Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
October 2013
- 102 participants
- 134 discussions
Hello,
I configured a user on radius server I copied the same config that every
user have. but still when the user try to authenticate he/she in this
case(dfrank) gets % *Authentication failed.* bbob has the same config and
able to authenticate to cisco devices. the cisco device is pointing to the
same radius. Can you please help.
**
**
cd /usr/local/etc/raddb
==============================
kcorp-radius# radiusd -x
Starting - reading configuration files ...
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
auth bind: Address already in use
There appears to be another RADIUS server already running on the
authentication port UDP 1645.
============================================================================================
kcorp-radius # radiusd -v
radiusd: FreeRADIUS Version 0.8, for host sparc-sun-solaris2.7, built on
Dec 10 2002 at 10:54:28
=============================================================================================
dfrank Service-Type == Framed-User
Bay-User-Level = 2,
Cisco-AVPair = "shell:priv-lvl=15",
Fall-Through = No
bbob Service-Type == Framed-User
Bay-User-Level = 2,
Cisco-AVPair = "shell:priv-lvl=15",
Fall-Through = No
=============================================================================================
ps –ef|grep radiusd
===============================================================
radtest dfrank df2121 localhost 0 testing123
====================================================================
kcorp-radius # radtest dfrank df2121 localhost 0 testing123
Sending Access-Request of id 17 to 127.0.0.1 port 1812
User-Name = "dfrank"
User-Password = "df2121"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
Re-sending Access-Request of id 17 to 127.0.0.1 port 1812
User-Name = "dfrank"
User-Password = "2121"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
**
**
*Thanks*
2
1
Please suggest how can I assign sequence no. to users based on some
parameter in Access Request.
Ex. User sends Hardware ID in Access Request and radius responds with some
number corresponding to this HWID from database.
--
br,
Navodit Bhardwaj
Hughes Systique Corporation
1
1
Hi List,
is there way to do web content filtering using some FR attribute ? using
software such as, DansGuardian ?
My Setup: Freeradius + CoovaChilli + Dansgurdian + Squid Proxy
Thanks
RM --
2
1
hi all,
i've a big problem with the new module ldap.
when i perform a ldap request i've this error
Fri Oct 25 14:16:30 2013 : ERROR: (0) ERROR: Failed performing search:
Please set 'chase_referrals=yes' and 'rebind=yes'. See the ldap module
configuration for details.
Fri Oct 25 14:16:30 2013 : ERROR: (0) ERROR: Server said: 00000000:
LdapErr: DSID-0C090627, comment: In order to perform this operation a
successful bind must be completed on the connection., data 0, vece.
Here <https://dl.dropboxusercontent.com/u/15956439/radius3/default> you can
find my sites default configuration
here <https://dl.dropboxusercontent.com/u/15956439/radius3/ldap> you can
find my ldap module configuration
here <https://dl.dropboxusercontent.com/u/15956439/radius3/debug> you can
find the full debug output
and here <https://dl.dropboxusercontent.com/u/15956439/radius3/scan> a
trace that you can open with wireshark
Where i wrong???
Thank you
--
*Davide Garofalo*
4
20
hello, i have the following scenario:
i have a specific user "antonio" that i would limit to surf for only 10 minutes at each session. Please note that this user can surf a illimitately number of session daily, but each of this sessions must be limited to 10 minutes.
any idea?
thank you in advance
4
3
hello, i have the following scenario:
i have a specific user "antonio" that i would limit to surf for only 10 minutes at each session. Please note that this user can surf a illimitately number of session daily, but each of this sessions must be limited to 10 minutes.
any idea?
thank you in advance
1
0
Can someone tell me what is going on here? It gives me a chap auth request
fail when everything else looks good. I am not sure why I get the "EAP
session for state 0x467250bc44764540 did not finish!" I get the same
message occasionally on other requests that seem to accept the auth anyway.
This is a new canopy ap that I am trying to make work. It originally wanted
to use the user anonymous but It was failing on that so changed the phase 1
auth to use the mac also. Is this a cert error? A configuration error?
Thanks for looking at it.
rad_recv: Access-Request packet from host 10.0.32.130 port 1238, id=0,
length=106
User-Name = "0a-00-3e-47-df-7d"
NAS-IP-Address = 10.0.32.130
NAS-Port = 5
NAS-Port-Type = Wireless-Other
Framed-MTU = 1020
EAP-Message = 0x020100170130612d30302d33652d34372d64662d376400
Message-Authenticator = 0x2d0cefa2c6f99ad929553dc9aed96ff9
Sun Oct 27 14:52:04 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:04 2013 : Info: +- entering group authorize {...}
Sun Oct 27 14:52:04 2013 : Info: ++[preprocess] returns ok
Sun Oct 27 14:52:04 2013 : Info: ++[chap] returns noop
Sun Oct 27 14:52:04 2013 : Info: ++[mschap] returns noop
Sun Oct 27 14:52:04 2013 : Info: [suffix] No '@' in User-Name =
"0a-00-3e-47-df-7d", looking up realm NULL
Sun Oct 27 14:52:04 2013 : Info: [suffix] No such realm "NULL"
Sun Oct 27 14:52:04 2013 : Info: ++[suffix] returns noop
Sun Oct 27 14:52:04 2013 : Info: [eap] EAP packet type response id 1 length
23
Sun Oct 27 14:52:04 2013 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Sun Oct 27 14:52:04 2013 : Info: ++[eap] returns updated
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: %{User-Name} ->
0a-00-3e-47-df-7d
Sun Oct 27 14:52:04 2013 : Info: [sql] sql_set_user escaped user -->
'0a-00-3e-47-df-7d'
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 1
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value,
Op FROM radcheck WHERE Username = '0a-00-3e-47-df-7d' ORDER BY id
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: query affected rows =
2 , fields = 5
Sun Oct 27 14:52:04 2013 : Info: [sql] User found in radcheck table
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value,
Op FROM radreply WHERE Username = '0a-00-3e-47-df-7d' ORDER BY id
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: query affected rows =
1 , fields = 5
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: SELECT GroupName FROM
radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT
GroupName FROM radusergroup WHERE UserName='0a-00-3e-47-df-7d' ORDER BY
priority
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: query affected rows =
1 , fields = 1
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: SELECT id, GroupName,
Attribute, Value, op FROM radgroupcheck WHERE GroupName =
'%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value,
op FROM radgroupcheck WHERE GroupName = '450-3x1' ORDER BY id
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: query affected rows =
0 , fields = 5
Sun Oct 27 14:52:04 2013 : Info: [sql] User found in group 450-3x1
Sun Oct 27 14:52:04 2013 : Info: [sql] expand: SELECT id, GroupName,
Attribute, Value, op FROM radgroupreply WHERE GroupName =
'%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value,
op FROM radgroupreply WHERE GroupName = '450-3x1' ORDER BY id
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql_postgresql: query affected rows =
6 , fields = 5
Sun Oct 27 14:52:04 2013 : Debug: rlm_sql (sql): Released sql socket id: 1
Sun Oct 27 14:52:04 2013 : Info: ++[sql] returns ok
Sun Oct 27 14:52:04 2013 : Info: ++[expiration] returns noop
Sun Oct 27 14:52:04 2013 : Info: ++[logintime] returns noop
Sun Oct 27 14:52:04 2013 : Info: [pap] WARNING: Auth-Type already set. Not
setting to PAP
Sun Oct 27 14:52:04 2013 : Info: ++[pap] returns noop
Sun Oct 27 14:52:04 2013 : Info: Found Auth-Type = EAP
Sun Oct 27 14:52:04 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:04 2013 : Info: +- entering group authenticate {...}
Sun Oct 27 14:52:04 2013 : Info: [eap] EAP Identity
Sun Oct 27 14:52:04 2013 : Info: [eap] processing type tls
Sun Oct 27 14:52:04 2013 : Info: [tls] Initiate
Sun Oct 27 14:52:04 2013 : Info: [tls] Start returned 1
Sun Oct 27 14:52:04 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 0 to 10.0.32.130 port 1238
Motorola-Canopy-DLBL = 307200
Motorola-Canopy-DLBR = 3072
Motorola-Canopy-ULBL = 102400
Motorola-Canopy-ULBR = 1024
Motorola-Canopy-VLIGVID = 25
Motorola-Canopy-VLMGVID = 24
EAP-Message = 0x010200061520
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x063cc73b063ed219e2c4f691fc23b343
Sun Oct 27 14:52:04 2013 : Info: Finished request 360.
