Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
February 2025
- 27 participants
- 27 discussions
Correct way to deal with an 'incorrect' dictionary shipped by default
by Coy Hile (BLOOMBERG/ 919 3RD A) 21 Feb '25
by Coy Hile (BLOOMBERG/ 919 3RD A) 21 Feb '25
21 Feb '25
Hi,
Recently (well, in the last year and a half or so) we got bit by FreeRADIUS shipping a 'dictinary.infinera' that's incorrect. Looking at the file, we see it's for vendor ID 8708 which according to IANA is "Lumentis AB". https://github.com/FreeRADIUS/freeradius-server/blob/master/share/dictionar…
The actual Infinera dictionary (as given to our network team by the vendor) contains this data by contrast:
# -*- text -*-
# Dictiionary for Infinera
#
#
VENDOR Infinera 21296
BEGIN-VENDOR Infinera
ATTRIBUTE Infinera-User-Priv-SA 1 integer
ATTRIBUTE Infinera-User-Priv-NA 2 integer
ATTRIBUTE Infinera-User-Priv-NE 3 integer
ATTRIBUTE Infinera-User-Priv-PR 4 integer
ATTRIBUTE Infinera-User-Priv-TT 5 integer
ATTRIBUTE Infinera-User-Priv-MA 6 integer
ATTRIBUTE Infinera-User-Priv-RA 7 integer
ATTRIBUTE Infinera-User-Priv-EA 8 integer
ATTRIBUTE Infinera-User-SessionTimeout 17 integer
ATTRIBUTE Infinera-User-LockedOut 18 integer
ATTRIBUTE Infinera-User-CanUseResSession 19 integer
ATTRIBUTE Infinera-User-MgtType-EMS 33 integer
ATTRIBUTE Infinera-User-MgtType-GNM 34 integer
ATTRIBUTE Infinera-User-MgtType-TL1 35 integer
ATTRIBUTE Infinera-User-MgtType-CLI 36 integer
ATTRIBUTE Infinera-User-MgtType-NETCONF 37 integer
ATTRIBUTE Infinera-Rsvd-Str-Attribute1 240 string
ATTRIBUTE Infinera-Rsvd-Str-Attribute2 241 string
ATTRIBUTE Infinera-Rsvd-Int-Attribute1 249 integer
ATTRIBUTE Infinera-Rsvd-Int-Attribute2 250 integer
VALUE Infinera-User-Priv-NE NE-NONPRIVILEGED 0
VALUE Infinera-User-Priv-NE NE-PRIVILEGED 1
VALUE Infinera-User-Priv-PR PR-NONPRIVILEGED 0
VALUE Infinera-User-Priv-PR PR-PRIVILEGED 1
VALUE Infinera-User-Priv-TT TT-NONPRIVILEGED 0
VALUE Infinera-User-Priv-TT TT-PRIVILEGED 1
VALUE Infinera-User-Priv-MA MA-NONPRIVILEGED 0
VALUE Infinera-User-Priv-MA MA-PRIVILEGED 1
VALUE Infinera-User-Priv-RA RA-NONPRIVILEGED 0
VALUE Infinera-User-Priv-RA RA-PRIVILEGED 1
VALUE Infinera-User-Priv-EA EA-NONPRIVILEGED 0
VALUE Infinera-User-Priv-EA EA-PRIVILEGED 1
VALUE Infinera-User-CanUseResSession CANNOT-USE-RES-SESSION 0
VALUE Infinera-User-CanUseResSession CAN-USE-RES-SESSION 1
VALUE Infinera-User-MgmtType-EMS MGMTTYPE-EMS-DISALLOWED 0
VALUE Infinera-User-MgmtType-EMS MGMTTYPE-EMS-ALLOWED 1
VALUE Infinera-User-MgmtType-GNM MGMTTYPE-GNM-DISALLOWED 0
VALUE Infinera-User-MgmtType-GNM MGMTTYPE-GNM-ALLOWED 1
VALUE Infinera-User-MgmtType-TL1 MGMTTYPE-TL1-DISALLOWED 0
VALUE Infinera-User-MgmtType-TL1 MGMTTYPE-TL1-ALLOWED 1
VALUE Infinera-User-MgmtType-CLI MGMTTYPE-CLI-DISALLOWED 0
VALUE Infinera-User-MgmtType-CLI MGMTTYPE-CLI-ALLOWED 1
VALUE Infinera-User-MgmtType-NETCONF MGMTTYPE-NETCONF-DISALLOWED 0
VALUE Infinera-User-MgmtType-NETCONF MGMTTYPE-NETCONF-ALLOWED 1
END-VENDOR Infinera
That vendor ID according to IANA is actually "Infinera". I've managed to work-around this by putting a hack in our RADIUS dictionary installation workflow to remove the shipped dictionary.infinera file from the shipped dictionary file, but that seems like a hack at bes. It means that someone from my team has to remember to run that workflow every time a box gets touched by patching automation since an updated FreeRADIUS RPM showing up from RedHat--or soon from your official packages--will overwrite our working copy.
Is there a better way we should handle this?
Thanks,
-Coy
4
7
Hello All,
I have been facing an issue with using tls1.3 in the freeradius.
I have been using OpenWrt OS 24.10-rc2 hosted on a linksys router 3200acm.
I have been using freeradius 3.2.5 and openssl 3.0.15. I am trying to
setup a cert based authentication. My client is a linux system. My setup
works fine when i set the tls min,max to 1.2 in the eap. Now i wanted to
use it with tls1.3 and below is the error message that i am getting at the
radius server:
(2) Finished request
Waking up in 0.1 seconds.
(3) Received Access-Request Id 25 from 127.0.0.1:48027 to 127.0.0.1:1812
length 414
(3) Message-Authenticator = 0xc98320007899b6bb4770df4b55e42006
(3) User-Name = "user"
(3) NAS-IP-Address = 127.0.0.1
(3) NAS-Identifier = "24f5a2c3707a"
(3) Called-Station-Id = "24-F5-A2-C3-70-7A:WIFI_LNK_5G"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 1
(3) Calling-Station-Id = "C0-EE-40-45-49-8C"
(3) Connect-Info = "CONNECT 54Mbps 802.11a"
(3) Acct-Session-Id = "6F4499DCFDDEF213"
(3) Attr-186 = 0x000fac04
(3) Attr-187 = 0x000fac04
(3) Attr-188 = 0x000fac01
(3) Framed-MTU = 1400
(3) EAP-Message =
0x02ff00c40d0016030100b9010000b503036218c045b79856a9894150ad6bbca3a09f0e1cd0191899d60097eb7db525a122000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000054000b000403000102000a000c000a001d0017001e001900180016000000170000000d0030002e040305030603080708080809080a080b080408050806040105010601030302030301020103020202040205020602
(3) State = 0xeafcdefdea03d3f8dbd1dcc1dd69fc85
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) # Executing section authorize from file
/etc/freeradius3/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ /(a)(.+)\.(.+)$/)) ->
FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ /(a)\./) {
(3) if (&User-Name =~ /(a)\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "user", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 255 length 196
(3) eap: No EAP Start, assuming it's an on-going EAP conversation
(3) [eap] = updated
(3) [files] = noop
(3) [expiration] = noop
(3) [logintime] = noop
(3) [pap] = noop
(3) } # authorize = updated
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius3/sites-enabled/default
(3) authenticate {
(3) eap: Removing EAP session with state 0xeafcdefdea03d3f8
(3) eap: Previous EAP request found for state 0xeafcdefdea03d3f8, released
from the list
(3) eap: Peer sent packet with method EAP TLS (13)
(3) eap: Calling submodule eap_tls to process data
(3) eap_tls: (TLS) EAP Got final fragment (190 bytes)
(3) eap_tls: WARNING: (TLS) EAP Total received record fragments (190
bytes), does not equal expected expected data length (0 bytes)
(3) eap_tls: (TLS) EAP Done initial handshake
(3) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(3) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(3) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(3) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(3) eap_tls: (TLS) TLS - send TLS 1.2 Alert, fatal protocol_version
(3) eap_tls: ERROR: (TLS) TLS - Alert write:fatal:protocol version
(3) eap_tls: ERROR: (TLS) TLS - Server : Error in error
(3) eap_tls: ERROR: (TLS) Failed reading from OpenSSL: error:0A000102:SSL
routines::unsupported protocol
(3) eap_tls: ERROR: (TLS) System call (I/O) error (-1)
(3) eap_tls: ERROR: (TLS) EAP Receive handshake failed during operation
(3) eap_tls: ERROR: [eaptls process] = fail
(3) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module
failed
(3) eap: Sending EAP Failure (code 4) ID 255 length 4
(3) eap: Failed in EAP select
(3) [eap] = invalid
(3) } # authenticate = invalid
(3) Failed to authenticate the user
(3) Using Post-Auth-Type Reject
(3) # Executing group from file /etc/freeradius3/sites-enabled/default
(3) Post-Auth-Type REJECT {
(3) attr_filter.access_reject: EXPAND %{User-Name}
(3) attr_filter.access_reject: --> user
(3) attr_filter.access_reject: Matched entry DEFAULT at line 11
(3) [attr_filter.access_reject] = updated
(3) [eap] = noop
(3) policy remove_reply_message_if_eap {
(3) if (&reply:EAP-Message && &reply:Reply-Message) {
(3) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(3) else {
(3) [noop] = noop
(3) } # else = noop
(3) } # policy remove_reply_message_if_eap = noop
(3) } # Post-Auth-Type REJECT = updated
(3) Delaying response for 1.000000 seconds
(0) Cleaning up request packet ID 22 with timestamp +589 due to
cleanup_delay was reached
(1) Cleaning up request packet ID 23 with timestamp +589 due to
cleanup_delay was reached
Waking up in 0.2 seconds.
