33dd07f6622c247844c194d6d7e6f88170933cd5a6c452969c9120eaf6d41ff573c7892297065c2e8551b37a72efa6d221b5db3f510beef81a05466f7715041b43469e9abb93d90b0d5083c5a91406fddd1693f5cfea9b8d421848f5ddc75efe21dfcf81e27434e5a3b471096d7a1717a4261eb0330387818e9672f160ea63320bfa39d485e99a422eb7295c08a90e8cc945cd5955649a636c6ddf55062cb2de6b330c211d11b397bffb58d4cb638a7b521e003d4698d16806040fc7a97f066bd74ec706041ad3304b7f8c721f9c6dba1ce69b41c66c190750004ab308204
EAP-Message = 0xa73082038fa0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cbe7de53c4bf33c60bc849290
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=3, length=225
Message-Authenticator = 0xd4fa27a8f72667781057ca14f3ab7325
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0xbc7efc4cbe7de53c4bf33c60bc849290
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020300061900
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 3 to 192.168.30.1 port 1162
EAP-Message = 0x010403fc194000a47119ce17378229300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130313030383038303330305a170d3131313030383038303330305a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100a91f6a34ac1dca5dcf80c8eeb8a2375dee9f7a33ae057cf0ba81d4ce7930c2029b726416032bfe97cb9adef0813f16202666f9fb92092720fd76c0f467c4b3fea50aa22a92e70b771eced4d91dd659f1c8e9d33bce65a2c0372befe5544ea3ddefc67d135d2bc7a9987ea470bd01d7
EAP-Message = 0xdf79e0fa3c90185057a35624c09b40c2f01889fef159ae567190869e1ad449c58534977edfd31d2432471a73460429821c3b32f2a6bcf17afed6c709354032dbd172ea5b69f1273b3ee5a92195999f52567d55cef4ccf64ae63999c5bbd6e1edb6e1c0c8b5b1badda1dbd8f59550824aa6bb08b3e4161a2226beff4dcff7868f413dab72bd3d294ddab63facc03becee630203010001a381fb3081f8301d0603551d0e041604140ebb1810e4029362b0d95e2dc4b7e6b8a0ffd1eb3081c80603551d230481c03081bd80140ebb1810e4029362b0d95e2dc4b7e6b8a0ffd1eba18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a47119ce17378229300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100990aa4f637ef2cf9c4e408e3320971661d72852178457650e03fad1ae4d4fa01c05d0b30c777c702ecf0b3f37b2bd1e1064ce353ac4e70f6bc5745d30fef61c872f3b4c088ab376f04e287526e99b027de00
EAP-Message = 0x1829b09aaa230ef9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cbf7ae53c4bf33c60bc849290
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=4, length=225
Message-Authenticator = 0x453af3751e3ce2f19be665f372db070d
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0xbc7efc4cbf7ae53c4bf33c60bc849290
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x020400061900
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 4 to 192.168.30.1 port 1162
EAP-Message = 0x010500b519003302ce0e0fc291a6d96b7d48ee73196ba6bd4dc1f482f212668469e57b39e7a43b8911798e16f4d667a4133677ef3b262a0cefa7bb3a2f93fc41a553e1ff1d42df892e8febb86910e1836ecf18128eb24e23608b9e4e7ffb71cfd48da75a5b417362db9b375e21f7384816cdd5779000d167455a927c243356a8c2485489283a74d948616dfe29804da6c776fbef1237bfd67629668ac63328df37a16e53695de443b288c87e16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cb87be53c4bf33c60bc849290
Finished request 10.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.30.1 port 1162, id=5, length=557
Message-Authenticator = 0xcf284b18d28ce752c4a6ffb4e0bae462
Service-Type = Framed-User
User-Name = "testuser(a)mydomain.ox.ac.uk"
Framed-MTU = 1488
