Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
January 2012
- 110 participants
- 136 discussions
Hi,
Does anyone know if FreeRADIUS now supports Microsoft
PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in
Windows (not plain EAP-TLS, or PEAP/MS-CHAPv2, which both work
fine)? This post from 2007 (and FR 1.0.1) indicates that it didn't
work then, wondered if that's changed at all?
https://lists.freeradius.org/pipermail/freeradius-users/2007-April/msg00841…
For the reasons in that e-mail, I similarly don't care about using
it for auth, as EAP-TLS works fine. However, from the SoH
documentation, it needs either PEAP or DHCP to work. I haven't
ruled out DHCP yet, but it seems a lot tidier to do it in RADIUS
if possible, which in turn just leaves PEAP.
The 'normal' PEAP with MS-CHAPv2 works fine giving the SoH
details, but has to be "user authentication" on the client.
EAP-TLS works fine presenting the certificate to connect to the
network (Microsoft's so-called "computer auth"), but doesn't, as
far as I can tell, do SoH.
Is it actually possible to do SoH with certificate-based
authentication, or do I have to look towards DHCP for this?
I'm using a very custom config at the moment (on the latest v2.1.x
branch), and having tried all sorts can't get it to play. I'll
probably try working from the default config later just in case
I've missed something blindingly obvious, but if anyone could
confirm if the above post is still true or there is no other way
to do it then it will save me a lot of time trying! :)
Cheers,
Matthew
(Wishing Microsoft would bother to support a few additional
options in their built-in supplicant, rather than just the couple
of odd combinations that they want.)
--
Matthew Newton, Ph.D. <mcn4(a)le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp(a)le.ac.uk>
3
3
One of the annoying features of Blackberry devices is that the descriptions of the same CA certificate varies from device to device. Some devices, like my Storm2, seem to validate the CA even when that checkbox is selected. Since there are lots of CAs installed on Blackberry phones, setting up EAP can take a while as you go through the several certs which match your CA.
"Palmer J.D.F." <J.D.F.Palmer(a)swansea.ac.uk> wrote:
>We have endless amounts of trouble connecting Blackberrys, they are
>hateful things.
>Some devices will use the certificate, some won't connect unless cert
>validation is disabled. Some don't have the option to disable cert
>checking, and some won't connect at all.
>For a essentially single vendor device they have the most varied and
>random configuration idiosyncrasies between devices, even of the same
>model. Due to this variance we no longer try to offer online support for
>them, users are asked to bring them in to be looked at (and hacked at)
>to connect them.
>
>But yes, if possible you want to be enforcing cert validation, but in
>practice it's not always possible.
>
>> -----Original Message-----
>> From: freeradius-users-
>> bounces+j.d.f.palmer=swansea.ac.uk(a)lists.freeradius.org
>> [mailto:freeradius-users-
>> bounces+j.d.f.palmer=swansea.ac.uk(a)lists.freeradius.org] On Behalf Of
>> Garber, Neal
>> Sent: 20 January 2012 11:13
>> To: 'FreeRadius users mailing list'
>> Subject: RE: Blackberry disabled server certificates query
>>
>> > if you leave the box unchecked "disable server certificate
>> validation"
>> > then the blackberry connects fine if you uncheck connection fails
>> > "failed to connect".
>>
>> You wrote, "...if you leave it unchecked... (it)... connects fine if
>> you uncheck (it the) connection fails"???
>>
>> Did you mean to say "if you leave it *checked* it connects fine"?? If
>> so, checking the box is telling your Blackberry NOT to validate the
>> RADIUS server's certificate. If you don't validate the certificate,
>> there's a risk that you could be passing your credentials to an
>> untrusted RADIUS server (if someone impersonates your wireless network
>> name).
>>
>> Best practice, for RADIUS, is to use a cert generated from a private
>CA
>> that you control, or at least trust. In this case, you would need to
>> configure your Blackberry's to validate that the certificate is signed
>> by the CA you expect (which means they would need the CA's cert
>> installed - I assume this is possible with Blackberry's, but I don't
>> own one and I don't know how difficult it is to distribute a cert to
>> the Blackberry's or how many you have).
>>
>> You need to decide whether to accept the risk or not.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
1
0
'Logout for NAS CP port 76, but no Login record' && 'Login entry for NAS CP port 76 wrong order' Error
by Zlyzwy 20 Jan '12
by Zlyzwy 20 Jan '12
20 Jan '12
Hi all,
I am newbie to FreeRadius. Now I am trying to set up a Hotspot with
PFsense (FreeRadius + MySQL + Captive Portal).
(pfSense is a free, open source customized distribution of FreeBSD
tailored for use as a firewall and router.FreeRadius is a package of it.
see more information on their website: http://www.pfsense.org/)
Basically the Hotspot is working properly, FreeRadius is doing the auth
and writing the log to MySQL.
There is one client running VMware Workstaion inside wiondow2003. And a
virtual Debian is running in VM. Debian's network is bridged on host.I
am receiving the error log:
==================================
Jan 20 11:15:07 radiusd[55144]:rlm_radutmp: Logout for NAS CP port 76,
but no Login record
Jan 20 11:15:07 radiusd[55144]: rlm_radutmp: Logout for NAS CP port 76,
but no Login record
Jan 20 11:14:06 radiusd[55144]: rlm_radutmp: Login entry for NAS CP
port 76 wrong order
Jan 20 11:14:06 radiusd[55144]: rlm_radutmp: Login entry for NAS CP
port 76 wrong order
==================================
And the situation is, for VM_Debian and win2003, ONLY ONE can access
the Internet.
Does anyone have any idea why it will happen? or you have the same
experience using VM like this?
Any reply will be appreciated.
The following is my Radiusd -X
==================================
# radiusd -X
FreeRADIUS Version 2.1.12, for host i386-portbld-freebsd8.1, built on
Jan 3 2012 at 23:44:16
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/cui
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file
/usr/local/etc/raddb/modules/dynamic_clients
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ntlm_auth
including configuration file /usr/local/etc/raddb/modules/opendirectory
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/redis
including configuration file /usr/local/etc/raddb/modules/rediswho
including configuration file /usr/local/etc/raddb/modules/replicate
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/soh
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file
/usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
main {
allow_core_dumps = no
}
including dictionary file /usr/local/etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr/local"
localstatedir = "/var"
sbindir = "/usr/local/sbin"
logdir = "/var/log"
run_dir = "/var/run"
libdir = "/usr/local/lib/freeradius-2.1.12"
radacctdir = "/var/log/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
client CP {
ipaddr = 192.168.1.1
require_message_authenticator = no
secret = "0814335e"
shortname = "CP"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file
/usr/local/etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file
/usr/local/etc/raddb/modules/expr
Module: Linked to module rlm_counter
Module: Instantiating module "daily" from file
/usr/local/etc/raddb/modules/counter
counter daily {
filename = "/usr/local/etc/raddb/db.daily"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Session-Time"
counter-name = "Daily-Session-Time"
check-name = "Max-Daily-Session"
reply-name = "Session-Timeout"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Session-Time is number 11273
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327075200 [2012-01-21 00:00:00]
Module: Instantiating module "weekly" from file
/usr/local/etc/raddb/modules/counter
counter weekly {
filename = "/usr/local/etc/raddb/db.weekly"
key = "User-Name"
reset = "weekly"
count-attribute = "Acct-Session-Time"
counter-name = "Weekly-Session-Time"
check-name = "Max-Weekly-Session"
reply-name = "Session-Timeout"
cache-size = 5000
}
rlm_counter: Counter attribute Weekly-Session-Time is number 11275
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327161600 [2012-01-22 00:00:00]
Module: Instantiating module "monthly" from file
/usr/local/etc/raddb/modules/counter
counter monthly {
filename = "/usr/local/etc/raddb/db.monthly"
key = "User-Name"
reset = "monthly"
count-attribute = "Acct-Session-Time"
counter-name = "Monthly-Session-Time"
check-name = "Max-Monthly-Session"
reply-name = "Session-Timeout"
cache-size = 5000
}
rlm_counter: Counter attribute Monthly-Session-Time is number 11277
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1328025600 [2012-02-01 00:00:00]
Module: Instantiating module "forever" from file
/usr/local/etc/raddb/modules/counter
counter forever {
filename = "/usr/local/etc/raddb/db.forever"
key = "User-Name"
reset = "never"
count-attribute = "Acct-Session-Time"
counter-name = "Forever-Session-Time"
check-name = "Max-Forever-Session"
reply-name = "Session-Timeout"
cache-size = 5000
}
rlm_counter: Counter attribute Forever-Session-Time is number 11279
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
0 [2012-01-20 10:00:00]
Module: Instantiating module "maxdailyupload" from file
/usr/local/etc/raddb/modules/counter
counter maxdailyupload {
filename = "/usr/local/etc/raddb/db.maxdailyupload"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Input-Octets"
counter-name = "Daily-Input-Octets"
check-name = "Max-Daily-Input"
reply-name = "Acct-Input-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Input-Octets is number 11281
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327075200 [2012-01-21 00:00:00]
Module: Instantiating module "maxdailydownload" from file
/usr/local/etc/raddb/modules/counter
counter maxdailydownload {
filename = "/usr/local/etc/raddb/db.maxdailydownload"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Output-Octets"
counter-name = "Daily-Output-Octets"
check-name = "Max-Daily-Output"
reply-name = "Acct-Output-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Output-Octets is number 11283
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327075200 [2012-01-21 00:00:00]
Module: Instantiating module "maxweeklyupload" from file
/usr/local/etc/raddb/modules/counter
counter maxweeklyupload {
filename = "/usr/local/etc/raddb/db.maxweeklyupload"
key = "User-Name"
reset = "weekly"
count-attribute = "Acct-Input-Octets"
counter-name = "Weekly-Input-Octets"
check-name = "Max-Weekly-Input"
reply-name = "Acct-Input-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Weekly-Input-Octets is number 11285
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327161600 [2012-01-22 00:00:00]
Module: Instantiating module "maxweeklydownload" from file
/usr/local/etc/raddb/modules/counter
counter maxweeklydownload {
filename = "/usr/local/etc/raddb/db.maxweeklydownload"
key = "User-Name"
reset = "weekly"
count-attribute = "Acct-Output-Octets"
counter-name = "Weekly-Output-Octets"
check-name = "Max-Weekly-Output"
