Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
November 2010
- 130 participants
- 165 discussions
We are developing a security scheme in which we use EAP TTLS MS CHAP v2 with
Proxy. The TTLS phase is done with the first AAA server, and the second
step, with MS CHAP v2, is proxied to another AAA (which is an LDAP server).
When the first AAA server is FR and the second one is also FV, then
authentication is OK.
When the second AAA server is ACS (Cisco) or NPS (MS), the MS CHAP v2
authentication fails.
We preformed troubleshooting and elimination testing which indicate the
issue is with the pwd. Not with the user name. For example it also fails
with the local DB of the 2nd AAA server. Also the verbose error log shows
the user account is found.
Looks like something is wrong with the pwd hash.
will most appreciate your expert opinion.
Thnks
Sagi
--
View this message in context: http://old.nabble.com/FR-proxy-to-ACS-and-NPS-with-MS-CHAP-v2-tp29132664p29…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
7
31
Hello,
I want to set up a radius server which authenticates users only once they
provide their username, password AND client certificate. Now, I've managed
to get this to work, my only problem is that as TTLS and PEAP use TLS, the
TLS module must be enabled and configured. By doing so, users can also log
in with just a client certificate.
My real question here is: Is it possible to somehow force everyone to use
PEAP or TTLS with a client certificate, while rejecting users trying to
connect purely through TLS with only a client certificate?
Kind regards,
Remy
--
View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-TTLS-and-Client-certificates-t…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
4
Hi all,
In my radiusd.conf I have the following
detail {
detailfile = c:/testfolder/testfile.log
detailperm = 0777
}
This will write the detail records to testfile.log in c:\testfolder.
Is there a way to configure the radius server to write to a second log file?
I tried to add another line like the following, but it didn't work.
detailfile = c:/testfolder1/testfil.log
Thank you,
kab
4
5
Hello,
the default queries for mysql log Acct-Delay-Time into the columns
acctstartdelay and acctstopdelay, respectively. They leave the
timestamps for acctstarttime and acctstoptime at %S. For a non-zero
delay, this means that a database reader needs to do math to get the
start and stop times.
It is rather unintuitive that a database user needs to calculate the
*actual* event times manually by substracting the values. This is
something that MySQL can easily do on its own at INSERT or UPDATE.
Is there a specific reason why the two are kept separate? If not, I'll
merrily volunteer to update the default query set to do so; I'll do this
for my deployment's custom queries anyway. This would also make the two
columns for delay time obsolete.
Any thoughts on this?
Greetings,
Stefan Winter
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
3
4
Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
by Shane Hart 02 Dec '10
by Shane Hart 02 Dec '10
02 Dec '10
Hi all,
Doing some trials with freeradius 2.x with the intention of moving from
1.1.7
I have an odd problem with mikrotik nas.
An account with download limit will not enforce the limit on the first
logon but will on subsequent logons.
On the first logon, no limit is imposed in mikrotik and the account can
use unlimited traffic. If I log off then log on again, the limit is
enforced... (I have checked in winbox and the "limit bytes in" column is
not populated on first logon).
It is taking me a while to get use to v2 of freeradius.
Tks
Setup details below:
User account has attribute Mikrotik-Xmit-Limit := 10471200 in radcheck
Do I need to have something in radreply as this is where the shaping is
done?
In: sql/mysql/counter.conf
sqlcounter downloadbytecounter {
counter-name = Mikrotik-Xmit-Limit
check-name = Mikrotik-Xmit-Limit
reply-name = Mikrotik-Xmit-Limit
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(acctoutputoctets) FROM radacct WHERE
username='%{%k}'"
}
In sites-available/default
authorize {
downloadbytecounter
2
1
From: cosita_bodoque(a)hotmail.com
To: freeradius-users(a)lists.freeradius.org
Subject: altas de direcciones mac
Date: Tue, 30 Nov 2010 20:19:42 +0000
Hello I am Leonardo Fajardo Lopez,
I am working with an operating system Ubuntu 9.10 and with freeradius-server-02.01.1910
and say high to a customer in the file clients.conf
Client localhost {
ipaddr = 127.0.0.1
secret = testing123
}
and a user in the users file
steve Cleartext-Passwords="testing"
sirvice=Type=Framed-User,
Framed-Protocot=PPP
Framed Compression=van-Jscobsen=TCP-IP
I want to know is where you should enlist the mac direcion?
1
1
Certificate-based client side authentication towards a website with freeradius
by Martin Schneider 01 Dec '10
by Martin Schneider 01 Dec '10
01 Dec '10
Hello all,
we're trying to setup a freeradius / apache installation that allows
us to authenticate and authorize users with *certificates* towards a
website.
Is there a good tutorial out there somewhere? We did only finde
partial information that seems to be quite old unfortunately. Or could
somebody who is deep into this matter please give some advice or ideas
how we can solve our task?
Best regards
M
5
10
Hi
I'm using freeradius with ldap users and mschap + peap. But i have one
problem. When a user gets his login prompt, no access to the network is
allowed because they first get access when they login and freeradius can
perform an ldap check with the username.
But when a new user wants to login or the user uses an different computer,
the user dosen't exist on this machine -> so they can't login -> no network
connection ->can't load profile -> no local user.
So i have tested a little bit with guest vlan ... but this didn't solve my
problem. What can i do to solve this issue?
I think it will be possible if alle users get access to an restricted vlan
before they login with their user credentials. Then the profile can be
loaded from server and then the user can validate. But how can i do this,
that every user get access before login?
I'll hope you understand my problem und you can give me some futher hints
what i can do to solve this.
best regards
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Grant-access-for-all-users-before-l…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
4
TLS authentication works, but does not check usernames against 'users' file.
by Andrew Bovill 30 Nov '10
by Andrew Bovill 30 Nov '10
30 Nov '10
Hi,
I'm trying to get WPA Enterprise EAP/TLS working with my wireless
router. It appears that the TLS portion of the authentication works
(valid certificates give me a working connection) but it does NOT appear
to actually be checking the username/password combination that is also
sent along the line.
I have followed the WPA_HOWTO as best I could (my clients are OS X and
Android and Gentoo, not Windows XP) but I can't figure out how to 'fail'
an auth attempt with an invalid user/pass combination.