Sun Oct 27 14:52:04 2013 : Debug: Going to the next request
Sun Oct 27 14:52:04 2013 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.32.130 port 1238, id=0,
length=169
Sun Oct 27 14:52:04 2013 : Info: Cleaning up request 360 ID 0 with
timestamp +2903
Sun Oct 27 14:52:04 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Sun Oct 27 14:52:04 2013 : Debug: WARNING: !! EAP session for state
0x063cc73b063ed219 did not finish!
Sun Oct 27 14:52:04 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Sun Oct 27 14:52:04 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
User-Name = "0a-00-3e-47-df-7d"
State = 0x063cc73b063ed219e2c4f691fc23b343
NAS-IP-Address = 10.0.32.130
NAS-Port = 5
NAS-Port-Type = Wireless-Other
Framed-MTU = 1020
EAP-Message =
0x0202004415800000003a1603010035010000310301433a5aab0f63d6f562ea45cf1d668b7ae8fe8e46c58c62c96b10d7190787d12b00000a0035002f00040005000a0100
Message-Authenticator = 0x5b1bb664095dcdeefcec42693f0c9a2a
Sun Oct 27 14:52:04 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:04 2013 : Info: +- entering group authorize {...}
Sun Oct 27 14:52:04 2013 : Info: ++[preprocess] returns ok
Sun Oct 27 14:52:04 2013 : Info: ++[chap] returns noop
Sun Oct 27 14:52:04 2013 : Info: ++[mschap] returns noop
Sun Oct 27 14:52:04 2013 : Info: [suffix] No '@' in User-Name =
"0a-00-3e-47-df-7d", looking up realm NULL
Sun Oct 27 14:52:04 2013 : Info: [suffix] No such realm "NULL"
Sun Oct 27 14:52:04 2013 : Info: ++[suffix] returns noop
Sun Oct 27 14:52:04 2013 : Info: [eap] EAP packet type response id 2 length
68
Sun Oct 27 14:52:04 2013 : Info: [eap] Continuing tunnel setup.
Sun Oct 27 14:52:04 2013 : Info: ++[eap] returns ok
Sun Oct 27 14:52:04 2013 : Info: Found Auth-Type = EAP
Sun Oct 27 14:52:04 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:04 2013 : Info: +- entering group authenticate {...}
Sun Oct 27 14:52:04 2013 : Info: [eap] Request found, released from the list
Sun Oct 27 14:52:04 2013 : Info: [eap] EAP/ttls
Sun Oct 27 14:52:04 2013 : Info: [eap] processing type ttls
Sun Oct 27 14:52:04 2013 : Info: [ttls] Authenticate
Sun Oct 27 14:52:04 2013 : Info: [ttls] processing EAP-TLS
Sun Oct 27 14:52:04 2013 : Debug: TLS Length 58
Sun Oct 27 14:52:04 2013 : Info: [ttls] Length Included
Sun Oct 27 14:52:04 2013 : Info: [ttls] eaptls_verify returned 11
Sun Oct 27 14:52:04 2013 : Info: [ttls] (other): before/accept
initialization
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: before/accept
initialization
Sun Oct 27 14:52:04 2013 : Info: [ttls] <<< TLS 1.0 Handshake [length
0035], ClientHello
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: SSLv3 read client
hello A
Sun Oct 27 14:52:04 2013 : Info: [ttls] >>> TLS 1.0 Handshake [length
002a], ServerHello
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: SSLv3 write server
hello A
Sun Oct 27 14:52:04 2013 : Info: [ttls] >>> TLS 1.0 Handshake [length
0306], Certificate
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: SSLv3 write
certificate A
Sun Oct 27 14:52:04 2013 : Info: [ttls] >>> TLS 1.0 Handshake [length
0004], ServerHelloDone
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: SSLv3 write server
done A
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: SSLv3 flush data
Sun Oct 27 14:52:04 2013 : Info: [ttls] TLS_accept: Need to read more
data: SSLv3 read client certificate A
Sun Oct 27 14:52:04 2013 : Debug: In SSL Handshake Phase
Sun Oct 27 14:52:04 2013 : Debug: In SSL Accept mode
Sun Oct 27 14:52:04 2013 : Info: [ttls] eaptls_process returned 13
Sun Oct 27 14:52:04 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 0 to 10.0.32.130 port 1238
EAP-Message =
0x0103034d158000000343160301002a020000260301526d6ee4f06ffa59524f6851095ab3fa4a053e52864491d5bc3a2bd2c82145d90000350016030103060b0003020002ff0002fc308202f830820261a003020102020101300d06092a864886f70d01010505003076310b30090603550406130255533111300f06035504081308496c6c696e6f697331173015060355040a130e4d6f746f726f6c612c20496e632e31223020060355040b131943616e6f707920576972656c6573732042726f616462616e64311730150603550403130e504d503332302044656d6f204341301e170d3039303730313036303130305a170d3439313233313233353935
EAP-Message =
0x395a308194310b30090603550406130255533111300f06035504081308496c6c696e6f6973311330110603550407130a53636861756d6275726731173015060355040a130e4d6f746f726f6c612c20496e632e31223020060355040b131943616e6f707920576972656c6573732042726f616462616e643120301e06035504031317504d503332302044656d6f20436572746966696361746530819f300d06092a864886f70d010101050003818d0030818902818100d20d60d5fa96d95112c0014312be69bbb09e8e0edb620e9398d9a9307073b2645dd5e1bd04ef94e4f10d5a72f63ffbb80c1ff3f2317a9550f621fbf56cae967051621bd0d4c7b2
EAP-Message =
0xb19ede40b2789abc45ed8d2944b0e0f0716272a6907b161e1426eacbf81fc447089a4127fd41a6f643cd95430bb7fd8005186fc1f6326677bf0203010001a377307530090603551d1304023000302806096086480186f842010d041b1619496e7365637572652044656d6f204365727469666963617465301d0603551d0e04160414741add6ffb71869c6f26c3d0a166b4c356049782301f0603551d23041830168014da4e7dcfb2244534086ba58933bd9edc7cf84876300d06092a864886f70d010105050003818100063704750634864335246876d31a85bec4e76aa63f7500a205a48e8b12d4b67d5372df8ed53efb3770e6884153ac30ddb35a7d
EAP-Message =
0x08679632268e6f08bb6cd66fef32c7551487843db971719e3a4caac5f359480196ddab73754c37dbeef0fd650739d9643681ed68b53210ef2b4f993eea23bfb6f1df829b51c4b0c4748455b24b16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x063cc73b073fd219e2c4f691fc23b343
Sun Oct 27 14:52:04 2013 : Info: Finished request 361.