reply-name = "Acct-Output-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Weekly-Output-Octets is number 11287
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1327161600 [2012-01-22 00:00:00]
Module: Instantiating module "maxmonthlyupload" from file
/usr/local/etc/raddb/modules/counter
counter maxmonthlyupload {
filename = "/usr/local/etc/raddb/db.maxmonthlyupload"
key = "User-Name"
reset = "monthly"
count-attribute = "Acct-Input-Octets"
counter-name = "Monthly-Input-Octets"
check-name = "Max-Monthly-Input"
reply-name = "Acct-Input-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Monthly-Input-Octets is number 11289
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1328025600 [2012-02-01 00:00:00]
Module: Instantiating module "maxmonthlydownload" from file
/usr/local/etc/raddb/modules/counter
counter maxmonthlydownload {
filename = "/usr/local/etc/raddb/db.maxmonthlydownload"
key = "User-Name"
reset = "monthly"
count-attribute = "Acct-Output-Octets"
counter-name = "Monthly-Output-Octets"
check-name = "Max-Monthly-Output"
reply-name = "Acct-Output-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Monthly-Output-Octets is number 11291
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
1328025600 [2012-02-01 00:00:00]
Module: Instantiating module "maxupload" from file
/usr/local/etc/raddb/modules/counter
counter maxupload {
filename = "/usr/local/etc/raddb/db.maxforeverupload"
key = "User-Name"
reset = "never"
count-attribute = "Acct-Input-Octets"
counter-name = "Forever-Input-Octets"
check-name = "Max-Forever-Input"
reply-name = "Acct-Input-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Forever-Input-Octets is number 11293
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
0 [2012-01-20 10:00:00]
Module: Instantiating module "maxdownload" from file
/usr/local/etc/raddb/modules/counter
counter maxdownload {
filename = "/usr/local/etc/raddb/db.maxforeverdownload"
key = "User-Name"
reset = "never"
count-attribute = "Acct-Output-Octets"
counter-name = "Forever-Output-Octets"
check-name = "Max-Forever-Output"
reply-name = "Acct-Output-Octets"
cache-size = 5000
}
rlm_counter: Counter attribute Forever-Output-Octets is number 11295
rlm_counter: Current Time: 1327027970 [2012-01-20 10:52:50], Next reset
0 [2012-01-20 10:00:00]
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/usr/local/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/usr/local/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan
"
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Creating Auth-Type = digest
Module: Creating Autz-Type = Status-Server
Module: Creating Acct-Type = Status-Server
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file
/usr/local/etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file
/usr/local/etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/usr/local/etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
allow_retry = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file
/usr/local/etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file
/usr/local/etc/raddb/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/usr/local/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
ecdh_curve = "prime256v1"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = no
url = "http://127.0.0.1/ocsp/"
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = yes
}
Module: Instantiating module "ntdomain" from file
/usr/local/etc/raddb/modules/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = yes
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Linked to module rlm_sql
Module: Instantiating module "sql" from file
/usr/local/etc/raddb/sql.conf
sql {
driver = "rlm_sql_mysql"
server = "192.168.1.25"
port = "3306"
login = "radius"
password = "0814335e"
radius_db = "radius"
read_groups = yes
sqltrace = no
sqltracefile = "/var/log/sqltrace.sql"
readclients = yes
deletestalesessions = yes
num_sql_socks = 5
lifetime = 0
max_queries = 0
sql_user_name = "%{User-Name}"
default_user_profile = ""
nas_query = "SELECT id, nasname, shortname, type, secret,
server FROM nas"
authorize_check_query = "SELECT id, username, attribute, value,
op FROM radcheck WHERE username = '%{SQL-User-Name}'
ORDER BY id"
authorize_reply_query = "SELECT id, username, attribute, value,
op FROM radreply WHERE username = '%{SQL-User-Name}'
ORDER BY id"
authorize_group_check_query = "SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE
groupname = '%{Sql-Group}' ORDER BY id"
authorize_group_reply_query = "SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE
groupname = '%{Sql-Group}' ORDER BY id"
accounting_onoff_query = " UPDATE radacct
SET acctstoptime = '%S',
acctsessiontime = unix_timestamp('%S') -
unix_timestamp(acctstarttime), acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
%{%{Acct-Delay-Time}:-0} WHERE acctstoptime IS NULL
AND nasipaddress = '%{NAS-IP-Address}' AND acctstarttime
<= '%S'"
accounting_update_query = " UPDATE radacct
SET framedipaddress = '%{Framed-IP-Address}',
acctsessiontime = '%{Acct-Session-Time}',
acctinputoctets = '%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',
acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}' WHERE
acctsessionid = '%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'"
accounting_update_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username,
realm, nasipaddress, nasportid,
nasporttype, acctstarttime, acctsessiontime,
acctauthentic, connectinfo_start, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} +
%{%{Acct-Delay-Time}:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',
'0', '%{X-Ascend-Session-Svr-Key}')"
accounting_start_query = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype,
acctstarttime, acctstoptime, acctsessiontime,
acctauthentic, connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay, xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0',
'%{X-Ascend-Session-Svr-Key}')"
accounting_start_query_alt = " UPDATE radacct SET
acctstarttime = '%S', acctstartdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_start =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND
nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query = " UPDATE radacct SET
acctstoptime = '%S', acctsessiontime =
'%{Acct-Session-Time}', acctinputoctets =
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}'
AND username = '%{SQL-User-Name}' AND
nasipaddress = '%{NAS-IP-Address}'"
accounting_stop_query_alt = " INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay)
VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}' << 32 |
'%{%{Acct-Input-Octets}:-0}',
'%{%{Acct-Output-Gigawords}:-0}' << 32 |
'%{%{Acct-Output-Octets}:-0}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'0', '%{%{Acct-Delay-Time}:-0}')"
group_membership_query = "SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}'
ORDER BY priority"
connect_failure_retry_delay = 60
simul_count_query = ""
simul_verify_query = "SELECT radacctid, acctsessionid,
username, nasipaddress, nasportid,
framedipaddress, callingstationid,
framedprotocol FROM radacct
WHERE username = '%{SQL-User-Name}'
AND acctstoptime IS NULL"
postauth_query = "INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S')"
safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
}
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to radius@192.168.1.25:3306/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): Processing generate_sql_clients
rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname,
shortname, type, secret, server FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
Module: Linked to module rlm_checkval
Module: Instantiating module "checkval" from file
/usr/local/etc/raddb/modules/checkval
checkval {
item-name = "Calling-Station-Id"
check-name = "Calling-Station-Id"
data-type = "string"
notfound-reject = no
}
rlm_checkval: Registered name Calling-Station-Id for attribute 31
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/usr/local/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/var/log/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "attr_filter.pre-proxy" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/usr/local/etc/raddb/attrs.pre-proxy"
key = "%{Realm}"
relaxed = no
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "attr_filter.post-proxy" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/usr/local/etc/raddb/attrs"
key = "%{Realm}"
relaxed = no
}
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.1.1
port = 1812
}
listen {
type = "acct"
ipaddr = 192.168.1.1
port = 1813
}
listen {
type = "proxy"
ipaddr = 192.168.1.1
port = 1814
}
Listening on authentication address 192.168.1.1 port 1812
Listening on accounting address 192.168.1.1 port 1813
Listening on proxy address 192.168.1.1 port 1814
Ready to process requests.
==================================
Thanks for any reply in advance!!
Zlyzwy
2
1
Hi everyone,
Is there a way to run a module only during the first EAP-TLS handshake?
for example:
authorize {
preprocess
if (??? == ???) {
echo
}
...
}
I simply want the 'echo' module to run once during thr first auth.
The reason being the 'echo' module may return an OK or a reject. But in
the event of the 'echo' module returns ok, I don't want it to stress the
module by running it multiple times during the complete TLS handshake.
please advise.
Thanks,
Victor
2
1
How to return Filter-ID attribute value for the users in Active Directory?
by suggestme IT 19 Jan '12
by suggestme IT 19 Jan '12
19 Jan '12
Hi,
I am able to do authentication and authorization of the users that are in Active Directory after FreeRadius and Active Directory integration. I am now testing in real test environment with Enterasys product (Switch) in which Policy manager is already configured to assign different roles to different users. Depending upon the Filter-ID attribute value returned by FreeRadius, Enterasys switch decides what role can be assigned to the user. In my understanding I know there is the way to achieve this goal if we have Ldap-Group so that we can use as:
DEFAULT Ldap-Group == "Staff"
Filter-ID := "Enterasys:version=1:policy=staff",
Fall-Through = No
But, How to do same like this for the users in Active Directory; How to return the Filter-ID attribute value if there is no group configured in Active Directory; there is just users listings who can be authenticated and authorized using the passwords provided.
The main point is: I don't have any Group configured as Ldap-Group for staff or admin or for different types of users in Active Directory.
I would really appreciate if someone can give me the idea on this.
Thanks,
4
7
On Jan 19, 2012, at 11:00 AM, freeradius-users-request(a)lists.freeradius.org wrote:
>
> Message: 1
> Date: Thu, 19 Jan 2012 08:58:39 +0000
> From: Phil Mayers <p.mayers(a)imperial.ac.uk>
> Subject: Re: eduroam working ok, except for EAP
> To: freeradius-users(a)lists.freeradius.org
> Message-ID: <4F17DB3F.7040403(a)imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 01/19/2012 12:46 AM, Rui Ribeiro wrote:
>> Hi list,
>>
>> I have freeradius working in a EDUROAM federation, all PEAP-MSCHAPv2
>> and TTLS-EAP working locally, however when roaming to the federation,
>> PEAP-MSCHAPv2 fails categorically and only TTLS-EAP works with
>> success.
