Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
June 2014
- 77 participants
- 87 discussions
Hi All,
I wonder if there is DHCPv6support in Freeradius 2.x.
I'm not a developer but would like to test Freeradiususing DHCPv4 and
DHCPv6 in Dual Stack.
Today already use PPPoEwith Mikrotikand Freeradius + MySQL.
Cheers,
Gondim
3
2
Zombie servers are never marked as dead or unzombied when using status_check = none
by Herwin Weststrate 20 Jun '14
by Herwin Weststrate 20 Jun '14
20 Jun '14
Another thing of which I'm not really sure if it's a bug or if I'm
misinterpreting something. It's tested with version 3.0.x
I'm using a setup with 3 FreeRADIUS backends (10.101.0.11{3,4,5}) and a
single inner-proxy-server. All the home servers are marked in the config
with a zombie_period of 20 and a revive_interval of 60. Requests are
load-balanced to the home server using keyed-balance on the username
(yes, I understand this is something you wouldn't normally do when
proxying the inner tunnel, but it makes it easier to reproduce).
The first authentication get proxied to .114. Then, we disable that home
server by adding a firewall rule. The next authentication requests shows
some logging that the home serve is marked as a zombie:
Marking home server 10.101.0.114 port 1812 as zombie (it has not
responded in 10.000000 seconds).
The next authentication request with the same user name now get proxied
to .115. Authentication requests with other user names are now
distributed among .113 and .115 (with somethings that looks like a bias
towards .115, possibly because all requests that would originally have
gone to .114 are now sent to .115, but it's tested with a very small
set, quite possibly it's something else).
The strange thing here is that .114 stays a zombie. Even after more than
two minutes (which would expire both zombie_period and revive_interval)
new requests just get proxied to .115 or .113, but no mention on
updating the state of .114 whatsoever.
Looking at the source, I see that after a server is marked as a zombie,
the method ping_home_server (main/process.c) is called. This method is
effectively a no-op if the status_check of the home server is set to
none, which might be the cause.
--
Herwin Weststrate
1
0
Hi.
Following [1] and [2] I modified my site config in order to send custom reply message for each accounting error. Sadly it seems the server is NOT rejecting the user in case of Max-Daily-Session, so I must have done something wrong, but I cannot find the error.
I attached my config. This is what debug prints out for dailycounter
Thu Jun 19 17:31:35 2014 : Info: [dailycounter] expand: %{sql:SELECT SUM(acctsessiontime - GREATEST((1403128800 - UNIX_TIMESTAMP(acctstarttime)), 0)) FROM radacct WHERE username = 'username' AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '1403128800'} -> 10819
Thu Jun 19 17:31:35 2014 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero
Thu Jun 19 17:31:35 2014 : Debug: rlm_sqlcounter: Rejected user username, check_item=10800, counter=10819
Thu Jun 19 17:31:35 2014 : Info: ++[dailycounter] = reject
Thu Jun 19 17:31:35 2014 : Info: ++? if (reject)
Thu Jun 19 17:31:35 2014 : Info: ? Evaluating (reject) -> TRUE
Thu Jun 19 17:31:35 2014 : Info: ++? if (reject) -> TRUE
Thu Jun 19 17:31:35 2014 : Info: ++if (reject) {
Thu Jun 19 17:31:35 2014 : Info: +++update reply {
Thu Jun 19 17:31:35 2014 : Info: +++} # update reply = noop
Thu Jun 19 17:31:35 2014 : Info: ++} # if (reject) = noop
... and then goes on on the next module. While if I just let "dailycounter" without additional options the debug correctly return reject:
Thu Jun 19 16:23:52 2014 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero
Thu Jun 19 16:23:52 2014 : Debug: rlm_sqlcounter: Rejected user username, check_item=10800, counter=10819
Thu Jun 19 16:23:52 2014 : Info: ++[dailycounter] = reject
Thu Jun 19 16:23:52 2014 : Info: +} # group authorize = reject
Thu Jun 19 16:23:52 2014 : Info: Using Post-Auth-Type REJECT
Thu Jun 19 16:23:52 2014 : Info: # Executing group from file /etc/freeradius/sites-enabled/default
Thu Jun 19 16:23:52 2014 : Info: +group REJECT {
Thu Jun 19 16:23:52 2014 : Info: ++update reply {
Thu Jun 19 16:23:52 2014 : Info: ++} # update reply = noop
Thu Jun 19 16:23:52 2014 : Info: [attr_filter.access_reject] expand: %{User-Name} -> username
Thu Jun 19 16:23:52 2014 : Debug: attr_filter: Matched entry DEFAULT at line 11
Thu Jun 19 16:23:52 2014 : Info: ++[attr_filter.access_reject] = updated
Thu Jun 19 16:23:52 2014 : Info: +} # group REJECT = updated
This is the dailycounter config:
dailycounter{
reject = 1
}
if(reject){
update reply {
Reply-Message := "You have reached your daily time limit"
}
ok = reject
}
For other checks the same code seems to work fine... What's wrong with this?
thanks
[1] http://grasehotspot.org/documentation/freeradius/meaningful-reply-message-f…
[2] http://tim.purewhite.id.au/2011/04/coova-chilli-freeradius-reply-message/
--
Lorenzo Milesi - lorenzo.milesi(a)yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
2
2
Hi list,
Are there any way to check validity of MAC address but one times only and not every time while
processing the virtual site ?
Actually I used this :
authorize {
if (!Calling-Station-Id == "%{sql:SELECT mac_address FROM `mac` WHERE
mac_address='%{Calling-Station-Id}'}") {
update reply {
Reply-Message += "MAC address %{Calling-Station-Id} was not
found in database - Login refused "
}
reject
}
}
The cache module is the only way ?
Thanks.
Nicolas.
2
1
EAP-PEAP with mschap login failed MSCHAP returns reject but we want to send no Reject but Accept with GUEST Vlan AVPs
by Becker, Alexander 18 Jun '14
by Becker, Alexander 18 Jun '14
18 Jun '14
Hi all,
I am using FreeRADIUS for quite some time now, though I can't wrap my mind around one thing:
When a module (say, mschap with ntlm_auth) returns REJECT because of the user is not present in the AD, I want to continue processing the request to, let's say, accept the request, but provide an alternative VLAN (Tunnel-Id) to the endpoint.
In chapter 16.3.1 of http://networkradius.com/doc/FreeRADIUS-Implementation-Ch16.pdf, section "Return Codes as Modules", it clearly states:
* reject: Causes the request to be immediately rejected
So my question boils down to:
How can I use the mscap module to check whether a user is valid, and somehow anticipate that he/she does not exist, and continue with an alternate processing (read: decide later on whether to accept/reject the user) in such a case.
I thank you very much in advance, and I appreciate your answer.
For full reference, I included my current setup with explainations:
---
Using EAP-PEAPv0 -> valid user credentials should result in an accept with AV-Pair list A and invalid credentials should result in Accept but AV-Pair list B
Example:
Using EAP-PEAP
Login OK
Sending Accept and
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = "22"
Login failed
Sending Accept and
Tunnel-Type = VLAN
Tunnel-Medium-Type = IEEE-802
Tunnel-Private-Group-Id = "33"
I want to control the result via a manipulated control attribute AcnACLType. I set these attibutes from withing rlm_perl:
########### Snippet Perl Policy ###############################
if ( $RAD_CHECK{'AcnACLType'} eq "data" ) {
$RAD_CHECK{'Auth-Type'}= "Accept";
$RAD_REPLY{'Reply-Message'}= "data";
$RAD_REPLY{'Tunnel-Medium-Type'}= "IEEE-802";
$RAD_REPLY{'Tunnel-Private-Group-Id'}= "22";
$RAD_REPLY{'Tunnel-Type'}= "VLAN";
return RLM_MODULE_OK;
}
elsif ( $RAD_CHECK{'AcnACLType'} eq "authfail" ) {
$RAD_CHECK{'Auth-Type'}= "Accept";
$RAD_REPLY{'Reply-Message'}= "AuthFail";
$RAD_REPLY{'Tunnel-Medium-Type'}= "IEEE-802";
$RAD_REPLY{'Tunnel-Private-Group-Id'}= "33";
$RAD_REPLY{'Tunnel-Type'}= "VLAN";
return RLM_MODULE_OK;
}
########### Snippet Perl Policy ###############################
In case of MSCHAP authenticating, everything works as expected:
===================Begin LOG ================================
Wed Jun 18 09:59:50 2014 : Info: [eap] processing type mschapv2
Wed Jun 18 09:59:50 2014 : Info: [mschapv2] # Executing group from file /home/auconet/freeradius/test/CSI/etc/raddb//sites-enabled/inner-tunnel
Wed Jun 18 09:59:50 2014 : Info: [mschapv2] +- entering group MS-CHAP {...}
Wed Jun 18 09:59:50 2014 : Info: [mschap] Creating challenge hash with username: pschmidt
Wed Jun 18 09:59:50 2014 : Info: [mschap] Told to do MS-CHAPv2 for pschmidt with NT-Password
Wed Jun 18 09:59:50 2014 : Info: [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=testlab.auconet.lan
Wed Jun 18 09:59:50 2014 : Info: [mschap] expand: --username=%{mschap:User-Name} -> --username=pschmidt
Wed Jun 18 09:59:50 2014 : Info: [mschap] Creating challenge hash with username: pschmidt
Wed Jun 18 09:59:50 2014 : Info: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=9499863a8977daa3
Wed Jun 18 09:59:50 2014 : Info: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=161b24c676d1a53738cdb10037111c81f1fe1d4d5407266a
Wed Jun 18 09:59:50 2014 : Debug: Exec-Program output: NT_KEY: 00D98A4AFC1CD84EED151A5ECAD45886
Wed Jun 18 09:59:50 2014 : Debug: Exec-Program-Wait: plaintext: NT_KEY: 00D98A4AFC1CD84EED151A5ECAD45886
Wed Jun 18 09:59:50 2014 : Debug: Exec-Program: returned: 0
Wed Jun 18 09:59:50 2014 : Info: ++[mschap] returns ok
Wed Jun 18 09:59:50 2014 : Info: ++? if (ok)
Wed Jun 18 09:59:50 2014 : Info: ? Evaluating (ok) -> TRUE
Wed Jun 18 09:59:50 2014 : Info: ++? if (ok) -> TRUE
Wed Jun 18 09:59:50 2014 : Info: ++- entering if (ok) {...}
Wed Jun 18 09:59:50 2014 : Info: +++[control] returns ok
Wed Jun 18 09:59:50 2014 : Info: ++- if (ok) returns ok
Wed Jun 18 09:59:50 2014 : Info: ++ ... skipping elsif for request 20: Preceding "if" was taken
Wed Jun 18 09:59:50 2014 : Debug: MSCHAP Success
Wed Jun 18 09:59:50 2014 : Info: ++[eap] returns handled
} # server inner-tunnel
Wed Jun 18 09:59:50 2014 : Info: ++[control] returns ok
:
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair Tunnel-Type = VLAN
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair Message-Authenticator = 0x00000000000000000000000000000000
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair User-Name = testlab.auconet.lan\\pschmidt
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair MS-MPPE-Recv-Key = 0x8a6959f6fd9e2f85fadce413f5691ba0ade9bd80d6fee90893d598bfc978a1d5
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair EAP-Message = 0x030b0004
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair EAP-EMSK = 0x97d3f6e398c284127ee6ad52d55d8a0e609e453971050f546c964193d18dae3c0d74518ef466560670426f120bae29e1c268494e07b5c13ce67033c7135a08d3
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair Tunnel-Private-Group-Id = 22
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair AcnACLType = data
Wed Jun 18 09:59:50 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept
Wed Jun 18 09:59:50 2014 : Info: ++[perlpolicy] returns ok
Wed Jun 18 09:59:50 2014 : Info: # Executing section post-auth from file /home/auconet/freeradius/test/CSI/etc/raddb//sites-enabled/default
Wed Jun 18 09:59:50 2014 : Info: +- entering group post-auth {...}
Wed Jun 18 09:59:50 2014 : Info: ++[exec] returns noop
Sending Access-Accept of id 11 to 127.0.0.1 port 38368
Reply-Message = "AuthFail"
MS-MPPE-Send-Key = 0x8cc588be92973040e5f09c8ebdc30ea4480a717aaf984fdf8182c3c6c5ffbfa8
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "testlab.auconet.lan\\pschmidt"
MS-MPPE-Recv-Key = 0x8a6959f6fd9e2f85fadce413f5691ba0ade9bd80d6fee90893d598bfc978a1d5
EAP-Message = 0x030b0004
Tunnel-Private-Group-Id:0 = "22"
Wed Jun 18 09:59:50 2014 : Info: Finished request 22.