Waking up in 0.6 seconds.
(3) Sending delayed response
(3) Sent Access-Reject Id 25 from 127.0.0.1:1812 to 127.0.0.1:48027 length
44
(3) EAP-Message = 0x04ff0004
(3) Message-Authenticator = 0x00000000000000000000000000000000
Waking up in 3.9 seconds.
I did update the eap file tls_min_version and tls_max_version to 1.3
Any help is highly appreciated.
-Akhil
3
12
Hello.
Currently I have EAP-TLS auth.
On successfull auth, it logs
```
Wed Feb 19 15:23:13 2025 : Auth: (9) Login OK: [anonymous-xxx]
(from client name_of_client1 port 8 cli ee:ee:ee:ed:ae:ee)
```
I'd like to extend or replace this line with UPN from certiificate and
other attributes.
Where should I start from ?
2
3
Hi List,
I know that with the Detail module, I can split the accounting records into hourly files. However, is there a way—perhaps using an expression in the filename or something similar—to further reduce this to 30-minute files?
Best Regards,
2
1
Hi, how can I reject an ldap user if it is not member of a group by using the users file?
I tried this:
DEFAULT NAS-Identifier == "openVPN", LDAP-Group != "01-PL-Allow-VPN", Auth-Type := Reject
But in the logs I see this:
ERROR: files: Operator "!=" not allowed for LDAP group comparisons
3
3
Is there an ability to include _every_ option from `default_client` into
`client name_of_client1` without moving them to separate file and with
single directive?
Something like that:
# clients.conf
default_client {
secret = "TheDefaultClientSecret"
require_message_authenticator = yes
vlan_for_ssid-name = "50"
}
client name_of_client1 {
$COPY ${.default_client}
ipaddr = 10.1.1.1
}
I understand there is ability to refer parameters one-by-one, like that:
client name_of_client1 {
ipaddr = 10.1.1.1
secret = ${..default_client.secret}
require_message_authenticator =
${..default_client.require_message_authenticator}
vlan_for_ssid-name = ${..default_client.vlan_for_ssid-name}
}
And there is ability to move all parameters to a separate file, like that
# clients.conf
client name_of_client1 {
ipaddr = 10.1.1.1
$INCLUDE clients.defaults.conf
}
# clients.defaults.conf
secret = "TheDefaultClientSecret"
require_message_authenticator = yes
vlan_for_ssid-name = "50"
But interested in copying all set of parameters with single command.
2
3
17 Feb '25
When installing freeRADIUS from NetworkRadius to Debian 12, I get this
warning:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! libldap is using GnuTLS, while FreeRADIUS is using OpenSSL
!! There may be random issues with TLS connections due to this conflict.
!! The server may also crash.
!! See https://wiki.freeradius.org/modules/Rlm_ldap for more information.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Any suggestions where to get \ how to build libldap for debian linked to
OpenSSL ?
3
3
Is there an option to start radiusd with ldap module when ldap server is not available?
by Alexey D. Filimonov 17 Feb '25
by Alexey D. Filimonov 17 Feb '25
17 Feb '25
Is there an option to start radiusd with ldap module when ldap server is
not available on start?
Instead of exiting, continue trying reconnecting while successfully
processing requests that don't require ldap ?
currently, I have this behavoir:
Info: Starting - reading configuration files ...
Info: Debugger not attached
Info: rlm_ldap: libldap vendor: OpenLDAP, version: 20608
Error: rlm_ldap (ldap_wifi_od): Bind with
uid=svc_radius_wifi,cn=... to ldaps://ds1....:636: Can't contact LDAP server
Error: rlm_ldap (ldap_wifi_od): Opening connection failed (0)
Error: /opt/etc/raddb/mods-enabled/ldap_wifi_od[7]: Instantiation
failed for module "ldap_wifi_od"
2
2
*Hello Alan DeKok,*
I am currently using FreeRADIUS with the SQL driver integrated with
Mikrotik, and everything is set up as per the guidelines.
Below is my configuration for the radgroupreply table:
[image: image.png]
However, I am encountering an issue where the system is unable to determine
the remote IP address during the termination process.
Attached Mikrotik logs for your reference:
DC:8E:8D:2E:7E:34 local ip pool error: std failure: unknown id (4)
pppoe, ppp, info, acc... k-gopalghosh logged in, 10.10.22.115 from
DC:8E:8D:2E:7E:34 pppoe, ppp, info <pppoe-k-gopalghosh>: authenticated
pppoe.ppp, info
<pppoe-k-gopalghosh>: terminating... - could not determine remote IP
address pppoe, ppp, info, acc... k-gopalghosh logged out, 0 62 103 5 7 from
DC:8E:8D:2E:7E:34 <pppoek-gopalghosh>: disconnected
pppoe, ppp, info
pppoe, ppp, error pppoe, info
<02e7>: user s-siddik authentication failed
Could you please guide me on how to resolve this issue?
Thank you for your assistance. I look forward to your response.
Best regards,
Mamun Ahmed
3
2
Hi,
I met a strange issue saying PMK mismatch when testing EAP TEAP TLS with eapol_test on FreeRADIUS 3.2.7
I was keeping most of the configuration file untouched.
The only 3 configuration files modified are
clients - I added another user /password based on my IP
mschap - I enabled use_mppe_keys (which is required by TEAP MSCHAPv2)
eap - Uncommented several key options in eap teap section
Here is the eapol_test conf:
network={
ssid="UConnect"
key_mgmt=IEEE8021X
eap=TEAP
phase1="teap_compat=freeradius,tls_disable_tlsv1_0=1,tls_disable_tlsv1_1=1"
pac_file=""
anonymous_identity="anonymous"
identity="mailto:user@example.org"
phase2="autheap=TLS"
ca_cert="/etc/freeradius/certs/ca.der"
ca_cert2="/etc/freeradius/certs/ca.pem"
client_cert2="/etc/freeradius/certs/client.pem"
private_key2="/etc/freeradius/certs/client.key"
private_key2_passwd="whatever"
}
Since there are several TEAP tests added this version are done by eapol_test, I believe it’s probably I didn't config FreeRADIUS correctly.
Could someone look at it and point out the correct way to do TEAP TLS ?
Thanks!
Here is the debugging info (and configuration)
root@debian-freeradius:/etc/freeradius# freeradius -X
FreeRADIUS Version 3.2.7
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including dictionary file /etc/freeradius/dictionary
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/mods-enabled/
including configuration file /etc/freeradius/mods-enabled/detail.log
including configuration file /etc/freeradius/mods-enabled/attr_filter
including configuration file /etc/freeradius/mods-enabled/mschap
including configuration file /etc/freeradius/mods-enabled/unpack
including configuration file /etc/freeradius/mods-enabled/date
including configuration file /etc/freeradius/mods-enabled/pap
including configuration file /etc/freeradius/mods-enabled/detail
including configuration file /etc/freeradius/mods-enabled/totp
including configuration file /etc/freeradius/mods-enabled/passwd
including configuration file /etc/freeradius/mods-enabled/expr
including configuration file /etc/freeradius/mods-enabled/preprocess
including configuration file /etc/freeradius/mods-enabled/realm
including configuration file /etc/freeradius/mods-enabled/expiration
including configuration file /etc/freeradius/mods-enabled/linelog
including configuration file /etc/freeradius/mods-enabled/ntlm_auth
including configuration file /etc/freeradius/mods-enabled/sradutmp
including configuration file /etc/freeradius/mods-enabled/proxy_rate_limit
including configuration file /etc/freeradius/mods-enabled/logintime
including configuration file /etc/freeradius/mods-enabled/always
including configuration file /etc/freeradius/mods-enabled/replicate
including configuration file /etc/freeradius/mods-enabled/echo
including configuration file /etc/freeradius/mods-enabled/soh
including configuration file /etc/freeradius/mods-enabled/chap
including configuration file /etc/freeradius/mods-enabled/dynamic_clients
including configuration file /etc/freeradius/mods-enabled/files
including configuration file /etc/freeradius/mods-enabled/exec
including configuration file /etc/freeradius/mods-enabled/unix
including configuration file /etc/freeradius/mods-enabled/digest
including configuration file /etc/freeradius/mods-enabled/radutmp
including configuration file /etc/freeradius/mods-enabled/utf8
including configuration file /etc/freeradius/mods-enabled/eap
including files in directory /etc/freeradius/policy.d/
including configuration file /etc/freeradius/policy.d/accounting
including configuration file /etc/freeradius/policy.d/control
including configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/debug
including configuration file /etc/freeradius/policy.d/dhcp
including configuration file /etc/freeradius/policy.d/rfc7542
including configuration file /etc/freeradius/policy.d/filter
including configuration file /etc/freeradius/policy.d/moonshot-targeted-ids
including configuration file /etc/freeradius/policy.d/abfab-tr
including configuration file /etc/freeradius/policy.d/cui
including configuration file /etc/freeradius/policy.d/canonicalization
including configuration file /etc/freeradius/policy.d/eap
including files in directory /etc/freeradius/sites-enabled/
including configuration file /etc/freeradius/sites-enabled/inner-tunnel
including configuration file /etc/freeradius/sites-enabled/default
main {
security {
user = "freerad"
group = "freerad"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/freeradius"
run_dir = "/var/run/freeradius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/freeradius/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/freeradius/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
unlang {
group_stop_return = no
policy_stop_return = no
}
}
radiusd: #### Loading Realms and Home Servers ####
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
nonblock = no
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = <<< secret >>>
response_window = 20.000000
response_timeouts = 1
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
check_timeout = 4
num_answers_to_alive = 3
revive_interval = 120
limit {
max_connections = 16
max_requests = 0
lifetime = 0
idle_timeout = 0
}
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: #### Loading Clients ####
client localhost {
ipaddr = 127.0.0.1
secret = <<< secret >>>
nas_type = "other"
proto = "*"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 900
}
}
Shared secret for client localhost is short, and likely can be broken by an attacker.
client localhost_ipv6 {
ipv6addr = ::1
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Shared secret for client localhost_ipv6 is short, and likely can be broken by an attacker.
client int {
ipaddr = 192.168.4.151
secret = <<< secret >>>
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Shared secret for client int is short, and likely can be broken by an attacker.