>
> This is exactly the same question you asked the other day, and I answered.
>
> Did you read my answer? Do you think it's no correct?
>
Hi Phil,
I have receveid the digest *after* I have sent this other one; had I seen it earlier it would have saved me of a couple of hour of work, in fact.
Thank for the reply.
Rui
1
0
Hi list,
I have freeradius working in a EDUROAM federation, all PEAP-MSCHAPv2
and TTLS-EAP working locally, however when roaming to the federation,
PEAP-MSCHAPv2 fails categorically and only TTLS-EAP works with
success.
eapol_test fails with WARNING: PMK mismatch
Any ideas, please?
Rui
freeradius -X
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14
2010 at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/f_ticks
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/status
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 256000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 0
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 2
default_fallback = no
dead_time = 0
wake_all_if_all_dead = no
}
realm iscte.pt {
}
realm teste.iscte.pt {
}
realm ~.*\.iscte\.intranet {
}
realm ~.*\.iul\.intra {
}
realm ~.*\.iscte\.pt {
}
realm NULL {
}
realm DEFAULT {
nostrip
ldflag = round_robin
authhost = 193.136.192.43:1812
accthost = 193.136.192.43:1813
secret = xxxxxxxx
}
realm DEFAULT {
ldflag = round_robin
authhost = 193.136.192.44:1812
accthost = 193.136.192.44:1813
secret = xxxxxxxxx
} # realm DEFAULT
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxx"
nastype = "other"
}
client 193.136.188.36 {
ipaddr = 193.136.188.36
netmask = 32
require_message_authenticator = no
secret = "xxxxxxxxx"
nastype = "other"
}
client 10.10.66.18/32 {
ipaddr = 10.10.66.18
netmask = 32
require_message_authenticator = no
secret = "wdsiscte"
shortname = "nut"
nastype = "other"
}
client 10.10.65.0/24 {
require_message_authenticator = no
secret = "xxx"
shortname = "rede1_aps"
nastype = "cisco"
}
client 10.10.66.0/24 {
require_message_authenticator = no
secret = "xxxxxxxx"
shortname = "rede2_aps"
nastype = "cisco"
}
client 10.10.32.35/32 {
require_message_authenticator = no
secret = "xxxxxxx"
shortname = "syslog"
nastype = "other"
}
client 193.136.192.43 {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "proxyNacional1"
nastype = "other"
}
client 193.136.192.44 {
require_message_authenticator = no
secret = "xxxxxxxx"
shortname = "proxyNacional2"
nastype = "other"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server status { # from file /etc/freeradius/sites-enabled/status
modules {
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/freeradius/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
} # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{User-Name:-None}}
--challenge=%{mschap:Challenge:-00} --domain=IUL
--nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "mschap"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "isctexcert"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
make_cert_command = "/etc/freeradius/certs/bootstrap"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
[/etc/freeradius/users]:36 WARNING! Changing 'Reply-Message =' to
'Reply-Message ==' for comparing RADIUS attribute in check item list
for user DEFAULT
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking pre-proxy {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "pre_proxy_log" from file
/etc/freeradius/modules/detail.log
detail pre_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "reply_log" from file
/etc/freeradius/modules/detail.log
detail reply_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating module "auth_log" from file
/etc/freeradius/modules/detail.log
detail auth_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_counter
Module: Instantiating module "daily" from file /etc/freeradius/modules/counter
counter daily {
filename = "/etc/freeradius/db.daily"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Session-Time"
counter-name = "Daily-Session-Time"
check-name = "Max-Daily-Session"
reply-name = "Session-Timeout"
allowed-servicetype = "Framed-User"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Session-Time is number 11273
rlm_counter: Current Time: 1326933518 [2012-01-19 00:38:38], Next
reset 1327017600 [2012-01-20 00:00:00]
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Instantiating module "sradutmp" from file
/etc/freeradius/modules/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 420
callerid = no
}
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "attr_filter.pre-proxy" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/etc/freeradius/attrs.pre-proxy"
key = "%{Realm}"
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "post_proxy_log" from file
/etc/freeradius/modules/detail.log
detail post_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.post-proxy" from file
/etc/freeradius/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/etc/freeradius/attrs"
key = "%{Realm}"
}
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_linelog
Module: Instantiating module "f_ticks" from file
/etc/freeradius/modules/f_ticks
linelog f_ticks {
filename = "syslog"
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "acct"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "status"
ipaddr = *
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxxxx"
}
client admin2 {
ipaddr = 193.136.188.36
require_message_authenticator = no
secret = "xxxxxxxxx"
}
client syslog {
ipaddr = 10.10.32.35
require_message_authenticator = no
secret = "xxxxxxxxx"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 1812
}
listen {
type = "acct"
ipaddr = 127.0.0.1
port = 1813
}
Listening on authentication address 193.136.188.36 port 1812
Listening on accounting interface eth0 address 193.136.188.36 port 1813
Listening on status address * port 18120 as server status
Listening on authentication address 127.0.0.1 port 1812 as server inner-tunnel
Listening on accounting address 127.0.0.1 port 1813 as server inner-tunnel
Listening on proxy address 193.136.188.36 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=0, length=144
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0xb378f4c98f61f52c1f2d4b8e082faf8a
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 11 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 0 to home server 193.136.192.43 port 1812
Sending Access-Request of id 11 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812,
id=11, length=49
EAP-Message = 0x010100061921
Message-Authenticator = 0x0c5de835cf089be1f659f1086a645eea
Proxy-State = 0x30
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 0 to 10.10.32.35 port 54698
EAP-Message = 0x010100061921
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=1, length=222
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f176610df0229e267ffe1c5836f1caf144fef291958cace7536caa945b100de00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x8b1eebe285cde02120a86afaa0121199
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 152 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020100651901160301005a0100005603014f176610df0229e267ffe1c5836f1caf144fef291958cace7536caa945b100de00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Proxying request 1 to home server 193.136.192.44 port 1812
Sending Access-Request of id 152 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020100651901160301005a0100005603014f176610df0229e267ffe1c5836f1caf144fef291958cace7536caa945b100de00002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812,
id=152, length=1059
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f1766100a5cca8828dd07fd8c05f3c33a6a52b6e10d1707dbdf621a39b799a02084471ff4c4f04f6c0c4c1bf2fa2e9479ffa6c41501a2e27407dfa5e36b834bd3003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0x9107528c5865d65b3e530d7f8a30c6b0
Proxy-State = 0x31
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 1 to 10.10.32.35 port 54698
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f1766100a5cca8828dd07fd8c05f3c33a6a52b6e10d1707dbdf621a39b799a02084471ff4c4f04f6c0c4c1bf2fa2e9479ffa6c41501a2e27407dfa5e36b834bd3003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=2, length=127
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0xb3a708c8077b9af3c3a3ec432f954334
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 82 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Proxying request 2 to home server 193.136.192.43 port 1812
Sending Access-Request of id 82 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812,
id=82, length=712
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0x3586ca38fba28faa29b3258f9167fa98
Proxy-State = 0x32
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 2 to 10.10.32.35 port 54698
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=3, length=455
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c190116030101061000010201000d53c1f5bbd701b2401967c46aca7d1328d4fb8789a4d185c0075099020cc3201d476a61f3ed688b7ecd12120462fbc7c60d4ef89e44320092845176984a44b4111894c7d19807ec2b6d101e9f73510fb08674449d988fd14776e96057170d258b549ba9cbd0c0259daa8b451e9290821243c50f4479fd05dfa06d991acf4ca97a8456339d3fe249fc126f6ad9b69a896e463b678eebee1b3b734d1bdff574cd5eac102185d15d7d5acb290f9adbaf8f5611a2bd0e9efc59aec2593c1961c453e114cdd10ef61070f1e6d1d97d858f4023e213ad4533504ed39678f58d4ec71709b4eb8b89b1bbfcdef21f19
EAP-Message = 0x882e99cf4dcbd8a1e423ff26c727e496f0eaae6e1403010001011603010030b0a10953547cd6d5abdd0494bc58bb41cc2dedcd940bb07753b0448440b7147a59359686a34c3327fac137ab46459474
Message-Authenticator = 0xdeba7e496bff31e141133bc7358a056c
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 247 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x0203014c190116030101061000010201000d53c1f5bbd701b2401967c46aca7d1328d4fb8789a4d185c0075099020cc3201d476a61f3ed688b7ecd12120462fbc7c60d4ef89e44320092845176984a44b4111894c7d19807ec2b6d101e9f73510fb08674449d988fd14776e96057170d258b549ba9cbd0c0259daa8b451e9290821243c50f4479fd05dfa06d991acf4ca97a8456339d3fe249fc126f6ad9b69a896e463b678eebee1b3b734d1bdff574cd5eac102185d15d7d5acb290f9adbaf8f5611a2bd0e9efc59aec2593c1961c453e114cdd10ef61070f1e6d1d97d858f4023e213ad4533504ed39678f58d4ec71709b4eb8b89b1bbfcdef21f19
EAP-Message = 0x882e99cf4dcbd8a1e423ff26c727e496f0eaae6e1403010001011603010030b0a10953547cd6d5abdd0494bc58bb41cc2dedcd940bb07753b0448440b7147a59359686a34c3327fac137ab46459474
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Proxying request 3 to home server 193.136.192.43 port 1812
Sending Access-Request of id 247 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x0203014c190116030101061000010201000d53c1f5bbd701b2401967c46aca7d1328d4fb8789a4d185c0075099020cc3201d476a61f3ed688b7ecd12120462fbc7c60d4ef89e44320092845176984a44b4111894c7d19807ec2b6d101e9f73510fb08674449d988fd14776e96057170d258b549ba9cbd0c0259daa8b451e9290821243c50f4479fd05dfa06d991acf4ca97a8456339d3fe249fc126f6ad9b69a896e463b678eebee1b3b734d1bdff574cd5eac102185d15d7d5acb290f9adbaf8f5611a2bd0e9efc59aec2593c1961c453e114cdd10ef61070f1e6d1d97d858f4023e213ad4533504ed39678f58d4ec71709b4eb8b89b1bbfcdef21f19
EAP-Message = 0x882e99cf4dcbd8a1e423ff26c727e496f0eaae6e1403010001011603010030b0a10953547cd6d5abdd0494bc58bb41cc2dedcd940bb07753b0448440b7147a59359686a34c3327fac137ab46459474