Sun Oct 27 14:52:04 2013 : Debug: Going to the next request
Sun Oct 27 14:52:04 2013 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.32.130 port 1238, id=0,
length=309
Sun Oct 27 14:52:05 2013 : Info: Cleaning up request 361 ID 0 with
timestamp +2903
Sun Oct 27 14:52:05 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Sun Oct 27 14:52:05 2013 : Debug: WARNING: !! EAP session for state
0x063cc73b073fd219 did not finish!
Sun Oct 27 14:52:05 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Sun Oct 27 14:52:05 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
User-Name = "0a-00-3e-47-df-7d"
State = 0x063cc73b073fd219e2c4f691fc23b343
NAS-IP-Address = 10.0.32.130
NAS-Port = 5
NAS-Port-Type = Wireless-Other
Framed-MTU = 1020
EAP-Message =
0x020300d01580000000c61603010086100000820080ad98aaefbe12f373184aa9a968af10d2a125bec2c1d000c4edd62e8f7bdc2206294225fcce556c11da32e93249915e92134f8a075ebe0e80df8ef271ce709e0f68bec288dc4f82b74e29300f6ddb361b3960ae62da0087b285340480a3891bb006c38474eaed04578ba5a71bde74be0a08591efec1e2422c63937fb5d89851b514030100010116030100305eec78050ed7e8eb7f2aa3deb61014d4aacb0188b2850c75e13b4813c99463853b0d9cdc05119105acb6aff51731c7f7
Message-Authenticator = 0xdb832a94b37bc00e356a00f2347fddce
Sun Oct 27 14:52:05 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:05 2013 : Info: +- entering group authorize {...}
Sun Oct 27 14:52:05 2013 : Info: ++[preprocess] returns ok
Sun Oct 27 14:52:05 2013 : Info: ++[chap] returns noop
Sun Oct 27 14:52:05 2013 : Info: ++[mschap] returns noop
Sun Oct 27 14:52:05 2013 : Info: [suffix] No '@' in User-Name =
"0a-00-3e-47-df-7d", looking up realm NULL
Sun Oct 27 14:52:05 2013 : Info: [suffix] No such realm "NULL"
Sun Oct 27 14:52:05 2013 : Info: ++[suffix] returns noop
Sun Oct 27 14:52:05 2013 : Info: [eap] EAP packet type response id 3 length
208
Sun Oct 27 14:52:05 2013 : Info: [eap] Continuing tunnel setup.
Sun Oct 27 14:52:05 2013 : Info: ++[eap] returns ok
Sun Oct 27 14:52:05 2013 : Info: Found Auth-Type = EAP
Sun Oct 27 14:52:05 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:05 2013 : Info: +- entering group authenticate {...}
Sun Oct 27 14:52:05 2013 : Info: [eap] Request found, released from the list
Sun Oct 27 14:52:05 2013 : Info: [eap] EAP/ttls
Sun Oct 27 14:52:05 2013 : Info: [eap] processing type ttls
Sun Oct 27 14:52:05 2013 : Info: [ttls] Authenticate
Sun Oct 27 14:52:05 2013 : Info: [ttls] processing EAP-TLS
Sun Oct 27 14:52:05 2013 : Debug: TLS Length 198
Sun Oct 27 14:52:05 2013 : Info: [ttls] Length Included
Sun Oct 27 14:52:05 2013 : Info: [ttls] eaptls_verify returned 11
Sun Oct 27 14:52:05 2013 : Info: [ttls] <<< TLS 1.0 Handshake [length
0086], ClientKeyExchange
Sun Oct 27 14:52:05 2013 : Info: [ttls] TLS_accept: SSLv3 read client
key exchange A
Sun Oct 27 14:52:05 2013 : Info: [ttls] <<< TLS 1.0 ChangeCipherSpec
[length 0001]
Sun Oct 27 14:52:05 2013 : Info: [ttls] <<< TLS 1.0 Handshake [length
0010], Finished
Sun Oct 27 14:52:05 2013 : Info: [ttls] TLS_accept: SSLv3 read finished
A
Sun Oct 27 14:52:05 2013 : Info: [ttls] >>> TLS 1.0 ChangeCipherSpec
[length 0001]
Sun Oct 27 14:52:05 2013 : Info: [ttls] TLS_accept: SSLv3 write change
cipher spec A
Sun Oct 27 14:52:05 2013 : Info: [ttls] >>> TLS 1.0 Handshake [length
0010], Finished
Sun Oct 27 14:52:05 2013 : Info: [ttls] TLS_accept: SSLv3 write
finished A
Sun Oct 27 14:52:05 2013 : Info: [ttls] TLS_accept: SSLv3 flush data
Sun Oct 27 14:52:05 2013 : Info: [ttls] (other): SSL negotiation
finished successfully
Sun Oct 27 14:52:05 2013 : Debug: SSL Connection Established
Sun Oct 27 14:52:05 2013 : Info: [ttls] eaptls_process returned 13
Sun Oct 27 14:52:05 2013 : Info: ++[eap] returns handled
Sending Access-Challenge of id 0 to 10.0.32.130 port 1238
EAP-Message =
0x0104004515800000003b140301000101160301003045237ed030a4aa4f5ba0fcb2834f9cf8246779cafbf5f4ceba6bac9dd1f220b43b3056e4f66faadd194c4aab37c339a0
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x063cc73b0438d219e2c4f691fc23b343
Sun Oct 27 14:52:05 2013 : Info: Finished request 362.
Sun Oct 27 14:52:05 2013 : Debug: Going to the next request
Sun Oct 27 14:52:05 2013 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 10.0.32.130 port 1238, id=0,
length=260
Sun Oct 27 14:52:05 2013 : Info: Cleaning up request 362 ID 0 with
timestamp +2904
Sun Oct 27 14:52:05 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Sun Oct 27 14:52:05 2013 : Debug: WARNING: !! EAP session for state
0x063cc73b0438d219 did not finish!