=============================== END LOG =====================================
My problem begins if the credentials are invalid. In this case inner-tunnel returns with "REJECT" and then there seems to be no way to change this into an "ACCEPT". My feeling at this point is that I miss an important concept in the way FreeRADIUS processes requests.
Here is a snippet from inner-tunnel section:
############### SNIP ##########################
authenticate {
Auth-Type EAP {
eap {
ok = 1
reject = return
fail=return
}
#
if (ok) {
update control {
Auth-Type := "Accept"
AcnACLType="data"
}
}
elsif (reject) {
update control {
Auth-Type := "Accept"
AcnACLType="authfail"
LogMessage := "RadiusReject"
}
auconetLog
}
}
########################## End Inner tunnel ###########################
and in default server
############################ Default Server ###########################
Auth-Type EAP {
eap {
ok = 1
reject = return
invalid =1
}
if (ok) {
update control {
#Auth-Type := "Accept"
AcnACLType := "data"
}
#update reply {
# Tunnel-Type := VLAN
# Tunnel-Medium-Type := IEEE-802
# Tunnel-Private-Group-Id := "22"
#}
}
elsif (reject || invalid ) {
update control {
AcnACLType := "authfail"
LogMessage := "RadiusReject"
Auth-Type := "Accept"
}
auconetLog
update reply {
Tunnel-Type := VLAN
Tunnel-Medium-Type := IEEE-802
Tunnel-Private-Group-Id := "33"
}
}
update control {
FreeRADIUS-Client-Shortname="%{Client-Shortname}"
}
perlpolicy
}
######################################################
The log is:
================ LOG Begin ===================================
Wed Jun 18 10:48:04 2014 : Info: [eap] processing type mschapv2
Wed Jun 18 10:48:04 2014 : Info: [mschapv2] # Executing group from file /home/auconet/freeradius/test/CSI/etc/raddb//sites-enabled/inner-tunnel
Wed Jun 18 10:48:04 2014 : Info: [mschapv2] +- entering group MS-CHAP {...}
Wed Jun 18 10:48:04 2014 : Info: [mschap] Creating challenge hash with username: radiusfail
Wed Jun 18 10:48:04 2014 : Info: [mschap] Told to do MS-CHAPv2 for radiusfail with NT-Password
Wed Jun 18 10:48:04 2014 : Info: [mschap] No NT-Domain was found in the User-Name.
Wed Jun 18 10:48:04 2014 : Info: [mschap] expand: --domain=%{mschap:NT-Domain} -> --domain=
Wed Jun 18 10:48:04 2014 : Info: [mschap] expand: --username=%{mschap:User-Name} -> --username=radiusfail
Wed Jun 18 10:48:04 2014 : Info: [mschap] Creating challenge hash with username: radiusfail
Wed Jun 18 10:48:04 2014 : Info: [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=3fc42259705d168a
Wed Jun 18 10:48:04 2014 : Info: [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=1a7a459b40d3527944a7aadcdf32a499c097cf0dc1c296ad
Wed Jun 18 10:48:04 2014 : Debug: Exec-Program output: Logon failure (0xc000006d)
Wed Jun 18 10:48:04 2014 : Debug: Exec-Program-Wait: plaintext: Logon failure (0xc000006d)
Wed Jun 18 10:48:04 2014 : Debug: Exec-Program: returned: 1
Wed Jun 18 10:48:04 2014 : Info: [mschap] External script failed.
Wed Jun 18 10:48:04 2014 : Info: [mschap] FAILED: MS-CHAP2-Response is incorrect
Wed Jun 18 10:48:04 2014 : Info: ++[mschap] returns reject
Wed Jun 18 10:48:04 2014 : Info: [eap] Freeing handler
Wed Jun 18 10:48:04 2014 : Info: ++[eap] returns reject <<<<<<
Wed Jun 18 10:48:04 2014 : Info: Failed to authenticate the user.
} # server inner-tunnel
Wed Jun 18 10:48:04 2014 : Info: [peap] Got tunneled reply code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Wed Jun 18 10:48:04 2014 : Info: [peap] Got tunneled reply RADIUS code 3
MS-CHAP-Error = "\tE=691 R=1"
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
Wed Jun 18 10:48:04 2014 : Info: [peap] Tunneled authentication was rejected.
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair State = 0xe26df394eb67ea7b6c664f076e6e6a50
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Calling-Station-Id = 02:00:00:00:00:01
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Message-Authenticator = 0x6ab434e42ece49cdb13eb90438443c03
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair User-Name = radiusfail
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair EAP-Message = 0x020a0050190017030100208c1c20ac2dcb12e53b8a57d494b40657b43bd5019ca84e352e57a1069a1176a917030100209ed7b46fa6d167c1aacf327ae328c70674c366c0ddeceab26e7ba5232f3b029e
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Connect-Info = CONNECT 11Mbps 802.11b
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair EAP-Type = PEAP
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Framed-MTU = 1400
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Reply-Message = AuthFail
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair EAP-Message = 0x040a0004
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Tunnel-Medium-Type = IEEE-802
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Tunnel-Type = VLAN
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Tunnel-Private-Group-Id = 33
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Message-Authenticator = 0x00000000000000000000000000000000
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair FreeRADIUS-Client-Shortname = localhost
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair LogMessage = RadiusReject
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair AcnACLType = authfail
Wed Jun 18 10:48:04 2014 : Debug: rlm_perl: Added pair Auth-Type = Accept
Wed Jun 18 10:48:04 2014 : Info: ++[perlpolicy] returns ok
Wed Jun 18 10:48:04 2014 : Info: # Executing section post-auth from file /home/auconet/freeradius/test/CSI/etc/raddb//sites-enabled/default
Wed Jun 18 10:48:04 2014 : Info: +- entering group post-auth {...}
Wed Jun 18 10:48:04 2014 : Info: ++[exec] returns noop
Wed Jun 18 10:48:04 2014 : Info: Using Post-Auth-Type Reject
Wed Jun 18 10:48:04 2014 : Info: # Executing group from file /home/auconet/freeradius/test/CSI/etc/raddb//sites-enabled/default
Wed Jun 18 10:48:04 2014 : Info: +- entering group REJECT {...}
Wed Jun 18 10:48:04 2014 : Info: ++- group REJECT returns noop
Wed Jun 18 10:48:04 2014 : Info: Delaying reject of request 10 for 1 seconds
Wed Jun 18 10:48:04 2014 : Debug: Going to the next request
Wed Jun 18 10:48:04 2014 : Debug: Waking up in 0.9 seconds.
Wed Jun 18 10:48:05 2014 : Info: Sending delayed reject for request 10
Sending Access-Reject of id 10 to 127.0.0.1 port 51730
Reply-Message = "AuthFail"
EAP-Message = 0x040a0004
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Type:0 = VLAN
Tunnel-Private-Group-Id:0 = "33"
Message-Authenticator = 0x00000000000000000000000000000000
Wed Jun 18 10:48:05 2014 : Debug: Waking up in 3.9 seconds.