Here is the debug output:
Thanks for any advice. I didn't want to start reconfiguring with a
shotgun :)
freeradius -X
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 17
2010 at 04:06:04
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/echo
including configuration file
/etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 3com4400_1 {
ipaddr = 192.168.183.5
netmask = 32
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client wrt54gl_testbed {
ipaddr = 192.168.183.110
netmask = 32
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/etc/freeradius/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/freeradius/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/etc/freeradius/modules/detail
detail {
detailfile =
"/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=70, length=154
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02d4000a01706f6f7079
Message-Authenticator = 0x96155aae1c1a13904212926041844222
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 212 length 10
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 70 to 192.168.183.110 port 55425
EAP-Message = 0x01d5001604104b7e073f1d295b16bd346d251f67ed9b
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c19f0fce511765369958e0fff
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=71, length=168
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02d50006030d
State = 0x1925f89c19f0fce511765369958e0fff
Message-Authenticator = 0xfb81366232f27755b84f3d53880e6793
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 213 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 71 to 192.168.183.110 port 55425
EAP-Message = 0x01d600060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c18f3f5e511765369958e0fff
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=72, length=274
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02d600700d800000006616030100610100005d03014cf47dccabafcd6559461322e0d11b2781c65dca5f1d237073c77169593a5ace000036002f000500040035000a000900030008000600320033003800390016001500140013001200110034003a0018001b001a0017001900010100
State = 0x1925f89c18f3f5e511765369958e0fff
Message-Authenticator = 0x7d9b552c05313f4f8e4e66559782ed1e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 214 length 112
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 102
[tls] Length Included
[tls] eaptls_verify returned 11
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0061], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0861], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 00a7], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 72 to 192.168.183.110 port 55425
EAP-Message =
0x01d704000dc000000941160301002a0200002603014cf47dcd98edd353ce39b099785a7e97da101613c63adf77d9643d0092c71e6500002f0016030108610b00085d00085a0003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974
EAP-Message =
0x79301e170d3130313132363037323333305a170d3131313132363037323333305a307b310b30090603550406130255533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574312530230603550403131c4565626c652e6e657420536572766572204365727469666963617465311e301c06092a864886f70d010901160f61646d696e406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100ab4afd83acd6fea4fce7bb07d045a43436798b06b2f2be86ab6f19386c5e7d536585255834652f9a40160c6d19947c5fd02148f127b1d6d58558e055a952
EAP-Message =
0xaaaaaeb915a8475944790f539aa2084dfcd4de24636182bf350426db1a04320019b47a8d32229c4f4d4f0039bf7c4840673502f1eaefe170447fc3a508944ea8cd2197867ddb4e8f3cf5cba3da5d10f4714f40f4b28e1f48805023bb26cd940e96a68a4dc2a73243321c0af06b9b5356162641a5099fc439255340c3c02df4433f88969ce4e6035d40db3a0b4f74d31ac421e2faeec27c6fc6385d91755c1c4ed458ff850d37d7e06e9f95e87a59a5d63b25e44d3e608f6802ee9ef42619251a13ef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010048267d769b012e4e35
EAP-Message =
0xee42366711bc376d503f76bd2da75c7a4040a07878b5bc5a1ad52e5e3e803b526cefeb61c58bb3db5041f4383377c39b5a72b0d35a0edde4fc3469abdaf0acb14920cc11ca1bf93e95089a627a1b99de8124c51a2dc7524e473e9333eda0aa213b11ecf188fcacbc20c2840beb0906e283d8e9025bbb2eb83ac816b2dcefe20edadddc2d5dfc171882bb8dde3f07a008fb4caa66e98a1c9ae3b452dee84971cfe892cfeab83846a60d9be8dfc0866ab93473c83541dd2d182076da789ec03128445292be43d0150e299e33030f45e4344a32ba4f6ed33a10e1e10f4a472649b92b2da7233986ed251adc2ea59764ef2187070e23a8743c0004ae308204
EAP-Message = 0xaa30820392a0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c1bf2f5e511765369958e0fff
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=73, length=168
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02d700060d00
State = 0x1925f89c1bf2f5e511765369958e0fff
Message-Authenticator = 0xe6897b99aab4241541cb41bf88f8a8c6
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 215 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 73 to 192.168.183.110 port 55425
EAP-Message =
0x01d804000dc0000009410097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e696131
EAP-Message =
0x1430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e888df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17f
EAP-Message =
0xd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe81e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111
EAP-Message =
0x300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a316f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef50
EAP-Message = 0x40cfcbdd5a55e31c0c9eb904
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c1afdf5e511765369958e0fff
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=74, length=168
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02d800060d00
State = 0x1925f89c1afdf5e511765369958e0fff
Message-Authenticator = 0x13f202928ab1d3156068c6d2ecc9fcb9
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 216 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 74 to 192.168.183.110 port 55425
EAP-Message =
0x01d9015f0d8000000941914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d16030100a70d00009f0301024000990097308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c65
EAP-Message =
0x31123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974790e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c1dfcf5e511765369958e0fff
Finished request 4.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=75, length=1568
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02d905740dc000000aa816030108520b00084e00084b000397308203933082027ba003020102020102300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037333533385a170d3131313132363037333533385a306c310b30090603550406130255
EAP-Message =
