Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
June 2012
- 102 participants
- 130 discussions
Hi (sorry I resend the email because in my earlier one the subject was
missing by mistake)
I'm trying to get working huntgroups but I can't do it:
I've appended something like to huntgroups file
mb NAS-IP-Address == 10.129.189.1
mb NAS-IP-Address == 10.129.84.1
mb Called-Station-Id == 00-1B-7E-DC-AB-1A:UP-PVIII-I
And in users files:
pruebita Huntgroup-Name == "mb",Cleartext-Password := "pruebon"
But is not working user pruebita does not get an Access-Accept
Please could you help me to solve it?
Below the debug messages (I've trunked a bit for mail can be sent)
FreeRADIUS Version 2.1.12, for host x86_64-unknown-linux-gnu, built on
Jan 3 2012 at 16:18:16
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb-testing/radiusd.conf
including configuration file /etc/raddb-testing/proxy.conf
including configuration file /etc/raddb-testing/clients.conf
including files in directory /etc/raddb-testing/modules/
including configuration file /etc/raddb-testing/modules/chap
including configuration file /etc/raddb-testing/modules/mschap
including configuration file
/etc/raddb-testing/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb-testing/modules/exec
including configuration file /etc/raddb-testing/modules/realm
including configuration file /etc/raddb-testing/modules/checkval
including configuration file /etc/raddb-testing/modules/rediswho
including configuration file /etc/raddb-testing/modules/passwd
including configuration file /etc/raddb-testing/modules/attr_filter
including configuration file /etc/raddb-testing/modules/linelog
including configuration file /etc/raddb-testing/modules/wimax
including configuration file /etc/raddb-testing/modules/pam
including configuration file /etc/raddb-testing/modules/inner-eap
including configuration file /etc/raddb-testing/modules/echo
including configuration file /etc/raddb-testing/modules/soh
including configuration file /etc/raddb-testing/modules/replicate
including configuration file /etc/raddb-testing/modules/acct_unique
including configuration file /etc/raddb-testing/modules/etc_group
including configuration file /etc/raddb-testing/modules/pap
including configuration file /etc/raddb-testing/modules/expr
including configuration file /etc/raddb-testing/modules/smbpasswd
including configuration file /etc/raddb-testing/modules/attr_rewrite
including configuration file /etc/raddb-testing/modules/radutmp
including configuration file /etc/raddb-testing/modules/mac2ip
including configuration file /etc/raddb-testing/modules/logintime
including configuration file /etc/raddb-testing/modules/sql_log
including configuration file /etc/raddb-testing/modules/smsotp
including configuration file /etc/raddb-testing/modules/preprocess
including configuration file /etc/raddb-testing/modules/policy
including configuration file /etc/raddb-testing/modules/cui
including configuration file /etc/raddb-testing/modules/perl
including configuration file /etc/raddb-testing/modules/digest
including configuration file /etc/raddb-testing/modules/mac2vlan
including configuration file /etc/raddb-testing/modules/otp
including configuration file /etc/raddb-testing/modules/files
including configuration file /etc/raddb-testing/modules/always
including configuration file /etc/raddb-testing/modules/ntlm_auth
including configuration file /etc/raddb-testing/modules/detail
including configuration file /etc/raddb-testing/modules/krb5
including configuration file /etc/raddb-testing/modules/sradutmp
including configuration file /etc/raddb-testing/modules/opendirectory
including configuration file /etc/raddb-testing/modules/counter
including configuration file /etc/raddb-testing/modules/detail.example.com
including configuration file /etc/raddb-testing/modules/ippool
including configuration file /etc/raddb-testing/modules/expiration
including configuration file /etc/raddb-testing/modules/dynamic_clients
including configuration file /etc/raddb-testing/modules/detail.log
including configuration file /etc/raddb-testing/modules/redis
including configuration file /etc/raddb-testing/modules/ldap
including configuration file /etc/raddb-testing/modules/unix
including configuration file /etc/raddb-testing/eap.conf
including configuration file /etc/raddb-testing/policy.conf
including files in directory /etc/raddb-testing/sites-enabled/
including configuration file /etc/raddb-testing/sites-enabled/status
including configuration file /etc/raddb-testing/sites-enabled/control-socket
including configuration file /etc/raddb-testing/sites-enabled/inner-tunnel
including configuration file /etc/raddb-testing/sites-enabled/default
including configuration file /etc/raddb-testing/sites-enabled/inner-tunnel-peap
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb-testing/dictionary
main {
name = "radiusd"
prefix = "/usr/local-test"
localstatedir = "/usr/local-test/var"
sbindir = "/usr/local-test/sbin"
logdir = "/usr/local-test/var/log/radius"
run_dir = "/usr/local-test/var/run/radiusd"
libdir = "/usr/local-test/lib"
radacctdir = "/usr/local-test/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/usr/local-test/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local-test/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = yes
auth = yes
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client spectrum {
require_message_authenticator = no
secret = "testing123"
shortname = "spectrum.sarlanga.edu"
}
client 10.129.100.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-PB"
}
client 10.129.10.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-SS"
}
client 10.129.11.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-1"
}
client 10.129.111.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-1"
}
client 10.129.12.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-2"
}
client 10.129.13.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-3"
}
client 10.129.14.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-4"
}
client 10.129.199.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "PIVOT-LINKSYS"
}
client 10.129.200.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "PIVOT-TPLINK"
}
client 10.129.254.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "Transitional"
}
client 10.129.15.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-5"
}
client 10.129.16.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-6"
}
client 10.129.17.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-3-winnie"
shortname = "AP-PI-7"
}
client 10.129.60.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Sociales-0"
}
client 10.129.61.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Sociales-I"
}
client 10.129.158.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-SS"