================= LOG End =====================================
My naïve idea is to instead send an Access-Accept with a Tunnel-Id of 11. I disabled the filter in
Post-Auth-Type REJECT {
#attr_filter.access_reject
}
to see attributes from my perl-policy.
Thanks
2
1
Hi,
I want to ask something about installation freeradius server.
actually I want to try eap-sim on freeradius 2.2.5 in ubuntu sever 12.04
the step that I was tried are like these:
1. apt-get install dpkg-dev
2. apt-get build-dep freeradius
3. tar xvzf freeradius-server-2.2.5.tar.gz
4. install the packets:
a. dpkg -i libfreeradius2_2.2.5+git_i386.deb
b. dpkg -i freeradius-common_2.2.5+git_i386.deb
c. dpkg -i freeradius-utils_2.2.5+git_i386.deb
d. dpkg -i freeradius_2.2.5+git_i386.deb
I got failed when the step 4(d).
* Checking Freeradius daemon configuration... [fail]
invoke-rc.d: initscript freeradius, action "restart" failed
Precessing triggers for ureadahead...
this is result when i try freeradius -X command:
libssl version mismatch. built with: 1000105f linked: 1000100f
the problem is mismatch libssl? but I was trying to find the same version.
so what should I do?
--
Best Regards,
Email : muhhasan.1311(a)gmail.com
CP : 085694394257
5
11
Hello,
I am having some trouble authorizing off ldap from APs - please see the
debug below, and let me know if there is anything else I can provide. I
am looking at this snippet from the below:
-------------------------------------------------------------------------------
Tue Jun 17 11:53:43 2014 : Info: [ldap] user jjenkins authorized to use
remote access
Tue Jun 17 11:53:43 2014 : Debug: [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:43 2014 : Info: ++[ldap] returns ok
Tue Jun 17 11:53:43 2014 : Info: ++[expiration] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[logintime] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[pap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ERROR: No authenticate method
(Auth-Type) found for the request: Rejecting the
-------------------------------------------------------------------------------
It would seem that my connection to my ldap server is ok, and it finds
that my user is authorized - the part that plagues me is why ldap
returns ok but the ERROR shows up about no authentication method
(Auth-Type) is found. I have made sure that the Auth-Type LDAP section
within sites-enabled/default is un-commented, so I am confused why I get
that error.
I appreciate your time and attention.
Best,
Jon
Full Debug:
-------------------------------------------------------------------------------
Tue Jun 17 11:53:32 2014 : Info: FreeRADIUS Version 2.1.12, for host
x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51
Tue Jun 17 11:53:32 2014 : Info: Copyright (C) 1999-2009 The FreeRADIUS
server project and contributors.
Tue Jun 17 11:53:32 2014 : Info: There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
Tue Jun 17 11:53:32 2014 : Info: PARTICULAR PURPOSE.
Tue Jun 17 11:53:32 2014 : Info: You may redistribute copies of
FreeRADIUS under the terms of the
Tue Jun 17 11:53:32 2014 : Info: GNU General Public License v2.
Tue Jun 17 11:53:32 2014 : Info: Starting - reading configuration files ...
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/radiusd.conf
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/proxy.conf
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/clients.conf
Tue Jun 17 11:53:32 2014 : Debug: including files in directory
/etc/raddb/modules/
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/mac2vlan
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/detail
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/passwd
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/pap
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/ldap
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/detail.example.com
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/checkval
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/dynamic_clients
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/radutmp
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/redis
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/expr
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/smbpasswd
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/always
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/counter
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/attr_filter
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/otp
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/chap
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/echo
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/attr_rewrite
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/perl
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/digest
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/mac2ip
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/smsotp
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/linelog
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/detail.log
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/expiration
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/mschap
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/files
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/soh
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/pam
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/opendirectory
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/wimax
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/etc_group
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/ippool
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/replicate
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/rediswho
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/sql_log
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/policy
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/inner-eap
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/sqlcounter_expire_on_login
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/exec
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/ntlm_auth
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/cui
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/realm
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/preprocess
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/unix
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/acct_unique
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/sradutmp
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/modules/logintime
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/eap.conf
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/policy.conf
Tue Jun 17 11:53:32 2014 : Debug: including files in directory
/etc/raddb/sites-enabled/
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/sites-enabled/inner-tunnel
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:32 2014 : Debug: including configuration file
/etc/raddb/sites-enabled/control-socket
Tue Jun 17 11:53:32 2014 : Debug: main {
Tue Jun 17 11:53:32 2014 : Debug: user = "radiusd"
Tue Jun 17 11:53:32 2014 : Debug: group = "radiusd"
Tue Jun 17 11:53:32 2014 : Debug: allow_core_dumps = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: including dictionary file
/etc/raddb/dictionary
Tue Jun 17 11:53:32 2014 : Debug: main {
Tue Jun 17 11:53:32 2014 : Debug: name = "radiusd"
Tue Jun 17 11:53:32 2014 : Debug: prefix = "/usr"
Tue Jun 17 11:53:32 2014 : Debug: localstatedir = "/var"
Tue Jun 17 11:53:32 2014 : Debug: sbindir = "/usr/sbin"
Tue Jun 17 11:53:32 2014 : Debug: logdir = "/var/log/radius"
Tue Jun 17 11:53:32 2014 : Debug: run_dir = "/var/run/radiusd"
Tue Jun 17 11:53:32 2014 : Debug: libdir = "/usr/lib64/freeradius"
Tue Jun 17 11:53:32 2014 : Debug: radacctdir =
"/var/log/radius/radacct"
Tue Jun 17 11:53:32 2014 : Debug: hostname_lookups = no
Tue Jun 17 11:53:32 2014 : Debug: max_request_time = 30
Tue Jun 17 11:53:32 2014 : Debug: cleanup_delay = 5
Tue Jun 17 11:53:32 2014 : Debug: max_requests = 1024
Tue Jun 17 11:53:32 2014 : Debug: pidfile =
"/var/run/radiusd/radiusd.pid"
Tue Jun 17 11:53:32 2014 : Debug: checkrad = "/usr/sbin/checkrad"
Tue Jun 17 11:53:32 2014 : Debug: debug_level = 0
Tue Jun 17 11:53:32 2014 : Debug: proxy_requests = yes
Tue Jun 17 11:53:32 2014 : Debug: log {
Tue Jun 17 11:53:32 2014 : Debug: stripped_names = no
Tue Jun 17 11:53:32 2014 : Debug: auth = no
Tue Jun 17 11:53:32 2014 : Debug: auth_badpass = no
Tue Jun 17 11:53:32 2014 : Debug: auth_goodpass = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: security {
Tue Jun 17 11:53:32 2014 : Debug: max_attributes = 200
Tue Jun 17 11:53:32 2014 : Debug: reject_delay = 1
Tue Jun 17 11:53:32 2014 : Debug: status_server = yes
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: radiusd: #### Loading Realms and Home
Servers ####
Tue Jun 17 11:53:32 2014 : Debug: proxy server {
Tue Jun 17 11:53:32 2014 : Debug: retry_delay = 5
Tue Jun 17 11:53:32 2014 : Debug: retry_count = 3
Tue Jun 17 11:53:32 2014 : Debug: default_fallback = no
Tue Jun 17 11:53:32 2014 : Debug: dead_time = 120
Tue Jun 17 11:53:32 2014 : Debug: wake_all_if_all_dead = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: home_server localhost {
Tue Jun 17 11:53:32 2014 : Debug: ipaddr = 127.0.0.1
Tue Jun 17 11:53:32 2014 : Debug: port = 1812
Tue Jun 17 11:53:32 2014 : Debug: type = "auth"
Tue Jun 17 11:53:32 2014 : Debug: secret = "testing123"
Tue Jun 17 11:53:32 2014 : Debug: response_window = 20
Tue Jun 17 11:53:32 2014 : Debug: max_outstanding = 65536
Tue Jun 17 11:53:32 2014 : Debug: require_message_authenticator = yes
Tue Jun 17 11:53:32 2014 : Debug: zombie_period = 40
Tue Jun 17 11:53:32 2014 : Debug: status_check = "status-server"
Tue Jun 17 11:53:32 2014 : Debug: ping_interval = 30
Tue Jun 17 11:53:32 2014 : Debug: check_interval = 30
Tue Jun 17 11:53:32 2014 : Debug: num_answers_to_alive = 3
Tue Jun 17 11:53:32 2014 : Debug: num_pings_to_alive = 3
Tue Jun 17 11:53:32 2014 : Debug: revive_interval = 120
Tue Jun 17 11:53:32 2014 : Debug: status_check_timeout = 4
Tue Jun 17 11:53:32 2014 : Debug: coa {
Tue Jun 17 11:53:32 2014 : Debug: irt = 2
Tue Jun 17 11:53:32 2014 : Debug: mrt = 16
Tue Jun 17 11:53:32 2014 : Debug: mrc = 5
Tue Jun 17 11:53:32 2014 : Debug: mrd = 30
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: home_server_pool my_auth_failover {
Tue Jun 17 11:53:32 2014 : Debug: type = fail-over
Tue Jun 17 11:53:32 2014 : Debug: home_server = localhost
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: realm example.com {
Tue Jun 17 11:53:32 2014 : Debug: auth_pool = my_auth_failover
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: realm LOCAL {
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: radiusd: #### Loading Clients ####
Tue Jun 17 11:53:32 2014 : Debug: client localhost {
Tue Jun 17 11:53:32 2014 : Debug: ipaddr = 127.0.0.1
Tue Jun 17 11:53:32 2014 : Debug: require_message_authenticator = no
Tue Jun 17 11:53:32 2014 : Debug: secret = "testing123"
Tue Jun 17 11:53:32 2014 : Debug: nastype = "other"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: client 172.16.210.0/24 {
Tue Jun 17 11:53:32 2014 : Debug: require_message_authenticator = no
Tue Jun 17 11:53:32 2014 : Debug: secret = "1ctllc2"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: radiusd: #### Instantiating modules ####