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812,
id=247, length=112
EAP-Message = 0x0104004519810000003b1403010001011603010030f6250ffe4af8eb309670c5b5dc4fac567ca0e4e1afe64e0d04ec35d2e87fdfce0ab291bc69225e1737ce03bdd25e4961
Message-Authenticator = 0x94cd6d3a20a4e5f09fa252f8533ca7ce
Proxy-State = 0x33
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:40 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 3 to 10.10.32.35 port 54698
EAP-Message = 0x0104004519810000003b1403010001011603010030f6250ffe4af8eb309670c5b5dc4fac567ca0e4e1afe64e0d04ec35d2e87fdfce0ab291bc69225e1737ce03bdd25e4961
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=4, length=127
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0xcf8dda9c719ed938c22d5945a4ef5d14
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 84 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Proxying request 4 to home server 193.136.192.43 port 1812
Sending Access-Request of id 84 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812,
id=84, length=86
EAP-Message = 0x0105002b19011703010020210be414821859dded4b7d1093af406a8ee2e32f20ae59da7a43cf56fe1d6364
Message-Authenticator = 0x2527e9037a2ca28c60035fe55af2035d
Proxy-State = 0x34
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 4 to 10.10.32.35 port 54698
EAP-Message = 0x0105002b19011703010020210be414821859dded4b7d1093af406a8ee2e32f20ae59da7a43cf56fe1d6364
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=5, length=217
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100203dea7ea4a4dfa23bb763bfe8adfbd8bb5c6207daa4eb29fd32ec28d6244ad5d51703010030ae10e31e9f14ce15b57a6f127bdc753c2ea9dbe23091ddbaa9f06f3bc4fa25520039462ae0d42790bba24b76146d1ba7
Message-Authenticator = 0x4037aa0d8abfe12ad773611d3fd3916d
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 148 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02050060190117030100203dea7ea4a4dfa23bb763bfe8adfbd8bb5c6207daa4eb29fd32ec28d6244ad5d51703010030ae10e31e9f14ce15b57a6f127bdc753c2ea9dbe23091ddbaa9f06f3bc4fa25520039462ae0d42790bba24b76146d1ba7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Proxying request 5 to home server 193.136.192.43 port 1812
Sending Access-Request of id 148 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02050060190117030100203dea7ea4a4dfa23bb763bfe8adfbd8bb5c6207daa4eb29fd32ec28d6244ad5d51703010030ae10e31e9f14ce15b57a6f127bdc753c2ea9dbe23091ddbaa9f06f3bc4fa25520039462ae0d42790bba24b76146d1ba7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812,
id=148, length=134
EAP-Message = 0x0106005b19011703010050d731723127c1370ee69c3184dc7247676f1cb3627cb4881774d42f6fb5af0f28b5ca26cbcb3b9a58e0b290394ceefad075de1e7e2025aa2c3cdb2b30d36162c5bd7d5578f009e266d49e5269020e02e9
Message-Authenticator = 0x75e11cf3fbd80a0794796c24c11188fe
Proxy-State = 0x35
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 5 to 10.10.32.35 port 54698
EAP-Message = 0x0106005b19011703010050d731723127c1370ee69c3184dc7247676f1cb3627cb4881774d42f6fb5af0f28b5ca26cbcb3b9a58e0b290394ceefad075de1e7e2025aa2c3cdb2b30d36162c5bd7d5578f009e266d49e5269020e02e9
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=6, length=281
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020907b15334fd3661dec0688ea2df44bb0dcc03fefa44a70ee065becbc2349fd9e1703010070d2e6757f4fdd6dee3505732a662667e041ed4a6029fa88cf9affa8b66866ee2b9cf79586306d7a69133770a26c4abd2b349b75c6a9adf88e5d80499af2d78a5f8308dcb950b18fb86ffb175e9c381fd52ff8e90293334e8e4f0cb852b61b18298e9acff16a51924a226da2e19233819f
Message-Authenticator = 0x33618019522f749b8ff3e975353293d0
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 45 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020600a019011703010020907b15334fd3661dec0688ea2df44bb0dcc03fefa44a70ee065becbc2349fd9e1703010070d2e6757f4fdd6dee3505732a662667e041ed4a6029fa88cf9affa8b66866ee2b9cf79586306d7a69133770a26c4abd2b349b75c6a9adf88e5d80499af2d78a5f8308dcb950b18fb86ffb175e9c381fd52ff8e90293334e8e4f0cb852b61b18298e9acff16a51924a226da2e19233819f
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Proxying request 6 to home server 193.136.192.44 port 1812
Sending Access-Request of id 45 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x020600a019011703010020907b15334fd3661dec0688ea2df44bb0dcc03fefa44a70ee065becbc2349fd9e1703010070d2e6757f4fdd6dee3505732a662667e041ed4a6029fa88cf9affa8b66866ee2b9cf79586306d7a69133770a26c4abd2b349b75c6a9adf88e5d80499af2d78a5f8308dcb950b18fb86ffb175e9c381fd52ff8e90293334e8e4f0cb852b61b18298e9acff16a51924a226da2e19233819f
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812,
id=45, length=150
EAP-Message = 0x0107006b19011703010060018d1315db07a0adb97a0c64829e8017c4e52aa093646643571c4ff0bd35a294d0bfaa167797f3061a1ce1e67fc96dc0f28ca007b75916e418efa49e0f48653e3686bacd759ee3e8fb4023846e891ccad879fc46d7b6259cb0f88bfb4812cbee
Message-Authenticator = 0xdcd3c949d421cfecd62311386b6b9b7e
Proxy-State = 0x36
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 6 to 10.10.32.35 port 54698
EAP-Message = 0x0107006b19011703010060018d1315db07a0adb97a0c64829e8017c4e52aa093646643571c4ff0bd35a294d0bfaa167797f3061a1ce1e67fc96dc0f28ca007b75916e418efa49e0f48653e3686bacd759ee3e8fb4023846e891ccad879fc46d7b6259cb0f88bfb4812cbee
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=7, length=201
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100204b15515d5367b3f3acd1c9a787941b8b7a247bd23b7c8d70878ce8590f61437d1703010020229ac8146f0f11eb5cefb90b3d802a09cfba190846711a56b3c360cc2a86d1c0
Message-Authenticator = 0x7178d134e3b78d8339ffff7a50baacf4
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 148 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02070050190117030100204b15515d5367b3f3acd1c9a787941b8b7a247bd23b7c8d70878ce8590f61437d1703010020229ac8146f0f11eb5cefb90b3d802a09cfba190846711a56b3c360cc2a86d1c0
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Proxying request 7 to home server 193.136.192.44 port 1812
Sending Access-Request of id 148 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02070050190117030100204b15515d5367b3f3acd1c9a787941b8b7a247bd23b7c8d70878ce8590f61437d1703010020229ac8146f0f11eb5cefb90b3d802a09cfba190846711a56b3c360cc2a86d1c0
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812,
id=148, length=86
EAP-Message = 0x0108002b190117030100207fcf05f4a42eb2fecbb6844e6173619a189dcd53bdb2be73730eb58dec1c99ab
Message-Authenticator = 0x39dbb8e3f6f0c4fdb0ce33785472a258
Proxy-State = 0x37
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Sending Access-Challenge of id 7 to 10.10.32.35 port 54698
EAP-Message = 0x0108002b190117030100207fcf05f4a42eb2fecbb6844e6173619a189dcd53bdb2be73730eb58dec1c99ab
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 10.10.32.35 port 54698,
id=8, length=201
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02080050190117030100200b201149298fee1f4b26239cb5309386ce06458aebcefa05bce85979a26f575c17030100207bb51a418ab3fa095f1a554bc4887bf7ddf7433ccd4fa94be20bf2f8b9d1937b
Message-Authenticator = 0x194258cd9632b957d30ac0435329f029
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
[preprocess] expand: %{NAS-IP-Address} -> 127.0.0.1
++[preprocess] returns ok
[auth_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] /var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/auth-detail-20120119
[auth_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[auth_log] returns ok
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[mschap] returns noop
[eap] Request is supposed to be proxied to Realm DEFAULT. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] users: Matched entry DEFAULT at line 33
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
+- entering group pre-proxy {...}
[files] preproxy_users: Matched entry DEFAULT at line 22
++[files] returns ok
[attr_filter.pre-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 50
++[attr_filter.pre-proxy] returns updated
[pre_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/pre-proxy-detail-20120119
[pre_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[pre_proxy_log] returns ok
++? if (Packet-Type != Accounting-Request)
? Evaluating (Packet-Type != Accounting-Request) -> FALSE
++? if (Packet-Type != Accounting-Request) -> FALSE
Sending Access-Request of id 123 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02080050190117030100200b201149298fee1f4b26239cb5309386ce06458aebcefa05bce85979a26f575c17030100207bb51a418ab3fa095f1a554bc4887bf7ddf7433ccd4fa94be20bf2f8b9d1937b
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Proxying request 8 to home server 193.136.192.43 port 1812
Sending Access-Request of id 123 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address := 193.136.188.36
Calling-Station-Id = "02-00-00-00-00-01"
EAP-Message = 0x02080050190117030100200b201149298fee1f4b26239cb5309386ce06458aebcefa05bce85979a26f575c17030100207bb51a418ab3fa095f1a554bc4887bf7ddf7433ccd4fa94be20bf2f8b9d1937b
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 193.136.192.43 port 1812,
id=123, length=183
EAP-Message = 0x03080004
Message-Authenticator = 0x0cecb037cea0c4ce65a51df6f54b8a9e
User-Name = "iscte(a)roam.fccn.pt"
MS-MPPE-Send-Key =
0x9f48986d9d7e83edf67644bb52eebef557ac5978ae225052f6ef4abb7c5ca887
MS-MPPE-Recv-Key =
0xdb3285e803da7a0cbc29978eebf74ba8d2e66fafb2ba794e26916ea02f288a9a
Proxy-State = 0x38
# Executing section post-proxy from file /etc/freeradius/sites-enabled/default
+- entering group post-proxy {...}
[post_proxy_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/post-proxy-detail-20120119
[post_proxy_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[post_proxy_log] returns ok
[attr_filter.post-proxy] expand: %{Realm} -> DEFAULT
attr_filter: Matched entry DEFAULT at line 103
++[attr_filter.post-proxy] returns updated
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [iscte(a)roam.fccn.pt/<no User-Password attribute>] (from
client syslog port 0 cli 02-00-00-00-00-01)
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
-> /var/log/freeradius/radacct/10.10.32.35/reply-detail-20120119
[reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.10.32.35/reply-detail-20120119
[reply_log] expand: %t -> Thu Jan 19 00:38:41 2012
++[reply_log] returns ok
[f_ticks] expand: %{reply:Packet-Type} -> Access-Accept
[f_ticks] expand: f_ticks.%{%{reply:Packet-Type}:-format} ->
f_ticks.Access-Accept
[f_ticks] expand:
F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=PT#VISINST=ISCTE#CSI=%{Calling-Station-Id}#RESULT=OK#
-> F-TICKS/eduroam/1.0#REALM=DEFAULT#VISCOUNTRY=PT#VISINST=ISCTE#CSI=02-00-00-00-00-01#RESULT=OK#
++[f_ticks] returns ok
++[exec] returns noop
Sending Access-Accept of id 8 to 10.10.32.35 port 54698
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
MS-MPPE-Send-Key =
0x9f48986d9d7e83edf67644bb52eebef557ac5978ae225052f6ef4abb7c5ca887
MS-MPPE-Recv-Key =
0xdb3285e803da7a0cbc29978eebf74ba8d2e66fafb2ba794e26916ea02f288a9a
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
Cleaning up request 0 ID 0 with timestamp +2
Cleaning up request 1 ID 1 with timestamp +2
Cleaning up request 2 ID 2 with timestamp +2
Waking up in 0.1 seconds.