0x533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574311730150603550403140e616e6479406565626c652e6e6574311d301b06092a864886f70d010901160e616e6479406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b4023777541709e539867d3033954f764c3a207c352dba4ee043642002ed4df123cb5edbe0d7a35cf9c21c88cd4ea537f3f297d9be68cb7bcbc49fdbc6ed94745d1aa057fcf259ad7898a6eb1b123b277e55da4d877972f169d29b922bfedd8dab070dbe905d1437ef1c84e9c7be7fd9736882d153993e36aa498819
EAP-Message =
0x68e526722d720427a9b2cccece64fcae119806c9ae5a925f68c09d0df5fcd9ebc6e20040cb97dac3f44a32ade71f6cfc40f90ac4b64f2585d45fd6901b13b2ae12347460853c30dab72c88c4f0becccd393433e47037ecb61544cb38155bb8ce9f75a9e5a024b5e03139cacb74d47d4af87aa3b9781903b8b6976260c39fc83df288482f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038201010049c7d67a933fd63a42cf33f6adb61bdc203bc30007ed3dfa9da446a6c3e78bced49ae68d7fd3611a431e888a9144d196bf30f46ae1be3d673006bbb6e50d3191f6756b38506838
EAP-Message =
0xad445350dfa97ac88297b8f36979dea39a92c4add1e5f6050eb5af41f3c8702b682365719456074d7623c2a0bca5be7c86c65ad538d4e8c615dde70df4967e6ea2acc5e2e76dde0ca0f13c4a34eddc93615cc7eba93b75ea9c23a85f74f1240ee999c08416d080a36246deec5b552046232ad3470f042bbe1774bb386c84aaa3ddcd4dc38acd816de90983e5a44231e77ae4d641ea14d6e822bbf969852387230eef0e02b3f84916b2bd0ba4aa159a4cb7aeb542b8cf3bd8dd0004ae308204aa30820392a00302010202090097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f060355040813
EAP-Message =
0x0856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f6164
EAP-Message =
0x6d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e88
State = 0x1925f89c1dfcf5e511765369958e0fff
Message-Authenticator = 0xfcf4cb45ff5347d477c93f6722c86b03
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 217 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 2728
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 75 to 192.168.183.110 port 55425
EAP-Message = 0x01da00060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c1cfff5e511765369958e0fff
Finished request 5.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=76, length=1520
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02da05440d008df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17fd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe8
EAP-Message =
0x1e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a31
EAP-Message =
0x6f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef5040cfcbdd5a55e31c0c9eb904914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d16030101
EAP-Message =
0x061000010201006cd3d5d42d02607bad6cccbd821c47acc842e535db3091bd9cd1cc369c7e0399623ccdcf02b6920f15b853cd89adf40f5f89b1702349e6b4c943b5b52ab983384011ca214a2be1672a68ae91f347060b74fe93db442fe65b09718d6a6b34c87b3b2b5de157bebcecb313bdaf56a437e1eef95a2ece695c37eb54914dc08e08dee09449a011ccfb7124872bc841651511c86fbdffc7f58f5a9b8ad2fae518b0c72c41460ddc486e9dddde73478a990836218d14253d864260ef3902315fca7a5acd21eea5171b6ab224e9b2191cc61958ccb4527d83161f1c369e5164ea82f3339c5165155cc64489ad348571165ce25f2fe83dd92ea6
EAP-Message =
0x5f5e14f428dc80c3f16616030101060f00010201002e81b25e6082ccd1e0f71b7954b92d248e76fbd5734e683991e4409fd0a4e3ec0d13f13fafe41a35824c883c23a2ced28e19ac8659cc7297ef9e6f4a0c5a32dd1eb8c0e832ed929ac41a5f67c1aeeaa95aae9af57b230ba7753ca57783081910e59830c3ad1982499fcde5884bab2b451d026679a613a728d2128123fb76d0fb78944d099d81e86b81a16137633e15ed533401586c3fe773c93fcf2472ac73e41ecbb4c0393638891db14325d52ebe991e29bc976650924f34ffb45e25543d53c869a3cea0638f6fc188ee34a1ff07acb77226722bbfdffa6f04c56614797a8a4cce2abc53b764de
EAP-Message =
0x58cc7ef38ce7145532fde4d99063e60183e6a9e9405a92311403010001011603010030bc0ee785b2ff17529ace39c5a6c66ba168cfc082558510afdbcc3f5114014bbc66545699903692ff3b004ae50fc841b3
State = 0x1925f89c1cfff5e511765369958e0fff
Message-Authenticator = 0x1b3aea67ccedae9d41055d48e08deeca
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 218 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0852], Certificate
[tls] chain-depth=1,
[tls] error=0
[tls] --> User-Name = invaliduser1
[tls] --> BUF-Name = Example.net Certificate Authority
[tls] --> subject =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] chain-depth=0,
[tls] error=0
[tls] --> User-Name = invaliduser1
[tls] --> BUF-Name = andy(a)example.net
[tls] --> subject =
/C=US/ST=Virginia/O=Example.net/CN=andy@example.net/emailAddress=andy@example.net
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] TLS_accept: SSLv3 read client certificate A
[tls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[tls] TLS_accept: SSLv3 read client key exchange A
[tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
[tls] TLS_accept: SSLv3 read certificate verify A
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[tls] <<< TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 read finished A
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[tls] TLS_accept: SSLv3 write change cipher spec A
[tls] >>> TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 write finished A
[tls] TLS_accept: SSLv3 flush data
[tls] (other): SSL negotiation finished successfully
SSL Connection Established
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 76 to 192.168.183.110 port 55425
EAP-Message =
0x01db00450d800000003b1403010001011603010030327d72375b8df7a3e6ed4e0575b76d753a34c65a21ed33bcb3036e2b37006404c7356e779df933c9af852f525a6877d1
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x1925f89c1ffef5e511765369958e0fff
Finished request 6.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=77, length=168
User-Name = "invaliduser1"
NAS-Identifier = "openwrt"
NAS-Port = 1
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-17-F2-E7-39-C0"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02db00060d00
State = 0x1925f89c1ffef5e511765369958e0fff
Message-Authenticator = 0x532e5b192c2b3f42d94eca4f8f1b6322
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser1", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 219 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 77 to 192.168.183.110 port 55425
MS-MPPE-Recv-Key =
0xad6a9918758ca549457e3cb1635cebde2c308c218cd1ba3bb1fcb0e6222964f9
MS-MPPE-Send-Key =
0x2d9a175670e6428ae1c84bd869cac06f47b47703c29addc0f8fbbe4081ffe5e7
EAP-Message = 0x03db0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "invaliduser1"
Finished request 7.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 0 ID 70 with timestamp +46
Cleaning up request 1 ID 71 with timestamp +46
Cleaning up request 2 ID 72 with timestamp +46
Cleaning up request 3 ID 73 with timestamp +46
Cleaning up request 4 ID 74 with timestamp +46
Cleaning up request 5 ID 75 with timestamp +46
Cleaning up request 6 ID 76 with timestamp +46
Cleaning up request 7 ID 77 with timestamp +46
Ready to process requests.