Debugger not attached
Configuration version: bdc0-a492-b81c-432e
systemd watchdog is disabled
# Creating Auth-Type = mschap
# Creating Auth-Type = eap
# Creating Auth-Type = PAP
# Creating Auth-Type = CHAP
# Creating Auth-Type = MS-CHAP
# Creating Auth-Type = digest
# Creating Autz-Type = New-TLS-Connection
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_detail
# Loading module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
detail auth_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
detail reply_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
detail pre_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/pre-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loading module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
detail post_proxy_log {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/post-proxy-detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_attr_filter
# Loading module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.post-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/post-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.pre-proxy {
filename = "/etc/freeradius/mods-config/attr_filter/pre-proxy"
key = "%{Realm}"
relaxed = no
}
# Loading module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_reject {
filename = "/etc/freeradius/mods-config/attr_filter/access_reject"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.access_challenge {
filename = "/etc/freeradius/mods-config/attr_filter/access_challenge"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.accounting_response {
filename = "/etc/freeradius/mods-config/attr_filter/accounting_response"
key = "%{User-Name}"
relaxed = no
}
# Loading module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter
attr_filter attr_filter.coa {
filename = "/etc/freeradius/mods-config/attr_filter/coa"
key = "%{User-Name}"
relaxed = no
}
# Loaded module rlm_mschap
# Loading module "mschap" from file /etc/freeradius/mods-enabled/mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/pf/bin/ntlm_auth_wrapper -p 8125 -a 127.0.0.1 -t 5000 -- --mac=11:11:11:11:11:11 --request-nt-key --allow-mschapv2 --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_unpack
# Loading module "unpack" from file /etc/freeradius/mods-enabled/unpack
# Loaded module rlm_date
# Loading module "date" from file /etc/freeradius/mods-enabled/date
date {
format = "%b %e %Y %H:%M:%S %Z"
utc = no
}
# Loading module "wispr2date" from file /etc/freeradius/mods-enabled/date
date wispr2date {
format = "%Y-%m-%dT%H:%M:%S"
utc = no
}
# Loaded module rlm_pap
# Loading module "pap" from file /etc/freeradius/mods-enabled/pap
pap {
normalise = yes
}
# Loading module "detail" from file /etc/freeradius/mods-enabled/detail
detail {
filename = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
permissions = 384
locking = no
dates_as_integer = no
escape_filenames = no
log_packet_header = no
}
# Loaded module rlm_totp
# Loading module "totp" from file /etc/freeradius/mods-enabled/totp
totp {
time_step = 30
otp_length = 6
lookback_steps = 1
lookback_interval = 30
lookforward_steps = 0
}
# Loaded module rlm_passwd
# Loading module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
passwd etc_passwd {
filename = "/etc/passwd"
format = "*User-Name:Crypt-Password:"
delimiter = ":"
ignore_nislike = no
ignore_empty = yes
allow_multiple_keys = no
hash_size = 100
}
# Loaded module rlm_expr
# Loading module "expr" from file /etc/freeradius/mods-enabled/expr
expr {
safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /äéöüàâæçèéêëîïôœùûüaÿÄÉÖÜßÀÂÆÇÈÉÊËÎÏÔŒÙÛÜŸ"
}
# Loaded module rlm_preprocess
# Loading module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
preprocess {
huntgroups = "/etc/freeradius/mods-config/preprocess/huntgroups"
hints = "/etc/freeradius/mods-config/preprocess/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
# Loaded module rlm_realm
# Loading module "IPASS" from file /etc/freeradius/mods-enabled/realm
realm IPASS {
format = "prefix"
delimiter = "/"
ignore_default = no
ignore_null = no
}
# Loading module "suffix" from file /etc/freeradius/mods-enabled/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
# Loading module "bangpath" from file /etc/freeradius/mods-enabled/realm
realm bangpath {
format = "prefix"
delimiter = "!"
ignore_default = no
ignore_null = no
}
# Loading module "realmpercent" from file /etc/freeradius/mods-enabled/realm
realm realmpercent {
format = "suffix"
delimiter = "%"
ignore_default = no
ignore_null = no
}
# Loading module "ntdomain" from file /etc/freeradius/mods-enabled/realm
realm ntdomain {
format = "prefix"
delimiter = "\"
ignore_default = no
ignore_null = no
}
# Loaded module rlm_expiration
# Loading module "expiration" from file /etc/freeradius/mods-enabled/expiration
# Loaded module rlm_linelog
# Loading module "linelog" from file /etc/freeradius/mods-enabled/linelog
linelog {
filename = "/var/log/freeradius/linelog"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = "This is a log message for %{User-Name}"
reference = "messages.%{%{reply:Packet-Type}:-default}"
}
# Loading module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
linelog log_accounting {
filename = "/var/log/freeradius/linelog-accounting"
escape_filenames = no
syslog_severity = "info"
permissions = 384
format = ""
reference = "Accounting-Request.%{%{Acct-Status-Type}:-unknown}"
}
# Loaded module rlm_exec
# Loading module "ntlm_auth" from file /etc/freeradius/mods-enabled/ntlm_auth
exec ntlm_auth {
wait = yes
program = "/path/to/ntlm_auth --request-nt-key --domain=MYDOMAIN --username=%{mschap:User-Name} --password=%{User-Password}"
shell_escape = yes
}
# Loaded module rlm_radutmp
# Loading module "sradutmp" from file /etc/freeradius/mods-enabled/sradutmp
radutmp sradutmp {
filename = "/var/log/freeradius/sradutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 420
caller_id = no
}
# Loaded module rlm_proxy_rate_limit
# Loading module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit
proxy_rate_limit {
max_entries = 2048
idle_timeout = 10
num_subtables = 256
window = 1
}
# Loaded module rlm_logintime
# Loading module "logintime" from file /etc/freeradius/mods-enabled/logintime
logintime {
minimum_timeout = 60
}
# Loaded module rlm_always
# Loading module "reject" from file /etc/freeradius/mods-enabled/always
always reject {
rcode = "reject"
simulcount = 0
mpp = no
}
# Loading module "fail" from file /etc/freeradius/mods-enabled/always
always fail {
rcode = "fail"
simulcount = 0
mpp = no
}
# Loading module "ok" from file /etc/freeradius/mods-enabled/always
always ok {
rcode = "ok"
simulcount = 0
mpp = no
}
# Loading module "handled" from file /etc/freeradius/mods-enabled/always
always handled {
rcode = "handled"
simulcount = 0
mpp = no
}
# Loading module "invalid" from file /etc/freeradius/mods-enabled/always
always invalid {
rcode = "invalid"
simulcount = 0
mpp = no
}
# Loading module "userlock" from file /etc/freeradius/mods-enabled/always
always userlock {
rcode = "userlock"
simulcount = 0
mpp = no
}
# Loading module "notfound" from file /etc/freeradius/mods-enabled/always
always notfound {
rcode = "notfound"
simulcount = 0
mpp = no
}
# Loading module "noop" from file /etc/freeradius/mods-enabled/always
always noop {
rcode = "noop"
simulcount = 0
mpp = no
}
# Loading module "updated" from file /etc/freeradius/mods-enabled/always
always updated {
rcode = "updated"
simulcount = 0
mpp = no
}
# Loaded module rlm_replicate
# Loading module "replicate" from file /etc/freeradius/mods-enabled/replicate
# Loading module "echo" from file /etc/freeradius/mods-enabled/echo
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = "request"
output_pairs = "reply"
shell_escape = yes
}
# Loaded module rlm_soh
# Loading module "soh" from file /etc/freeradius/mods-enabled/soh
soh {
dhcp = yes
}
# Loaded module rlm_chap
# Loading module "chap" from file /etc/freeradius/mods-enabled/chap
# Loaded module rlm_dynamic_clients
# Loading module "dynamic_clients" from file /etc/freeradius/mods-enabled/dynamic_clients
# Loaded module rlm_files
# Loading module "files" from file /etc/freeradius/mods-enabled/files
files {
filename = "/etc/freeradius/mods-config/files/authorize"
acctusersfile = "/etc/freeradius/mods-config/files/accounting"
preproxy_usersfile = "/etc/freeradius/mods-config/files/pre-proxy"
}
# Loading module "exec" from file /etc/freeradius/mods-enabled/exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
timeout = 10
}
# Loaded module rlm_unix
# Loading module "unix" from file /etc/freeradius/mods-enabled/unix
unix {
radwtmp = "/var/log/freeradius/radwtmp"
}
Creating attribute Unix-Group
# Loaded module rlm_digest
# Loading module "digest" from file /etc/freeradius/mods-enabled/digest
# Loading module "radutmp" from file /etc/freeradius/mods-enabled/radutmp
radutmp {
filename = "/var/log/freeradius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
permissions = 384
caller_id = yes
}
# Loaded module rlm_utf8
# Loading module "utf8" from file /etc/freeradius/mods-enabled/utf8
# Loaded module rlm_eap
# Loading module "eap" from file /etc/freeradius/mods-enabled/eap
eap {
default_eap_type = "md5"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
instantiate {
}
# Instantiating module "auth_log" from file /etc/freeradius/mods-enabled/detail.log
rlm_detail (auth_log): 'User-Password' suppressed, will not appear in detail output
# Instantiating module "reply_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "pre_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "post_proxy_log" from file /etc/freeradius/mods-enabled/detail.log
# Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/post-proxy
# Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/pre-proxy
# Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_reject