Cleaning up request 3 ID 3 with timestamp +2
Cleaning up request 4 ID 4 with timestamp +3
Cleaning up request 5 ID 5 with timestamp +3
Cleaning up request 6 ID 6 with timestamp +3
Cleaning up request 7 ID 7 with timestamp +3
Cleaning up request 8 ID 8 with timestamp +3
Ready to process requests.
^C
radius2:/opt/bin/eduroam#
3
2
Hi list,
Still setting up a freeradius for eduroam -- internally it is working fine EAP, TTLS and al, however when proxying/connecting to the eduroam, everything seems ok in freeradius logs, however, eapol_test finishes with an error (WARNING: PMK mismatch -- MPPE keys OK: 0 mismatch: 1 FAILURE).
Although in this example I have a certificate expired on the other side, I also have another roaming accounting that also has the same behaviour, so it is not the cause, I think. Any hints?
I will send bellow eapol_test output and freeradius logs.
Best regards,
Rui
radius2:/opt/bin/eduroam# /opt/bin/eapol_test -c peap-mschapv2-roaming.conf -s passsssss
Reading configuration file 'peap-mschapv2-roaming.conf'
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=7):
65 64 75 72 6f 61 6d eduroam
key_mgmt: 0x1
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
anonymous_identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
password - hexdump_ascii(len=9):
72 30 61 6d 31 73 63 74 33 xxxxxxxxxxxx
phase2 - hexdump_ascii(len=16):
61 75 74 68 65 61 70 3d 4d 53 43 48 41 50 56 32 autheap=MSCHAPV2
Priority group 0
id=0 ssid='eduroam'
Authentication server 127.0.0.1:1812
RADIUS local address: 127.0.0.1:28963
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=23)
TX EAP -> RADIUS - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=144
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=25
Value: 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
Attribute 80 (Message-Authenticator) length=18
Value: 6a 6b 09 f3 d6 fe 46 19 27 3d 6c 52 8b e4 d7 d8
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 46 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=46
Attribute 79 (EAP-Message) length=8
Value: 01 01 00 06 19 21
Attribute 80 (Message-Authenticator) length=18
Value: e9 81 26 23 af d2 1d 4c 27 b9 8b 22 de 6f 4c 3e
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP)
TLS: Phase2 EAP types - hexdump(len=40): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00
TLS: using phase1 config options
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x21
EAP-PEAP: Start (server ver=1, own ver=1)
EAP-PEAP: Using PEAP version 1
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 95 bytes pending from ssl_out
SSL: 95 bytes left to be sent out (of total 95 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=101)
TX EAP -> RADIUS - hexdump(len=101): 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=222
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=103
Value: 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00
Attribute 80 (Message-Authenticator) length=18
Value: f0 b0 e8 1c 6c 14 d7 5f 5c 8f 09 b2 d1 97 11 43
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1056 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=1056
Attribute 79 (EAP-Message) length=255
Value: 01 02 03 f2 19 c1 00 00 06 7b 16 03 01 00 4a 02 00 00 46 03 01 4f 15 9d a5 99 7d 3a e2 a2 6d e1 67 75 9e 63 ff 0e b1 51 b0 1a 9a f1 54 39 b0 8d 0d e9 ca d2 a7 20 9d a9 c9 17 2f b2 10 0a 4a 20 1e 59 9a 2e 44 6f 43 1f cf d0 27 3f 48 40 55 68 72 ba b3 d6 1e d4 00 35 00 16 03 01 06 1e 0b 00 06 1a 00 06 17 00 03 3a 30 82 03 36 30 82 02 1e a0 03 02 01 02 02 01 09 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d 30 35 30 32 31 35 31 36 31 31 33 38 5a 17 0d 30 37 30 32 30 35 31 36 31 31 33 38 5a 30 81 83 31 1e 30 1c 06 03 55 04 03 13 15 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74 31 0f 30 0d 06 03 55 04 08 13 06 4c 69 73 62 6f 61
Attribute 79 (EAP-Message) length=255
Value: 31 0b 30 09 06 03 55 04 06 13 02 50 54 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 31 0d 30 0b 06 03 55 04 0a 13 04 46 43 43 4e 31 14 30 12 06 03 55 04 0b 13 0b 54 65 6c 65 6d 61 74 69 63 6f 73 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 3e 40 c6 96 ba 2d 59 73 54 f1 dc af ac 4b 6f c9 7b dd 38 cd 22 8f 08 b5 a1 f8 93 59 87 59 e5 4e 94 50 b8 c4 06 21 72 fe 5f dc 3b d1 d8 a4 fe f2 00 94 42 96 21 4c ae 25 44 d7 bc 9a 55 2f 46 8a 32 ca f7 a7 30 b0 63 df 20 2b c0 a0 ef f2 7d d8 dd 24 ec 2a 4b 21 2b a9 f7 d2 a6 01 17 0c 43 fc e3 41 ad 68 91 2b 82 7d 41 4c 5e be 05 db 1b 1f ce ad 3d 68 aa bb e4 bc fa 4a 60 a2 d8 36 e4 10 5e 87 32 df fc 77 84 e5 c0
Attribute 79 (EAP-Message) length=255
Value: 0b dc b9 58 19 11 1e 89 b8 1c da 83 e9 bd 6d 73 10 5d 24 34 ed 27 72 53 aa 68 87 24 a9 24 ed c1 3d 2a 37 17 2e d3 0f af 40 81 26 07 6d 88 9b 1a fc 72 d6 f6 eb fc 14 c1 6f fe 0b 61 80 bc 94 cd 86 c0 e8 f8 1c dc 76 2f f8 6f 88 04 fb 80 b9 b7 72 74 73 fb aa 27 4d 01 e9 99 de e3 29 81 e8 ed bb b9 b1 a6 89 03 cf 0c a6 f6 1a 2c 96 0b 0a 4a 79 bb c7 c4 1e 1d 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 c5 6c ce 4f 56 41 ec 0b 80 6b 37 6e 95 95 3b 6e 9a a0 b2 4e 18 5d 4e bd 38 8c 28 72 ab ec bc 27 c7 4d 34 5d 4e 3e be d7 25 14 64 97 e9 fd 00 e0 fb f6 d0 ec bf 05 12 17 45 2a 67 c1 4e 97 f3 00 75 7d ea f0 3a 24 d8 d8 39 88 95 8c 01 59 bd 30 27 05 c8 52 3a
Attribute 79 (EAP-Message) length=253
Value: 0a 97 b9 21 4b a6 3b fb 06 f7 92 98 98 56 fe 53 ec 6f b9 97 93 b3 5e 8d fc 75 98 47 77 a6 78 53 77 58 dd 5c 52 7a 9d ae 2c 77 33 9c cb 61 a7 1c 3a 22 ac 54 03 1a 36 99 1b b5 82 83 27 69 a4 a9 65 6a f1 8a 04 f4 10 53 e0 e5 9f 91 0d bc 70 82 61 d7 49 e3 cc cc ef 86 1d 6b 44 53 6e 90 16 d7 8b 22 47 2e 7d 53 b3 0e 1f 24 01 0f ce 86 4e 12 6a b4 fb 54 53 b5 99 1a a9 d6 77 dc 66 d8 04 c0 da 9a 12 27 5d 38 eb c4 d7 ac 2c 86 93 a9 12 e4 9d 13 4f 01 73 1b 16 ec 39 f5 3b ff d2 c0 78 4e 44 3b 59 f9 dd 71 8e d1 3b f2 50 00 02 d7 30 82 02 d3 30 82 01 bb a0 03 02 01 02 02 09 00 cf 11 a4 0b 54 c2 30 de 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d
Attribute 80 (Message-Authenticator) length=18
Value: dc 80 67 84 43 16 0e b0 a4 ae e3 24 a7 dc 77 3c
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=2 len=1010) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1010) - Flags 0xc1
SSL: TLS Message Length: 1659
SSL: Need 659 bytes more input data
SSL: Building ACK (type=25 id=2 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 02 00 06 19 01
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=127
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02 02 00 06 19 01
Attribute 80 (Message-Authenticator) length=18
Value: 6b 8c 7e b6 90 e5 56 8f fb 63 df c3 5a 6b 75 8e
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 709 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=709
Attribute 79 (EAP-Message) length=255
Value: 01 03 02 99 19 01 30 35 30 32 31 35 31 34 34 35 31 39 5a 17 0d 30 36 30 32 31 35 31 34 34 35 31 39 5a 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ce 05 f6 73 da ef 56 db 29 f8 b2 71 5f 3d 95 05 f0 db 08 d7 da d1 5b f7 c1 2e 34 96 e2 ce 99 91 54 18 3e 50 62 ef 8a fe 1c f2 44 97 e2 32 81 ad 74 ed 31 d7 b4 5c 33 3c 21 2a c8 54 e2 49 03 8b 25 f9 39 81 cb f8 24 37 e7 90 a9 ef 7d 51 0b c5 a9 10 1f 50 50 d1 bd 32 d4 03 b9 0e 4f 93 0b ad 3f 3c e7 bc c3 7b 30 21 b3 bc 34 ec 80 c1 09 fb e5 dd 2f 07 dc fe f8 38 3c aa 36 9b 77 7b 64 4f 29 b7 f2 09 31 6b c8 19 60 db 25 dd 19 ce 05 25 87 85 bd d4 07 56 cb 05