Tue Jun 17 11:53:32 2014 : Debug: instantiate {
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_exec, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_exec
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "exec"
from file /etc/raddb/modules/exec
Tue Jun 17 11:53:32 2014 : Debug: exec {
Tue Jun 17 11:53:32 2014 : Debug: wait = no
Tue Jun 17 11:53:32 2014 : Debug: input_pairs = "request"
Tue Jun 17 11:53:32 2014 : Debug: shell_escape = yes
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_expr, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_expr
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "expr"
from file /etc/raddb/modules/expr
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_expiration, checking
if it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_expiration
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"expiration" from file /etc/raddb/modules/expiration
Tue Jun 17 11:53:32 2014 : Debug: expiration {
Tue Jun 17 11:53:32 2014 : Debug: reply-message = "Password Has
Expired "
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_logintime, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_logintime
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"logintime" from file /etc/raddb/modules/logintime
Tue Jun 17 11:53:32 2014 : Debug: logintime {
Tue Jun 17 11:53:32 2014 : Debug: reply-message = "You are calling
outside your allowed timespan "
Tue Jun 17 11:53:32 2014 : Debug: minimum-timeout = 60
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: radiusd: #### Loading Virtual Servers
####
Tue Jun 17 11:53:32 2014 : Debug: server { # from file
/etc/raddb/radiusd.conf
Tue Jun 17 11:53:32 2014 : Debug: modules {
Tue Jun 17 11:53:32 2014 : Debug: Module: Creating Auth-Type = digest
Tue Jun 17 11:53:32 2014 : Debug: Module: Creating Auth-Type = LDAP
Tue Jun 17 11:53:32 2014 : Debug: Module: Creating Post-Auth-Type =
REJECT
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking authenticate {...}
for more modules to load
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_pap, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_pap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "pap"
from file /etc/raddb/modules/pap
Tue Jun 17 11:53:32 2014 : Debug: pap {
Tue Jun 17 11:53:32 2014 : Debug: encryption_scheme = "auto"
Tue Jun 17 11:53:32 2014 : Debug: auto_header = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_chap, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_chap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "chap"
from file /etc/raddb/modules/chap
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_mschap, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_mschap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "mschap"
from file /etc/raddb/modules/mschap
Tue Jun 17 11:53:32 2014 : Debug: mschap {
Tue Jun 17 11:53:32 2014 : Debug: use_mppe = yes
Tue Jun 17 11:53:32 2014 : Debug: require_encryption = no
Tue Jun 17 11:53:32 2014 : Debug: require_strong = no
Tue Jun 17 11:53:32 2014 : Debug: with_ntdomain_hack = no
Tue Jun 17 11:53:32 2014 : Debug: allow_retry = yes
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_digest, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_digest
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "digest"
from file /etc/raddb/modules/digest
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_unix, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_unix
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "unix"
from file /etc/raddb/modules/unix
Tue Jun 17 11:53:32 2014 : Debug: unix {
Tue Jun 17 11:53:32 2014 : Debug: radwtmp = "/var/log/radius/radwtmp"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_ldap, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_ldap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "ldap"
from file /etc/raddb/modules/ldap
Tue Jun 17 11:53:32 2014 : Debug: ldap {
Tue Jun 17 11:53:32 2014 : Debug: server = "localhost"
Tue Jun 17 11:53:32 2014 : Debug: port = 389
Tue Jun 17 11:53:32 2014 : Debug: password = ""
Tue Jun 17 11:53:32 2014 : Debug: identity = ""
Tue Jun 17 11:53:32 2014 : Debug: net_timeout = 1
Tue Jun 17 11:53:32 2014 : Debug: timeout = 4
Tue Jun 17 11:53:32 2014 : Debug: timelimit = 3
Tue Jun 17 11:53:32 2014 : Debug: tls_mode = no
Tue Jun 17 11:53:32 2014 : Debug: start_tls = no
Tue Jun 17 11:53:32 2014 : Debug: tls_require_cert = "allow"
Tue Jun 17 11:53:32 2014 : Debug: tls {
Tue Jun 17 11:53:32 2014 : Debug: start_tls = yes
Tue Jun 17 11:53:32 2014 : Debug: cacertfile = "/etc/ipa/ca.crt"
Tue Jun 17 11:53:32 2014 : Debug: require_cert = "allow"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: basedn =
"cn=accounts,dc=csi,dc=com"
Tue Jun 17 11:53:32 2014 : Debug: filter =
"(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
Tue Jun 17 11:53:32 2014 : Debug: base_filter =
"(objectclass=radiusprofile)"
Tue Jun 17 11:53:32 2014 : Debug: auto_header = no
Tue Jun 17 11:53:32 2014 : Debug: access_attr_used_for_allow = yes
Tue Jun 17 11:53:32 2014 : Debug: groupname_attribute = "cn"
Tue Jun 17 11:53:32 2014 : Debug: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
Tue Jun 17 11:53:32 2014 : Debug: dictionary_mapping =
"/etc/raddb/ldap.attrmap"
Tue Jun 17 11:53:32 2014 : Debug: ldap_debug = 0
Tue Jun 17 11:53:32 2014 : Debug: ldap_connections_number = 5
Tue Jun 17 11:53:32 2014 : Debug: compare_check_items = no
Tue Jun 17 11:53:32 2014 : Debug: do_xlat = yes
Tue Jun 17 11:53:32 2014 : Debug: set_auth_type = yes
Tue Jun 17 11:53:32 2014 : Debug: keepalive {
Tue Jun 17 11:53:32 2014 : Debug: idle = 60
Tue Jun 17 11:53:32 2014 : Debug: probes = 3
Tue Jun 17 11:53:32 2014 : Debug: interval = 3
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: Registering ldap_groupcmp
for Ldap-Group
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: Registering ldap_xlat with
xlat_name ldap
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: reading ldap<->radius
mappings from file /etc/raddb/ldap.attrmap
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusCheckItem mapped
to RADIUS $GENERIC$
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusReplyItem mapped
to RADIUS $GENERIC$
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusAuthType mapped
to RADIUS Auth-Type
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusSimultaneousUse
mapped to RADIUS Simultaneous-Use
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusCalledStationId
mapped to RADIUS Called-Station-Id
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusCallingStationId
mapped to RADIUS Calling-Station-Id
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP lmPassword mapped to
RADIUS LM-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP ntPassword mapped to
RADIUS NT-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP sambaLmPassword mapped
to RADIUS LM-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP sambaNtPassword mapped
to RADIUS NT-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP dBCSPwd mapped to
RADIUS LM-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP userPassword mapped to
RADIUS Cleartext-Password
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP acctFlags mapped to
RADIUS SMB-Account-CTRL-TEXT
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusExpiration mapped
to RADIUS Expiration
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusNASIpAddress
mapped to RADIUS NAS-IP-Address
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusServiceType
mapped to RADIUS Service-Type
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedProtocol
mapped to RADIUS Framed-Protocol
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedIPAddress
mapped to RADIUS Framed-IP-Address
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask
mapped to RADIUS Framed-IP-Netmask
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedRoute
mapped to RADIUS Framed-Route
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedRouting
mapped to RADIUS Framed-Routing
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFilterId mapped
to RADIUS Filter-Id
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped
to RADIUS Framed-MTU
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedCompression
mapped to RADIUS Framed-Compression
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginIPHost
mapped to RADIUS Login-IP-Host
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginService
mapped to RADIUS Login-Service
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginTCPPort
mapped to RADIUS Login-TCP-Port
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusCallbackNumber
mapped to RADIUS Callback-Number
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusCallbackId mapped
to RADIUS Callback-Id
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork
mapped to RADIUS Framed-IPX-Network
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusClass mapped to
RADIUS Class
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusSessionTimeout
mapped to RADIUS Session-Timeout
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusIdleTimeout
mapped to RADIUS Idle-Timeout
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusTerminationAction
mapped to RADIUS Termination-Action
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginLATService
mapped to RADIUS Login-LAT-Service
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginLATNode
mapped to RADIUS Login-LAT-Node
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginLATGroup
mapped to RADIUS Login-LAT-Group
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP
radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusPortLimit mapped
to RADIUS Port-Limit
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusLoginLATPort
mapped to RADIUS Login-LAT-Port
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusReplyMessage
mapped to RADIUS Reply-Message
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusTunnelType mapped
to RADIUS Tunnel-Type
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP radiusTunnelMediumType
mapped to RADIUS Tunnel-Medium-Type
Tue Jun 17 11:53:32 2014 : Debug: rlm_ldap: LDAP
radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id
Tue Jun 17 11:53:32 2014 : Debug: conns: 0x7f3f6ad123f0
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_eap, checking if it's
valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_eap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "eap"
from file /etc/raddb/eap.conf
Tue Jun 17 11:53:32 2014 : Debug: eap {
Tue Jun 17 11:53:32 2014 : Debug: default_eap_type = "md5"
Tue Jun 17 11:53:32 2014 : Debug: timer_expire = 60
Tue Jun 17 11:53:32 2014 : Debug: ignore_unknown_eap_types = no
Tue Jun 17 11:53:32 2014 : Debug: cisco_accounting_username_bug = no
Tue Jun 17 11:53:32 2014 : Debug: max_sessions = 4096
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module rlm_eap_md5
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-md5
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module
rlm_eap_leap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-leap
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module rlm_eap_gtc
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-gtc
Tue Jun 17 11:53:32 2014 : Debug: gtc {
Tue Jun 17 11:53:32 2014 : Debug: challenge = "Password: "