Sun Oct 27 14:52:05 2013 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Sun Oct 27 14:52:05 2013 : Debug: WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
User-Name = "0a-00-3e-47-df-7d"
State = 0x063cc73b0438d219e2c4f691fc23b343
NAS-IP-Address = 10.0.32.130
NAS-Port = 5
NAS-Port-Type = Wireless-Other
Framed-MTU = 1020
EAP-Message =
0x0204009f1580000000951703010090e9a9dc561abde7cb65670c328b449194399b8f109db06f84abb5adc9524e2c7f195e36c9a6d205ea710ff787c7f586ccaddcc21ef836d3c48458b577d09c6b47d64ba6ad5d2ea6650bb97b11ddaf40e4ac164d170350ab04ad83195d6ba373890e169b0d172d088187359bbfe27e6ed6b8c4c04f5878f1f367e767527c4d7485be3e167b2fb2ec9758a6f3de4996e719
Message-Authenticator = 0xb5fa8df73a564a48fbb1a3fbaa9f0961
Sun Oct 27 14:52:05 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:05 2013 : Info: +- entering group authorize {...}
Sun Oct 27 14:52:05 2013 : Info: ++[preprocess] returns ok
Sun Oct 27 14:52:05 2013 : Info: ++[chap] returns noop
Sun Oct 27 14:52:05 2013 : Info: ++[mschap] returns noop
Sun Oct 27 14:52:05 2013 : Info: [suffix] No '@' in User-Name =
"0a-00-3e-47-df-7d", looking up realm NULL
Sun Oct 27 14:52:05 2013 : Info: [suffix] No such realm "NULL"
Sun Oct 27 14:52:05 2013 : Info: ++[suffix] returns noop
Sun Oct 27 14:52:05 2013 : Info: [eap] EAP packet type response id 4 length
159
Sun Oct 27 14:52:05 2013 : Info: [eap] Continuing tunnel setup.
Sun Oct 27 14:52:05 2013 : Info: ++[eap] returns ok
Sun Oct 27 14:52:05 2013 : Info: Found Auth-Type = EAP
Sun Oct 27 14:52:05 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:05 2013 : Info: +- entering group authenticate {...}
Sun Oct 27 14:52:05 2013 : Info: [eap] Request found, released from the list
Sun Oct 27 14:52:05 2013 : Info: [eap] EAP/ttls
Sun Oct 27 14:52:05 2013 : Info: [eap] processing type ttls
Sun Oct 27 14:52:05 2013 : Info: [ttls] Authenticate
Sun Oct 27 14:52:05 2013 : Info: [ttls] processing EAP-TLS
Sun Oct 27 14:52:05 2013 : Debug: TLS Length 149
Sun Oct 27 14:52:05 2013 : Info: [ttls] Length Included
Sun Oct 27 14:52:05 2013 : Info: [ttls] eaptls_verify returned 11
Sun Oct 27 14:52:05 2013 : Info: [ttls] eaptls_process returned 7
Sun Oct 27 14:52:05 2013 : Info: [ttls] Session established. Proceeding to
decode tunneled attributes.
Sun Oct 27 14:52:05 2013 : Info: [ttls] Got tunneled request
User-Name = "0a-00-3e-47-df-7d"
MS-CHAP-Challenge = 0x4ff587d0fbf151cdb97a96a81978e059
MS-CHAP2-Response =
0x6500dfcbfdcac94bc92950a342b1c0a3b82f0000000000000000ddb95eabbbe9df37deba2a3ba6592033b449118e83f1c717
FreeRADIUS-Proxied-To = 127.0.0.1
Sun Oct 27 14:52:05 2013 : Info: [ttls] Sending tunneled request
User-Name = "0a-00-3e-47-df-7d"
MS-CHAP-Challenge = 0x4ff587d0fbf151cdb97a96a81978e059
MS-CHAP2-Response =
0x6500dfcbfdcac94bc92950a342b1c0a3b82f0000000000000000ddb95eabbbe9df37deba2a3ba6592033b449118e83f1c717
FreeRADIUS-Proxied-To = 127.0.0.1
NAS-IP-Address = 10.0.32.130
NAS-Port = 5
NAS-Port-Type = Wireless-Other
Framed-MTU = 1020
server inner-tunnel {
Sun Oct 27 14:52:05 2013 : Info: # Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
Sun Oct 27 14:52:05 2013 : Info: +- entering group authorize {...}
Sun Oct 27 14:52:05 2013 : Info: ++[chap] returns noop
Sun Oct 27 14:52:05 2013 : Info: [mschap] Found MS-CHAP attributes.
Setting 'Auth-Type = mschap'
Sun Oct 27 14:52:05 2013 : Info: ++[mschap] returns ok
Sun Oct 27 14:52:05 2013 : Info: ++[unix] returns notfound
Sun Oct 27 14:52:05 2013 : Info: [suffix] No '@' in User-Name =
"0a-00-3e-47-df-7d", looking up realm NULL
Sun Oct 27 14:52:05 2013 : Info: [suffix] No such realm "NULL"
Sun Oct 27 14:52:05 2013 : Info: ++[suffix] returns noop
Sun Oct 27 14:52:05 2013 : Info: ++[control] returns noop
Sun Oct 27 14:52:05 2013 : Info: [eap] No EAP-Message, not doing EAP
Sun Oct 27 14:52:05 2013 : Info: ++[eap] returns noop
Sun Oct 27 14:52:05 2013 : Info: ++[files] returns noop
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: %{User-Name} ->
0a-00-3e-47-df-7d
Sun Oct 27 14:52:05 2013 : Info: [sql] sql_set_user escaped user -->
'0a-00-3e-47-df-7d'
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: SELECT id, UserName,
Attribute, Value, Op FROM radcheck WHERE Username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value,
Op FROM radcheck WHERE Username = '0a-00-3e-47-df-7d' ORDER BY id
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
2 , fields = 5
Sun Oct 27 14:52:05 2013 : Info: [sql] User found in radcheck table
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: SELECT id, UserName,
Attribute, Value, Op FROM radreply WHERE Username =
'%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value,
Op FROM radreply WHERE Username = '0a-00-3e-47-df-7d' ORDER BY id
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
1 , fields = 5
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: SELECT GroupName FROM
radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT
GroupName FROM radusergroup WHERE UserName='0a-00-3e-47-df-7d' ORDER BY
priority
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
1 , fields = 1
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: SELECT id, GroupName,
Attribute, Value, op FROM radgroupcheck WHERE GroupName =
'%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value,
op FROM radgroupcheck WHERE GroupName = '450-3x1' ORDER BY id
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
0 , fields = 5
Sun Oct 27 14:52:05 2013 : Info: [sql] User found in group 450-3x1
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: SELECT id, GroupName,
Attribute, Value, op FROM radgroupreply WHERE GroupName =
'%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value,
op FROM radgroupreply WHERE GroupName = '450-3x1' ORDER BY id
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_TUPLES_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
6 , fields = 5
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql (sql): Released sql socket id: 0
Sun Oct 27 14:52:05 2013 : Info: ++[sql] returns ok
Sun Oct 27 14:52:05 2013 : Info: ++[expiration] returns noop
Sun Oct 27 14:52:05 2013 : Info: ++[logintime] returns noop
Sun Oct 27 14:52:05 2013 : Info: [pap] WARNING: Auth-Type already set. Not
setting to PAP
Sun Oct 27 14:52:05 2013 : Info: ++[pap] returns noop
Sun Oct 27 14:52:05 2013 : Info: WARNING: You set Proxy-To-Realm = LOCAL,
but the realm does not exist! Cancelling invalid proxy request.
Sun Oct 27 14:52:05 2013 : Info: Found Auth-Type = MSCHAP
Sun Oct 27 14:52:05 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
Sun Oct 27 14:52:05 2013 : Info: +- entering group MS-CHAP {...}
Sun Oct 27 14:52:05 2013 : Info: [mschap] Creating challenge hash with
username: 0a-00-3e-47-df-7d
Sun Oct 27 14:52:05 2013 : Info: [mschap] Told to do MS-CHAPv2 for
0a-00-3e-47-df-7d with NT-Password
Sun Oct 27 14:52:05 2013 : Info: [mschap] FAILED: MS-CHAP2-Response is
incorrect
Sun Oct 27 14:52:05 2013 : Info: ++[mschap] returns reject
Sun Oct 27 14:52:05 2013 : Info: Failed to authenticate the user.