# Instantiating module "attr_filter.access_challenge" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/access_challenge
# Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/accounting_response
# Instantiating module "attr_filter.coa" from file /etc/freeradius/mods-enabled/attr_filter
reading pairlist file /etc/freeradius/mods-config/attr_filter/coa
# Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap
rlm_mschap (mschap): authenticating by calling 'ntlm_auth'
# Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap
# Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail
# Instantiating module "totp" from file /etc/freeradius/mods-enabled/totp
# Instantiating module "etc_passwd" from file /etc/freeradius/mods-enabled/passwd
rlm_passwd: nfields: 3 keyfield 0(User-Name) listable: no
# Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess
reading pairlist file /etc/freeradius/mods-config/preprocess/huntgroups
reading pairlist file /etc/freeradius/mods-config/preprocess/hints
# Instantiating module "IPASS" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "bangpath" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "realmpercent" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "ntdomain" from file /etc/freeradius/mods-enabled/realm
# Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration
# Instantiating module "linelog" from file /etc/freeradius/mods-enabled/linelog
# Instantiating module "log_accounting" from file /etc/freeradius/mods-enabled/linelog
# Instantiating module "proxy_rate_limit" from file /etc/freeradius/mods-enabled/proxy_rate_limit
# Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime
# Instantiating module "reject" from file /etc/freeradius/mods-enabled/always
# Instantiating module "fail" from file /etc/freeradius/mods-enabled/always
# Instantiating module "ok" from file /etc/freeradius/mods-enabled/always
# Instantiating module "handled" from file /etc/freeradius/mods-enabled/always
# Instantiating module "invalid" from file /etc/freeradius/mods-enabled/always
# Instantiating module "userlock" from file /etc/freeradius/mods-enabled/always
# Instantiating module "notfound" from file /etc/freeradius/mods-enabled/always
# Instantiating module "noop" from file /etc/freeradius/mods-enabled/always
# Instantiating module "updated" from file /etc/freeradius/mods-enabled/always
# Instantiating module "files" from file /etc/freeradius/mods-enabled/files
reading pairlist file /etc/freeradius/mods-config/files/authorize
reading pairlist file /etc/freeradius/mods-config/files/accounting
reading pairlist file /etc/freeradius/mods-config/files/pre-proxy
# Instantiating module "eap" from file /etc/freeradius/mods-enabled/eap
# Linked to sub-module rlm_eap_md5
# Linked to sub-module rlm_eap_gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
ca_path = "/etc/freeradius/certs"
pem_file_type = yes
private_key_file = "/etc/freeradius/certs/server.pem"
certificate_file = "/etc/freeradius/certs/server.pem"
ca_file = "/etc/freeradius/certs/ca.pem"
private_key_password = <<< secret >>>
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = ""
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = yes
url = http://127.0.0.1/ocsp/
use_nonce = yes
timeout = 0
softfail = no
}
}
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Linked to sub-module rlm_eap_fast
fast {
tls = "tls-common"
default_eap_type = "mschapv2"
virtual_server = "inner-tunnel"
cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
require_client_cert = no
pac_lifetime = 604800
authority_identity = "1234"
pac_opaque_key = "0123456789abcdef0123456789ABCDEF"
copy_request_to_tunnel = no
use_tunneled_reply = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_teap
teap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
require_client_cert = no
authority_identity = "1234"
virtual_server = "inner-tunnel"
identity_types = "user"
user_eap_type = "tls"
machine_eap_type = "tls"
}
tls: Using cached TLS configuration from previous invocation
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /etc/freeradius/radiusd.conf
} # server
server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel
# Loading authenticate {...}
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
Ignoring "sql" (see raddb/mods-available/README.rst)
Ignoring "ldap" (see raddb/mods-available/README.rst)
# Loading post-proxy {...}
# Loading post-auth {...}
# Skipping contents of 'if' as it is always 'false' -- /etc/freeradius/sites-enabled/inner-tunnel:366
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
} # server inner-tunnel
server default { # from file /etc/freeradius/sites-enabled/default
# Loading authenticate {...}
Compiling Auth-Type PAP for attr Auth-Type
Compiling Auth-Type CHAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
Compiling Autz-Type New-TLS-Connection for attr Autz-Type
# Loading preacct {...}
# Loading accounting {...}
# Loading post-auth {...}
Compiling Post-Auth-Type REJECT for attr Post-Auth-Type
Compiling Post-Auth-Type Challenge for attr Post-Auth-Type
Compiling Post-Auth-Type Client-Lost for attr Post-Auth-Type
} # server default
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
listen {
type = "auth"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 900
}
}
listen {
type = "acct"
ipaddr = *
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "auth"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
listen {
type = "acct"
ipv6addr = ::
port = 0
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
Listening on auth address 127.0.0.1 port 18120 bound to server inner-tunnel
Listening on auth address * port 1812 bound to server default
Listening on acct address * port 1813 bound to server default
Listening on auth address :: port 1812 bound to server default
Listening on acct address :: port 1813 bound to server default
Listening on proxy address * port 49507
Listening on proxy address :: port 48593
Ready to process requests
(0) Received Access-Request Id 0 from 192.168.4.151:48174 to 192.168.4.151:1812 length 160
(0) Message-Authenticator = 0xc938b5ec4719f3cb4f38776ab8243bac
(0) User-Name = "anonymous"
(0) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "CONNECT 11Mbps 802.11b"
(0) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(0) NAS-IP-Address = 192.168.4.20
(0) EAP-Message = 0x025d000e01616e6f6e796d6f7573
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) authorize {
(0) policy filter_username {
(0) if (&User-Name) {
(0) if (&User-Name) -> TRUE
(0) if (&User-Name) {
(0) if (&User-Name =~ / /) {
(0) if (&User-Name =~ / /) -> FALSE
(0) if (&User-Name =~ /@[^@]*@/ ) {
(0) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(0) if (&User-Name =~ /\.\./ ) {
(0) if (&User-Name =~ /\.\./ ) -> FALSE
(0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(0) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(0) if (&User-Name =~ /\.$/) {
(0) if (&User-Name =~ /\.$/) -> FALSE
(0) if (&User-Name =~ mailto:/@\./) {
(0) if (&User-Name =~ mailto:/@\./) -> FALSE
(0) } # if (&User-Name) = notfound
(0) } # policy filter_username = notfound
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: Peer sent EAP Response (code 2) ID 93 length 14
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(0) [eap] = ok
(0) } # authorize = ok
(0) Found Auth-Type = eap
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) authenticate {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Using default_eap_type = MD5
(0) eap: Calling submodule eap_md5 to process data
(0) eap_md5: Issuing MD5 Challenge
(0) eap: Sending EAP Request (code 1) ID 94 length 22
(0) eap: EAP session adding &reply:State = 0x6501da9e655fde03
(0) [eap] = handled
(0) } # authenticate = handled
(0) Using Post-Auth-Type Challenge
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Challenge { ... } # empty sub-section is ignored
(0) Sent Access-Challenge Id 0 from 192.168.4.151:1812 to 192.168.4.151:48174 length 80
(0) EAP-Message = 0x015e001604103f9a6c780e20a2ce97b652c4f8ec438e
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x6501da9e655fde03dd76d824d918a37a
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 1 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(1) Message-Authenticator = 0x29df9753dac0a17e614ec7d921f2799c
(1) User-Name = "anonymous"
(1) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(1) Framed-MTU = 1400
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) Connect-Info = "CONNECT 11Mbps 802.11b"
(1) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(1) NAS-IP-Address = 192.168.4.20
(1) EAP-Message = 0x025e00060337
(1) State = 0x6501da9e655fde03dd76d824d918a37a
(1) session-state: No cached attributes
(1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(1) authorize {
(1) policy filter_username {
(1) if (&User-Name) {
(1) if (&User-Name) -> TRUE
(1) if (&User-Name) {
(1) if (&User-Name =~ / /) {
(1) if (&User-Name =~ / /) -> FALSE
(1) if (&User-Name =~ /@[^@]*@/ ) {
(1) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(1) if (&User-Name =~ /\.\./ ) {
(1) if (&User-Name =~ /\.\./ ) -> FALSE
(1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(1) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(1) if (&User-Name =~ /\.$/) {
(1) if (&User-Name =~ /\.$/) -> FALSE
(1) if (&User-Name =~ mailto:/@\./) {
(1) if (&User-Name =~ mailto:/@\./) -> FALSE
(1) } # if (&User-Name) = notfound
(1) } # policy filter_username = notfound
(1) [preprocess] = ok
(1) [chap] = noop
(1) [mschap] = noop
(1) [digest] = noop
(1) suffix: Checking for suffix after "@"
(1) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(1) suffix: No such realm "NULL"
(1) [suffix] = noop
(1) eap: Peer sent EAP Response (code 2) ID 94 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) [files] = noop
(1) [expiration] = noop
(1) [logintime] = noop
Not doing PAP as Auth-Type is already set.