Tue Jun 17 11:53:32 2014 : Debug: auth_type = "PAP"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module rlm_eap_tls
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-tls
Tue Jun 17 11:53:32 2014 : Debug: tls {
Tue Jun 17 11:53:32 2014 : Debug: rsa_key_exchange = no
Tue Jun 17 11:53:32 2014 : Debug: dh_key_exchange = yes
Tue Jun 17 11:53:32 2014 : Debug: rsa_key_length = 512
Tue Jun 17 11:53:32 2014 : Debug: dh_key_length = 512
Tue Jun 17 11:53:32 2014 : Debug: verify_depth = 0
Tue Jun 17 11:53:32 2014 : Debug: CA_path = "/etc/raddb/certs"
Tue Jun 17 11:53:32 2014 : Debug: pem_file_type = yes
Tue Jun 17 11:53:32 2014 : Debug: private_key_file =
"/etc/raddb/certs/server.pem"
Tue Jun 17 11:53:32 2014 : Debug: certificate_file =
"/etc/raddb/certs/server.pem"
Tue Jun 17 11:53:32 2014 : Debug: CA_file = "/etc/raddb/certs/ca.pem"
Tue Jun 17 11:53:32 2014 : Debug: private_key_password = "whatever"
Tue Jun 17 11:53:32 2014 : Debug: dh_file = "/etc/raddb/certs/dh"
Tue Jun 17 11:53:32 2014 : Debug: random_file =
"/etc/raddb/certs/random"
Tue Jun 17 11:53:32 2014 : Debug: fragment_size = 1024
Tue Jun 17 11:53:32 2014 : Debug: include_length = yes
Tue Jun 17 11:53:32 2014 : Debug: check_crl = no
Tue Jun 17 11:53:32 2014 : Debug: cipher_list = "DEFAULT"
Tue Jun 17 11:53:32 2014 : Debug: cache {
Tue Jun 17 11:53:32 2014 : Debug: enable = no
Tue Jun 17 11:53:32 2014 : Debug: lifetime = 24
Tue Jun 17 11:53:32 2014 : Debug: max_entries = 255
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: verify {
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: ocsp {
Tue Jun 17 11:53:32 2014 : Debug: enable = no
Tue Jun 17 11:53:32 2014 : Debug: override_cert_url = yes
Tue Jun 17 11:53:32 2014 : Debug: url = "http://127.0.0.1/ocsp/"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module
rlm_eap_ttls
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-ttls
Tue Jun 17 11:53:32 2014 : Debug: ttls {
Tue Jun 17 11:53:32 2014 : Debug: default_eap_type = "md5"
Tue Jun 17 11:53:32 2014 : Debug: copy_request_to_tunnel = no
Tue Jun 17 11:53:32 2014 : Debug: use_tunneled_reply = no
Tue Jun 17 11:53:32 2014 : Debug: virtual_server = "inner-tunnel"
Tue Jun 17 11:53:32 2014 : Debug: include_length = yes
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module
rlm_eap_peap
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-peap
Tue Jun 17 11:53:32 2014 : Debug: peap {
Tue Jun 17 11:53:32 2014 : Debug: default_eap_type = "mschapv2"
Tue Jun 17 11:53:32 2014 : Debug: copy_request_to_tunnel = no
Tue Jun 17 11:53:32 2014 : Debug: use_tunneled_reply = no
Tue Jun 17 11:53:32 2014 : Debug: proxy_tunneled_request_as_eap = yes
Tue Jun 17 11:53:32 2014 : Debug: virtual_server = "inner-tunnel"
Tue Jun 17 11:53:32 2014 : Debug: soh = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to sub-module
rlm_eap_mschapv2
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating eap-mschapv2
Tue Jun 17 11:53:32 2014 : Debug: mschapv2 {
Tue Jun 17 11:53:32 2014 : Debug: with_ntdomain_hack = no
Tue Jun 17 11:53:32 2014 : Debug: send_error = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking authorize {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_preprocess, checking
if it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_preprocess
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"preprocess" from file /etc/raddb/modules/preprocess
Tue Jun 17 11:53:32 2014 : Debug: preprocess {
Tue Jun 17 11:53:32 2014 : Debug: huntgroups =
"/etc/raddb/huntgroups"
Tue Jun 17 11:53:32 2014 : Debug: hints = "/etc/raddb/hints"
Tue Jun 17 11:53:32 2014 : Debug: with_ascend_hack = no
Tue Jun 17 11:53:32 2014 : Debug: ascend_channels_per_line = 23
Tue Jun 17 11:53:32 2014 : Debug: with_ntdomain_hack = no
Tue Jun 17 11:53:32 2014 : Debug: with_specialix_jetstream_hack = no
Tue Jun 17 11:53:32 2014 : Debug: with_cisco_vsa_hack = no
Tue Jun 17 11:53:32 2014 : Debug: with_alvarion_vsa_hack = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_realm, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_realm
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "suffix"
from file /etc/raddb/modules/realm
Tue Jun 17 11:53:32 2014 : Debug: realm suffix {
Tue Jun 17 11:53:32 2014 : Debug: format = "suffix"
Tue Jun 17 11:53:32 2014 : Debug: delimiter = "@"
Tue Jun 17 11:53:32 2014 : Debug: ignore_default = no
Tue Jun 17 11:53:32 2014 : Debug: ignore_null = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_files, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_files
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "files"
from file /etc/raddb/modules/files
Tue Jun 17 11:53:32 2014 : Debug: files {
Tue Jun 17 11:53:32 2014 : Debug: usersfile = "/etc/raddb/users"
Tue Jun 17 11:53:32 2014 : Debug: acctusersfile =
"/etc/raddb/acct_users"
Tue Jun 17 11:53:32 2014 : Debug: preproxy_usersfile =
"/etc/raddb/preproxy_users"
Tue Jun 17 11:53:32 2014 : Debug: compat = "no"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking preacct {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_acct_unique, checking
if it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_acct_unique
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"acct_unique" from file /etc/raddb/modules/acct_unique
Tue Jun 17 11:53:32 2014 : Debug: acct_unique {
Tue Jun 17 11:53:32 2014 : Debug: key = "User-Name,
Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking accounting {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_detail, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_detail
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module "detail"
from file /etc/raddb/modules/detail
Tue Jun 17 11:53:32 2014 : Debug: detail {
Tue Jun 17 11:53:32 2014 : Debug: detailfile =
"/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
Tue Jun 17 11:53:32 2014 : Debug: header = "%t"
Tue Jun 17 11:53:32 2014 : Debug: detailperm = 384
Tue Jun 17 11:53:32 2014 : Debug: dirperm = 493
Tue Jun 17 11:53:32 2014 : Debug: locking = no
Tue Jun 17 11:53:32 2014 : Debug: log_packet_header = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_radutmp, checking if
it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_radutmp
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"radutmp" from file /etc/raddb/modules/radutmp
Tue Jun 17 11:53:32 2014 : Debug: radutmp {
Tue Jun 17 11:53:32 2014 : Debug: filename =
"/var/log/radius/radutmp"
Tue Jun 17 11:53:32 2014 : Debug: username = "%{User-Name}"
Tue Jun 17 11:53:32 2014 : Debug: case_sensitive = yes
Tue Jun 17 11:53:32 2014 : Debug: check_with_nas = yes
Tue Jun 17 11:53:32 2014 : Debug: perm = 384
Tue Jun 17 11:53:32 2014 : Debug: callerid = yes
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: (Loaded rlm_attr_filter, checking
if it's valid)
Tue Jun 17 11:53:32 2014 : Debug: Module: Linked to module rlm_attr_filter
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter
Tue Jun 17 11:53:32 2014 : Debug: attr_filter
attr_filter.accounting_response {
Tue Jun 17 11:53:32 2014 : Debug: attrsfile =
"/etc/raddb/attrs.accounting_response"
Tue Jun 17 11:53:32 2014 : Debug: key = "%{User-Name}"
Tue Jun 17 11:53:32 2014 : Debug: relaxed = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking session {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking post-proxy {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking post-auth {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Instantiating module
"attr_filter.access_reject" from file /etc/raddb/modules/attr_filter
Tue Jun 17 11:53:32 2014 : Debug: attr_filter attr_filter.access_reject {
Tue Jun 17 11:53:32 2014 : Debug: attrsfile =
"/etc/raddb/attrs.access_reject"
Tue Jun 17 11:53:32 2014 : Debug: key = "%{User-Name}"
Tue Jun 17 11:53:32 2014 : Debug: relaxed = no
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: } # modules
Tue Jun 17 11:53:32 2014 : Debug: } # server
Tue Jun 17 11:53:32 2014 : Debug: server inner-tunnel { # from file
/etc/raddb/sites-enabled/inner-tunnel
Tue Jun 17 11:53:32 2014 : Debug: modules {
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking authenticate {...}
for more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking authorize {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking session {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: Module: Checking post-auth {...} for
more modules to load
Tue Jun 17 11:53:32 2014 : Debug: } # modules
Tue Jun 17 11:53:32 2014 : Debug: } # server
Tue Jun 17 11:53:32 2014 : Debug: radiusd: #### Opening IP addresses and
Ports ####
Tue Jun 17 11:53:32 2014 : Debug: listen {
Tue Jun 17 11:53:32 2014 : Debug: type = "auth"
Tue Jun 17 11:53:32 2014 : Debug: ipaddr = *
Tue Jun 17 11:53:32 2014 : Debug: port = 0
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: listen {
Tue Jun 17 11:53:32 2014 : Debug: type = "acct"
Tue Jun 17 11:53:32 2014 : Debug: ipaddr = *
Tue Jun 17 11:53:32 2014 : Debug: port = 0
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: listen {
Tue Jun 17 11:53:32 2014 : Debug: type = "control"
Tue Jun 17 11:53:32 2014 : Debug: listen {
Tue Jun 17 11:53:32 2014 : Debug: socket =
"/var/run/radiusd/radiusd.sock"
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Debug: listen {
Tue Jun 17 11:53:32 2014 : Debug: type = "auth"
Tue Jun 17 11:53:32 2014 : Debug: ipaddr = 127.0.0.1
Tue Jun 17 11:53:32 2014 : Debug: port = 18120
Tue Jun 17 11:53:32 2014 : Debug: }
Tue Jun 17 11:53:32 2014 : Info: ... adding new socket proxy address *
port 32876
Tue Jun 17 11:53:32 2014 : Debug: Listening on authentication address *
port 1812
Tue Jun 17 11:53:32 2014 : Debug: Listening on accounting address * port
1813
Tue Jun 17 11:53:32 2014 : Debug: Listening on command file
/var/run/radiusd/radiusd.sock
Tue Jun 17 11:53:32 2014 : Debug: Listening on authentication address
127.0.0.1 port 18120 as server inner-tunnel
Tue Jun 17 11:53:32 2014 : Debug: Listening on proxy address * port 1814
Tue Jun 17 11:53:32 2014 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=34, length=145
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x0241000d016a6a656e6b696e73
Message-Authenticator = 0x32a743ad981f661101a2cd28a0b8000d
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 65
length 13
Tue Jun 17 11:53:40 2014 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns updated
Tue Jun 17 11:53:40 2014 : Info: ++[files] returns noop
Tue Jun 17 11:53:40 2014 : Info: [ldap] performing user authorization
for jjenkins
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
%{Stripped-User-Name} ->
Tue Jun 17 11:53:40 2014 : Info: [ldap] ... expanding second
conditional
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand: %{User-Name} ->
jjenkins
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jjenkins)
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
cn=accounts,dc=csi,dc=com -> cn=accounts,dc=csi,dc=com
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_get_conn: Got Id: 0
Tue Jun 17 11:53:40 2014 : Debug: [ldap] attempting LDAP reconnection
Tue Jun 17 11:53:40 2014 : Debug: [ldap] (re)connect to localhost:389,
authentication 0
Tue Jun 17 11:53:40 2014 : Debug: [ldap] setting TLS CACert File to
/etc/ipa/ca.crt
Tue Jun 17 11:53:40 2014 : Debug: [ldap] starting TLS
Tue Jun 17 11:53:40 2014 : Debug: [ldap] bind as / to localhost:389
Tue Jun 17 11:53:40 2014 : Debug: [ldap] waiting for bind result ...