Attribute 79 (EAP-Message) length=255
Value: db ba f4 08 97 fa 98 fe d6 86 8c 40 78 f3 49 48 d7 c3 97 24 95 11 e2 dd af 1f 0c b0 3f 13 e8 51 1d a7 42 fb 46 16 ac 9f ad 9b 9e 61 3b 05 e2 50 9c fd a2 12 b4 96 43 c9 93 c0 5f c1 db e5 b5 23 d0 b4 b3 3b a3 de b6 00 d0 f8 f6 cb cf 32 e4 12 63 b8 17 07 d9 2e 5e 80 71 cd 18 59 f2 7c 09 4d 67 eb be 6e 3c 07 9f 75 02 03 01 00 01 a3 10 30 0e 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 11 3b 6f b8 cb 0a 39 42 78 f3 5a 5d 11 8c b9 87 70 78 00 08 0a 36 33 a4 d0 65 8d 86 f0 00 e4 6a 7e aa d5 13 6a fe cb 91 0f 5d 65 17 fe 36 87 8c 5f 81 24 8f 38 85 61 db 0f 02 7e b2 1c 26 03 7b af 28 41 2a 08 85 ff fc 8e d6 4d 92 7b 9d f2 6a c3 9f 00 02 bb 06 73 35 63 10 61 47 5f 64 2e 66 a3 36 6a f1 4c a9 55 97 37 c0
Attribute 79 (EAP-Message) length=161
Value: a2 74 62 41 2c a6 e6 06 74 a1 b0 c4 c8 d0 d4 78 a3 b4 55 26 84 97 46 93 fb ad 38 70 bf ef 25 9a d1 ab 68 3d 6d 50 fa 35 4e 14 02 5b b3 81 e2 2f a7 26 49 dc 33 fa 76 dc 12 52 6e 46 9e fe 39 df 0c 24 ae f5 96 a8 46 4b 3e 5a b1 47 67 44 b5 fb eb 6c 42 7d 66 3f 8e b1 bc 10 49 9b 1d b4 28 b7 7c 59 0a 00 a1 e9 f0 85 c5 a7 db 25 f6 52 1e 8c 93 93 9b 25 f7 d8 ff 90 02 4e 93 fd c0 4a 56 54 83 76 3e 78 60 b3 59 56 a6 81 08 75 c4 51 b3 6d cb 40 e5 c0 1c 5a 16 03 01 00 04 0e 00 00 00
Attribute 80 (Message-Authenticator) length=18
Value: b7 46 fb 5b cb 21 63 7d d7 f0 c0 55 4d e5 8f 1d
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=3 len=665) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=665) - Flags 0x01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=19 (self signed certificate in certificate chain) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes(a)fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes(a)fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes(a)fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes(a)fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes(a)fccn.pt'
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes(a)fccn.pt'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes(a)fccn.pt/O=FCCN/OU=Telematicos'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes(a)fccn.pt/O=FCCN/OU=Telematicos'
TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes(a)fccn.pt/O=FCCN/OU=Telematicos'
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes(a)fccn.pt/O=FCCN/OU=Telematicos'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 326 bytes pending from ssl_out
SSL: 326 bytes left to be sent out (of total 326 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=332)
TX EAP -> RADIUS - hexdump(len=332): 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=455
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=255
Value: 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be
Attribute 79 (EAP-Message) length=81
Value: 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e
Attribute 80 (Message-Authenticator) length=18
Value: b9 1f da af 64 06 b0 73 3b 7f 91 e9 48 3e e6 57
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 109 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=109
Attribute 79 (EAP-Message) length=71
Value: 01 04 00 45 19 81 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 e2 76 e3 ef cd bf 27 37 9f ac dd a9 33 78 d6 b5 8b 06 72 00 7a 0e ff dc e0 79 0f 2f 37 ac 3d d9 a8 10 e3 4b 17 93 2a 35 28 a4 37 c3 3f da 12 c5
Attribute 80 (Message-Authenticator) length=18
Value: d4 c1 65 3a f0 b2 e1 80 ce bb f0 8d 86 ff 54 17
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.16 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=4 len=69) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x81
SSL: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No Application Data included
SSL: No data to be sent out
EAP-PEAP: TLS done, proceed to Phase 2
EAP-PEAP: using label 'client EAP encryption' in key derivation
EAP-PEAP: Derived key - hexdump(len=64): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78 5a 3c 4b 88 19 71 fe c1 7e c4 a5 04 5c c0 25 36 fe a7 ca a2 b6 33 97 eb e8 f7 e5 f7 04 9a 1e 9f
SSL: Building ACK (type=25 id=4 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 01
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=127
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=8
Value: 02 04 00 06 19 01
Attribute 80 (Message-Authenticator) length=18
Value: b9 a8 9d dd 12 bd ae f0 a7 70 5a 26 e2 64 9d c4
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 83 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=83
Attribute 79 (EAP-Message) length=45
Value: 01 05 00 2b 19 01 17 03 01 00 20 d2 ab 6c 49 63 f5 00 3a bf bf d7 fe 09 fb 32 f9 45 5f ef 30 c3 69 aa 7c 25 93 6f bf d3 bd 09 3a
Attribute 80 (Message-Authenticator) length=18
Value: 66 d1 f4 59 59 7d 90 59 67 c6 df 28 8b cc 82 ef
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=5 len=43) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x01
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 00 00 05 01
EAP-PEAP: received Phase 2: code=1 identifier=0 length=5
EAP-PEAP: Phase 2 Request: type=1
EAP: using real identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
SSL: 90 bytes left to be sent out (of total 90 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=96)
TX EAP -> RADIUS - hexdump(len=96): 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=217
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=98
Value: 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81
Attribute 80 (Message-Authenticator) length=18
Value: 11 4a 60 a4 56 bc 8f 75 e7 c3 23 88 57 ba ea d7
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 131 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=131
Attribute 79 (EAP-Message) length=93
Value: 01 06 00 5b 19 01 17 03 01 00 50 b8 e4 19 3b 90 e3 a5 c7 32 0f a8 d4 15 dd 4d 7b 47 a3 84 0a cf 4a d7 02 45 5d c9 48 18 6e ff 4d 1c 58 ce 6a ce 9d bb a2 7c de 87 20 99 2c c8 68 e7 e7 31 d0 98 92 47 d9 a8 8a 88 e6 5f 59 1d 5e 2c a5 e5 ae 0c 61 47 e6 ee bf aa e8 dd bd d3 49
Attribute 80 (Message-Authenticator) length=18
Value: 38 d0 0a 86 1a 73 ed 22 31 4a 56 f0 d9 02 93 3b
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=6 len=91) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=91) - Flags 0x01
EAP-PEAP: received 85 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 01 01 00 2f 1a 01 01 00 2a 10 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74
EAP-PEAP: received Phase 2: code=1 identifier=1 length=47
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26
EAP-MSCHAPV2: RX identifier 1 mschapv2_id 1
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=21):
72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 rad-cv-testes.fc
63 6e 2e 70 74 cn.pt
EAP-MSCHAPV2: Generating Challenge Response
MSCHAPV2: Identity - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
MSCHAPV2: Username - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
MSCHAPV2: auth_challenge - hexdump(len=16): 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb
MSCHAPV2: peer_challenge - hexdump(len=16): 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c
MSCHAPV2: username - hexdump_ascii(len=18):
69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte(a)roam.fccn.