}
client 10.129.80.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-PB"
}
client 10.129.180.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-PB-SUM"
}
client 10.128.255.81 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I"
}
client 10.129.81.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I"
}
client 10.128.255.82 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-II"
}
client 10.129.82.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-II"
}
client 10.128.250.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-Bridge"
}
client 10.128.255.172 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I_bis_test"
}
client 10.128.255.83 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-III"
}
client 10.129.83.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-III"
}
client 10.129.183.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-III"
}
client 10.129.84.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-IV"
}
client 10.129.184.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-IV-Bis"
}
client 10.129.194.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-IV-Bis-2"
}
client 10.128.255.181 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I_bis"
}
client 10.129.181.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I_bis"
}
client 10.129.162.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-I_bis_2"
}
client 10.128.255.86 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VI"
}
client 10.129.86.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VI"
}
client 10.128.255.87 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VII"
}
client 10.129.87.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VII"
}
client 10.129.187.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VII-Derecho"
}
client 10.129.99.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-Pivot"
}
client 10.129.52.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PV-PB"
}
client 10.128.255.85 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-V"
}
client 10.129.85.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-V"
}
client 10.129.189.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-IX-HD"
}
client 10.129.88.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-VIII"
}
client 10.129.89.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "oficina-test"
}
client 10.129.160.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Sociales-Auditorio"
}
client 10.129.182.1 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-PVIII-X"
}
client 192.168.2.53 {
require_message_authenticator = no
secret = "akantilad0-Green-22"
shortname = "sarlanga3"
}
client 192.168.45 {
require_message_authenticator = no
secret = "sarlangalad0-black-54"
shortname = "sarlanga4"
}
client 192.168.3.201 {
require_message_authenticator = no
secret = "sarlangalad0-blue-246692"
shortname = "sarlanga7"
}
client 192.168.4 {
require_message_authenticator = no
secret = "Zarag0Za-Muppet5-32"
shortname = "AP-sarlanga7"
}
client 192.168.142.240 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Cabre-1"
}
client 192.168.142.241 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Cabre-2"
}
client 192.168.142.242 {
require_message_authenticator = no
secret = "sarlangalad0-Red-398952"
shortname = "AP-Cabre-3"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb-testing/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb-testing/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/raddb-testing/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/raddb-testing/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb-testing/radiusd.conf
modules {
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb-testing/modules/pap
pap {
encryption_scheme = "auto"
auto_header = yes
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb-testing/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file
/etc/raddb-testing/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Linked to module rlm_pam
Module: Instantiating module "pam" from file /etc/raddb-testing/modules/pam
pam {
pam_auth = "radiusd"
}
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb-testing/modules/unix
unix {
radwtmp = "/usr/local-test/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb-testing/eap.conf
eap {
default_eap_type = "md5"
timer_expire = 600
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/etc/pki/tls/certs/ips-spectrum-key.pem"
certificate_file = "/etc/pki/tls/certs/spectrum.sarlanga.edu.cer"
CA_file = "/etc/pki/tls/certs/IPS-IPSCABUNDLE.crt"
dh_file = "/etc/raddb-testing/certs/dh"
random_file = "/etc/raddb-testing/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = yes
lifetime = 6
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel-peap"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = yes
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/raddb-testing/modules/preprocess
preprocess {
huntgroups = "/etc/raddb-testing/huntgroups"
hints = "/etc/raddb-testing/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_detail
Module: Instantiating module "auth_log" from file
/etc/raddb-testing/modules/detail.log
detail auth_log {
detailfile =
"/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/etc/raddb-testing/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb-testing/modules/files
files {
usersfile = "/etc/raddb-testing/users"
acctusersfile = "/etc/raddb-testing/acct_users"
preproxy_usersfile = "/etc/raddb-testing/preproxy_users"
compat = "no"
}
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/raddb-testing/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Instantiating module "detail" from file
/etc/raddb-testing/modules/detail
detail {
detailfile =
"/usr/local-test/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/raddb-testing/modules/radutmp
radutmp {
filename = "/usr/local-test/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/raddb-testing/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb-testing/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "reply_log" from file
/etc/raddb-testing/modules/detail.log
detail reply_log {
detailfile =
"/usr/local-test/var/log/radius/radacct/replies/%{Client-IP-Address}/reply-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Instantiating module "attr_filter.access_reject" from file
/etc/raddb-testing/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb-testing/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
server status { # from file /etc/raddb-testing/sites-enabled/status
modules {
Module: Creating Autz-Type = Status-Server
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_always
Module: Instantiating module "ok" from file /etc/raddb-testing/modules/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
} # modules
} # server