} # server inner-tunnel
Sun Oct 27 14:52:05 2013 : Info: [ttls] Got tunneled reply code 3
Cleartext-Password := "0a-00-3e-47-df-7d"
Motorola-Canopy-DLBL = 307200
Motorola-Canopy-DLBR = 3072
Motorola-Canopy-ULBL = 102400
Motorola-Canopy-ULBR = 1024
Motorola-Canopy-VLIGVID = 25
Motorola-Canopy-VLMGVID = 24
MS-CHAP-Error = "eE=691 R=1"
Sun Oct 27 14:52:05 2013 : Info: [ttls] Got tunneled Access-Reject
Sun Oct 27 14:52:05 2013 : Info: [eap] Handler failed in EAP/ttls
Sun Oct 27 14:52:05 2013 : Info: [eap] Failed in EAP select
Sun Oct 27 14:52:05 2013 : Info: ++[eap] returns invalid
Sun Oct 27 14:52:05 2013 : Info: Failed to authenticate the user.
Sun Oct 27 14:52:05 2013 : Info: Using Post-Auth-Type Reject
Sun Oct 27 14:52:05 2013 : Info: # Executing group from file
/usr/local/etc/raddb/sites-enabled/default
Sun Oct 27 14:52:05 2013 : Info: +- entering group REJECT {...}
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: %{User-Name} ->
0a-00-3e-47-df-7d
Sun Oct 27 14:52:05 2013 : Info: [sql] sql_set_user escaped user -->
'0a-00-3e-47-df-7d'
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: %{User-Password} ->
Sun Oct 27 14:52:05 2013 : Info: [sql] ... expanding second conditional
Sun Oct 27 14:52:05 2013 : Info: [sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES ('%{User-Name}',
'%{%{User-Password}:-Chap-Password}', '%{reply:Packet-Type}', NOW()) ->
INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
('0a-00-3e-47-df-7d', 'Chap-Password', 'Access-Reject', NOW())
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql (sql) in sql_postauth: query is
INSERT INTO radpostauth (username, pass, reply, authdate) VALUES
('0a-00-3e-47-df-7d', 'Chap-Password', 'Access-Reject', NOW())
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql (sql): Reserving sql socket id: 4
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: Status:
PGRES_COMMAND_OK
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql_postgresql: query affected rows =
1
Sun Oct 27 14:52:05 2013 : Debug: rlm_sql (sql): Released sql socket id: 4
Sun Oct 27 14:52:05 2013 : Info: ++[sql] returns ok
Sun Oct 27 14:52:05 2013 : Info: Delaying reject of request 363 for 3
seconds
Sun Oct 27 14:52:05 2013 : Debug: Going to the next request
Sun Oct 27 14:52:05 2013 : Debug: Waking up in 0.9 seconds.
Sun Oct 27 14:52:06 2013 : Debug: Waking up in 1.9 seconds.
rad_recv: Access-Request packet from host 10.0.32.130 port 1238, id=0,
length=260
Sun Oct 27 14:52:07 2013 : Info: Waiting to send Access-Reject to client
test pmp450 port 1238 - ID: 0
Sun Oct 27 14:52:07 2013 : Debug: Waking up in 0.9 seconds.
Sun Oct 27 14:52:08 2013 : Info: Sending delayed reject for request 363
Sending Access-Reject of id 0 to 10.0.32.130 port 1238
EAP-Message = 0x04040004
Message-Authenticator = 0x00000000000000000000000000000000
Sun Oct 27 14:52:08 2013 : Debug: Waking up in 4.9 seconds.
--
Richard Carroll
richcarroll(a)gmail.com
2
1
Dear Matthew & Alan DeKok.
Thank you ver very very much for your assistanc throughout. This worked
!!!!!
I am able to do it with help of your both. You guys are great. Honestly, it
was not possible for me without you help.
I will write the solution as one document to help others. Solution can
manage & control up to 2TB per voucher / username.
Once again, my special thanks to Alan D. & Matthew
Regards
RM--
On Thursday, October 24, 2013, Matthew Newton wrote:
> On Thu, Oct 24, 2013 at 11:35:30AM +0000, Russell Mike wrote:
> > > I can't make it any clearer than that.
> >
> > thank you very very much, it is great explanation. Your response made
> > many things very clearer. But did not work for me still. Perhaps my
> formula
> > is wrong. Kindly help one more step further. Honestly, i have tried very
> > hard, working on it for some weeks now without results. i.e. i want to
> set
> > 6GB limit.
> >
> > total bytes in 6GB = 805306368
> > total bytes in 4GB = 536870912
>
> Not sure where you got these from.
>
> 6GB = 6 * 1024 * 1024 * 1024 = 4 * 1024^3 = 6442450944
>
> 6GB in binary is
>
> 0000000000000000000000000000000110000000000000000000000000000000
>
> 3210987654321098765432109876543210987654321098765432109876543210
> 6 5 4 3 2 1 0
>
> So the lower 32 bits are:
>
> 10000000000000000000000000000000
>
> and the upper 32 bits are:
>
> 00000000000000000000000000000001
>
> The lower bits can be found by bitwise AND with (2^32)-1 (i.e. 32
> ones):
>
> $ python
> >>> 6*(1024**3) & ((2**32)-1)
> 2147483648
>
> The upper 32 bits by shifting right by 32 bits:
>
> >>> 6*(1024**3) >> 32
> 1
>
>
> So you want
>
> > i put 536870912 in ChilliSpot-Max-Input-Octets
>
> this should be 2147483648;
>
> > i put 268435456 in ChilliSpot-Max-Input-Gigawords
>
> This should be 1.
>
> To confirm the numbers are correct, left-shift the gigawords by 32
> bits, then add the octets. Should come back to the original value:
>
> >>> (1<<32) + 2147483648
> 6442450944
> >>> 6*(1024**3)
> 6442450944
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4(a)le.ac.uk <javascript:;>>
>
> Systems Specialist, Infrastructure Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp(a)le.ac.uk <javascript:;>>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
1
0
Hello everyone.
I'm trying to use FreeRADIUS 2.2.0 on Fedora 19 to authenticate Wi-Fi
clients (Windows 7) against a MS Active Directory domain (Windows Server
2008 R2). The access point is a MikroTik RouterOS v5.11. I've already
joined the FreeRADIUS machine into my AD domain and both 'wbinfo -a' and
'ntlm_auth' can successfully authenticate domain users. Then, I've
followed the instructions on the Wiki for FreeRADIUS 2.x and set up the
server accordingly. However, 'radiusd -X' tells that the Windows clients
didn't reply the request and there's a url to the Wiki, explaining why
it couldn't finish. The root and the client (self-signed) certificates
are already installed on a test client, and I think I've created them
following the recommended way (as told in README file on raddb/certs).
I've checked the comments on raddb/eap.conf, but I'm not sure what to do
next.
Is there some way to make the Windows clients trust the request?