^[[Brad_recv: Access-Request packet from host 192.168.183.110 port
55425, id=78, length=156
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0265000b01626f6f676572
Message-Authenticator = 0xcbeda4a2bb48dac1e14a1e77420b9ad3
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 101 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 78 to 192.168.183.110 port 55425
EAP-Message = 0x016600160410fab91c864c3e522df93d00b39b6c51bf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd89160cb8160f4a77ced516b61
Finished request 8.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=79, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02660006030d
State = 0x9106cfd89160cb8160f4a77ced516b61
Message-Authenticator = 0xcc79781441efd250c146b39492c1e6e8
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 102 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 79 to 192.168.183.110 port 55425
EAP-Message = 0x016700060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd89061c28160f4a77ced516b61
Finished request 9.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=80, length=278
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x026700730d0016030100680100006403014cf481b4d6922495a82e8d872689752cd335368ce1d573362881aef4ad676af700003600390038003500880087008400160013000a00330032002f0045004400410007000500040015001200090014001100080006000300ff020100000400230000
State = 0x9106cfd89061c28160f4a77ced516b61
Message-Authenticator = 0x3fb0727493ed1edbe0bae2c6c3dd0501
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 103 length 115
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0068], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0861], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[tls] TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a9], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 80 to 192.168.183.110 port 55425
EAP-Message =
0x016804000dc000000b55160301002a0200002603014cf481afc3b222e7c1332f8cc59549c4b063a8bf9077bbd1cde56575eafe36cb0000390116030108610b00085d00085a0003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974
EAP-Message =
0x79301e170d3130313132363037323333305a170d3131313132363037323333305a307b310b30090603550406130255533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574312530230603550403131c4565626c652e6e657420536572766572204365727469666963617465311e301c06092a864886f70d010901160f61646d696e406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100ab4afd83acd6fea4fce7bb07d045a43436798b06b2f2be86ab6f19386c5e7d536585255834652f9a40160c6d19947c5fd02148f127b1d6d58558e055a952
EAP-Message =
0xaaaaaeb915a8475944790f539aa2084dfcd4de24636182bf350426db1a04320019b47a8d32229c4f4d4f0039bf7c4840673502f1eaefe170447fc3a508944ea8cd2197867ddb4e8f3cf5cba3da5d10f4714f40f4b28e1f48805023bb26cd940e96a68a4dc2a73243321c0af06b9b5356162641a5099fc439255340c3c02df4433f88969ce4e6035d40db3a0b4f74d31ac421e2faeec27c6fc6385d91755c1c4ed458ff850d37d7e06e9f95e87a59a5d63b25e44d3e608f6802ee9ef42619251a13ef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010048267d769b012e4e35
EAP-Message =
0xee42366711bc376d503f76bd2da75c7a4040a07878b5bc5a1ad52e5e3e803b526cefeb61c58bb3db5041f4383377c39b5a72b0d35a0edde4fc3469abdaf0acb14920cc11ca1bf93e95089a627a1b99de8124c51a2dc7524e473e9333eda0aa213b11ecf188fcacbc20c2840beb0906e283d8e9025bbb2eb83ac816b2dcefe20edadddc2d5dfc171882bb8dde3f07a008fb4caa66e98a1c9ae3b452dee84971cfe892cfeab83846a60d9be8dfc0866ab93473c83541dd2d182076da789ec03128445292be43d0150e299e33030f45e4344a32ba4f6ed33a10e1e10f4a472649b92b2da7233986ed251adc2ea59764ef2187070e23a8743c0004ae308204
EAP-Message = 0xaa30820392a0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd8936ec28160f4a77ced516b61
Finished request 10.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=81, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x026800060d00
State = 0x9106cfd8936ec28160f4a77ced516b61
Message-Authenticator = 0x9a957e238e6c0098c09f429bab8a5cfb
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 104 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 81 to 192.168.183.110 port 55425
EAP-Message =
0x016904000dc000000b550097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e696131
EAP-Message =
0x1430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e888df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17f
EAP-Message =
0xd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe81e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111
EAP-Message =
0x300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a316f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef50
EAP-Message = 0x40cfcbdd5a55e31c0c9eb904
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd8926fc28160f4a77ced516b61
Finished request 11.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=82, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x026900060d00
State = 0x9106cfd8926fc28160f4a77ced516b61
Message-Authenticator = 0x6a6a344f5929ac78f2ed252a2870d7b2
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 105 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 82 to 192.168.183.110 port 55425
EAP-Message =
0x016a03730d8000000b55914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d160301020d0c0002090080ff1dbabee46297bf06de02f05ad815fdf518ce607e3dd1ff5c528dd383fd71430fc86fe3a57b4e2d8e6b2d017f89ff90d03477d409b591bde4502eee1aeb02
EAP-Message =
0x38c518226df76f43435eba774de8611277591c7cbc23913412d8067e5cd7ea38c53f314e3198473832c4f1737a0edb3a09d44f512c4b4131f3e1b5d6d91732691b0001020080a3f58451d5337dde0a183e126d86ee23158947536f4a7a89c279e5fec04915f6052292b9d57c8a0dbe8b3c8feee54217f6c8265da333535fe2b471651c33303cb12abcc1bb925f7d51e35780ba5bc9db2c9f25127abcdd1ad7b239e6fb5542c7bb1b5db0e28695d5e2ac3c84e65f0bd6095edb79a88f8ec2ab64957f34e65ad201007ac7cd7798bb5f7a7bdb90a0db030464d2d7f6e40e085790f1e405b6f627d55f7c70c5ae25951a718f1190462a4b7cbf822a7e7fea
EAP-Message =
0x0b918e8224b19c2782deda073f2a26af8e7c00c3f5d257f939f91cb7abd572e0e5eb97bdd82d29549d4b29051865d7f26d92984d226ded73e4838e542a00e3090841845ac4c50411726153c9cc7c90036d815c24b1118b1983dea8226823d9f9cb4ea15eaea198924265f56d32d612a2d819719c7fa6bd07f1c6a8f4624a9e1f6a51ba426e662726c0bc2bc881ac5290d6fdab5763b7cfd4de06955364ec5cb15a454fe78e8b6b4e24d06f18f8e31b0755ca9aeabb2fcb12eb6f9931b4b8284f0adeb8cfec4cfd979b6f2516030100a90d0000a105030401024000990097308194310b30090603550406130255533111300f0603550408130856697267
EAP-Message =
0x696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974790e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd8956cc28160f4a77ced516b61
Finished request 12.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=83, length=1483
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x026a051e0dc000000a2816030108520b00084e00084b000397308203933082027ba003020102020102300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037333533385a170d3131313132363037333533385a306c310b30090603550406130255
EAP-Message =