(1) [pap] = noop
(1) } # authorize = updated
(1) Found Auth-Type = eap
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) authenticate {
(1) eap: Removing EAP session with state 0x6501da9e655fde03
(1) eap: Previous EAP request found for state 0x6501da9e655fde03, released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type TEAP (55)
(1) eap: Found compatible type in NAK - EAP-Type = TEAP
(1) eap: Calling submodule eap_teap to process data
(1) eap_teap: (TLS) TEAP -Initiating new session
(1) eap_teap: Setting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type = User
(1) eap: Sending EAP Request (code 1) ID 95 length 18
(1) eap: EAP session adding &reply:State = 0x6501da9e645eed03
(1) [eap] = handled
(1) } # authenticate = handled
(1) Using Post-Auth-Type Challenge
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) Challenge { ... } # empty sub-section is ignored
(1) session-state: Saving cached attributes
(1) Framed-MTU = 974
(1) FreeRADIUS-EAP-TEAP-Identity-Type := User
(1) Sent Access-Challenge Id 1 from 192.168.4.151:1812 to 192.168.4.151:48174 length 76
(1) EAP-Message = 0x015f00123731000000080001000431323334
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x6501da9e645eed03dd76d824d918a37a
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 2 from 192.168.4.151:48174 to 192.168.4.151:1812 length 358
(2) Message-Authenticator = 0x2a6f6c950df89f514c76e62f7965e649
(2) User-Name = "anonymous"
(2) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(2) Framed-MTU = 1400
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) Connect-Info = "CONNECT 11Mbps 802.11b"
(2) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(2) NAS-IP-Address = 192.168.4.20
(2) EAP-Message = 0x025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(2) State = 0x6501da9e645eed03dd76d824d918a37a
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 974
(2) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(2) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> FALSE
(2) if (&User-Name =~ /@[^@]*@/ ) {
(2) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(2) if (&User-Name =~ /\.\./ ) {
(2) if (&User-Name =~ /\.\./ ) -> FALSE
(2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(2) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(2) if (&User-Name =~ /\.$/) {
(2) if (&User-Name =~ /\.$/) -> FALSE
(2) if (&User-Name =~ mailto:/@\./) {
(2) if (&User-Name =~ mailto:/@\./) -> FALSE
(2) } # if (&User-Name) = notfound
(2) } # policy filter_username = notfound
(2) [preprocess] = ok
(2) [chap] = noop
(2) [mschap] = noop
(2) [digest] = noop
(2) suffix: Checking for suffix after "@"
(2) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(2) suffix: No such realm "NULL"
(2) [suffix] = noop
(2) eap: Peer sent EAP Response (code 2) ID 95 length 194
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) } # authorize = ok
(2) Found Auth-Type = eap
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) authenticate {
(2) eap: Removing EAP session with state 0x6501da9e645eed03
(2) eap: Previous EAP request found for state 0x6501da9e645eed03, released from the list
(2) eap: Peer sent packet with method EAP TEAP (55)
(2) eap: Calling submodule eap_teap to process data
(2) eap_teap: Authenticate
(2) eap_teap: (TLS) EAP Done initial handshake
(2) eap_teap: (TLS) TEAP - Handshake state - before SSL initialization
(2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization
(2) eap_teap: (TLS) TEAP - Handshake state - Server before SSL initialization
(2) eap_teap: (TLS) TEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client hello
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server hello
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Certificate
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write certificate
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write key exchange
(2) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done
(2) eap_teap: (TLS) TEAP - Server : Need to read more data: SSLv3/TLS write server done
(2) eap_teap: (TLS) TEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 96 length 984
(2) eap: EAP session adding &reply:State = 0x6501da9e6761ed03
(2) [eap] = handled
(2) } # authenticate = handled
(2) Using Post-Auth-Type Challenge
(2) # Executing group from file /etc/freeradius/sites-enabled/default
(2) Challenge { ... } # empty sub-section is ignored
(2) session-state: Saving cached attributes
(2) Framed-MTU = 974
(2) FreeRADIUS-EAP-TEAP-Identity-Type := User
(2) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(2) Sent Access-Challenge Id 2 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1048
(2) EAP-Message = 0x016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x6501da9e6761ed03dd76d824d918a37a
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 3 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(3) Message-Authenticator = 0x903dc237de7c9b8695484a34ea240185
(3) User-Name = "anonymous"
(3) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(3) Framed-MTU = 1400
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) Connect-Info = "CONNECT 11Mbps 802.11b"
(3) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(3) NAS-IP-Address = 192.168.4.20
(3) EAP-Message = 0x026000063701
(3) State = 0x6501da9e6761ed03dd76d824d918a37a
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 974
(3) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(3) authorize {
(3) policy filter_username {
(3) if (&User-Name) {
(3) if (&User-Name) -> TRUE
(3) if (&User-Name) {
(3) if (&User-Name =~ / /) {
(3) if (&User-Name =~ / /) -> FALSE
(3) if (&User-Name =~ /@[^@]*@/ ) {
(3) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(3) if (&User-Name =~ /\.\./ ) {
(3) if (&User-Name =~ /\.\./ ) -> FALSE
(3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(3) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(3) if (&User-Name =~ /\.$/) {
(3) if (&User-Name =~ /\.$/) -> FALSE
(3) if (&User-Name =~ mailto:/@\./) {
(3) if (&User-Name =~ mailto:/@\./) -> FALSE
(3) } # if (&User-Name) = notfound
(3) } # policy filter_username = notfound
(3) [preprocess] = ok
(3) [chap] = noop
(3) [mschap] = noop
(3) [digest] = noop
(3) suffix: Checking for suffix after "@"
(3) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(3) suffix: No such realm "NULL"
(3) [suffix] = noop
(3) eap: Peer sent EAP Response (code 2) ID 96 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) } # authorize = ok
(3) Found Auth-Type = eap
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) authenticate {
(3) eap: Removing EAP session with state 0x6501da9e6761ed03
(3) eap: Previous EAP request found for state 0x6501da9e6761ed03, released from the list
(3) eap: Peer sent packet with method EAP TEAP (55)
(3) eap: Calling submodule eap_teap to process data
(3) eap_teap: Authenticate
(3) eap_teap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 97 length 980
(3) eap: EAP session adding &reply:State = 0x6501da9e6660ed03
(3) [eap] = handled
(3) } # authenticate = handled
(3) Using Post-Auth-Type Challenge
(3) # Executing group from file /etc/freeradius/sites-enabled/default
(3) Challenge { ... } # empty sub-section is ignored
(3) session-state: Saving cached attributes
(3) Framed-MTU = 974
(3) FreeRADIUS-EAP-TEAP-Identity-Type := User
(3) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(3) Sent Access-Challenge Id 3 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1044
(3) EAP-Message = 0x016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x6501da9e6660ed03dd76d824d918a37a
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 4 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(4) Message-Authenticator = 0x4d13af065dc545684c8ff755999fea16
(4) User-Name = "anonymous"
(4) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(4) Framed-MTU = 1400
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) Connect-Info = "CONNECT 11Mbps 802.11b"
(4) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(4) NAS-IP-Address = 192.168.4.20
(4) EAP-Message = 0x026100063701
(4) State = 0x6501da9e6660ed03dd76d824d918a37a
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 974
(4) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(4) authorize {
(4) policy filter_username {
(4) if (&User-Name) {
(4) if (&User-Name) -> TRUE
(4) if (&User-Name) {
(4) if (&User-Name =~ / /) {
(4) if (&User-Name =~ / /) -> FALSE
(4) if (&User-Name =~ /@[^@]*@/ ) {
(4) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(4) if (&User-Name =~ /\.\./ ) {
(4) if (&User-Name =~ /\.\./ ) -> FALSE
(4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(4) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(4) if (&User-Name =~ /\.$/) {
(4) if (&User-Name =~ /\.$/) -> FALSE
(4) if (&User-Name =~ mailto:/@\./) {
(4) if (&User-Name =~ mailto:/@\./) -> FALSE
(4) } # if (&User-Name) = notfound
(4) } # policy filter_username = notfound
(4) [preprocess] = ok
(4) [chap] = noop
(4) [mschap] = noop
(4) [digest] = noop
(4) suffix: Checking for suffix after "@"
(4) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(4) suffix: No such realm "NULL"
(4) [suffix] = noop
(4) eap: Peer sent EAP Response (code 2) ID 97 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) } # authorize = ok
(4) Found Auth-Type = eap
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) authenticate {
(4) eap: Removing EAP session with state 0x6501da9e6660ed03
(4) eap: Previous EAP request found for state 0x6501da9e6660ed03, released from the list
(4) eap: Peer sent packet with method EAP TEAP (55)
(4) eap: Calling submodule eap_teap to process data
(4) eap_teap: Authenticate
(4) eap_teap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 98 length 816
(4) eap: EAP session adding &reply:State = 0x6501da9e6163ed03
(4) [eap] = handled
(4) } # authenticate = handled
(4) Using Post-Auth-Type Challenge
(4) # Executing group from file /etc/freeradius/sites-enabled/default
(4) Challenge { ... } # empty sub-section is ignored
(4) session-state: Saving cached attributes
(4) Framed-MTU = 974
(4) FreeRADIUS-EAP-TEAP-Identity-Type := User
(4) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(4) Sent Access-Challenge Id 4 from 192.168.4.151:1812 to 192.168.4.151:48174 length 880
(4) EAP-Message = 0x0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec96
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x6501da9e6163ed03dd76d824d918a37a
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 5 from 192.168.4.151:48174 to 192.168.4.151:1812 length 263
(5) Message-Authenticator = 0xac942cbe3238ab49d9798f0793b2bf92
(5) User-Name = "anonymous"
(5) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(5) Framed-MTU = 1400
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) Connect-Info = "CONNECT 11Mbps 802.11b"
(5) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(5) NAS-IP-Address = 192.168.4.20
(5) EAP-Message = 0x026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216
(5) State = 0x6501da9e6163ed03dd76d824d918a37a
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 974
(5) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(5) authorize {
(5) policy filter_username {
(5) if (&User-Name) {
(5) if (&User-Name) -> TRUE
(5) if (&User-Name) {
(5) if (&User-Name =~ / /) {
(5) if (&User-Name =~ / /) -> FALSE
(5) if (&User-Name =~ /@[^@]*@/ ) {
(5) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(5) if (&User-Name =~ /\.\./ ) {
(5) if (&User-Name =~ /\.\./ ) -> FALSE