The 'radiusd -X' output follows:
FreeRADIUS Version 2.2.0, for host i686-redhat-linux-gnu, built on Feb
14 2013 at 18:27:55
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/cache
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/dhcp_sqlippool
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/krb5
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/radrelay
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/inner-tunnel
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = "radiusd"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/radius"
run_dir = "/var/run/radiusd"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
realm MYDOMAIN {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
client 192.168.10.92 {
require_message_authenticator = no
secret = "testing123"
shortname = "192.168.10.92"
}
client 192.168.10.94 {
require_message_authenticator = no
secret = "testing123"
shortname = "192.168.10.94"
}
client 192.168.10.95 {
require_message_authenticator = no
secret = "testing123"
shortname = "192.168.10.95"
}
radiusd: #### Instantiating modules ####
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating module "exec" from file /etc/raddb/modules/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating module "expr" from file /etc/raddb/modules/expr
Module: Linked to module rlm_expiration
Module: Instantiating module "expiration" from file
/etc/raddb/modules/expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating module "logintime" from file
/etc/raddb/modules/logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/raddb/radiusd.conf
modules {
Module: Creating Auth-Type = ntlm_auth
Module: Creating Auth-Type = digest
Module: Creating Post-Auth-Type = REJECT
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating module "pap" from file /etc/raddb/modules/pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating module "chap" from file /etc/raddb/modules/chap
Module: Linked to module rlm_mschap
Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
allow_retry = yes
}
Module: Instantiating module "ntlm_auth" from file
/etc/raddb/modules/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/usr/bin/ntlm_auth --request-nt-key --domain=MYDOMAIN
--username=%{mschap:User-Name} --password=%{User-Password}"
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file /etc/raddb/modules/digest
Module: Linked to module rlm_unix
Module: Instantiating module "unix" from file /etc/raddb/modules/unix
unix {
radwtmp = "/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /etc/raddb/eap.conf
eap {
default_eap_type = "peap"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
CA_path = "/etc/raddb/certs"
pem_file_type = yes
private_key_file = "/etc/raddb/certs/server.pem"
certificate_file = "/etc/raddb/certs/server.pem"
CA_file = "/etc/raddb/certs/ca.pem"
private_key_password = "whatever"
dh_file = "/etc/raddb/certs/dh"
random_file = "/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
ocsp {
enable = no
override_cert_url = yes
url = "http://127.0.0.1/ocsp/"
use_nonce = yes
timeout = 0
softfail = no
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/etc/raddb/huntgroups"
hints = "/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
reading pairlist file /etc/raddb/huntgroups
reading pairlist file /etc/raddb/hints
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file /etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Instantiating module "ntdomain" from file /etc/raddb/modules/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file /etc/raddb/modules/files
files {
usersfile = "/etc/raddb/users"
acctusersfile = "/etc/raddb/acct_users"
preproxy_usersfile = "/etc/raddb/preproxy_users"
compat = "no"
}
reading pairlist file /etc/raddb/users
reading pairlist file /etc/raddb/acct_users
reading pairlist file /etc/raddb/preproxy_users
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file
/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier,
NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file /etc/raddb/modules/detail
detail {
detailfile =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from
file /etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile = "/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/etc/raddb/modules/radutmp
radutmp {
filename = "/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject" from file
/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
reading pairlist file /etc/raddb/attrs.access_reject
} # modules
} # server
server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 44612
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
rad_recv: Access-Request packet from host 192.168.10.92 port 36028,
id=76, length=262
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL"
Acct-Session-Id = "82a0000d"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0D"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message =
0x0201001e01686f73742f434f5449414e2e52494f534f46542e4c4f43414c
Message-Authenticator = 0x31f444f7ce3c94af50d7c7b4a06f5722
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 1 length 30
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 76 to 192.168.10.92 port 36028
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb43ea5ebb43cbce8a490d8f312508be4
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 32862,
id=77, length=355
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL"
State = 0xb43ea5ebb43cbce8a490d8f312508be4
Acct-Session-Id = "82a0000d"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0D"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message =
0x0202006919800000005f160301005a0100005603015260450c82c8023e5b9a1dfad11d801781ee3b6bf74b2b4f1cd0be7f49ca8e11000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
Message-Authenticator = 0x568404fff20064c7e21b1a1d317ef843
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 2 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 77 to 192.168.10.92 port 32862
EAP-Message =
0x0103040019c0000008a216030100310200002d03015260450ee0bea0b9257af2e18386eb9dc7c3e596222be5c5ebeb5370ddd74d8700002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message =
0x74686f72697479301e170d3133313031363134323630335a170d3133313231353134323630335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dfd4dbdf0a174a6c3f82037cdd6074e625292d93f3739a3e51f0c61dab2ada7d047e5710360d4f16f7bd757cdd00d0b3934f27bbce66bf
EAP-Message =
0xc4900fb83181037c138a7714ea79097b27bce6d19cb2786feb0eb892474b973ecfe7564f9f6952b4c33b5c60349000c27111746c5037f0b6f59395ae429a8fcfd1631b1d62d0d8e1bf50e65bf2f0140576954d284b742eaaba994fb602b78b3e972ced578c9800a88a357ebd4888e57d45bd504b3ce0d7565b11e3a1f654c8150626cd369d3282359ba545fb2ed6094b919f3fd46e2d21de9975bb830f845961a54c7f027016c83e3036e5d4989e544cf294590e91c4a3bff91915f485d5aeae062ae57d53314c6e890203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101009905
EAP-Message =
0x17bc693fcc992e1f7e096f2a92dff11892528c21f255b81752ee0c2a7d80461841e598a42ca069bbc4e197ade15cde2c74c7336bb401c7d7a6a2fc2665ece8b508de62989cd220d166fe82cef9b168b864ce820240df1feea527d81a0c2a630d6c27a74084c2de0c19619045d97d9b46a86b06ff01382853294cf41ab38a3782000eb240ee0c767f1e95254f7d6eda7f1eb660c6a8a28193996b6fcc427c8b625729335207b16f53686ff29831a0c4cf193954a07f55b6f39fae2c9c2856bab77054d40d3d8e1e10b58c87e359d68b5a136c228d47386b94e24f904b770bae180b52c43e44fee7d59f23fd62b3db90b4080e2d9d745a9bfc3072392906
EAP-Message = 0x260004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb43ea5ebb53dbce8a490d8f312508be4
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 50212,
id=78, length=256
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL"
State = 0xb43ea5ebb53dbce8a490d8f312508be4