server inner-tunnel { # from file /etc/raddb-testing/sites-enabled/inner-tunnel
modules {
Module: Creating Auth-Type = LDAP
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_ldap
Module: Instantiating module "ldap" from file /etc/raddb-testing/modules/ldap
ldap {
server = "ldap.sarlanga.edu"
port = 636
password = "sarlanga"
identity = "cn=freeradius,ou=applications,dc=sarlanga,dc=edu"
net_timeout = 10
timeout = 120
timelimit = 30
tls_mode = no
start_tls = no
tls_require_cert = "allow"
tls {
start_tls = no
cacertfile = "/etc/raddb-testing/cacert.pem"
randfile = "/dev/urandom"
require_cert = "demand"
}
basedn = "ou=people,dc=sarlanga,dc=edu"
filter = "(uid=%u)"
base_filter = "(objectclass=radiusprofile)"
auto_header = no
access_attr = "radiusAllowed"
access_attr_used_for_allow = yes
groupname_attribute = "cn"
groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
dictionary_mapping = "/etc/raddb-testing/ldap.attrmap"
ldap_debug = 40
ldap_connections_number = 15
compare_check_items = no
do_xlat = yes
set_auth_type = yes
keepalive {
interval = 3
}
}
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/etc/raddb-testing/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusPassword mapped to RADIUS Cleartext-Password
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password
rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU
rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression
rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host
rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service
rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port
rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number
rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id
rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network
rlm_ldap: LDAP radiusClass mapped to RADIUS Class
rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout
rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout
rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action
rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service
rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node
rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group
rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS
Framed-AppleTalk-Network
rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit
rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port
rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message
rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type
rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type
rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS
Tunnel-Private-Group-Id
conns: 0x1ffc1270
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Instantiating module "post_proxy_log" from file
/etc/raddb-testing/modules/detail.log
detail post_proxy_log {
detailfile =
"/usr/local-test/var/log/radius/radacct/postproxy/%{Client-IP-Address}/post-proxy-detail-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server inner-tunnel-peap { # from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "acct"
ipaddr = 192.168.1.5
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local-test/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "status"
ipaddr = 127.0.0.1
port = 18120
client admin {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "YellowSubmarine"
}
}
... adding new socket proxy address * port 54388
Listening on authentication address 192.168.1.5 port 1812
Listening on accounting address 192.168.1.5 port 1813
Listening on command file /usr/local-test/var/run/radiusd/radiusd.sock
Listening on status address 127.0.0.1 port 18120 as server status
Listening on proxy address 192.168.1.5 port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=74, length=170
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0238000d017072756562697461
Message-Authenticator = 0x510c83d2d8d716e25fa8e00162124f28
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 56 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry pruebita at line 434
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 74 to 10.129.89.1 port 38848
EAP-Message = 0x013900160410381a962cdd81a78cdd529de9d83f2b61
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f51fce56b215acf310f5bc900
Finished request 28.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=75, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x023900060319
State = 0x51c5e19f51fce56b215acf310f5bc900
Message-Authenticator = 0x9a66eb7b5a106c018d00e0b57f80f262
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 57 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry pruebita at line 434
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP NAK
[eap] EAP-NAK asked for EAP-Type/peap
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 75 to 10.129.89.1 port 38848
EAP-Message = 0x013a00061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f50fff86b215acf310f5bc900
Finished request 29.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=76, length=241
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x023a0042190016030100370100003303014fc89ccd9ef24a5acabf352713ed67aad4acfb2a2f0d4c5ad746a761a24f976800000c0013000a0033002f000500040100
State = 0x51c5e19f50fff86b215acf310f5bc900
Message-Authenticator = 0xb1b6655fab2a4f02abdddc4928d46870
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 58 length 66
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 0037], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 004a], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 1324], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 76 to 10.129.89.1 port 38848
EAP-Message =
0x013b040019c000001381160301004a0200004603014fc89cce0c471ae8314022655c37dcbb1fe882ed8735b93cfda7f5029188744220189eb3cfe1bd6b3b6b87fa215018f64ad2b414cda3740799b6d6c814cb3f7700000a0016030113240b00132000131d00071730820713308205fba0030201020214101b7f691cb7a76e4d2434f172207f0d6457bfd6300d06092a864886f70d01010505003081b0310b3009060355040613024553310f300d060355040813064d4144524944310f300d060355040713064d414452494431243022060355040a131b6970732043657274696669636174696f6e20417574686f7269747931183016060355040b130f
EAP-Message =
0x43657274696669636163696f6e657331193017060355040313106970734341204c6576656c20312043413124302206092a864886f70d010901161569707363616c6576656c314069707363612e636f6d301e170d3132303132373132303731335a170d3134303230313132303731335a30818d310b3009060355040613024152311530130603550407130c4275656e6f73204169726573311f301d060355040a1316556e6976657273696461642064652050616c65726d6f31273025060355040b131e446570617274616d656e746f20646520436f6d756e69636163696f6e6573311d301b06035504031314737065637472756d2e70616c65726d6f2e
EAP-Message =