0x533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574311730150603550403140e616e6479406565626c652e6e6574311d301b06092a864886f70d010901160e616e6479406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b4023777541709e539867d3033954f764c3a207c352dba4ee043642002ed4df123cb5edbe0d7a35cf9c21c88cd4ea537f3f297d9be68cb7bcbc49fdbc6ed94745d1aa057fcf259ad7898a6eb1b123b277e55da4d877972f169d29b922bfedd8dab070dbe905d1437ef1c84e9c7be7fd9736882d153993e36aa498819
EAP-Message =
0x68e526722d720427a9b2cccece64fcae119806c9ae5a925f68c09d0df5fcd9ebc6e20040cb97dac3f44a32ade71f6cfc40f90ac4b64f2585d45fd6901b13b2ae12347460853c30dab72c88c4f0becccd393433e47037ecb61544cb38155bb8ce9f75a9e5a024b5e03139cacb74d47d4af87aa3b9781903b8b6976260c39fc83df288482f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038201010049c7d67a933fd63a42cf33f6adb61bdc203bc30007ed3dfa9da446a6c3e78bced49ae68d7fd3611a431e888a9144d196bf30f46ae1be3d673006bbb6e50d3191f6756b38506838
EAP-Message =
0xad445350dfa97ac88297b8f36979dea39a92c4add1e5f6050eb5af41f3c8702b682365719456074d7623c2a0bca5be7c86c65ad538d4e8c615dde70df4967e6ea2acc5e2e76dde0ca0f13c4a34eddc93615cc7eba93b75ea9c23a85f74f1240ee999c08416d080a36246deec5b552046232ad3470f042bbe1774bb386c84aaa3ddcd4dc38acd816de90983e5a44231e77ae4d641ea14d6e822bbf969852387230eef0e02b3f84916b2bd0ba4aa159a4cb7aeb542b8cf3bd8dd0004ae308204aa30820392a00302010202090097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f060355040813
EAP-Message =
0x0856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f6164
EAP-Message =
0x6d696e406565626c652e6e6574312830260603550403131f4565626c652e6e6574204365727469666963617465
State = 0x9106cfd8956cc28160f4a77ced516b61
Message-Authenticator = 0x7f9e18fbc6764ac5d67ed14f4b9af68f
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 106 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 2600
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 83 to 192.168.183.110 port 55425
EAP-Message = 0x016b00060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd8946dc28160f4a77ced516b61
Finished request 13.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=84, length=1479
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x026b051a0d0020417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e888df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17fd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0
EAP-Message =
0x031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe81e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e65743128302606035504
EAP-Message =
0x03131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a316f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef5040cfcbdd5a55e31c0c9eb904914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd
EAP-Message =
0x7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d1603010086100000820080b6a6fc11dae5b0d91c974b23f5776da3286d51dcc75025f7c365a81ee0549d08874f95a097f285ee3a3cce4fdb904f7b3185a82d3481ab460ced11dff2a41eeaaddd17a9244340ea3ff2528e0166cd881bba22eb4430c0912d549f812860cf3b63dbb074e8fc33725756ab1b2f710b3675f49e0ec8718bf1c58dd8638625cf1d16030101060f000102010065ff0cdee1f13a073180ed689e5b2f589463c9ec0e
EAP-Message =
0x61ebef4b3bc295e8dbc4c54e118053c49235e051480ab69237c3e50f1440072ebca811ae9e2f41435ae59b87a5032edaae224c416acdc06a9c0226244bb52fccd4d3eb3e9b565762923c7ccafd3d2f9140a705cd5aea3bae0a69b9e3acaf2f93aa68a9f7fb188068bd6e5ef5c3a60abf7bee8a2e6b59bb97ca7cb5ab2eefa0f94956920692c62930e794d5d97c33868b5f6a80b6e1c9732ff5cf42c4fa45e4a96d467b379149cabfd92645560ed128d3d2e295fbb7c1906cfe8497bcb266272e0f659038f9a32b98f6f3264983120b590a5e7ff75cffe1c0b1ea09e45e24536ce0990ecf42d99b2a9a1e8314030100010116030100309cc7400c95d751
EAP-Message =
0xf414988cf618ea3991159a7bcc648fb85a02c193b13b9b4171037012a120b2e36bf4f046a626235d30
State = 0x9106cfd8946dc28160f4a77ced516b61
Message-Authenticator = 0x5ffcc1fbcd380454fd25524389e7c6b3
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 107 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0852], Certificate
[tls] chain-depth=1,
[tls] error=0
[tls] --> User-Name = invaliduser2
[tls] --> BUF-Name = Example.net Certificate Authority
[tls] --> subject =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] chain-depth=0,
[tls] error=0
[tls] --> User-Name = invaliduser2
[tls] --> BUF-Name = andy(a)example.net
[tls] --> subject =
/C=US/ST=Virginia/O=Example.net/CN=andy@example.net/emailAddress=andy@example.net
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] TLS_accept: SSLv3 read client certificate A
[tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[tls] TLS_accept: SSLv3 read client key exchange A
[tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
[tls] TLS_accept: SSLv3 read certificate verify A
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[tls] <<< TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 read finished A
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[tls] TLS_accept: SSLv3 write change cipher spec A
[tls] >>> TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 write finished A
[tls] TLS_accept: SSLv3 flush data
[tls] (other): SSL negotiation finished successfully
SSL Connection Established
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 84 to 192.168.183.110 port 55425
EAP-Message =
0x016c00450d800000003b1403010001011603010030963977704c781d4f4d8f2aa3b335d363af8d81e6263bee6d1c02a09b7a0e47957e42cb94ecad93a231e257b94f0abcbd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9106cfd8976ac28160f4a77ced516b61
Finished request 14.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=85, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x026c00060d00
State = 0x9106cfd8976ac28160f4a77ced516b61
Message-Authenticator = 0x1a64cfaaa61f800e099a0432de248e44
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 108 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 85 to 192.168.183.110 port 55425
MS-MPPE-Recv-Key =
0x2d08d6053dd69463c00f28fa96253e6fef7ce1c25fcd636ac7801ea4b30f0c9e
MS-MPPE-Send-Key =
0x2436262b744f0612e2b44f856b7e3fa2569a1ee6e6dc68ff6eee62e13fedefb9
EAP-Message = 0x036c0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "invaliduser2"
Finished request 15.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=86, length=156
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02de000b01626f6f676572
Message-Authenticator = 0x9c78554a3a8b563535d0d903b0c89b00
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 222 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 86 to 192.168.183.110 port 55425
EAP-Message = 0x01df001604105ce2f52a06b4da9a957fd7800282dd99
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db2769dd2b6bf32cdba76f867f4ab
Finished request 16.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=87, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02df0006030d
State = 0x9d0db2769dd2b6bf32cdba76f867f4ab
Message-Authenticator = 0x417840b8fd464fb1b5c3de9d7fbab021
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 223 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/tls
[eap] processing type tls
[tls] Requiring client certificate
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 87 to 192.168.183.110 port 55425
EAP-Message = 0x01e000060d20
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db2769cedbfbf32cdba76f867f4ab
Finished request 17.