Acct-Session-Id = "82a0000d"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0D"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020300061900
Message-Authenticator = 0xcf9ce2da7e06592890d17f3dbfe2bd0b
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 78 to 192.168.10.92 port 50212
EAP-Message =
0x010403fc1940a003020102020900f00855f5890659fb300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133313031363138353833365a170d3133313231353138353833365a308193310b3009060355040613024652310f300d0603550408130652616469757331
EAP-Message =
0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c96110649b28ac82b044de690142d712aee8354822cb050e32d669792d1c3283fb68197cf8d374300b5ceada09f640273241be4656338666a1cdcc234a82e63969ef5c082fec72b1958642177b688dce612dc2219186773d302d1b12d7f8b19f1535d3a70cf7c60d
EAP-Message =
0x39afe1b15c614b73ca066307bbae35f641a323052846ce1f29e0e3b69cfcea3a1c02e652bbe062b581d01237d5138533e9bb573146db5c226bd43af9ef67afbc89a027d4e1da1eb2cda2317bf8fb29333c4060862a73e112b6013cf874b8ce8aa20fbb0fcd109a5d369b7435bb1caafae7802eff878b08c5c760d0d9466ad1736fc1a43a63f94f20a0b8e30a46fdd8d80f0e9c6216b5c6210203010001a381fb3081f8301d0603551d0e041604141052c1e60010fdedf84e0d39878e265608eb034e3081c80603551d230481c03081bd80141052c1e60010fdedf84e0d39878e265608eb034ea18199a48196308193310b300906035504061302465231
EAP-Message =
0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f00855f5890659fb300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b1b00cc10559119faf542edd0d6ce5d2db5338dc81e55fe41c76348f6f84562a13f4278dc881a1ca024e57f72e02c8c0341db67eb4c18f898695abe0f4dcc6a5100036ef2ad41612c15ccb
EAP-Message = 0xb3388ab4c8799870
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb43ea5ebb63abce8a490d8f312508be4
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 45199,
id=79, length=256
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL"
State = 0xb43ea5ebb63abce8a490d8f312508be4
Acct-Session-Id = "82a0000d"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0D"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020400061900
Message-Authenticator = 0x697378bb0e1376f1314eb49334139908
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 79 to 192.168.10.92 port 45199
EAP-Message =
0x010500bc19000b99343f8be5bbbac504b964b7278214ef92146e2b531d6bb346fd4d3f3db01f2bbaf06338eebc4f3f95dd05afbde1bfea561612bcc0f38cf033161a29d8d3d153be349292571cda0fb68aaeb1f8d7b8a00433092281110715db379edfdcb52afb132d4eaad24bd8a76d8ecf4377dd24cfc4484d64966f87c601d5644f65791eb42b66ab4419db5c27e3649e81d4993dddf34b71b6339b6730dfd68cbad45e6f9daeb2704ae46a9331ca454e4016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb43ea5ebb73bbce8a490d8f312508be4
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 59033,
id=80, length=256
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL"
State = 0xb43ea5ebb73bbce8a490d8f312508be4
Acct-Session-Id = "82a0000d"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0D"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020500061900
Message-Authenticator = 0xe471ede46d42d0a95cb4d67975c7d7a3
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] No '\' in User-Name = "host/WORKSTATION.MYDOMAIN.LOCAL",
looking up realm NULL
[ntdomain] No such realm "NULL"
++[ntdomain] returns noop
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 80 to 192.168.10.92 port 59033
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xb43ea5ebb038bce8a490d8f312508be4
Finished request 4.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 35895,
id=81, length=256
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "MYDOMAIN\\domainuser"
Acct-Session-Id = "82a0000e"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0E"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x0201001b0152494f534f46545c6761627269656c2e636f7469616e
Message-Authenticator = 0x3dee545b5b2331b44c04e4b80a7fc4f3
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "MYDOMAIN\domainuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] Looking up realm "MYDOMAIN" for User-Name = "MYDOMAIN\domainuser"
[ntdomain] Found realm "MYDOMAIN"
[ntdomain] Adding Stripped-User-Name = "domainuser"
[ntdomain] Adding Realm = "MYDOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 1 length 27
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 1
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 81 to 192.168.10.92 port 35895
EAP-Message = 0x010200061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac18ae1dac1ab77e24f513d206b33409
Finished request 5.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 54020,
id=82, length=352
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "MYDOMAIN\\domainuser"
State = 0xac18ae1dac1ab77e24f513d206b33409
Acct-Session-Id = "82a0000e"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0E"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message =
0x0202006919800000005f160301005a0100005603015260450c0c7365e7b420a507dea053bea8d97f928dbc9719c628bedb2a3062c4000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100
Message-Authenticator = 0xcc87280fc3a3ed09d352553e603427ce
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "MYDOMAIN\domainuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] Looking up realm "MYDOMAIN" for User-Name = "MYDOMAIN\domainuser"
[ntdomain] Found realm "MYDOMAIN"
[ntdomain] Adding Stripped-User-Name = "domainuser"
[ntdomain] Adding Realm = "MYDOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 2 length 105
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
TLS Length 95
[peap] Length Included
[peap] eaptls_verify returned 11
[peap] (other): before/accept initialization
[peap] TLS_accept: before/accept initialization
[peap] <<< TLS 1.0 Handshake [length 005a], ClientHello
[peap] TLS_accept: SSLv3 read client hello A
[peap] >>> TLS 1.0 Handshake [length 0031], ServerHello
[peap] TLS_accept: SSLv3 write server hello A
[peap] >>> TLS 1.0 Handshake [length 085e], Certificate
[peap] TLS_accept: SSLv3 write certificate A
[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone
[peap] TLS_accept: SSLv3 write server done A
[peap] TLS_accept: SSLv3 flush data
[peap] TLS_accept: Need to read more data: SSLv3 read client
certificate A
In SSL Handshake Phase
In SSL Accept mode
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 82 to 192.168.10.92 port 54020
EAP-Message =
0x0103040019c0000008a216030100310200002d03015260450f0d4e9065556cf917c4e98598c14754ed8e52f9eb9950b8d043cab2fe00002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message =
0x74686f72697479301e170d3133313031363134323630335a170d3133313231353134323630335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100dfd4dbdf0a174a6c3f82037cdd6074e625292d93f3739a3e51f0c61dab2ada7d047e5710360d4f16f7bd757cdd00d0b3934f27bbce66bf
EAP-Message =
0xc4900fb83181037c138a7714ea79097b27bce6d19cb2786feb0eb892474b973ecfe7564f9f6952b4c33b5c60349000c27111746c5037f0b6f59395ae429a8fcfd1631b1d62d0d8e1bf50e65bf2f0140576954d284b742eaaba994fb602b78b3e972ced578c9800a88a357ebd4888e57d45bd504b3ce0d7565b11e3a1f654c8150626cd369d3282359ba545fb2ed6094b919f3fd46e2d21de9975bb830f845961a54c7f027016c83e3036e5d4989e544cf294590e91c4a3bff91915f485d5aeae062ae57d53314c6e890203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101009905
EAP-Message =
0x17bc693fcc992e1f7e096f2a92dff11892528c21f255b81752ee0c2a7d80461841e598a42ca069bbc4e197ade15cde2c74c7336bb401c7d7a6a2fc2665ece8b508de62989cd220d166fe82cef9b168b864ce820240df1feea527d81a0c2a630d6c27a74084c2de0c19619045d97d9b46a86b06ff01382853294cf41ab38a3782000eb240ee0c767f1e95254f7d6eda7f1eb660c6a8a28193996b6fcc427c8b625729335207b16f53686ff29831a0c4cf193954a07f55b6f39fae2c9c2856bab77054d40d3d8e1e10b58c87e359d68b5a136c228d47386b94e24f904b770bae180b52c43e44fee7d59f23fd62b3db90b4080e2d9d745a9bfc3072392906