State = 0xbc7efc4cb87be53c4bf33c60bc849290
Called-Station-Id = "00-24-73-54-22-C2:Nuffield-WLAN"
Calling-Station-Id = "40-D3-2D-7D-BA-D3"
NAS-Identifier = "Wireless AP - I6"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02050150198000000146160301010610000102010078beb227630c5b2e487fcbbd6bdab24a723044fa0dd43697220ed4ddba06f38e63656f73ca8824fd03ac59115cd22ceceb16bba6ebfaaedb51867ea74223dd3f592fe567a9c33e5d39ec12d24692a22f8dcb09cdbe23ca5258dc49ea0a70601f634970cfbcea983370f71b9bceb4849d92d01ddb5827eeacdf3d95ee109e48477d373257fa8b97689bd4428379187b41c75429b02efb846eb9d5506860c8de5fe3919676af5ecb54330ae57feeae55366a38d1237b865c3d82a2944ba6f4e701e1f2776561a54238086db8359a63dbba89e2d073467db2a91188fe77534c903b207939de6646fecf
EAP-Message = 0xca7e829ea010e9d664e7c3e8b22af4c5fa52a2ede114d436140301000101160301003082a7be7954291d4b5bf4735bb7757cbed2bd3086b51787f2870687d805cb7cf95090372f84d310b781705367239e2fa2
NAS-IP-Address = 192.168.30.1
NAS-Port = 1
NAS-Port-Id = "STA port # 1"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "mydomain.ox.ac.uk" for User-Name = "testuser(a)mydomain.ox.ac.uk"
[suffix] Found realm "mydomain.ox.ac.uk"
[suffix] Adding Stripped-User-Name = "testuser"
[suffix] Adding Realm = "mydomain.ox.ac.uk"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 5 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 326
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 5 to 192.168.30.1 port 1162
EAP-Message = 0x0106004119001403010001011603010030f615a58846d51361b77eab5683e34a0a744f3af094b2c5478a0a1042f89c4f48d3f71abaae4bd259922300d95ae0bfb4
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xbc7efc4cb978e53c4bf33c60bc849290
Finished request 11.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 6 ID 0 with timestamp +18
Cleaning up request 7 ID 1 with timestamp +18
Cleaning up request 8 ID 2 with timestamp +18
Cleaning up request 9 ID 3 with timestamp +18
Cleaning up request 10 ID 4 with timestamp +18
Cleaning up request 11 ID 5 with timestamp +19
Ready to process requests.
3
4
Dears,
Can I disconnect connected user or session form freeradius
and Wichorus ASN-GW (WIMAX)? If yes how?
Am trying to send disconnect request as follow: (Note: I
changed all the following values as needed)
# echo "Acct-Session-Id=D91FE8E51802097" > packet.txt
# echo "User-Name=somebody" >> packet.txt
# echo "NAS-IP-Address=10.0.0.1" >> packet.txt
# cat packet.txt | radclient -x 10.0.0.1:3799 disconnect secret
Sending Disconnect-Request of id 116 to 10.0.0.1 port 3799
Acct-Session-Id = " D91FE8E51802097"
User-Name = "somebody"
NAS-IP-Address = 10.0.0.1
rad_recv: Disconnect-NAK packet from host 10.0.0.1 port 3799,
id=116, length=32
Event-Timestamp = "Oct 12 2010 16:08:21 EEST"
Error-Cause = Session-Context-Not-Found
When I changed the port to 1813
I got the following error:
Sending Disconnect-Request of id 26 to 10.0.0.1 port 1812
Acct-Session-Id = " D91FE8E51802097"
User-Name = "somebody"
NAS-IP-Address = 10.0.0.1
Sending Disconnect-Request of id 26 to 10.0.0.1 port 1812
Acct-Session-Id = " D91FE8E51802097"
User-Name = "somebody"
NAS-IP-Address = 10.0.0.1
Sending Disconnect-Request of id 26 to 10.0.0.1 port 1812
Acct-Session-Id = " D91FE8E51802097"
User-Name = "somebody"
NAS-IP-Address = 10.0.0.1
radclient: no response from server for ID 26 socket 3
Regards,
Moayad
3
2