Going to the next request
Waking up in 0.5 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=88, length=278
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02e000730d0016030100680100006403014cf481b8c295486f451587fade5111838f65298e8700ee9b233d48421510c46000003600390038003500880087008400160013000a00330032002f0045004400410007000500040015001200090014001100080006000300ff020100000400230000
State = 0x9d0db2769cedbfbf32cdba76f867f4ab
Message-Authenticator = 0x8a9e14310b6e47c2c3de26023dae497c
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 224 length 115
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] (other): before/accept initialization
[tls] TLS_accept: before/accept initialization
[tls] <<< TLS 1.0 Handshake [length 0068], ClientHello
[tls] TLS_accept: SSLv3 read client hello A
[tls] >>> TLS 1.0 Handshake [length 002a], ServerHello
[tls] TLS_accept: SSLv3 write server hello A
[tls] >>> TLS 1.0 Handshake [length 0861], Certificate
[tls] TLS_accept: SSLv3 write certificate A
[tls] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange
[tls] TLS_accept: SSLv3 write key exchange A
[tls] >>> TLS 1.0 Handshake [length 00a9], CertificateRequest
[tls] TLS_accept: SSLv3 write certificate request A
[tls] TLS_accept: SSLv3 flush data
[tls] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 88 to 192.168.183.110 port 55425
EAP-Message =
0x01e104000dc000000b55160301002a0200002603014cf481b46e40ddcb8f677105b2abcbca4ea593ed6f3982f0b5f536ad4d045fe70000390116030108610b00085d00085a0003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974
EAP-Message =
0x79301e170d3130313132363037323333305a170d3131313132363037323333305a307b310b30090603550406130255533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574312530230603550403131c4565626c652e6e657420536572766572204365727469666963617465311e301c06092a864886f70d010901160f61646d696e406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100ab4afd83acd6fea4fce7bb07d045a43436798b06b2f2be86ab6f19386c5e7d536585255834652f9a40160c6d19947c5fd02148f127b1d6d58558e055a952
EAP-Message =
0xaaaaaeb915a8475944790f539aa2084dfcd4de24636182bf350426db1a04320019b47a8d32229c4f4d4f0039bf7c4840673502f1eaefe170447fc3a508944ea8cd2197867ddb4e8f3cf5cba3da5d10f4714f40f4b28e1f48805023bb26cd940e96a68a4dc2a73243321c0af06b9b5356162641a5099fc439255340c3c02df4433f88969ce4e6035d40db3a0b4f74d31ac421e2faeec27c6fc6385d91755c1c4ed458ff850d37d7e06e9f95e87a59a5d63b25e44d3e608f6802ee9ef42619251a13ef0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010048267d769b012e4e35
EAP-Message =
0xee42366711bc376d503f76bd2da75c7a4040a07878b5bc5a1ad52e5e3e803b526cefeb61c58bb3db5041f4383377c39b5a72b0d35a0edde4fc3469abdaf0acb14920cc11ca1bf93e95089a627a1b99de8124c51a2dc7524e473e9333eda0aa213b11ecf188fcacbc20c2840beb0906e283d8e9025bbb2eb83ac816b2dcefe20edadddc2d5dfc171882bb8dde3f07a008fb4caa66e98a1c9ae3b452dee84971cfe892cfeab83846a60d9be8dfc0866ab93473c83541dd2d182076da789ec03128445292be43d0150e299e33030f45e4344a32ba4f6ed33a10e1e10f4a472649b92b2da7233986ed251adc2ea59764ef2187070e23a8743c0004ae308204
EAP-Message = 0xaa30820392a0030201020209
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db2769fecbfbf32cdba76f867f4ab
Finished request 18.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=89, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02e100060d00
State = 0x9d0db2769fecbfbf32cdba76f867f4ab
Message-Authenticator = 0x3b7277d4745b9e98ca72f95ab5737f7e
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 225 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 89 to 192.168.183.110 port 55425
EAP-Message =
0x01e204000dc000000b550097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e696131
EAP-Message =
0x1430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e888df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17f
EAP-Message =
0xd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe81e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111
EAP-Message =
0x300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a316f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef50
EAP-Message = 0x40cfcbdd5a55e31c0c9eb904
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db2769eefbfbf32cdba76f867f4ab
Finished request 19.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=90, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02e200060d00
State = 0x9d0db2769eefbfbf32cdba76f867f4ab
Message-Authenticator = 0xf97c53a2038663a789e7316935e0a570
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 226 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake fragment handler
[tls] eaptls_verify returned 1
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 90 to 192.168.183.110 port 55425
EAP-Message =
0x01e303730d8000000b55914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d160301020d0c0002090080ff1dbabee46297bf06de02f05ad815fdf518ce607e3dd1ff5c528dd383fd71430fc86fe3a57b4e2d8e6b2d017f89ff90d03477d409b591bde4502eee1aeb02
EAP-Message =
0x38c518226df76f43435eba774de8611277591c7cbc23913412d8067e5cd7ea38c53f314e3198473832c4f1737a0edb3a09d44f512c4b4131f3e1b5d6d91732691b000102008045c25ccb2d5fcda4484bd4389895809c2e8bc4ea510ba6c61b2ac53cced54dee16374e3f77d57da1bdd8cad9097bc427581db803f46445b362993f9601bbb8f571de5b8b1874db5a14100f49bf541c82ad0edae92b1d6ff27494ec12872792f88edb19d2fa08d30908c857590b5ed85f6855b88ac7f5ac13bd71bf41a79426b101004c19fc04acceb057ee3b9a5c2083c2803841a17d7d8998feeb2b3966ce510fd9745bb0bfc40dfc00bc2841c0f84ef0360bc103135e
EAP-Message =