(5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(5) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(5) if (&User-Name =~ /\.$/) {
(5) if (&User-Name =~ /\.$/) -> FALSE
(5) if (&User-Name =~ mailto:/@\./) {
(5) if (&User-Name =~ mailto:/@\./) -> FALSE
(5) } # if (&User-Name) = notfound
(5) } # policy filter_username = notfound
(5) [preprocess] = ok
(5) [chap] = noop
(5) [mschap] = noop
(5) [digest] = noop
(5) suffix: Checking for suffix after "@"
(5) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(5) suffix: No such realm "NULL"
(5) [suffix] = noop
(5) eap: Peer sent EAP Response (code 2) ID 98 length 99
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) } # authorize = ok
(5) Found Auth-Type = eap
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) authenticate {
(5) eap: Removing EAP session with state 0x6501da9e6163ed03
(5) eap: Previous EAP request found for state 0x6501da9e6163ed03, released from the list
(5) eap: Peer sent packet with method EAP TEAP (55)
(5) eap: Calling submodule eap_teap to process data
(5) eap_teap: Authenticate
(5) eap_teap: (TLS) EAP Done initial handshake
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write server done
(5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read client key exchange
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read change cipher spec
(5) eap_teap: (TLS) TEAP - recv TLS 1.2 Handshake, Finished
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS read finished
(5) eap_teap: (TLS) TEAP - send TLS 1.2 ChangeCipherSpec
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write change cipher spec
(5) eap_teap: (TLS) TEAP - send TLS 1.2 Handshake, Finished
(5) eap_teap: (TLS) TEAP - Handshake state - Server SSLv3/TLS write finished
(5) eap_teap: (TLS) TEAP - Handshake state - SSL negotiation finished successfully
(5) eap_teap: (TLS) TEAP - Connection Established
(5) eap_teap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5) eap_teap: TLS-Session-Version = "TLS 1.2"
(5) eap: Sending EAP Request (code 1) ID 99 length 57
(5) eap: EAP session adding &reply:State = 0x6501da9e6062ed03
(5) [eap] = handled
(5) } # authenticate = handled
(5) Using Post-Auth-Type Challenge
(5) # Executing group from file /etc/freeradius/sites-enabled/default
(5) Challenge { ... } # empty sub-section is ignored
(5) session-state: Saving cached attributes
(5) Framed-MTU = 974
(5) FreeRADIUS-EAP-TEAP-Identity-Type := User
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(5) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(5) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(5) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(5) TLS-Session-Version = "TLS 1.2"
(5) Sent Access-Challenge Id 5 from 192.168.4.151:1812 to 192.168.4.151:48174 length 115
(5) EAP-Message = 0x0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x6501da9e6062ed03dd76d824d918a37a
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 6 from 192.168.4.151:48174 to 192.168.4.151:1812 length 170
(6) Message-Authenticator = 0x6043b27893fa00ef96c925d17ad0af71
(6) User-Name = "anonymous"
(6) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(6) Framed-MTU = 1400
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) Connect-Info = "CONNECT 11Mbps 802.11b"
(6) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(6) NAS-IP-Address = 192.168.4.20
(6) EAP-Message = 0x026300063701
(6) State = 0x6501da9e6062ed03dd76d824d918a37a
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 974
(6) &session-state:FreeRADIUS-EAP-TEAP-Identity-Type := User
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(6) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(6) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) &session-state:TLS-Session-Version = "TLS 1.2"
(6) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(6) authorize {
(6) policy filter_username {
(6) if (&User-Name) {
(6) if (&User-Name) -> TRUE
(6) if (&User-Name) {
(6) if (&User-Name =~ / /) {
(6) if (&User-Name =~ / /) -> FALSE
(6) if (&User-Name =~ /@[^@]*@/ ) {
(6) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(6) if (&User-Name =~ /\.\./ ) {
(6) if (&User-Name =~ /\.\./ ) -> FALSE
(6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(6) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(6) if (&User-Name =~ /\.$/) {
(6) if (&User-Name =~ /\.$/) -> FALSE
(6) if (&User-Name =~ mailto:/@\./) {
(6) if (&User-Name =~ mailto:/@\./) -> FALSE
(6) } # if (&User-Name) = notfound
(6) } # policy filter_username = notfound
(6) [preprocess] = ok
(6) [chap] = noop
(6) [mschap] = noop
(6) [digest] = noop
(6) suffix: Checking for suffix after "@"
(6) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(6) suffix: No such realm "NULL"
(6) [suffix] = noop
(6) eap: Peer sent EAP Response (code 2) ID 99 length 6
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) } # authorize = ok
(6) Found Auth-Type = eap
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) authenticate {
(6) eap: Removing EAP session with state 0x6501da9e6062ed03
(6) eap: Previous EAP request found for state 0x6501da9e6062ed03, released from the list
(6) eap: Peer sent packet with method EAP TEAP (55)
(6) eap: Calling submodule eap_teap to process data
(6) eap_teap: Authenticate
(6) eap_teap: (TLS) Peer ACKed our handshake fragment. handshake is finished
(6) eap_teap: Session established. Proceeding to decode tunneled attributes
(6) eap_teap: Phase 2: Using authenticated provisioning
(6) eap_teap: Phase 2: Sending Identity-Type = User
(6) eap_teap: Phase 2: Deleting &session-state:FreeRADIUS-EAP-TEAP-Identity-Type += User
(6) eap_teap: Phase 2: Sending EAP-Identity
(6) eap: Sending EAP Request (code 1) ID 100 length 50
(6) eap: EAP session adding &reply:State = 0x6501da9e6365ed03
(6) [eap] = handled
(6) } # authenticate = handled
(6) Using Post-Auth-Type Challenge
(6) # Executing group from file /etc/freeradius/sites-enabled/default
(6) Challenge { ... } # empty sub-section is ignored
(6) session-state: Saving cached attributes
(6) Framed-MTU = 974
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 6 from 192.168.4.151:1812 to 192.168.4.151:48174 length 108
(6) EAP-Message = 0x0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x6501da9e6365ed03dd76d824d918a37a
(6) Finished request
Waking up in 4.9 seconds.
(7) Received Access-Request Id 7 from 192.168.4.151:48174 to 192.168.4.151:1812 length 230
(7) Message-Authenticator = 0xf411907430aea9ad5d123ca2c73ab728
(7) User-Name = "anonymous"
(7) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(7) Framed-MTU = 1400
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) Connect-Info = "CONNECT 11Mbps 802.11b"
(7) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(7) NAS-IP-Address = 192.168.4.20
(7) EAP-Message = 0x0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b
(7) State = 0x6501da9e6365ed03dd76d824d918a37a
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 974
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ mailto:/@\./) {
(7) if (&User-Name =~ mailto:/@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [preprocess] = ok
(7) [chap] = noop
(7) [mschap] = noop
(7) [digest] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(7) suffix: No such realm "NULL"
(7) [suffix] = noop
(7) eap: Peer sent EAP Response (code 2) ID 100 length 66
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) authenticate {
(7) eap: Removing EAP session with state 0x6501da9e6365ed03
(7) eap: Previous EAP request found for state 0x6501da9e6365ed03, released from the list
(7) eap: Peer sent packet with method EAP TEAP (55)
(7) eap: Calling submodule eap_teap to process data
(7) eap_teap: Authenticate
(7) eap_teap: (TLS) EAP Done initial handshake
(7) eap_teap: Session established. Proceeding to decode tunneled attributes
(7) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(7) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026400150175736572406578616d706c652e6f7267
(7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) eap_teap: Phase 2: Got tunneled request
(7) eap_teap: EAP-Message = 0x026400150175736572406578616d706c652e6f7267
(7) eap_teap: FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) eap_teap: Phase 2: Got tunneled identity of mailto:user@example.org
(7) eap_teap: Phase 2: Authentication
(7) eap_teap: Phase 2: Setting User EAP-Type = TLS from TEAP configuration user_eap_type
(7) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = TLS
(7) Virtual server inner-tunnel received request
(7) EAP-Message = 0x026400150175736572406578616d706c652e6f7267
(7) FreeRADIUS-EAP-TEAP-Identity-Type = User
(7) FreeRADIUS-Proxied-To = 127.0.0.1
(7) User-Name = mailto:user@example.org
(7) server inner-tunnel {
(7) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(7) authorize {
(7) policy filter_username {
(7) if (&User-Name) {
(7) if (&User-Name) -> TRUE
(7) if (&User-Name) {
(7) if (&User-Name =~ / /) {
(7) if (&User-Name =~ / /) -> FALSE
(7) if (&User-Name =~ /@[^@]*@/ ) {
(7) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(7) if (&User-Name =~ /\.\./ ) {
(7) if (&User-Name =~ /\.\./ ) -> FALSE
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(7) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(7) if (&User-Name =~ /\.$/) {
(7) if (&User-Name =~ /\.$/) -> FALSE
(7) if (&User-Name =~ mailto:/@\./) {
(7) if (&User-Name =~ mailto:/@\./) -> FALSE
(7) } # if (&User-Name) = notfound
(7) } # policy filter_username = notfound
(7) [chap] = noop
(7) [mschap] = noop
(7) suffix: Checking for suffix after "@"
(7) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(7) suffix: No such realm "example.org"
(7) [suffix] = noop
(7) update control {
(7) &Proxy-To-Realm := LOCAL
(7) } # update control = noop
(7) eap: Peer sent EAP Response (code 2) ID 100 length 21
(7) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the rest of authorize
(7) [eap] = ok
(7) } # authorize = ok
(7) Found Auth-Type = eap
(7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(7) authenticate {
(7) eap: Peer sent packet with method EAP Identity (1)
(7) eap: Found &control:EAP-Type = TLS
(7) eap: Calling submodule eap_tls to process data
(7) eap_tls: (TLS) TLS -Initiating new session
(7) eap_tls: (TLS) TLS - Setting verify mode to require certificate from client
(7) eap: Sending EAP Request (code 1) ID 101 length 6
(7) eap: EAP session adding &reply:State = 0x83bbfe7083def355
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(7) session-state: Saving cached attributes
(7) Framed-MTU = 911
(7) } # server inner-tunnel
(7) Virtual server sending reply
(7) EAP-Message = 0x016500060d20
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x83bbfe7083def355f9cbfc53fdd80b9e
(7) eap_teap: Phase 2: Stage Authentication
(7) eap_teap: Phase 2: Got tunneled Access-Challenge
(7) eap: Sending EAP Request (code 1) ID 101 length 45
(7) eap: EAP session adding &reply:State = 0x6501da9e6264ed03
(7) [eap] = handled
(7) } # authenticate = handled
(7) Using Post-Auth-Type Challenge
(7) # Executing group from file /etc/freeradius/sites-enabled/default
(7) Challenge { ... } # empty sub-section is ignored
(7) session-state: Saving cached attributes
(7) Framed-MTU = 974
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 7 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(7) EAP-Message = 0x0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x6501da9e6264ed03dd76d824d918a37a
(7) Finished request
Waking up in 4.9 seconds.