70 74 pt
MSCHAPV2: password - hexdump_ascii(len=9):
72 30 61 6d 31 73 63 74 33 xxxxxxxx
MSCHAPV2: NT Response - hexdump(len=24): cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16
MSCHAPV2: Auth Response - hexdump(len=20): d9 ff 32 e7 61 1a f9 d4 0b ed a5 60 ed b2 ac 43 9c 58 4f 94
MSCHAPV2: Master Key - hexdump(len=16): ab b4 d5 57 32 57 f2 f2 42 b0 1a 13 20 27 fc e8
EAP-MSCHAPV2: TX identifier 1 mschapv2_id 1 (response)
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=77): 02 01 00 4d 1a 02 01 00 48 31 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c 00 00 00 00 00 00 00 00 cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16 00 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74
SSL: 154 bytes left to be sent out (of total 154 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=160)
TX EAP -> RADIUS - hexdump(len=160): 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=281
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=162
Value: 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28
Attribute 80 (Message-Authenticator) length=18
Value: 86 77 d9 31 f7 ec dd 73 aa 83 1e 2e d1 6c 70 27
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 147 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=147
Attribute 79 (EAP-Message) length=109
Value: 01 07 00 6b 19 01 17 03 01 00 60 ae fd e3 9e 5c dd 3b 31 86 ec 76 d8 ea a8 d0 e5 f7 9a f7 6e 58 61 20 48 60 a5 bf 5b ef bd ca b2 e7 de 66 31 49 3a 3a d1 ee e9 ab 01 67 72 5c 0d 03 cf 59 c1 ed 8f 69 21 63 00 c7 19 60 b7 4b 64 2f fd 89 61 81 5f 57 8e b9 fa 59 41 ff 7c 09 01 c4 51 11 62 dd 81 5e f3 57 d1 c3 b3 05 a9 09 be
Attribute 80 (Message-Authenticator) length=18
Value: 21 f5 36 e6 26 05 7c 36 4a 58 96 ad 96 bd 9e 12
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.08 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=7 len=107) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=107) - Flags 0x01
EAP-PEAP: received 101 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=61): 01 02 00 3d 1a 03 01 00 38 53 3d 44 39 46 46 33 32 45 37 36 31 31 41 46 39 44 34 30 42 45 44 41 35 36 30 45 44 42 32 41 43 34 33 39 43 35 38 34 46 39 34 20 4d 3d 73 75 63 63 65 73 73
EAP-PEAP: received Phase 2: code=1 identifier=2 length=61
EAP-PEAP: Phase 2 Request: type=26
EAP-MSCHAPV2: RX identifier 2 mschapv2_id 1
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump_ascii(len=9):
4d 3d 73 75 63 63 65 73 73 M=success
EAP-MSCHAPV2: Authentication succeeded
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 02 00 06 1a 03
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=80)
TX EAP -> RADIUS - hexdump(len=80): 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=201
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=82
Value: 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38
Attribute 80 (Message-Authenticator) length=18
Value: ec 20 4b 31 88 04 44 92 f6 14 da f8 2e 49 7c 8e
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 83 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=83
Attribute 79 (EAP-Message) length=45
Value: 01 08 00 2b 19 01 17 03 01 00 20 f4 80 cb 7c 9b 7b 52 c1 c8 1d b2 ce fd cc 8b b7 37 ad a5 86 04 db b5 ad ed f2 3a 93 fe 48 7b 11
Attribute 80 (Message-Authenticator) length=18
Value: 30 50 52 80 65 07 9c 63 55 6e ea 2d 85 8f 05 8e
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=8 len=43) from RADIUS server: EAP-Request-PEAP (25)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=43) - Flags 0x01
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 08 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=8 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-TLV: Result TLV - hexdump(len=2): 00 01
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 08 00 0b 21 80 03 00 02 00 01
SSL: 74 bytes left to be sent out (of total 74 bytes)
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=80)
TX EAP -> RADIUS - hexdump(len=80): 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7
Encapsulating EAP message into a RADIUS packet
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=201
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 31 (Calling-Station-Id) length=19
Value: '02-00-00-00-00-01'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 79 (EAP-Message) length=82
Value: 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7
Attribute 80 (Message-Authenticator) length=18
Value: 2f db bf 8d 3f 07 fd 8a 21 e6 a5 10 25 31 af 43
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 180 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=8 length=180
Attribute 79 (EAP-Message) length=6
Value: 03 08 00 04
Attribute 80 (Message-Authenticator) length=18
Value: 24 b5 20 6c e8 0f e1 3f 56 82 bb ce 26 f2 54 d2
Attribute 1 (User-Name) length=20
Value: 'iscte(a)roam.fccn.pt'
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 10 34 80 75 a6 7d 39 0e 6d eb 0d dd c6 f8 d6 37 d3 27 95 f6 21 d9 1c 5a 28 94 a9 70 d0 48 b2 08 9a 6a 69 79 63 7c 0f 6b 11 9a 07 39 78 ab a0 c8 08 82 4a fc
Attribute 26 (Vendor-Specific) length=58
Value: 00 00 01 37 11 34 8d 18 62 8a 92 c9 d6 f9 31 5c 70 1e 82 24 ee e0 a3 b4 ea 12 aa c5 98 08 43 23 b1 95 f7 8e f6 2c 9b 50 7c f8 02 76 c3 84 98 4b 7d 4b 46 37 2f 3f a7 d6
STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.05 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): fe 03 b8 a7 4c c7 a2 64 85 b4 ef 6d d8 ef d9 58 b3 eb 6c f6 0f 2c c7 25 38 0e c3 24 8b 72 0a ef
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48
decapsulated EAP packet (code=3 id=8 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: success=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78
WARNING: PMK mismatch
PMK from AS - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48
EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
FREERADIUS -X LOGS
…………………………….
radius2:~# freeradius -X
FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/detail.log
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/mac2ip
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/ippool
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/f_ticks
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/attr_filter
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/smbpasswd
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/krb5
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/cui
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/echo
including configuration file /etc/freeradius/modules/etc_group
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/digest
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/status
including configuration file /etc/freeradius/sites-enabled/default
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
main {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 256000
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
security {
max_attributes = 200
reject_delay = 0
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 1
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
realm iscte.pt {
authhost = LOCAL
accthost = LOCAL
}
realm teste.iscte.pt {
authhost = LOCAL
accthost = LOCAL
}
realm ~.*\.iscte\.intranet {
}
realm ~.*\.iul\.intra {
}
realm ~.*\.iscte\.pt {
}
realm NULL {
}
realm DEFAULT {
nostrip
ldflag = round_robin
authhost = 193.136.192.43:1812
accthost = 193.136.192.43:1813
secret = testeradiusfccn2
}
realm DEFAULT {
ldflag = round_robin
authhost = 193.136.192.44:1812
accthost = 193.136.192.44:1813
secret = testeradiusfccn2
} # realm DEFAULT
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxxx"
nastype = "other"
}
client 193.136.188.36 {
ipaddr = 193.136.188.36
netmask = 32
require_message_authenticator = no
secret = "xxxxxxxx"
nastype = "other"
}
client 10.10.66.18/32 {
ipaddr = 10.10.66.18
netmask = 32
require_message_authenticator = no
secret = "wdsiscte"
shortname = "nut"
nastype = "other"
}
client 10.10.65.0/24 {
require_message_authenticator = no
secret = "xxxxxxxx"
shortname = "rede1_aps"
nastype = "cisco"
}
client 10.10.66.0/24 {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "rede2_aps"
nastype = "cisco"
}
client 10.10.32.35/32 {
require_message_authenticator = no
secret = "xxxxxxxxxxx"
shortname = "syslog"
nastype = "other"
}
client 193.136.192.43 {
require_message_authenticator = no
secret = "xxxxxxxxx"
shortname = "proxyNacional1"
}
client 193.136.192.44 {
require_message_authenticator = no
secret = "xxxxxxxxxx"
shortname = "proxyNacional2"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/freeradius/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/freeradius/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server status { # from file /etc/freeradius/sites-enabled/status
modules {
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/freeradius/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
} # modules
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/freeradius/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/freeradius/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap
mschap {
use_mppe = yes
require_encryption = yes
require_strong = yes
with_ntdomain_hack = yes
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --domain=IUL --nt-response=%{mschap:NT-Response:-00}"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "mschap"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.key"
certificate_file = "/etc/freeradius/certs/server.pem"
CA_file = "/etc/freeradius/certs/ca.pem"
private_key_password = "xxxxxxxxxx"
dh_file = "/etc/freeradius/certs/dh"
random_file = "/dev/urandom"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = no
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/freeradius/modules/files
files {
usersfile = "/etc/freeradius/users"
acctusersfile = "/etc/freeradius/acct_users"
preproxy_usersfile = "/etc/freeradius/preproxy_users"
compat = "no"
}
[/etc/freeradius/users]:6 WARNING! Check item "Stripped-User-Name" found in reply item list for user "DEFAULT". This attribute MUST go on the first line with the other check items
[/etc/freeradius/users]:35 WARNING! Changing 'Reply-Message =' to 'Reply-Message ==' for comparing RADIUS attribute in check item list for user DEFAULT
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking pre-proxy {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "reply_log" from file /etc/freeradius/modules/detail.log
detail reply_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap
ldap {
server = "10.10.32.14"
port = 389
password = "xxxxxxxx"
identity = "CN=xxxxxxxx,CN=Users,DC=xxxxx,DC=xxxxx"
net_timeout = 10
timeout = 4
timelimit = 3
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
require_cert = "allow"
}
basedn = "cn=Users,dc=wiscte,dc=wfarm"
filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr_used_for_allow = yes
rebind = yes
groupname_attribute = "sAMAccountName"
groupmembership_filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})"
groupmembership_attribute = "memberOf"
dictionary_mapping = "/etc/freeradius/ldap.attrmap"
ldap_debug = 0
ldap_connections_number = 5
compare_check_items = no
do_xlat = yes
edir_account_policy_check = no
set_auth_type = no
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
conns: 0x8f50208
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/freeradius/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /etc/freeradius/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess
preprocess {
huntgroups = "/etc/freeradius/huntgroups"
hints = "/etc/freeradius/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log
detail auth_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking preacct {...} for more modules to load
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file /etc/freeradius/modules/detail
detail {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_counter
Module: Instantiating module "daily" from file /etc/freeradius/modules/counter
counter daily {
filename = "/etc/freeradius/db.daily"
key = "User-Name"
reset = "daily"
count-attribute = "Acct-Session-Time"
counter-name = "Daily-Session-Time"
check-name = "Max-Daily-Session"
reply-name = "Session-Timeout"
allowed-servicetype = "Framed-User"
cache-size = 5000
}
rlm_counter: Counter attribute Daily-Session-Time is number 11276
rlm_counter: Current Time: 1326816675 [2012-01-17 16:11:15], Next reset 1326844800 [2012-01-18 00:00:00]
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/freeradius/modules/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Module: Instantiating module "sradutmp" from file /etc/freeradius/modules/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 420
callerid = no
}
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/freeradius/attrs.accounting_response"
key = "%{User-Name}"
}
Module: Checking session {...} for more modules to load
Module: Checking pre-proxy {...} for more modules to load
Module: Instantiating module "pre_proxy_log" from file /etc/freeradius/modules/detail.log
detail pre_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.pre-proxy {
attrsfile = "/etc/freeradius/attrs.pre-proxy"
key = "%{Realm}"
}
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "post_proxy_log" from file /etc/freeradius/modules/detail.log
detail post_proxy_log {
detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/modules/attr_filter
attr_filter attr_filter.post-proxy {
attrsfile = "/etc/freeradius/attrs"
key = "%{Realm}"
}