0x44c8c94508352176b28e83b5bc3db4e2295136fb775d0b48a0d5fe8a1908b26e698f1ac6af338af3acdb6b3b1925e6f0d149ea4da6b9f172ca702562877890f1ef8e551fc46edddf4101087298b9c2d2065e55289acc82102987b090606069b9d4da96c8c96f9b838d97c4a3c10354dadf2bc90873fba7b89213f4b33f19c89e325e842f3b2f2e0d4eae3f55d7693b4837279417914e2c300456d9a99eba20effbc1ac663e4a4bb90607a62ca30aff1fa9f30d7e745a88505b60ebdb5e6473e918051afe27c2990e1d973b16030100a90d0000a105030401024000990097308194310b30090603550406130255533111300f0603550408130856697267
EAP-Message =
0x696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f726974790e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db27699eebfbf32cdba76f867f4ab
Finished request 20.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=91, length=1483
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02e3051e0dc000000a2816030108520b00084e00084b000397308203933082027ba003020102020102300d06092a864886f70d0101040500308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037333533385a170d3131313132363037333533385a306c310b30090603550406130255
EAP-Message =
0x533111300f0603550408130856697267696e696131123010060355040a13094565626c652e6e6574311730150603550403140e616e6479406565626c652e6e6574311d301b06092a864886f70d010901160e616e6479406565626c652e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b4023777541709e539867d3033954f764c3a207c352dba4ee043642002ed4df123cb5edbe0d7a35cf9c21c88cd4ea537f3f297d9be68cb7bcbc49fdbc6ed94745d1aa057fcf259ad7898a6eb1b123b277e55da4d877972f169d29b922bfedd8dab070dbe905d1437ef1c84e9c7be7fd9736882d153993e36aa498819
EAP-Message =
0x68e526722d720427a9b2cccece64fcae119806c9ae5a925f68c09d0df5fcd9ebc6e20040cb97dac3f44a32ade71f6cfc40f90ac4b64f2585d45fd6901b13b2ae12347460853c30dab72c88c4f0becccd393433e47037ecb61544cb38155bb8ce9f75a9e5a024b5e03139cacb74d47d4af87aa3b9781903b8b6976260c39fc83df288482f0203010001a317301530130603551d25040c300a06082b06010505070302300d06092a864886f70d0101040500038201010049c7d67a933fd63a42cf33f6adb61bdc203bc30007ed3dfa9da446a6c3e78bced49ae68d7fd3611a431e888a9144d196bf30f46ae1be3d673006bbb6e50d3191f6756b38506838
EAP-Message =
0xad445350dfa97ac88297b8f36979dea39a92c4add1e5f6050eb5af41f3c8702b682365719456074d7623c2a0bca5be7c86c65ad538d4e8c615dde70df4967e6ea2acc5e2e76dde0ca0f13c4a34eddc93615cc7eba93b75ea9c23a85f74f1240ee999c08416d080a36246deec5b552046232ad3470f042bbe1774bb386c84aaa3ddcd4dc38acd816de90983e5a44231e77ae4d641ea14d6e822bbf969852387230eef0e02b3f84916b2bd0ba4aa159a4cb7aeb542b8cf3bd8dd0004ae308204aa30820392a00302010202090097852e5140914149300d06092a864886f70d0101050500308194310b30090603550406130255533111300f060355040813
EAP-Message =
0x0856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e6574312830260603550403131f4565626c652e6e657420436572746966696361746520417574686f72697479301e170d3130313132363037323333305a170d3230313132333037323333305a308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f6164
EAP-Message =
0x6d696e406565626c652e6e6574312830260603550403131f4565626c652e6e6574204365727469666963617465
State = 0x9d0db27699eebfbf32cdba76f867f4ab
Message-Authenticator = 0x30fdfb43685b57ab7bddfa43385223e6
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 227 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
TLS Length 2600
[tls] Received EAP-TLS First Fragment of the message
[tls] eaptls_verify returned 9
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 91 to 192.168.183.110 port 55425
EAP-Message = 0x01e400060d00
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db27698e9bfbf32cdba76f867f4ab
Finished request 21.
Going to the next request
Waking up in 0.4 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=92, length=1479
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02e4051a0d0020417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009a8f48c1dab2627525533672059ac65f037f7e96dca2744211718eda8e799239ada3486e9872eb0b811e888df90de8d5fc0837f5a146191528f1d1ff35adbad8a9b8928080363eb64a6ab03942480f48534902136d8c94b34e01d7e331ad215c11b35bb6990bafc17fd261890769bb00533729a6fcc0b5d4d18e08bf54b1d66127996136d9577f12a4513304da016917577afdf64b02cf91d0a39b3c451dce5a920c810b4d23bd34931bb03d156f8d7fe834536b9ae11bd62195b59177db765d9982b232369e5bd89b10f4a0
EAP-Message =
0x031ba2dbff86f672ac101a155d11ae07b904a4f74ffbb86f2524bc227167e41ca889fa9c56735a5665cfa5de0ad81b7ddaa0785d0203010001a381fc3081f9301d0603551d0e04160414a1454d2d4a35b362e6397fe81e7964fa6d2e9a9a3081c90603551d230481c13081be8014a1454d2d4a35b362e6397fe81e7964fa6d2e9a9aa1819aa48197308194310b30090603550406130255533111300f0603550408130856697267696e6961311430120603550407130b43656e74726576696c6c6531123010060355040a13094565626c652e6e6574311e301c06092a864886f70d010901160f61646d696e406565626c652e6e65743128302606035504
EAP-Message =
0x03131f4565626c652e6e657420436572746966696361746520417574686f7269747982090097852e5140914149300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a090448190a316f43d373decd0d9e53a75d10c17c49043984a6c492f8bf96d303796e7c4e4539c5c3d49ebbe972a9ca204067bbf9886462119bb1ce627ffb6fe9beb21a56dc152facef5040cfcbdd5a55e31c0c9eb904914f2148c7338774e1eb3f21449d3bbf86fe03d78f34a07df485fbff7dc3b305fadf41bfcbc41ec076c5c542b8f858008b3b3be00f858d2737331cf567c738692d8723ac6307cac62801513bf055cd6a9c726953195fbd
EAP-Message =
0x7dbcf9e0a44289e5f1eee447c9ce87570f77a7e8574bc1fff0a2dbf4f85b545d5b6fa0b4c96b5f8db94b42686f9fdc9b7daebd59d83ddbf5dd64e1ac041d4653a4a5175ce9079c27b4a60d4115166c619f3d1603010086100000820080ed1f82c9867a16a46cb828ce67569e8089fa292015add6108605ea65c4b1554f7b03010348b72c9a17540747297560723b4c115a40c201e125d39fe4f751885bef6072ed0712145558e2832085195599ae2f561e1b03ab2e487940ec879517aee794f152e57fc8edc9ba5e1fd9e01d5da21ce38361653a91a238c72c30ea2bf616030101060f000102010097aa1d029159d31e299046a532069c6fa27ad603af
EAP-Message =