(8) Received Access-Request Id 8 from 192.168.4.151:48174 to 192.168.4.151:1812 length 393
(8) Message-Authenticator = 0xe493082daabdc7c517d0a060a4f96aa0
(8) User-Name = "anonymous"
(8) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Connect-Info = "CONNECT 11Mbps 802.11b"
(8) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(8) NAS-IP-Address = 192.168.4.20
(8) EAP-Message = 0x026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910
(8) State = 0x6501da9e6264ed03dd76d824d918a37a
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 974
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ mailto:/@\./) {
(8) if (&User-Name =~ mailto:/@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [preprocess] = ok
(8) [chap] = noop
(8) [mschap] = noop
(8) [digest] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(8) suffix: No such realm "NULL"
(8) [suffix] = noop
(8) eap: Peer sent EAP Response (code 2) ID 101 length 229
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) } # authorize = ok
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/sites-enabled/default
(8) authenticate {
(8) eap: Removing EAP session with state 0x6501da9e6264ed03
(8) eap: Previous EAP request found for state 0x6501da9e6264ed03, released from the list
(8) eap: Peer sent packet with method EAP TEAP (55)
(8) eap: Calling submodule eap_teap to process data
(8) eap_teap: Authenticate
(8) eap_teap: (TLS) EAP Done initial handshake
(8) eap_teap: Session established. Proceeding to decode tunneled attributes
(8) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(8) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) eap_teap: Phase 2: Got tunneled request
(8) eap_teap: EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) eap_teap: Phase 2: Authentication
(8) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(8) Virtual server inner-tunnel received request
(8) EAP-Message = 0x026500be0d0016030100b3010000af0303a18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff0100004e000b000403000102000a000c000a001d0017001e001900180016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = mailto:user@example.org
(8) State = 0x83bbfe7083def355f9cbfc53fdd80b9e
(8) server inner-tunnel {
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 911
(8) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(8) authorize {
(8) policy filter_username {
(8) if (&User-Name) {
(8) if (&User-Name) -> TRUE
(8) if (&User-Name) {
(8) if (&User-Name =~ / /) {
(8) if (&User-Name =~ / /) -> FALSE
(8) if (&User-Name =~ /@[^@]*@/ ) {
(8) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(8) if (&User-Name =~ /\.\./ ) {
(8) if (&User-Name =~ /\.\./ ) -> FALSE
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(8) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(8) if (&User-Name =~ /\.$/) {
(8) if (&User-Name =~ /\.$/) -> FALSE
(8) if (&User-Name =~ mailto:/@\./) {
(8) if (&User-Name =~ mailto:/@\./) -> FALSE
(8) } # if (&User-Name) = notfound
(8) } # policy filter_username = notfound
(8) [chap] = noop
(8) [mschap] = noop
(8) suffix: Checking for suffix after "@"
(8) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(8) suffix: No such realm "example.org"
(8) [suffix] = noop
(8) update control {
(8) &Proxy-To-Realm := LOCAL
(8) } # update control = noop
(8) eap: Peer sent EAP Response (code 2) ID 101 length 190
(8) eap: No EAP Start, assuming it's an on-going EAP conversation
(8) [eap] = updated
(8) [files] = noop
(8) [expiration] = noop
(8) [logintime] = noop
(8) [pap] = noop
(8) } # authorize = updated
(8) Found Auth-Type = eap
(8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(8) authenticate {
(8) eap: Removing EAP session with state 0x83bbfe7083def355
(8) eap: Previous EAP request found for state 0x83bbfe7083def355, released from the list
(8) eap: Peer sent packet with method EAP TLS (13)
(8) eap: Calling submodule eap_tls to process data
(8) eap_tls: (TLS) EAP Got final fragment (184 bytes) total 184
(8) eap_tls: WARNING: (TLS) EAP Total received record fragments (184 bytes), does not equal expected expected data length (0 bytes)
(8) eap_tls: (TLS) EAP Done initial handshake
(8) eap_tls: (TLS) TLS - Handshake state - before SSL initialization
(8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(8) eap_tls: (TLS) TLS - Handshake state - Server before SSL initialization
(8) eap_tls: (TLS) TLS - recv TLS 1.3 Handshake, ClientHello
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client hello
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHello
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server hello
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Certificate
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write key exchange
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, CertificateRequest
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write certificate request
(8) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone
(8) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done
(8) eap_tls: (TLS) TLS - Server : Need to read more data: SSLv3/TLS write server done
(8) eap_tls: (TLS) TLS - In Handshake Phase
(8) eap: Sending EAP Request (code 1) ID 102 length 917
(8) eap: EAP session adding &reply:State = 0x83bbfe7082ddf355
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(8) session-state: Saving cached attributes
(8) Framed-MTU = 911
(8) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(8) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(8) } # server inner-tunnel
(8) Virtual server sending reply
(8) EAP-Message = 0x016603950dc000000b97160303003d020000390303ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b21300c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d70
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e
(8) eap_teap: Phase 2: Stage Authentication
(8) eap_teap: Phase 2: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 102 length 956
(8) eap: EAP session adding &reply:State = 0x6501da9e6d67ed03
(8) [eap] = handled
(8) } # authenticate = handled
(8) Using Post-Auth-Type Challenge
(8) # Executing group from file /etc/freeradius/sites-enabled/default
(8) Challenge { ... } # empty sub-section is ignored
(8) session-state: Saving cached attributes
(8) Framed-MTU = 974
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 8 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(8) EAP-Message = 0x016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x6501da9e6d67ed03dd76d824d918a37a
(8) Finished request
Waking up in 4.9 seconds.