0x65647530820122300d06092a864886f70d01010105000382010f003082010a0282010100a8efabc6c785b1314fc7a643f75a6b1e1ae645b4ad47d23a5ce062cd3fa5a998112d48b88960da17628181430eb1e6dbcd806eb3b77ad9ca5728e86d333f9a910107d90c0e2dad1951587fb6ebe0b1f99665fad04e352e1d87dbf1a1292ae3cc8bb936511b10cc25facb79db7df50a443359a5c46213253cfbee9db5a262221e23d6961c6f2e4bff6c7702fe05eeff8c97c3c4558f84d3d61a1571017d5638863ec4f341613113aca1b385ae7598065503f28f78c83c632ebb0183d6d8ffd21edd8cd4db50c1550443f12706847a053769c1c5c7f94eff9fff
EAP-Message =
0x8c3091d3892db2f35ab46dc208d1e03f37b82fb96d7fba474b42279ecb74157fdc521c038949dd0203010001a38203443082034030090603551d1304023000301106096086480186f8420101040403020640300b0603551d0f0404030205a030130603551d25040c300a06082b06010505070301301d0603551d0e04160414d57dbba6130341755d2138e3ed9faacb3e65cdcb301f0603551d230418301680147d9e6b0efc13e1c48ba77f61ae6021cfcda0d30630090603551d1104023000305b0603551d1204543052a450304e310b300906035504061302455331243022060355040a131b6970732043657274696669636174696f6e20417574686f
EAP-Message = 0x726974793119301706035504
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f53fef86b215acf310f5bc900
Finished request 30.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=77, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x023b00061900
State = 0x51c5e19f53fef86b215acf310f5bc900
Message-Authenticator = 0xa4a26c588cef259c66f231f46e99c8da
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 59 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 77 to 10.129.89.1 port 38848
EAP-Message =
0x013c03fc19400313106970734341204c6576656c2031204341307106096086480186f842010d046416624f7267616e697a6174696f6e20496e666f726d6174696f6e204e4f542056414c4944415445442e204c4556454c3120536572766572204365727469666963617465206973737565642062792068747470733a2f2f7777772e69707363612e636f6d2f302906096086480186f8420102041c161a687474703a2f2f6c6576656c3130312e69707363612e636f6d2f303c06096086480186f8420104042f162d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c3043060960864801
EAP-Message =
0x86f842010304361634687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f7265766f636174696f6e4c4556454c312e68746d6c3f304006096086480186f842010704331631687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f72656e6577616c4c4556454c312e68746d6c3f303e06096086480186f84201080431162f687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f706f6c6963794c4556454c312e68746d6c30730603551d1f046c306a3033a031a02f862d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63
EAP-Message =
0x726c3033a031a02f862d687474703a2f2f6c6576656c3130322e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c303e06082b0601050507010104323030302e06082b060105050730018622687474703a2f2f6f6373706c6576656c3130312e69707363612e636f6d2f6f637370300d06092a864886f70d010105050003820101004b61ec4cf7163dad3601e3de9938175ec4ec75d60f658eabf37b1e331283419e7438e584e8cfc47c087c7cba005dcd9d7d165a470bd7aaea70b69b1a18ad2a6cc136cf2ff5cb948ae2866b1c46bbf8ef999ecb510407f28a091e7aa75684d90938f85c3fcd39580112b6979f3284c581f86b
EAP-Message =
0x998bc211c1de82e87fd57ee7a975905e9dec75020feda29cf4f29dc59dc3946ccf328f7380c6f3f4064d3f6f496fffd640ed2c813c44d648f9ee0143f894d41f4970f30e158064b305a4ae264887a62b5ee51f4f7f3241ddeebcd1153f836262d7c24c4cd7a09f2ab6bc052cd2ecf78e948f240e526538478893fb776f27d44d620c8e58641b4231958c85d758080005f2308205ee308204d6a00302010202141000000000000000000000000000000000000011300d06092a864886f70d01010505003081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d06035504
EAP-Message = 0x0a13264950532043
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f52f9f86b215acf310f5bc900
Finished request 31.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=78, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x023c00061900
State = 0x51c5e19f52f9f86b215acf310f5bc900
Message-Authenticator = 0xf15626a2f70fb625cfbdee8873d99f4f
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 60 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 78 to 10.129.89.1 port 38848
EAP-Message =
0x013d03fc1940657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d301e170d3039313231303131333835325a170d3239313232343131333835325a3081b0310b3009060355040613024553310f300d060355040813064d4144524944310f300d060355040713064d414452494431243022060355040a131b6970732043657274696669636174696f6e20417574686f7269747931183016060355040b130f43
EAP-Message =
0x657274696669636163696f6e657331193017060355040313106970734341204c6576656c20312043413124302206092a864886f70d010901161569707363616c6576656c314069707363612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a02820101009f4db33023c13a798527825d45ce5b64f82bafe15d6001e2940ed501863645858c0c8e76e1a0a40d935417986aeeb2840b23eabf217cc0ee49c026791954d6311890f7fb970be3a8c51640de2eb88c655b32d953f7c8ff06fb896654f8ea44420fb74fc7b0e94fd1d0bbfa968a33e346b7fa64bc65b11fb1e0e105f80cdd4af58b3097b4480a94feaf1d63f269
EAP-Message =
0x2c6b1b446afd3bd9dae70df0c68ab6e0190160a309a2b320401b14073a8c22df33f476c185b862b849b975c196ed1108af3c3f4e59e840dc995a134747e3b2840a7e8130b71c969f2e0d1cd0e5845e5bad3cce4a6b7d684522f54d5ae79f5c19004827a5787882d3e2ffb1e680dfeb2a125bb10203010001a38201fa308201f6302a06096086480186f8420102041d161b68747470733a2f2f6c6576656c3130312e69707363612e636f6d2f302106096086480186f84201030414161265737461646f2f65737461646f2e6173703f302706096086480186f8420104041a161865737461646f4341544553542f65737461646f2e6173703f3022060960
EAP-Message =
0x86480186f84201070415161365737461646f2f72656e756576612e6173703f302006096086480186f84201080413161165737461646f2f706f6c6963792e617370302406096086480186f842010d04171615436572746966696361646f20706f72206970734341301106096086480186f8420101040403020007300c0603551d13040530030101ff301d0603551d0e041604147d9e6b0efc13e1c48ba77f61ae6021cfcda0d306303e0603551d1f043730353033a031a02f862d687474703a2f2f6c6576656c3130312e69707363612e636f6d2f63726c2f69707363616c6576656c312e63726c303a06082b06010505070101042e302c302a06082b06
EAP-Message = 0x010505073001861e
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f55f8f86b215acf310f5bc900
Finished request 32.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=79, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x023d00061900
State = 0x51c5e19f55f8f86b215acf310f5bc900
Message-Authenticator = 0x4ce902814c105901520df2f8036166c3
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 61 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 79 to 10.129.89.1 port 38848
EAP-Message =
0x013e03fc1940687474703a2f2f6f6373706c6576656c3130312e69707363612e636f6d2f300b0603551d0f04040302010630470603551d250440303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304300d06092a864886f70d010105050003820101008737bf8f76d31d2eca683935839d2958fe74add252963aff06e84cb0308e3316c5972d29aebe28e77e10ab20e1ed509ecfbbd394fe1da47370d27e6239b31cd636e1d4782bace12bedc753a14dd4281f588e56e2c924f956ec0ad0df5268575ea4393bb9e46619c4cff0a7fbb7717f