0xbbc4a426ab9760c880d3f02266acbe7f1ad4315154f756f2991d5102055a26ec46662645be4d8345ce6b4d205527345e23742c0aa4b1856c022029b1366a047d3bb9a990774c066e955fe8abe2e07f5f1eae43e8b35e1e0bedc5e40ee6171ffaf30a3be80509da4d7d14523bf8f983bd70ceef55db745a4e4921a6e31a40024ce4bb980a91a425b298a8a11bce5927cebf9c42fe4bcfc9135027406153830d17aec39512f7361a69d9678bcd3cc612dd316a21abbc66b20d783c8c06eb0ae7f4bf350f43d12f0a53a8b645a5427685b4124c7a1a0aba8dd080baccf4348c532820142970aaee354abe4aea140301000101160301003032caee1780b846
EAP-Message =
0x4f130f80978d53109065f1989f1e9b08d533c103173afaa6ee21584832f318c702f65213964facd4e4
State = 0x9d0db27698e9bfbf32cdba76f867f4ab
Message-Authenticator = 0x0e8e533bf04c8f47d5f5da946752536b
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 228 length 253
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] eaptls_verify returned 7
[tls] Done initial handshake
[tls] <<< TLS 1.0 Handshake [length 0852], Certificate
[tls] chain-depth=1,
[tls] error=0
[tls] --> User-Name = invaliduser2
[tls] --> BUF-Name = Example.net Certificate Authority
[tls] --> subject =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] chain-depth=0,
[tls] error=0
[tls] --> User-Name = invaliduser2
[tls] --> BUF-Name = andy(a)example.net
[tls] --> subject =
/C=US/ST=Virginia/O=Example.net/CN=andy@example.net/emailAddress=andy@example.net
[tls] --> issuer =
/C=US/ST=Virginia/L=Centreville/O=Example.net/emailAddress=admin(a)example.net/CN=Example.net
Certificate Authority
[tls] --> verify return:1
[tls] TLS_accept: SSLv3 read client certificate A
[tls] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange
[tls] TLS_accept: SSLv3 read client key exchange A
[tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify
[tls] TLS_accept: SSLv3 read certificate verify A
[tls] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[tls] <<< TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 read finished A
[tls] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[tls] TLS_accept: SSLv3 write change cipher spec A
[tls] >>> TLS 1.0 Handshake [length 0010], Finished
[tls] TLS_accept: SSLv3 write finished A
[tls] TLS_accept: SSLv3 flush data
[tls] (other): SSL negotiation finished successfully
SSL Connection Established
[tls] eaptls_process returned 13
++[eap] returns handled
Sending Access-Challenge of id 92 to 192.168.183.110 port 55425
EAP-Message =
0x01e500450d800000003b1403010001011603010030be498792743bbd0dd2b9ac5f315cc590c4c89eefa413141655418f169cf411a0165c48f0f9da635b73b2fee915b73da9
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x9d0db2769be8bfbf32cdba76f867f4ab
Finished request 22.
Going to the next request
Waking up in 0.3 seconds.
rad_recv: Access-Request packet from host 192.168.183.110 port 55425,
id=93, length=169
User-Name = "invaliduser2"
NAS-Identifier = "openwrt"
NAS-Port = 2
Called-Station-Id = "00-18-F8-C1-66-46:testbed"
Calling-Station-Id = "00-1F-3A-49-EC-73"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x02e500060d00
State = 0x9d0db2769be8bfbf32cdba76f867f4ab
Message-Authenticator = 0x476057e77b2c0c0518242a8f101cc275
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "invaliduser2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 229 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/tls
[eap] processing type tls
[tls] Authenticate
[tls] processing EAP-TLS
[tls] Received TLS ACK
[tls] ACK handshake is finished
[tls] eaptls_verify returned 3
[tls] eaptls_process returned 3
[tls] Adding user data to cached session
[eap] Freeing handler
++[eap] returns ok
# Executing section post-auth from file
/etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 93 to 192.168.183.110 port 55425
MS-MPPE-Recv-Key =
0xbaf2429720d7a5b7d92ace08ca21d2b623a379f67f25b406a314df47b51da996
MS-MPPE-Send-Key =
0xad7b449fcfdc531ebc0c985bab1d25d8843bd0fba29b646bc7c49b97f31df4d7
EAP-Message = 0x03e50004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "invaliduser2"
Finished request 23.
Going to the next request
Waking up in 0.3 seconds.
Cleaning up request 8 ID 78 with timestamp +1040
Cleaning up request 9 ID 79 with timestamp +1040
Cleaning up request 10 ID 80 with timestamp +1040
Cleaning up request 11 ID 81 with timestamp +1040
Cleaning up request 12 ID 82 with timestamp +1040
Cleaning up request 13 ID 83 with timestamp +1041
Cleaning up request 14 ID 84 with timestamp +1041
Cleaning up request 15 ID 85 with timestamp +1041
Waking up in 4.1 seconds.
Cleaning up request 16 ID 86 with timestamp +1045
Cleaning up request 17 ID 87 with timestamp +1045
Cleaning up request 18 ID 88 with timestamp +1045
Cleaning up request 19 ID 89 with timestamp +1045
Cleaning up request 20 ID 90 with timestamp +1045
Cleaning up request 21 ID 91 with timestamp +1045
Cleaning up request 22 ID 92 with timestamp +1045
Cleaning up request 23 ID 93 with timestamp +1045
Ready to process requests.
3
5
Hi,
I'm trying to setup Dialup Admin to use HTTP authentication credentials to
connect to a mysql database. The HTTP authentication works, but the
PHP_AUTH_USER and PHP_AUTH_PW don't seem to be getting set, when trying to
connect to the DB I get "DEBUG(SQL,MYSQL DRIVER): Connect: User=,Password=
Could not connect to SQL database" (with SQL Debug enabled for Dialup Admin
and after setting "sql_use_http_credentials = yes" in my admin.conf).
This is with Apache2 2.2 and mod_php5 5.33. The mysql/functions.php3 file
is using the $HTTP_SERVER_VARS array, is that going to work with php5? Or
is there something else that I need to configure?
Thanks in advance!
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Dialup-Admin-and-HTTP-Authenticatio…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
1
1