Tue Jun 17 11:53:40 2014 : Debug: [ldap] Bind was successful
Tue Jun 17 11:53:40 2014 : Debug: [ldap] performing search in
cn=accounts,dc=csi,dc=com, with filter (uid=jjenkins)
Tue Jun 17 11:53:40 2014 : Info: [ldap] looking for check items in
directory...
Tue Jun 17 11:53:40 2014 : Info: [ldap] looking for reply items in
directory...
Tue Jun 17 11:53:40 2014 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Tue Jun 17 11:53:40 2014 : Info: [ldap] user jjenkins authorized to use
remote access
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:40 2014 : Info: ++[ldap] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[expiration] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[logintime] returns noop
Tue Jun 17 11:53:40 2014 : Info: [pap] WARNING! No "known good" password
found for the user. Authentication may fail because of this.
Tue Jun 17 11:53:40 2014 : Info: ++[pap] returns noop
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP Identity
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type md5
Tue Jun 17 11:53:40 2014 : Debug: rlm_eap_md5: Issuing Challenge
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 34 to 172.16.210.102 port 1042
EAP-Message = 0x014200160410317c801f5d97eea9e5403dece06dc9ae
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9aff4865d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 0.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=35, length=159
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x024200090319152b11
State = 0xafb682b9aff4865d9c2f9d64fb6bc98c
Message-Authenticator = 0xc5744302be2f36ef8d669c4dbc6de8b8
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 66
length 9
Tue Jun 17 11:53:40 2014 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns updated
Tue Jun 17 11:53:40 2014 : Info: ++[files] returns noop
Tue Jun 17 11:53:40 2014 : Info: [ldap] performing user authorization
for jjenkins
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
%{Stripped-User-Name} ->
Tue Jun 17 11:53:40 2014 : Info: [ldap] ... expanding second
conditional
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand: %{User-Name} ->
jjenkins
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jjenkins)
Tue Jun 17 11:53:40 2014 : Info: [ldap] expand:
cn=accounts,dc=csi,dc=com -> cn=accounts,dc=csi,dc=com
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_get_conn: Got Id: 0
Tue Jun 17 11:53:40 2014 : Debug: [ldap] performing search in
cn=accounts,dc=csi,dc=com, with filter (uid=jjenkins)
Tue Jun 17 11:53:40 2014 : Info: [ldap] looking for check items in
directory...
Tue Jun 17 11:53:40 2014 : Info: [ldap] looking for reply items in
directory...
Tue Jun 17 11:53:40 2014 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Tue Jun 17 11:53:40 2014 : Info: [ldap] user jjenkins authorized to use
remote access
Tue Jun 17 11:53:40 2014 : Debug: [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:40 2014 : Info: ++[ldap] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[expiration] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[logintime] returns noop
Tue Jun 17 11:53:40 2014 : Info: [pap] WARNING! No "known good" password
found for the user. Authentication may fail because of this.
Tue Jun 17 11:53:40 2014 : Info: ++[pap] returns noop
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP NAK
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP-NAK asked for EAP-Type/peap
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type tls
Tue Jun 17 11:53:40 2014 : Info: [tls] Initiate
Tue Jun 17 11:53:40 2014 : Info: [tls] Start returned 1
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 35 to 172.16.210.102 port 1042
EAP-Message = 0x014300061920
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9aef59b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 1.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=36, length=268
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0243007619800000006c160301006701000063030153a07295d1f0ceeda0128f71d91cd1d59852ae2badb19c8c7e8b18e718c65380000018c014c0130035002fc00ac00900380032000a00130005000401000022ff01000100000500050100000000000a0006000400170018000b0002010000230000
State = 0xafb682b9aef59b5d9c2f9d64fb6bc98c
Message-Authenticator = 0x89a953413680f47f66c1759a24eeaab1
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 67
length 118
Tue Jun 17 11:53:40 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:40 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:40 2014 : Debug: TLS Length 108
Tue Jun 17 11:53:40 2014 : Info: [peap] Length Included
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_verify returned 11
Tue Jun 17 11:53:40 2014 : Info: [peap] (other): before/accept
initialization
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: before/accept
initialization
Tue Jun 17 11:53:40 2014 : Info: [peap] <<< TLS 1.0 Handshake [length
0067], ClientHello
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 read
client hello A
Tue Jun 17 11:53:40 2014 : Info: [peap] >>> TLS 1.0 Handshake [length
0031], ServerHello
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 write
server hello A
Tue Jun 17 11:53:40 2014 : Info: [peap] >>> TLS 1.0 Handshake [length
085e], Certificate
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 write
certificate A
Tue Jun 17 11:53:40 2014 : Info: [peap] >>> TLS 1.0 Handshake [length
0004], ServerHelloDone
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 write
server done A
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 flush data
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: Need to read
more data: SSLv3 read client certificate A
Tue Jun 17 11:53:40 2014 : Debug: In SSL Handshake Phase
Tue Jun 17 11:53:40 2014 : Debug: In SSL Accept mode
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_process returned 13
Tue Jun 17 11:53:40 2014 : Info: [peap] EAPTLS_HANDLED
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 36 to 172.16.210.102 port 1042
EAP-Message =
0x0144040019c0000008a216030100310200002d030153a072940f7084c460f042c4530c4b4b37248cf354fad4b19d5808529e01326c000035000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175
EAP-Message =
0x74686f72697479301e170d3134303631373136333134365a170d3134303831363136333134365a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b6d103838591bad8f5fdfdb4482c6b1ce6d072e5f00b5569c61d7b99df61843c8c6ce854973146935ce173cab659fb7615eed7c58f6590
EAP-Message =
0xb610d54b50bf79cb66ccb185ea599190b03b57d6c79dde2e4802d6452071cbf25df572719e4eb6e51116735a7d29f82f0c35bef93f0467c196f6b4e18ec6d640007f4a170c0a7de4e05196d823734df72d48ddbde78303559aae3a7c98a6934ac573978d6c8bdacf06c42e48bd28bd5126a602ee4c92fb58668b73d80a86972dd4c697421e7d58c7d0ed089db386cf1fdb91cac8af45f61d08b5d4d11c45384eb630d2089ca3f68e91a4f8f764dccc8ef06f59c441479a95690af2b1d77c46a8193b6824bb0c5f4d190203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101009cfd
EAP-Message =
0x01369f19a0040c39dc20a8ae2ee30fa334c5516aeb8150799c5b077eefa0d748033c10cb54109482e9e6848b1c111035e8ef41e4d484ccf9e1045ef9052e248c00cbc82a7972b597dff661b1e90f5ef83c3933bb84f35572984bdbc1402feae5a0f95e3902e4edccd0a8094822dc4f93fa392f4a6f6343fe9adba18811e46ef9e35552e4a58e4500a0c2cfc5b0968086a21fdcf7c52d7ed6a64c3f7bdcd61573702b77e2efed8a40cc5e52b2966e3aa5f33d500588aea852021705ea26f1a40ffa21e4615ff37c91c306449fd2777267c658f35f168a2e2169a38538c2aff35d7181df02bf1e350f2a108a584f3d398f614885b525d5fed1ae0e8a3a8b
EAP-Message = 0xbd0004ab308204a73082038f
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9adf29b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 2.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=37, length=156
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x024400061900
State = 0xafb682b9adf29b5d9c2f9d64fb6bc98c
Message-Authenticator = 0x803a2da55bd0b52450537a3b75839783
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 68
length 6
Tue Jun 17 11:53:40 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:40 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:40 2014 : Info: [peap] Received TLS ACK
Tue Jun 17 11:53:40 2014 : Info: [peap] ACK handshake fragment handler
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_verify returned 1
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_process returned 13
Tue Jun 17 11:53:40 2014 : Info: [peap] EAPTLS_HANDLED
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 37 to 172.16.210.102 port 1042
EAP-Message =
0x014503fc1940a00302010202090084b6b44c2fbb0908300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3134303631373136333134365a170d3134303831363136333134365a308193310b3009060355040613024652310f300d0603550408130652616469757331
EAP-Message =
0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100d14425faab58dc1903ab46788008fe05a0a455bbbd97448504efffa716defed6e2de9bcea58ddfc43a13a84c180ed57498fb599c85be95fe9907cdb957c374123360930164ae1b071a8e52e3ba3843ab2f06f53b13f60b13de4e36ad326fbbaa4cd3f30ca5ec0e4b
EAP-Message =
0xc2fa0793c7b474755477dc1ddeb90c27ecfbf33af6d0e2edc89cba2b7a6d10684a3e100ca16a489052402b3b30469f1296bff0167c11ddf3a68d746552887dbd2660bad06bbe4033e96b5146b507ef1a384c002dde7ae1a3b15552a58ddc4bbff38331b3c35dffd0c77ed439725a722ebab17dcf44a71e0e76b8509f1640f187d551d1cdb17d80d73836939601f70ea775095cecbe2bcc390203010001a381fb3081f8301d0603551d0e041604148274d814aac9cce5746db2efa8e26ecd5bbdd0453081c80603551d230481c03081bd80148274d814aac9cce5746db2efa8e26ecd5bbdd045a18199a48196308193310b300906035504061302465231