EAP-Message =
0xd7f247a501f8245587996ac61064ada017958080eb6d4bd3e9171685a951ae6e69419776e8de7f43fb891b853397030059549676d110ed837018f76ca7231a20647365211bee7e1e67f8026ad21c2e37a31e7001bb866076bc7adc7eff3475f2e33e94c60ed70ce792cc33c31c32df09e853cf3587c59453f98efa685cce193a482a52f3da46c2e6bd5d02b5471eb9954000060b30820607308204efa003020102020100300d06092a864886f70d01010505003081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a132649505320436572746966696361
EAP-Message =
0x74696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d301e170d3039303930373134333834345a170d3239313232353134333834345a3081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b130569707343
EAP-Message =
0x41311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100a7efcc8030b091244fb068f8c3ca2d1538555882e23863b0f7a3926f83b8b05eb08cac54b177d050e097b390ad8ab31f392b4556f7aae2df7cb2ec6f532f9acbd0e666cbc913e872e2b4cd31578712b593e8fa72ceea47f28cb4b063d70400b764363997e895f188f9710d03278c61cf0883964f83c54ee85cf80670f102aa1c1ea9c8aa7ee75dcd8d3c146f67d01ba923488b21283a8a4ce6
EAP-Message = 0x1131f9212eb26766
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f54fbf86b215acf310f5bc900
Finished request 33.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=80, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x023e00061900
State = 0x51c5e19f54fbf86b215acf310f5bc900
Message-Authenticator = 0x419616a5e5f69204aaca365aa417d934
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 62 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 80 to 10.129.89.1 port 38848
EAP-Message =
0x013f03af1900c6296e9493cf4096fcb03dbfb2b493bf5671b6a54187b058b559232849b898f9501e2d15280b4cac49d184a99b9ae77254b738d0dbc9fea973d56d10cd8e75ebfe97fd803cfcb4d848f499460b8814a4b62edb4c60f421c16c809514d5afd50203010001a382022430820220301d0603551d0e0416041415a69680b1154b31c3c29cf6e7130b4bf318cd863081df0603551d230481d73081d4801415a69680b1154b31c3c29cf6e7130b4bf318cd86a181b8a481b53081b2310b3009060355040613024553310f300d060355040813064d6164726964310f300d060355040713064d6164726964312f302d060355040a13264950532043
EAP-Message =
0x657274696669636174696f6e20417574686f7269747920732e6c2e206970734341310e300c060355040b13056970734341311d301b06035504031314697073434120476c6f62616c20434120526f6f743121301f06092a864886f70d0109011612676c6f62616c30314069707363612e636f6d820100300c0603551d13040530030101ff300b0603551d0f04040302010630470603551d250440303e06082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b06010505070308060a2b0601040182370a0304301d0603551d11041630148112676c6f62616c30314069707363612e636f6d301d0603
EAP-Message =
0x551d12041630148112676c6f62616c30314069707363612e636f6d30410603551d1f043a30383036a034a0328630687474703a2f2f63726c676c6f62616c30312e69707363612e636f6d2f63726c2f63726c676c6f62616c30312e63726c303806082b06010505070101042c302a302806082b06010505073001861c687474703a2f2f63726c676c6f62616c30312e69707363612e636f6d300d06092a864886f70d0101050500038201010018f4aefe800f8ec1776fa25a47489f2355a1536bf95da730a524be432ff8c1d157f93e2c8025cc46a936f3495b1df67cd763b34d3e78f6a7b40277f8790d3e6acb1860b8fd00af0cdd54e3548f223df310
EAP-Message =
0x6f110db51e7a8d27cc08b85bc3b81a5f2ba7603f001cf70f5c4266649e8712807089e0fa57280e4e1f102fd90580b6802f1c69f0f6b66534056fcad93ef8d45d3732c7b82bccff73930071e001c8aa43bda9f1cefa80f9f1431291a665e560074d47ba2b2f04f64a8529886510c9b253629c6c9b605c1a1bd3aec51d729906ff05cc862673b4d45405dd1e6b003bb789e8e391022012ebefe9fe0a29238123a300da70cc925f3723d01c7b355c037a16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f57faf86b215acf310f5bc900
Finished request 34.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=81, length=501
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x023f014419001603010106100001020100615e16737ca27664e029e9464b6d38d0e96d10e9fa36dcc345d6c2bebc5b46b7f6f57dee94e3445d5addd0c341d0330731effdda2d1300f6163f8f9e639e7f29d6d5e01f75cc38ae18ea18c5db3b29b96255f6928c2a420882655e8cb81ea6c6df4fe2f5d37b0de031b7c81556d94022fb272852e078572cba44e3e8151e9660e6816d10fdba3a51b36e43119417ce6ca34e1d37d659a2f8b1f8bb4248ed807392bf7f5f453cf26f00fbcdfc6ec84f1798737710ade7141b2ecd78d77e6ba428ba468a36405c92a816c5a4868fa9ebb0b5f8a726d4b1ce9892fa2fe554e645d16522c263f3c5f86cd03171d0
EAP-Message =
0x8053a3c19d3fe2901eac4ee34cc1a51f2d9068191403010001011603010028dc45b3ecdbce94b5a878b480e812ee79a9c17150a92671fa177236cf97bf02bffc1a52c026dbbb2a
State = 0x51c5e19f57faf86b215acf310f5bc900
Message-Authenticator = 0xf86876fb7612ab7ff8a644817293b53b
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 63 length 253
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap] TLS_accept: SSLv3 read client key exchange A
[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap] <<< TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 read finished A
[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap] TLS_accept: SSLv3 write change cipher spec A
[peap] >>> TLS 1.0 Handshake [length 0010], Finished
[peap] TLS_accept: SSLv3 write finished A
[peap] TLS_accept: SSLv3 flush data
SSL: adding session
189eb3cfe1bd6b3b6b87fa215018f64ad2b414cda3740799b6d6c814cb3f7700 to
cache
[peap] (other): SSL negotiation finished successfully
SSL Connection Established
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 81 to 10.129.89.1 port 38848
EAP-Message =
0x0140003919001403010001011603010028120ba7581f67afee3fe93d71202a3b8eef45d44ed59366641e4e901d1d30295d67644c20f0636c95
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f5685f86b215acf310f5bc900
Finished request 35.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=82, length=181
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x024000061900
State = 0x51c5e19f5685f86b215acf310f5bc900
Message-Authenticator = 0x9876211434267235d34177c6baada0a0
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 64 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
Sending Access-Challenge of id 82 to 10.129.89.1 port 38848
EAP-Message =
0x0141002b19001703010020a7bad7bd5b08f24e8165859c7202d96fbb32d601cf63a81969b692422bbce7f0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f5984f86b215acf310f5bc900
Finished request 36.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=83, length=247
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x02410048190017030100182c80dd585307c00c58051a0ea4faa27e4a5df95720469a7a170301002095ab5282b093ae854c63cc7d3ba67d506c23bddff057c2a98511a4bf854240c9
State = 0x51c5e19f5984f86b215acf310f5bc900
Message-Authenticator = 0x39c120e0dca7d430448165505dc8dd6c
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 65 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state WAITING FOR INNER IDENTITY
[peap] Identity - pruebita
[peap] Got inner identity 'pruebita'
[peap] Setting default EAP type for tunneled EAP session.