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_linelog
Module: Instantiating module "f_ticks" from file /etc/freeradius/modules/f_ticks
linelog f_ticks {
filename = "syslog"
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
}
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "acct"
ipaddr = 193.136.188.36
port = 0
}
listen {
type = "status"
ipaddr = *
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "xxxxxxxxxx"
}
client admin2 {
ipaddr = 193.136.188.36
require_message_authenticator = no
secret = "xxxxxxxxx"
}
client syslog {
ipaddr = 10.10.32.35
require_message_authenticator = no
secret = "xxxxxxxxx"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 1812
}
listen {
type = "acct"
ipaddr = 127.0.0.1
port = 1813
}
Listening on authentication address 193.136.188.36 port 1812
Listening on accounting interface eth0 address 193.136.188.36 port 1813
Listening on status address * port 18120 as server status
Listening on authentication address 127.0.0.1 port 1812 as server inner-tunnel
Listening on accounting address 127.0.0.1 port 1813 as server inner-tunnel
Listening on proxy address 193.136.188.36 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=0, length=144
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x6a6b09f3d6fe4619273d6c528be4d7d8
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 102 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Proxying request 0 to home server 193.136.192.44 port 1812
Sending Access-Request of id 102 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=102, length=49
EAP-Message = 0x010100061921
Message-Authenticator = 0x9d3192b332a0c590e6d83c3b4e3380bf
Proxy-State = 0x30
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 0 to 127.0.0.1 port 28963
EAP-Message = 0x010100061921
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=1, length=222
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0xf0b0e81c6c14d75f5c8f09b2d1971143
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 88 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Proxying request 1 to home server 193.136.192.44 port 1812
Sending Access-Request of id 88 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x31
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=88, length=1059
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0xeae477a143ccf9b691e2096ea5103711
Proxy-State = 0x31
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 1 to 127.0.0.1 port 28963
EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61
EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0
EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a
EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=2, length=127
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x6b8c7eb690e5568ffb63dfc35a6b758e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 52 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Proxying request 2 to home server 193.136.192.43 port 1812
Sending Access-Request of id 52 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020200061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x32
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=52, length=712
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0xd1399986b0591af190302a3c02203cab
Proxy-State = 0x32
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 2 to 127.0.0.1 port 28963
EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05
EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0
EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 2.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=3, length=455
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0xb91fdaaf6406b0733b7f91e9483ee657
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 153 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Proxying request 3 to home server 193.136.192.44 port 1812
Sending Access-Request of id 153 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be
EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x33
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=153, length=112
EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5
Message-Authenticator = 0x37c8aa8ca78cbde6982e905ea1ba80d0
Proxy-State = 0x33
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 3 to 127.0.0.1 port 28963
EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 3.
Going to the next request
Waking up in 4.7 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=4, length=127
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0xb9a89ddd12bdaef0a7705a26e2649dc4
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 43 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Proxying request 4 to home server 193.136.192.43 port 1812
Sending Access-Request of id 43 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020400061901
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x34
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=43, length=86
EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a
Message-Authenticator = 0x410568e4497fe7939e091ac47ed1ed0e
Proxy-State = 0x34
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 4 to 127.0.0.1 port 28963
EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 4.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=5, length=217
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x114a60a456bc8f75e7c3238857baead7
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 56 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Proxying request 5 to home server 193.136.192.43 port 1812
Sending Access-Request of id 56 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x35
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=56, length=134
EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349
Message-Authenticator = 0x68749e4c5e76f8af20c589c4cd89f1e3
Proxy-State = 0x35
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 5 to 127.0.0.1 port 28963
EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 5.
Going to the next request
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=6, length=281
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x8677d931f7ecdd73aa831e2ed16c7027
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 9 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Proxying request 6 to home server 193.136.192.43 port 1812
Sending Access-Request of id 9 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x36
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=9, length=150
EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be
Message-Authenticator = 0x60351fa43a0b55f031e4eafd0c37dc69
Proxy-State = 0x36
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 6 to 127.0.0.1 port 28963
EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 6.
Going to the next request
Waking up in 4.5 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=7, length=201
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0xec204b3188044492f614daf82e497c8e
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 79 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Proxying request 7 to home server 193.136.192.44 port 1812
Sending Access-Request of id 79 to 193.136.192.44 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x37
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=79, length=86
EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11
Message-Authenticator = 0x9af5db8ede876b1959f0d34034ab8531
Proxy-State = 0x37
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
} # server inner-tunnel
Sending Access-Challenge of id 7 to 127.0.0.1 port 28963
EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11
Message-Authenticator = 0x00000000000000000000000000000000
Finished request 7.
Going to the next request
Waking up in 4.4 seconds.
rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=8, length=201
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x2fdbbf8d3f07fd8a21e6a5102531af43
server inner-tunnel {
# Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte(a)roam.fccn.pt"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user iscte to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] returns updated
++[control] returns updated
[eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP.
++[eap] returns noop
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
[files] expand: %{Realm} -> DEFAULT
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
} # server inner-tunnel
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group pre-proxy {...}
++[files] returns noop
Sending Access-Request of id 172 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Proxying request 8 to home server 193.136.192.43 port 1812
Sending Access-Request of id 172 to 193.136.192.43 port 1812
User-Name = "iscte(a)roam.fccn.pt"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7
Message-Authenticator = 0x00000000000000000000000000000000
Proxy-State = 0x38
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 193.136.192.43 port 1812, id=172, length=183
EAP-Message = 0x03080004
Message-Authenticator = 0x6edc227038f16b2d8a8ca2bd26310465
User-Name = "iscte(a)roam.fccn.pt"
MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef
MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48
Proxy-State = 0x38
# Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-proxy {...}
[eap] No pre-existing handler found
++[eap] returns noop
server inner-tunnel {
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [iscte(a)roam.fccn.pt/<no User-Password attribute>] (from client localhost port 0 cli 02-00-00-00-00-01)
# Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[reply_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117
[reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117
[reply_log] expand: %t -> Tue Jan 17 16:11:17 2012
++[reply_log] returns ok
++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) )
?? Evaluating (Realm == "iscte.pt" ) -> FALSE
?? Evaluating (Realm == "teste.iscte.pt" ) -> FALSE
++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) ) -> FALSE
} # server inner-tunnel
Sending Access-Accept of id 8 to 127.0.0.1 port 28963
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "iscte(a)roam.fccn.pt"
MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef
MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48
Finished request 8.
Going to the next request
Waking up in 4.4 seconds.
^C
radius2:~#
2
1
Hello!
Could someone please kindly help me with a Freeradius & VPN issue? Any help would be very appreciated!
I'm a non native speaker, so please accept my apologies if I'm not totally clear with my language. It's an issue with a net equipment that implements VPN connections and an the authentication server (implemented with Freeradius).
We work with several software providers who connect with our Intranet through the VPN, in order to make their web applications maintenance tasks. The clients are connected without problems for a long period of time during the night. But eventually the Freeradius (or vpn appliance, we don't know for certain) suddently disconnect the clients from the VPN during the next day in the morning (when our partners are working). Actually several times (maybe 6 times).
They should login again (via automated pppd script and a watchdog). This watchdog also tries to keep open the VPN and if it's not open, it tries to reconnect the VPN again (like a heartbeat).
The error we've seen in the log (we've used radmin and raddebug tools) is:
"Acct-Terminate-Cause = 0"
But in the Radius Accounting RFC (http://freeradius.org/rfc/rfc2866.html) this value is not permitted (possible values are 1-18).
This is a piece of log, where you can see when a client disconnect from the vpn:
Mon Jan 16 09:19:54 2012
Acct-Session-Id = "<sess_id_num>"
Tunnel-Server-Endpoint:0 = "<IP_1>"
Tunnel-Client-Endpoint:0 = "<IP_2>"
Tunnel-Assignment-Id:0 = "PPTP"
Framed-Protocol = PPP
Framed-IP-Address = <IP_3>
User-Name = "<usr_name>"
Acct-Authentic = RADIUS
Acct-Terminate-Cause = 0
Acct-Session-Time = 125159
Acct-Input-Octets = 1312452
Acct-Output-Octets = 2391455
Acct-Input-Packets = 19372
Acct-Output-Packets = 25170
Acct-Status-Type = Stop
NAS-Port-Type = Virtual
NAS-Port = 323
Service-Type = Framed-User
NAS-IP-Address = <IP_4>
Acct-Delay-Time = 0
Huntgroup-Name = "PPTP"
Acct-Unique-Session-Id = "<acct_sess_id>"
Stripped-User-Name = "<usr_name>"
Realm = "NULL"
Timestamp = 1326701994
Request-Authenticator = Verified
<sess_id_num>, <acct_sess_id>, <IP_x> and <usr_name> aren't real values (they're masked for privacy) although I think the error isn't related to them.
Thank you very much in advance!!
Guillermo.
---
Guillermo Bayon del Oso
<guillermo_bayon(a)yahoo.com>
2
1
Hi.
I'm having a hard time migrating FR from one server to another. It worked
perfectly on the former and I was able to make an EAP-PEAP-MSCHAPV2 auth
from both Linux and Windows.
Now I'm stuck with this known error:
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xcb306879cb32715a did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
while trying to authenticate from Windows *and Linux*. I can't find the
problem, since the configuration is almost identical to the working one.
I would appreciate any indication about the issue.
Thank you in advance.
freeradius -XC > http://pastebin.com/p6FKumjm
--
Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 - 94 413 90 00 Ext 2684
Fax: +34 - 94 413 91 01
8
25