EAP-Message =
0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090084b6b44c2fbb0908300c0603551d13040530030101ff300d06092a864886f70d010105050003820101009102d14bd7998fb0396d8cafee62b869c1c313920f16166849e69ec11b63f7f9c36dbf31f5da25f3df1633cb8804e1b7d3591c89bfd7a395c8a12b2ea7682b32da4672dee4932a48825b7e
EAP-Message = 0xa0e716d5dc21b548
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9acf39b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 3.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=38, length=156
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x024500061900
State = 0xafb682b9acf39b5d9c2f9d64fb6bc98c
Message-Authenticator = 0x8d922699881481d5fe2062bd13e9f56b
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 69
length 6
Tue Jun 17 11:53:40 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:40 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:40 2014 : Info: [peap] Received TLS ACK
Tue Jun 17 11:53:40 2014 : Info: [peap] ACK handshake fragment handler
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_verify returned 1
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_process returned 13
Tue Jun 17 11:53:40 2014 : Info: [peap] EAPTLS_HANDLED
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 38 to 172.16.210.102 port 1042
EAP-Message =
0x014600bc19002dec37025d8c9de67c1f804d75521b05104fb4ce3a0274f11e301d5c88ca918e04417ffeb4efab394cc3f8c37d0530c9b2bde8408be97ee66b201d53743806031e57f6b27fd8272b3aa43fab118b98787a4fbd4f3fa3a83b7d496133b1711083dd18b1aa34bef580fdf7447801cbe7f4ce13774990d76bfdbca778a08fb1eebad156811815259f182c90b16042f28c7e195efad068e43dca2f408e4f57c1af3635d71e5173e37b9b19411281cb16030100040e000000
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9abf09b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 4.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=39, length=488
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0246015019800000014616030101061000010201004ce8ace299ac5fbf94205af77a39ec4f54a0b30afddc59d8cd4ea2f9b09aa0d0ff259a29db66b77e3b124f5c1b164cd719e6979945643becffdb5d899de1c01b7d8ecd52812700fa6160de5ac87703253fc94e888c9c9db0a815dcc69736fad3947f0c8f9f918a68bf507a82a52e5b653841abee20e825f40d8cb75d54815285f08262b86e9a7cc3121217c73977e7f94a25143d87bd4873195f8b55b9eb3be85d16228bce728ce61eb7215145ca6ddaa496f022c5ae6437f7b461227aed4f1840d4caf9834174c71d5334c547632b00a72559f4b91032aa5289b39f0a008a831c058cd0b46fa222
EAP-Message =
0x00e6170adb9c99dcff3408b76c58dfc0c7daaefb46c116d41403010001011603010030c4d647870943f7859e6dbac47726a85b250024e4225859049b5bdcd4626f9534525c6fe818daf0fd5bfc6e184823c852
State = 0xafb682b9abf09b5d9c2f9d64fb6bc98c
Message-Authenticator = 0x2a75ec1ed749a94aa8882486551aedad
Tue Jun 17 11:53:40 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:40 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:40 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:40 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:40 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:40 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:40 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP packet type response id 70
length 253
Tue Jun 17 11:53:40 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:40 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:40 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:40 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:40 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:40 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:40 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:40 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:40 2014 : Debug: TLS Length 326
Tue Jun 17 11:53:40 2014 : Info: [peap] Length Included
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_verify returned 11
Tue Jun 17 11:53:40 2014 : Info: [peap] <<< TLS 1.0 Handshake [length
0106], ClientKeyExchange
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 read
client key exchange A
Tue Jun 17 11:53:40 2014 : Info: [peap] <<< TLS 1.0 ChangeCipherSpec
[length 0001]
Tue Jun 17 11:53:40 2014 : Info: [peap] <<< TLS 1.0 Handshake [length
0010], Finished
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 read
finished A
Tue Jun 17 11:53:40 2014 : Info: [peap] >>> TLS 1.0 ChangeCipherSpec
[length 0001]
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 write
change cipher spec A
Tue Jun 17 11:53:40 2014 : Info: [peap] >>> TLS 1.0 Handshake [length
0010], Finished
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 write
finished A
Tue Jun 17 11:53:40 2014 : Info: [peap] TLS_accept: SSLv3 flush data
Tue Jun 17 11:53:40 2014 : Info: [peap] (other): SSL negotiation
finished successfully
Tue Jun 17 11:53:40 2014 : Debug: SSL Connection Established
Tue Jun 17 11:53:40 2014 : Info: [peap] eaptls_process returned 13
Tue Jun 17 11:53:40 2014 : Info: [peap] EAPTLS_HANDLED
Tue Jun 17 11:53:40 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 39 to 172.16.210.102 port 1042
EAP-Message =
0x01470041190014030100010116030100306a2f1a53d32ceb1a8d16fe572479250f8e7263950cac2608c31c190fa517ee11c0ff70c73a823af98558a07676a5a118
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9aaf19b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:40 2014 : Info: Finished request 5.
Tue Jun 17 11:53:40 2014 : Debug: Going to the next request
Tue Jun 17 11:53:40 2014 : Debug: Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=40, length=156
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message = 0x024700061900
State = 0xafb682b9aaf19b5d9c2f9d64fb6bc98c
Message-Authenticator = 0x7974b678b0b13c90b81a5e6d93f4ecfb
Tue Jun 17 11:53:43 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:43 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:43 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:43 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:43 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:43 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP packet type response id 71
length 6
Tue Jun 17 11:53:43 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:43 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:43 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:43 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:43 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:43 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:43 2014 : Info: [peap] Received TLS ACK
Tue Jun 17 11:53:43 2014 : Info: [peap] ACK handshake is finished
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_verify returned 3
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_process returned 3
Tue Jun 17 11:53:43 2014 : Info: [peap] EAPTLS_SUCCESS
Tue Jun 17 11:53:43 2014 : Info: [peap] Session established. Decoding
tunneled attributes.
Tue Jun 17 11:53:43 2014 : Info: [peap] Peap state TUNNEL ESTABLISHED
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 40 to 172.16.210.102 port 1042
EAP-Message =
0x0148002b190017030100208b842487a9ece6c4645dfe6eab53bac347a26b42fef13f924c7ef558604c59fd
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9a9fe9b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:43 2014 : Info: Finished request 6.
Tue Jun 17 11:53:43 2014 : Debug: Going to the next request
Tue Jun 17 11:53:43 2014 : Debug: Waking up in 2.2 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=41, length=193
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0248002b1900170301002040e1523f190ad3904b2e70b37864dbebbec2ae9506cc37bc3762b602a7bd6c78
State = 0xafb682b9a9fe9b5d9c2f9d64fb6bc98c
Message-Authenticator = 0xf105b39afb6a257dd6fbf0542fe7ed2a
Tue Jun 17 11:53:43 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:43 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:43 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:43 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:43 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:43 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP packet type response id 72
length 43
Tue Jun 17 11:53:43 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:43 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:43 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:43 2014 : Info: [eap] Request found, released from the
list
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:43 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:43 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_verify returned 7
Tue Jun 17 11:53:43 2014 : Info: [peap] Done initial handshake
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_process returned 7
Tue Jun 17 11:53:43 2014 : Info: [peap] EAPTLS_OK
Tue Jun 17 11:53:43 2014 : Info: [peap] Session established. Decoding
tunneled attributes.
Tue Jun 17 11:53:43 2014 : Info: [peap] Peap state WAITING FOR INNER
IDENTITY
Tue Jun 17 11:53:43 2014 : Info: [peap] Identity - jjenkins
Tue Jun 17 11:53:43 2014 : Info: [peap] Got inner identity 'jjenkins'
Tue Jun 17 11:53:43 2014 : Info: [peap] Setting default EAP type for
tunneled EAP session.