[peap] Got tunneled request
EAP-Message = 0x0241000d017072756562697461
server {
[peap] Setting User-Name to pruebita
Sending tunneled request
EAP-Message = 0x0241000d017072756562697461
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
NAS-IP-Address = 10.129.89.1
server inner-tunnel-peap {
# Executing section authorize from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 65 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for pruebita
[ldap] expand: (uid=%u) -> (uid=pruebita)
[ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=people,dc=sarlanga,dc=edu, with
filter (uid=pruebita)
[ldap] object not found
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel-peap
[peap] Got tunneled reply code 11
EAP-Message =
0x014200221a0142001d1044c4caf16d9a7e43d6e3fbad805501237072756562697461
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x63fdd7b563bfcd4b0f3934ebfe7a85b9
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x014200221a0142001d1044c4caf16d9a7e43d6e3fbad805501237072756562697461
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x63fdd7b563bfcd4b0f3934ebfe7a85b9
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 83 to 10.129.89.1 port 38848
EAP-Message =
0x0142004319001703010038359eaf0224c732f9e83935d0da09d2f6b169503605cb8311ba6d9e3485d51cb6a25ddfc336d6bae781180ce0d413562af3bdcfde5180c80f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f5887f86b215acf310f5bc900
Finished request 37.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=84, length=303
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x0242008019001703010018f3e980063f7cfb058900cf00b2760b697de7aba67e199b4f17030100588febd03280df614d10106a127d9ce496c4fccaad9681a12dd4f8d4641a2e337486c608e136ed1cbeac8af33318136b2dfa9b9a952cb7b61837ad54a90d1330537628ee52fde4e6af685b3d573bbbf04388bbaeecb4ea8e17
State = 0x51c5e19f5887f86b215acf310f5bc900
Message-Authenticator = 0x0c1ae63b5d7e03e33800ad87364eed83
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 66 length 128
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x024200431a0242003e314a6d7e7fe98db69bbc4fc8cceb9dfb8d0000000000000000cedcbce414bab2e5f0f7952223f1b126947ce80dd6929378007072756562697461
server {
[peap] Setting User-Name to pruebita
Sending tunneled request
EAP-Message =
0x024200431a0242003e314a6d7e7fe98db69bbc4fc8cceb9dfb8d0000000000000000cedcbce414bab2e5f0f7952223f1b126947ce80dd6929378007072756562697461
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "pruebita"
State = 0x63fdd7b563bfcd4b0f3934ebfe7a85b9
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
NAS-IP-Address = 10.129.89.1
server inner-tunnel-peap {
# Executing section authorize from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 66 length 67
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for pruebita
[ldap] expand: (uid=%u) -> (uid=pruebita)
[ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=people,dc=sarlanga,dc=edu, with
filter (uid=pruebita)
[ldap] object not found
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: pruebita
[mschap] Told to do MS-CHAPv2 for pruebita with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
MSCHAP Failure
++[eap] returns handled
} # server inner-tunnel-peap
[peap] Got tunneled reply code 11
EAP-Message = 0x014300121a0442000d453d36393120523d31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x63fdd7b562becd4b0f3934ebfe7a85b9
[peap] Got tunneled reply RADIUS code 11
EAP-Message = 0x014300121a0442000d453d36393120523d31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x63fdd7b562becd4b0f3934ebfe7a85b9
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 84 to 10.129.89.1 port 38848
EAP-Message =
0x014300331900170301002888636a6445053d18018a230fd21f9959466fd90802b7210f8b788a09a4494fc64d1f7b6ae050f021
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f5b86f86b215acf310f5bc900
Finished request 38.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=85, length=239
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x0243004019001703010018e16554d32843bdba9b707d3e41f21023c12b34e85e7f7df517030100186d29c7588683f31175ad338f971a6426cac9ffe6b6eaa912
State = 0x51c5e19f5b86f86b215acf310f5bc900
Message-Authenticator = 0x10df06a435d2fc959d36eb7ecb637292
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 67 length 64
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state phase2
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message = 0x024300061a04
server {
[peap] Setting User-Name to pruebita
Sending tunneled request
EAP-Message = 0x024300061a04
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "pruebita"
State = 0x63fdd7b562becd4b0f3934ebfe7a85b9
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
NAS-IP-Address = 10.129.89.1
server inner-tunnel-peap {
# Executing section authorize from file
/etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 67 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for pruebita
[ldap] expand: (uid=%u) -> (uid=pruebita)
[ldap] expand: ou=people,dc=sarlanga,dc=edu -> ou=people,dc=sarlanga,dc=edu
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in ou=people,dc=sarlanga,dc=edu, with
filter (uid=pruebita)
[ldap] object not found
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns notfound
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/inner-tunnel-peap
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
Login incorrect ( [ldap] User not found): [pruebita] (from client
oficina-test port 3 cli E8-3E-B6-26-C3-28 via TLS tunnel)
} # server inner-tunnel-peap
[peap] Got tunneled reply code 3
EAP-Message = 0x04430004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Got tunneled reply RADIUS code 3
EAP-Message = 0x04430004
Message-Authenticator = 0x00000000000000000000000000000000
[peap] Tunneled authentication was rejected.