EAP-Message = 0x260004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac18ae1dad1bb77e24f513d206b33409
Finished request 6.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 54346,
id=83, length=253
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "MYDOMAIN\\domainuser"
State = 0xac18ae1dad1bb77e24f513d206b33409
Acct-Session-Id = "82a0000e"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0E"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020300061900
Message-Authenticator = 0x61a87acdb9c5c971007e9121502a8aff
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "MYDOMAIN\domainuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] Looking up realm "MYDOMAIN" for User-Name = "MYDOMAIN\domainuser"
[ntdomain] Found realm "MYDOMAIN"
[ntdomain] Adding Stripped-User-Name = "domainuser"
[ntdomain] Adding Realm = "MYDOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 3 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 83 to 192.168.10.92 port 54346
EAP-Message =
0x010403fc1940a003020102020900f00855f5890659fb300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3133313031363138353833365a170d3133313231353138353833365a308193310b3009060355040613024652310f300d0603550408130652616469757331
EAP-Message =
0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c96110649b28ac82b044de690142d712aee8354822cb050e32d669792d1c3283fb68197cf8d374300b5ceada09f640273241be4656338666a1cdcc234a82e63969ef5c082fec72b1958642177b688dce612dc2219186773d302d1b12d7f8b19f1535d3a70cf7c60d
EAP-Message =
0x39afe1b15c614b73ca066307bbae35f641a323052846ce1f29e0e3b69cfcea3a1c02e652bbe062b581d01237d5138533e9bb573146db5c226bd43af9ef67afbc89a027d4e1da1eb2cda2317bf8fb29333c4060862a73e112b6013cf874b8ce8aa20fbb0fcd109a5d369b7435bb1caafae7802eff878b08c5c760d0d9466ad1736fc1a43a63f94f20a0b8e30a46fdd8d80f0e9c6216b5c6210203010001a381fb3081f8301d0603551d0e041604141052c1e60010fdedf84e0d39878e265608eb034e3081c80603551d230481c03081bd80141052c1e60010fdedf84e0d39878e265608eb034ea18199a48196308193310b300906035504061302465231
EAP-Message =
0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f00855f5890659fb300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100b1b00cc10559119faf542edd0d6ce5d2db5338dc81e55fe41c76348f6f84562a13f4278dc881a1ca024e57f72e02c8c0341db67eb4c18f898695abe0f4dcc6a5100036ef2ad41612c15ccb
EAP-Message = 0xb3388ab4c8799870
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac18ae1dae1cb77e24f513d206b33409
Finished request 7.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 34882,
id=84, length=253
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "MYDOMAIN\\domainuser"
State = 0xac18ae1dae1cb77e24f513d206b33409
Acct-Session-Id = "82a0000e"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0E"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020400061900
Message-Authenticator = 0xca1ae53f11c24a576535b3fa85897aff
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "MYDOMAIN\domainuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] Looking up realm "MYDOMAIN" for User-Name = "MYDOMAIN\domainuser"
[ntdomain] Found realm "MYDOMAIN"
[ntdomain] Adding Stripped-User-Name = "domainuser"
[ntdomain] Adding Realm = "MYDOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 84 to 192.168.10.92 port 34882
EAP-Message =
0x010500bc19000b99343f8be5bbbac504b964b7278214ef92146e2b531d6bb346fd4d3f3db01f2bbaf06338eebc4f3f95dd05afbde1bfea561612bcc0f38cf033161a29d8d3d153be349292571cda0fb68aaeb1f8d7b8a00433092281110715db379edfdcb52afb132d4eaad24bd8a76d8ecf4377dd24cfc4484d64966f87c601d5644f65791eb42b66ab4419db5c27e3649e81d4993dddf34b71b6339b6730dfd68cbad45e6f9daeb2704ae46a9331ca454e4016030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac18ae1daf1db77e24f513d206b33409
Finished request 8.
Going to the next request
Waking up in 4.3 seconds.
rad_recv: Access-Request packet from host 192.168.10.92 port 46831,
id=85, length=253
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = "MYDOMAIN\\domainuser"
State = 0xac18ae1daf1db77e24f513d206b33409
Acct-Session-Id = "82a0000e"
Acct-Multi-Session-Id =
"02-0C-42-6A-44-6C-F0-7B-CB-42-28-7E-82-A0-00-00-00-00-00-0E"
Calling-Station-Id = "F0-7B-CB-42-28-7E"
Called-Station-Id = "02-0C-42-6A-44-6C:CORP-WiFi"
EAP-Message = 0x020500061900
Message-Authenticator = 0xc12066f7e555aa8b79ae1f0104deaaec
NAS-Identifier = "MikroTik"
Mikrotik-Realm = "MYDOMAIN"
NAS-IP-Address = 192.168.10.92
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "MYDOMAIN\domainuser", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[ntdomain] Looking up realm "MYDOMAIN" for User-Name = "MYDOMAIN\domainuser"
[ntdomain] Found realm "MYDOMAIN"
[ntdomain] Adding Stripped-User-Name = "domainuser"
[ntdomain] Adding Realm = "MYDOMAIN"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
[eap] EAP packet type response id 5 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake fragment handler
[peap] eaptls_verify returned 1
[peap] eaptls_process returned 13
[peap] EAPTLS_HANDLED
++[eap] returns handled
Sending Access-Challenge of id 85 to 192.168.10.92 port 46831
EAP-Message = 0x010600061900
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xac18ae1da81eb77e24f513d206b33409
Finished request 9.
Going to the next request
Waking up in 4.2 seconds.
Cleaning up request 0 ID 76 with timestamp +19
Cleaning up request 1 ID 77 with timestamp +19
Cleaning up request 2 ID 78 with timestamp +19
Cleaning up request 3 ID 79 with timestamp +19
Cleaning up request 4 ID 80 with timestamp +19
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xb43ea5ebb038bce8 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Waking up in 0.5 seconds.
Cleaning up request 5 ID 81 with timestamp +19
Cleaning up request 6 ID 82 with timestamp +20
Cleaning up request 7 ID 83 with timestamp +20
Cleaning up request 8 ID 84 with timestamp +20
Cleaning up request 9 ID 85 with timestamp +20
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING: !! EAP session for state 0xac18ae1da81eb77e did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Ready to process requests.
2
1
radiusd: FreeRADIUS Version 2.2.2, for host x86_64-unknown-linux-gnu, built
on Oct 14 2013 at 22:41:53
dhcp.conf
server dhcp {
listen {
type = dhcp
ipaddr = 10.0.0.249
port = 67
interface = vlan10
broadcast = yes
}
dhcp DHCP-Discover {
python
}
dhcp DHCP-Request {
python
}
dhcp DHCP-Release {
python
}
dhcp DHCP-Inform {
python
}
dhcp DHCP-Decline {
python
}
}
How can I fix these errors?
Fri Oct 25 06:41:19 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 1235289482 due to unfinished request 1265526
Fri Oct 25 06:49:11 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 417288914 due to unfinished request 1266266
Fri Oct 25 06:50:53 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 2640071483 due to unfinished request 1266459
Fri Oct 25 06:52:38 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 1828774073 due to unfinished request 1266657
Fri Oct 25 06:54:33 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 3389080412 due to unfinished request 1266856
Fri Oct 25 06:58:23 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 2209098358 due to unfinished request 1267239
Fri Oct 25 07:05:03 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 755143304 due to unfinished request 1267952
Fri Oct 25 07:07:19 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 1691312898 due to unfinished request 1268193
Fri Oct 25 07:08:24 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 776764220 due to unfinished request 1268319
Fri Oct 25 07:16:21 2013 : Error: Discarding duplicate request from client
dhcp port 67 - ID: 481491101 due to unfinished request 1269360
2
1