Tue Jun 17 11:53:43 2014 : Info: [peap] Got tunneled request
EAP-Message = 0x0248000d016a6a656e6b696e73
server {
Tue Jun 17 11:53:43 2014 : Info: [peap] Setting User-Name to jjenkins
Sending tunneled request
EAP-Message = 0x0248000d016a6a656e6b696e73
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "jjenkins"
server inner-tunnel {
Tue Jun 17 11:53:43 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/inner-tunnel
Tue Jun 17 11:53:43 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:43 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:43 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:43 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:43 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[control] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[files] returns noop
Tue Jun 17 11:53:43 2014 : Info: [ldap] performing user authorization
for jjenkins
Tue Jun 17 11:53:43 2014 : Info: [ldap] expand:
%{Stripped-User-Name} ->
Tue Jun 17 11:53:43 2014 : Info: [ldap] ... expanding second
conditional
Tue Jun 17 11:53:43 2014 : Info: [ldap] expand: %{User-Name} ->
jjenkins
Tue Jun 17 11:53:43 2014 : Info: [ldap] expand:
(uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jjenkins)
Tue Jun 17 11:53:43 2014 : Info: [ldap] expand:
cn=accounts,dc=csi,dc=com -> cn=accounts,dc=csi,dc=com
Tue Jun 17 11:53:43 2014 : Debug: [ldap] ldap_get_conn: Checking Id: 0
Tue Jun 17 11:53:43 2014 : Debug: [ldap] ldap_get_conn: Got Id: 0
Tue Jun 17 11:53:43 2014 : Debug: [ldap] performing search in
cn=accounts,dc=csi,dc=com, with filter (uid=jjenkins)
Tue Jun 17 11:53:43 2014 : Info: [ldap] looking for check items in
directory...
Tue Jun 17 11:53:43 2014 : Info: [ldap] looking for reply items in
directory...
Tue Jun 17 11:53:43 2014 : Debug: WARNING: No "known good" password was
found in LDAP. Are you sure that the user is configured correctly?
Tue Jun 17 11:53:43 2014 : Info: [ldap] user jjenkins authorized to use
remote access
Tue Jun 17 11:53:43 2014 : Debug: [ldap] ldap_release_conn: Release Id: 0
Tue Jun 17 11:53:43 2014 : Info: ++[ldap] returns ok
Tue Jun 17 11:53:43 2014 : Info: ++[expiration] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[logintime] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[pap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ERROR: No authenticate method
(Auth-Type) found for the request: Rejecting the user
Tue Jun 17 11:53:43 2014 : Info: Failed to authenticate the user.
} # server inner-tunnel
Tue Jun 17 11:53:43 2014 : Info: [peap] Got tunneled reply code 3
Tue Jun 17 11:53:43 2014 : Info: [peap] Got tunneled reply RADIUS code 3
Tue Jun 17 11:53:43 2014 : Info: [peap] Tunneled authentication was
rejected.
Tue Jun 17 11:53:43 2014 : Info: [peap] FAILURE
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns handled
Sending Access-Challenge of id 41 to 172.16.210.102 port 1042
EAP-Message =
0x0149002b1900170301002040e0262abb96586735b5f83d6e99164c46d2bf568f8147a5105e2afa742d1725
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xafb682b9a8ff9b5d9c2f9d64fb6bc98c
Tue Jun 17 11:53:43 2014 : Info: Finished request 7.
Tue Jun 17 11:53:43 2014 : Debug: Going to the next request
Tue Jun 17 11:53:43 2014 : Debug: Waking up in 2.2 seconds.
rad_recv: Access-Request packet from host 172.16.210.102 port 1042,
id=42, length=193
User-Name = "jjenkins"
NAS-Port = 0
Called-Station-Id = "2E-A4-3C-65-D0-22:CSI"
Calling-Station-Id = "84-A6-C8-EE-38-10"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 0Mbps 802.11"
EAP-Message =
0x0249002b19001703010020d4932f0865c11f694a473026923b1187c4fab1e9a1c207df933b817447bb8014
State = 0xafb682b9a8ff9b5d9c2f9d64fb6bc98c
Message-Authenticator = 0xc3291af200d8743b9c8296c29b12ca21
Tue Jun 17 11:53:43 2014 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authorize {...}
Tue Jun 17 11:53:43 2014 : Info: ++[preprocess] returns ok
Tue Jun 17 11:53:43 2014 : Info: ++[chap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[mschap] returns noop
Tue Jun 17 11:53:43 2014 : Info: ++[digest] returns noop
Tue Jun 17 11:53:43 2014 : Info: [suffix] No '@' in User-Name =
"jjenkins", looking up realm NULL
Tue Jun 17 11:53:43 2014 : Info: [suffix] No such realm "NULL"
Tue Jun 17 11:53:43 2014 : Info: ++[suffix] returns noop
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP packet type response id 73
length 43
Tue Jun 17 11:53:43 2014 : Info: [eap] Continuing tunnel setup.
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns ok
Tue Jun 17 11:53:43 2014 : Info: Found Auth-Type = EAP
Tue Jun 17 11:53:43 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group authenticate {...}
Tue Jun 17 11:53:43 2014 : Info: [eap] Request found, released from the list
Tue Jun 17 11:53:43 2014 : Info: [eap] EAP/peap
Tue Jun 17 11:53:43 2014 : Info: [eap] processing type peap
Tue Jun 17 11:53:43 2014 : Info: [peap] processing EAP-TLS
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_verify returned 7
Tue Jun 17 11:53:43 2014 : Info: [peap] Done initial handshake
Tue Jun 17 11:53:43 2014 : Info: [peap] eaptls_process returned 7
Tue Jun 17 11:53:43 2014 : Info: [peap] EAPTLS_OK
Tue Jun 17 11:53:43 2014 : Info: [peap] Session established. Decoding
tunneled attributes.
Tue Jun 17 11:53:43 2014 : Info: [peap] Peap state send tlv failure
Tue Jun 17 11:53:43 2014 : Info: [peap] Received EAP-TLV response.
Tue Jun 17 11:53:43 2014 : Info: [peap] The users session was
previously rejected: returning reject (again.)
Tue Jun 17 11:53:43 2014 : Info: [peap] *** This means you need to read
the PREVIOUS messages in the debug output
Tue Jun 17 11:53:43 2014 : Info: [peap] *** to find out the reason why
the user was rejected.
Tue Jun 17 11:53:43 2014 : Info: [peap] *** Look for "reject" or
"fail". Those earlier messages will tell you.
Tue Jun 17 11:53:43 2014 : Info: [peap] *** what went wrong, and how to
fix the problem.
Tue Jun 17 11:53:43 2014 : Info: [eap] Handler failed in EAP/peap
Tue Jun 17 11:53:43 2014 : Info: [eap] Failed in EAP select
Tue Jun 17 11:53:43 2014 : Info: ++[eap] returns invalid
Tue Jun 17 11:53:43 2014 : Info: Failed to authenticate the user.
Tue Jun 17 11:53:43 2014 : Info: Using Post-Auth-Type Reject
Tue Jun 17 11:53:43 2014 : Info: # Executing group from file
/etc/raddb/sites-enabled/default
Tue Jun 17 11:53:43 2014 : Info: +- entering group REJECT {...}
Tue Jun 17 11:53:43 2014 : Info: [attr_filter.access_reject] expand:
%{User-Name} -> jjenkins
Tue Jun 17 11:53:43 2014 : Debug: attr_filter: Matched entry DEFAULT at
line 11
Tue Jun 17 11:53:43 2014 : Info: ++[attr_filter.access_reject] returns
updated
Tue Jun 17 11:53:43 2014 : Info: Delaying reject of request 8 for 1 seconds
Tue Jun 17 11:53:43 2014 : Debug: Going to the next request
Tue Jun 17 11:53:43 2014 : Debug: Waking up in 0.9 seconds.
Tue Jun 17 11:53:44 2014 : Info: Sending delayed reject for request 8
Sending Access-Reject of id 42 to 172.16.210.102 port 1042
EAP-Message = 0x04490004
Message-Authenticator = 0x00000000000000000000000000000000
Tue Jun 17 11:53:44 2014 : Debug: Waking up in 1.2 seconds.
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 0 ID 34 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 1 ID 35 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 2 ID 36 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 3 ID 37 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 4 ID 38 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Info: Cleaning up request 5 ID 39 with
timestamp +8
Tue Jun 17 11:53:45 2014 : Debug: Waking up in 2.6 seconds.
Tue Jun 17 11:53:48 2014 : Info: Cleaning up request 6 ID 40 with
timestamp +11
Tue Jun 17 11:53:48 2014 : Info: Cleaning up request 7 ID 41 with
timestamp +11
Tue Jun 17 11:53:48 2014 : Debug: Waking up in 1.0 seconds.
Tue Jun 17 11:53:49 2014 : Info: Cleaning up request 8 ID 42 with
timestamp +11
Tue Jun 17 11:53:49 2014 : Info: Ready to process requests.
3
6
Hi List Members
How can we do EAP authentication & MAC address look up in addition (stored
in MySQL DBMS) before accepting?
Thanks
2
2
I have installed the latest free radius 3.03-2, radtest command is not found
by blue phoenix 17 Jun '14
by blue phoenix 17 Jun '14
17 Jun '14
Fairly new to the Linux/Unix community and it’s CLIs…
I have installed the freeradius software via terminal and not via the GUI.
sudo yum install freeradius
I have this version installed
[root@localhost /]# rpm -qa freeradius\*
freeradius-3.0.3-2.fc20.i686
I believe that I have installed it correctly since when I issued the 'radiusd -X’ command it is waiting for logs
#other commands omitted
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
Listening on auth address * port 1812 as server default
Listening on acct address * port 1813 as server default
Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel
Opening new proxy socket 'proxy address * port 0'
Listening on proxy address * port 34199
Ready to process requests.
Now I opened another terminal window to edit the user file
[root@localhost /]# vi /etc/raddb/users
I have added this to the 1st line
testing Cleartext-Password := “password”
issued :wq!
typed this command afterwards:
[root@localhost /]# radtest testing password localhost 0 testing123
bash: radtest: command not found...
[root@localhost /]#
Please help to determine how come I was not able to run radtest and what steps do I need to do in order to successfully install freeradius.
Thanks,
2
3
Can someone just check me here:
If I want to send a CoA request from a client, via FR, to the NAS
(because the NAS is dumb and will only take CoA packets from the
auth/acct server IPs & secrets) then I'm stuck with defining one home
server/pool per NAS, right?
2
3