[peap] FAILURE
++[eap] returns handled
Sending Access-Challenge of id 85 to 10.129.89.1 port 38848
EAP-Message =
0x0144002b1900170301002083387441294d575a9779c1b19e136da15935afcd9f001a1d2e4b5b87e236d164
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x51c5e19f5a81f86b215acf310f5bc900
Finished request 39.
Going to the next request
Waking up in 4.8 seconds.
rad_recv: Access-Request packet from host 10.129.89.1 port 38848,
id=86, length=247
User-Name = "pruebita"
NAS-Identifier = "AP-PVIII-IX-OF"
NAS-Port = 3
Called-Station-Id = "00:1B-7E-DC-AB-1A:sarlanga-I"
Calling-Station-Id = "E8-3E-B6-26-C3-28"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message =
0x024400481900170301001854ac58595af316bc6d8484be6039a67508204d0ecaea270a1703010020b983c87ab4edfd3bc018184ba6271d50216bc96f1f430e19808d9e1a4ec9180a
State = 0x51c5e19f5a81f86b215acf310f5bc900
Message-Authenticator = 0xae08495c38c1461cb67d946cdf22ceae
# Executing section authorize from file /etc/raddb-testing/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %{Virtual-Server} ->
[auth_log] ... expanding second conditional
[auth_log] expand:
/usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
-> /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] /usr/local-test/var/log/radius/radacct/requests/%{Client-IP-Address}/auth-detail-%{NAS-Identifier}-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d
expands to /usr/local-test/var/log/radius/radacct/requests/10.129.89.1/auth-detail-AP-PVIII-IX-OF-DEFAULT-20120601
[auth_log] expand: %t -> Fri Jun 1 07:43:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "pruebita", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 68 length 72
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap] The users session was previously rejected: returning reject (again.)
[peap] *** This means you need to read the PREVIOUS messages in the
debug output
[peap] *** to find out the reason why the user was rejected.
[peap] *** Look for "reject" or "fail". Those earlier messages will tell you.
[peap] *** what went wrong, and how to fix the problem.
SSL: Removing session
189eb3cfe1bd6b3b6b87fa215018f64ad2b414cda3740799b6d6c814cb3f7700 from
the cache
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [pruebita] (from client oficina-test port 3 cli
E8-3E-B6-26-C3-28)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb-testing/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> pruebita
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 40 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
--
--
Sergio Belkin  http://www.sergiobelkin.com
Watch More TV http://sebelk.blogspot.com
LPIC-2 Certified - http://www.lpi.org
3
14
Wich version must download and install for FreeBSD with complete mysql support?
thx
1
0
hello,
I try to configure freeradius with Mac-Authentication.
but when my client connects it is authorized accerder has a vlan, which is
not permitted for him.
here are my logs: freeradius -X
Sending Access-Accept of id 21 to 157.159.21.222 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "33"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +38
file user :
001f3c55793b Auth-Type := Local, Cleartext-Password := "001f3c55793b"
Tunnel-type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 33
configuration of the AP:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wifi-b008
!
enable secret 5 $1$Ah/g$eseM58JsjbqFW7u.uU69t/
!
ip subnet-zero
ip domain name int-evry.fr
ip name-server 157.159.10.13
!
!
aaa new-model
!
!
aaa group server radius rad_admin
server 157.159.21.220 auth-port 1812 acct-port 1813
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_srv
server 157.159.21.220 auth-port 1812 acct-port 1813
!
aaa authentication login mac_methods group rad_srv
aaa authorization network default group rad_srv
aaa cache profile admin_cache
all
!
aaa session-id common
dot11 vlan-name b008Admin vlan 21
dot11 vlan-name etudiants vlan 15
dot11 vlan-name permanents vlan 33
dot11 vlan-name thesards vlan 16
!
dot11 ssid b008Admin
vlan 21
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 1248011E01021E0B253F752C3A262B01081917
!
!
dot11 ssid etudiants
vlan 15
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid permanents
vlan 33
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid thesards
vlan 16
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 aaa authentication mac-authen filter-cache
dot11 aaa csid unformatted
dot11 network-map
!
! username Cisco password 7 0802455D0A16
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 16 mode ciphers tkip
!
encryption vlan 21 mode ciphers tkip
!
encryption mode wep mandatory
!
!
encryption vlan 15 key 2 size 128bit 7 704856427E9D21265549561E467E
transmit-ky
encryption vlan 15 mode wep optional
!
broadcast-key vlan 33 change 60
!
!
ssid b008Admin
!
ssid etudiants
!
ssid permanents
!
ssid thesards
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0
station-role root
infrastructure-client
!
interface Dot11Radio0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface FastEthernet0
!
radius-server attribute list 802
!
radius-server attribute list 81
!
radius-server host 157.159.21.220 auth-port 1812 acct-port 1813 key 7
071C244F5D
radius-server vsa send authentication 3gpp2
!
control-plane
!
bridge 1 route ip
!
!
wlccp wds aaa authentication mac-authen filter-cache
wlccp wds aaa csid unformatted
!
wlccp wds aaa csid unformatted
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
end
how can I do?
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Cisco-AP-Radius-tp5713578.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
2
Hi,
For Active directory support is it necessary that in
modules/rlm_krb5 should also be compiled. I have already compiled ldap
module.
Thanks
2
1
You are running latest version of freeradius?
You have read the inner-tunnel virtual server config file near the end? And the MSCHAP module file near the end?
alan
1
0
Hello,
Im using freeradius 2.1.7.
I want to add multiple queries for radpostauth statement like
radpostauth = "query1;query2"
But it says mysql error.
How can I resolve this issue?
Thanks.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/dialup-conf-multiple-query-for-post…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
2
Hi,
regarding Amans post from Apr 5.:
> Aman Arneja arneja.aman at gmail.com wrote:
>
> Password change and retry is very much supported for Windows and Eap
> for (P)eap-mschapv2. There would be some flag that needs to be set for
> this after which it will work, will check what that flag is and write
> back in some time
I would like to ask which flag is missing ?
I tested now password change and password expire issue with a Windows 2008 R2 Radius (NPS) System, and it works fine.
OK, this will fix my issue but i would like stay on freeradius because of other services to serve with this.
Thanks for any help
regards
C.
--
Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir
belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de
1
0
Authenticating using own method instead of standard methos like PAP,CHAP e.t.c
by Ramakrishna 06 Jun '12
by Ramakrishna 06 Jun '12
06 Jun '12
Hi,
I am new to Free RADIUS and I am facing some problem.
I have created one new module for my purpose and I have defined new methods
for each function like authorizing, accounting and authenticating. When my
server receives accounting request, accounting method in my module is being
called but that is not happening in case of authentication. It is
authenticating using PAP method at present. I want to by pass all the
standard methods supported by Free RADIUS and i want my authentication
method to be called whenever my server received Access requests. I would
like to how that can be done.
Thanks.
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authenticating-using-own-method-ins…
Sent from the FreeRadius - User mailing list archive at Nabble.com.
2
3
hello,
I try to configure freeradius with Mac-Authentication.
but when my client connects it is authorized accerder has a vlan, which is
not permitted for him.
here are my logs: freeradius -X
Sending Access-Accept of id 21 to 157.159.21.222 port 1645
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "33"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 21 with timestamp +38
file user :
001f3c55793b Auth-Type := Local, Cleartext-Password := "001f3c55793b"
Tunnel-type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 33
configuration of the AP:
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wifi-b008
!
enable secret 5 $1$Ah/g$eseM58JsjbqFW7u.uU69t/
!
ip subnet-zero
ip domain name int-evry.fr
ip name-server 157.159.10.13
!
!
aaa new-model
!
!
aaa group server radius rad_admin
server 157.159.21.220 auth-port 1812 acct-port 1813
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server tacacs+ tac_admin
cache expiry 1
cache authorization profile admin_cache
cache authentication profile admin_cache
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa group server radius rad_srv
server 157.159.21.220 auth-port 1812 acct-port 1813
!
aaa authentication login mac_methods group rad_srv
aaa authorization network default group rad_srv
aaa cache profile admin_cache
all
!
aaa session-id common
dot11 vlan-name b008Admin vlan 21
dot11 vlan-name etudiants vlan 15
dot11 vlan-name permanents vlan 33
dot11 vlan-name thesards vlan 16
!
dot11 ssid b008Admin
vlan 21
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 1248011E01021E0B253F752C3A262B01081917
!
!
dot11 ssid etudiants
vlan 15
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid permanents
vlan 33
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 ssid thesards
vlan 16
authentication open mac-address mac_methods
mbssid guest-mode
!
dot11 aaa authentication mac-authen filter-cache
dot11 aaa csid unformatted
dot11 network-map
!
! username Cisco password 7 0802455D0A16
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 16 mode ciphers tkip
!
encryption vlan 21 mode ciphers tkip
!
encryption mode wep mandatory
!
!
encryption vlan 15 key 2 size 128bit 7 704856427E9D21265549561E467E
transmit-ky
encryption vlan 15 mode wep optional
!
broadcast-key vlan 33 change 60
!
!
ssid b008Admin
!
ssid etudiants
!
ssid permanents
!
ssid thesards
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
48.0
station-role root
infrastructure-client
!
interface Dot11Radio0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
bridge-group 3 spanning-disabled
!
interface Dot11Radio0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
bridge-group 4 spanning-disabled
!
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.16
encapsulation dot1Q 16
no ip route-cache
bridge-group 3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
!
interface FastEthernet0.21
encapsulation dot1Q 21 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface FastEthernet0.33
encapsulation dot1Q 33
no ip route-cache
bridge-group 4
no bridge-group 4 source-learning
bridge-group 4 spanning-disabled
!
interface BVI1
ip address dhcp client-id FastEthernet0
no ip route-cache
!
ip http server
no ip http secure-server
ip http help-path
http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface FastEthernet0
!
radius-server attribute list 802
!
radius-server attribute list 81
!
radius-server host 157.159.21.220 auth-port 1812 acct-port 1813 key 7
071C244F5D
radius-server vsa send authentication 3gpp2
!
control-plane
!
bridge 1 route ip
!
!
wlccp wds aaa authentication mac-authen filter-cache
wlccp wds aaa csid unformatted
!
wlccp wds aaa csid unformatted
!
line con 0
transport preferred all
transport output all
line vty 0 4
transport preferred all
transport input all
transport output all
line vty 5 15
transport preferred all
transport input all
transport output all
!
end
how can I do?
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Cisco-AP-Radius-tp5713577.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
1
0
update NAS-Identifier in Access-Request before proxying to other radius server
by C.F. Yeung 05 Jun '12
by C.F. Yeung 05 Jun '12
05 Jun '12
I want to update NAS-Identifier in Access-Request before proxying to other
radius server. Tried adding the following lines in default but in vain. So,
where should I put the following unlang?
update request {
NAS-Identifier = "new-nas-identifier"
}
2
4