(9) Received Access-Request Id 9 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(9) Message-Authenticator = 0x341b277c653c83befd143024adf91a2e
(9) User-Name = "anonymous"
(9) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(9) Framed-MTU = 1400
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) Connect-Info = "CONNECT 11Mbps 802.11b"
(9) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(9) NAS-IP-Address = 192.168.4.20
(9) EAP-Message = 0x0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58
(9) State = 0x6501da9e6d67ed03dd76d824d918a37a
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 974
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ mailto:/@\./) {
(9) if (&User-Name =~ mailto:/@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [preprocess] = ok
(9) [chap] = noop
(9) [mschap] = noop
(9) [digest] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(9) suffix: No such realm "NULL"
(9) [suffix] = noop
(9) eap: Peer sent EAP Response (code 2) ID 102 length 45
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) } # authorize = ok
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/sites-enabled/default
(9) authenticate {
(9) eap: Removing EAP session with state 0x6501da9e6d67ed03
(9) eap: Previous EAP request found for state 0x6501da9e6d67ed03, released from the list
(9) eap: Peer sent packet with method EAP TEAP (55)
(9) eap: Calling submodule eap_teap to process data
(9) eap_teap: Authenticate
(9) eap_teap: (TLS) EAP Done initial handshake
(9) eap_teap: Session established. Proceeding to decode tunneled attributes
(9) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(9) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026600060d00
(9) eap_teap: Phase 2: Got tunneled request
(9) eap_teap: EAP-Message = 0x026600060d00
(9) eap_teap: Phase 2: Authentication
(9) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(9) Virtual server inner-tunnel received request
(9) EAP-Message = 0x026600060d00
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = mailto:user@example.org
(9) State = 0x83bbfe7082ddf355f9cbfc53fdd80b9e
(9) server inner-tunnel {
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 911
(9) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(9) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(9) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(9) authorize {
(9) policy filter_username {
(9) if (&User-Name) {
(9) if (&User-Name) -> TRUE
(9) if (&User-Name) {
(9) if (&User-Name =~ / /) {
(9) if (&User-Name =~ / /) -> FALSE
(9) if (&User-Name =~ /@[^@]*@/ ) {
(9) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(9) if (&User-Name =~ /\.\./ ) {
(9) if (&User-Name =~ /\.\./ ) -> FALSE
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(9) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(9) if (&User-Name =~ /\.$/) {
(9) if (&User-Name =~ /\.$/) -> FALSE
(9) if (&User-Name =~ mailto:/@\./) {
(9) if (&User-Name =~ mailto:/@\./) -> FALSE
(9) } # if (&User-Name) = notfound
(9) } # policy filter_username = notfound
(9) [chap] = noop
(9) [mschap] = noop
(9) suffix: Checking for suffix after "@"
(9) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(9) suffix: No such realm "example.org"
(9) [suffix] = noop
(9) update control {
(9) &Proxy-To-Realm := LOCAL
(9) } # update control = noop
(9) eap: Peer sent EAP Response (code 2) ID 102 length 6
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) [files] = noop
(9) [expiration] = noop
(9) [logintime] = noop
(9) [pap] = noop
(9) } # authorize = updated
(9) Found Auth-Type = eap
(9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(9) authenticate {
(9) eap: Removing EAP session with state 0x83bbfe7082ddf355
(9) eap: Previous EAP request found for state 0x83bbfe7082ddf355, released from the list
(9) eap: Peer sent packet with method EAP TLS (13)
(9) eap: Calling submodule eap_tls to process data
(9) eap_tls: (TLS) Peer ACKed our handshake fragment
(9) eap: Sending EAP Request (code 1) ID 103 length 917
(9) eap: EAP session adding &reply:State = 0x83bbfe7081dcf355
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(9) session-state: Saving cached attributes
(9) Framed-MTU = 911
(9) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(9) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(9) } # server inner-tunnel
(9) Virtual server sending reply
(9) EAP-Message = 0x016703950dc000000b972ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602ba332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d657768657265311530
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e
(9) eap_teap: Phase 2: Stage Authentication
(9) eap_teap: Phase 2: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 103 length 956
(9) eap: EAP session adding &reply:State = 0x6501da9e6c66ed03
(9) [eap] = handled
(9) } # authenticate = handled
(9) Using Post-Auth-Type Challenge
(9) # Executing group from file /etc/freeradius/sites-enabled/default
(9) Challenge { ... } # empty sub-section is ignored
(9) session-state: Saving cached attributes
(9) Framed-MTU = 974
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 9 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(9) EAP-Message = 0x016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce48f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x6501da9e6c66ed03dd76d824d918a37a
(9) Finished request
Waking up in 4.9 seconds.
(10) Received Access-Request Id 10 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(10) Message-Authenticator = 0x9705583f9f8b83b90430dc98ef7e0c92
(10) User-Name = "anonymous"
(10) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(10) Framed-MTU = 1400
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) Connect-Info = "CONNECT 11Mbps 802.11b"
(10) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(10) NAS-IP-Address = 192.168.4.20
(10) EAP-Message = 0x0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7
(10) State = 0x6501da9e6c66ed03dd76d824d918a37a
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 974
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(10) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(10) &session-state:TLS-Session-Version = "TLS 1.2"
(10) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ mailto:/@\./) {
(10) if (&User-Name =~ mailto:/@\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [preprocess] = ok
(10) [chap] = noop
(10) [mschap] = noop
(10) [digest] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(10) suffix: No such realm "NULL"
(10) [suffix] = noop
(10) eap: Peer sent EAP Response (code 2) ID 103 length 45
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) } # authorize = ok
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/sites-enabled/default
(10) authenticate {
(10) eap: Removing EAP session with state 0x6501da9e6c66ed03
(10) eap: Previous EAP request found for state 0x6501da9e6c66ed03, released from the list
(10) eap: Peer sent packet with method EAP TEAP (55)
(10) eap: Calling submodule eap_teap to process data
(10) eap_teap: Authenticate
(10) eap_teap: (TLS) EAP Done initial handshake
(10) eap_teap: Session established. Proceeding to decode tunneled attributes
(10) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(10) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026700060d00
(10) eap_teap: Phase 2: Got tunneled request
(10) eap_teap: EAP-Message = 0x026700060d00
(10) eap_teap: Phase 2: Authentication
(10) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(10) Virtual server inner-tunnel received request
(10) EAP-Message = 0x026700060d00
(10) FreeRADIUS-Proxied-To = 127.0.0.1
(10) User-Name = mailto:user@example.org
(10) State = 0x83bbfe7081dcf355f9cbfc53fdd80b9e
(10) server inner-tunnel {
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 911
(10) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(10) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(10) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(10) authorize {
(10) policy filter_username {
(10) if (&User-Name) {
(10) if (&User-Name) -> TRUE
(10) if (&User-Name) {
(10) if (&User-Name =~ / /) {
(10) if (&User-Name =~ / /) -> FALSE
(10) if (&User-Name =~ /@[^@]*@/ ) {
(10) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(10) if (&User-Name =~ /\.\./ ) {
(10) if (&User-Name =~ /\.\./ ) -> FALSE
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(10) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(10) if (&User-Name =~ /\.$/) {
(10) if (&User-Name =~ /\.$/) -> FALSE
(10) if (&User-Name =~ mailto:/@\./) {
(10) if (&User-Name =~ mailto:/@\./) -> FALSE
(10) } # if (&User-Name) = notfound
(10) } # policy filter_username = notfound
(10) [chap] = noop
(10) [mschap] = noop
(10) suffix: Checking for suffix after "@"
(10) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(10) suffix: No such realm "example.org"
(10) [suffix] = noop
(10) update control {
(10) &Proxy-To-Realm := LOCAL
(10) } # update control = noop
(10) eap: Peer sent EAP Response (code 2) ID 103 length 6
(10) eap: No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) [files] = noop
(10) [expiration] = noop
(10) [logintime] = noop
(10) [pap] = noop
(10) } # authorize = updated
(10) Found Auth-Type = eap
(10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(10) authenticate {
(10) eap: Removing EAP session with state 0x83bbfe7081dcf355
(10) eap: Previous EAP request found for state 0x83bbfe7081dcf355, released from the list
(10) eap: Peer sent packet with method EAP TLS (13)
(10) eap: Calling submodule eap_tls to process data
(10) eap_tls: (TLS) Peer ACKed our handshake fragment
(10) eap: Sending EAP Request (code 1) ID 104 length 917
(10) eap: EAP session adding &reply:State = 0x83bbfe7080d3f355
(10) [eap] = handled
(10) } # authenticate = handled
(10) Using Post-Auth-Type Challenge
(10) Post-Auth-Type sub-section not found. Ignoring.
(10) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(10) session-state: Saving cached attributes
(10) Framed-MTU = 911
(10) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(10) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(10) } # server inner-tunnel
(10) Virtual server sending reply
(10) EAP-Message = 0x016803950dc000000b970001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e
(10) eap_teap: Phase 2: Stage Authentication
(10) eap_teap: Phase 2: Got tunneled Access-Challenge
(10) eap: Sending EAP Request (code 1) ID 104 length 956
(10) eap: EAP session adding &reply:State = 0x6501da9e6f69ed03
(10) [eap] = handled
(10) } # authenticate = handled
(10) Using Post-Auth-Type Challenge
(10) # Executing group from file /etc/freeradius/sites-enabled/default
(10) Challenge { ... } # empty sub-section is ignored
(10) session-state: Saving cached attributes
(10) Framed-MTU = 974
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(10) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(10) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(10) TLS-Session-Version = "TLS 1.2"
(10) Sent Access-Challenge Id 10 from 192.168.4.151:1812 to 192.168.4.151:48174 length 1020
(10) EAP-Message = 0x016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b2972470840560d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x6501da9e6f69ed03dd76d824d918a37a
(10) Finished request
Waking up in 4.9 seconds.
(11) Received Access-Request Id 11 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(11) Message-Authenticator = 0x9ac9345816cb81e705eb3a1e47b13e36
(11) User-Name = "anonymous"
(11) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(11) Framed-MTU = 1400
(11) NAS-Port-Type = Wireless-802.11
(11) Service-Type = Framed-User
(11) Connect-Info = "CONNECT 11Mbps 802.11b"
(11) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(11) NAS-IP-Address = 192.168.4.20
(11) EAP-Message = 0x0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff
(11) State = 0x6501da9e6f69ed03dd76d824d918a37a
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 974
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(11) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(11) &session-state:TLS-Session-Version = "TLS 1.2"
(11) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(11) authorize {
(11) policy filter_username {
(11) if (&User-Name) {
(11) if (&User-Name) -> TRUE
(11) if (&User-Name) {
(11) if (&User-Name =~ / /) {
(11) if (&User-Name =~ / /) -> FALSE
(11) if (&User-Name =~ /@[^@]*@/ ) {
(11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(11) if (&User-Name =~ /\.\./ ) {
(11) if (&User-Name =~ /\.\./ ) -> FALSE
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(11) if (&User-Name =~ /\.$/) {
(11) if (&User-Name =~ /\.$/) -> FALSE
(11) if (&User-Name =~ mailto:/@\./) {
(11) if (&User-Name =~ mailto:/@\./) -> FALSE
(11) } # if (&User-Name) = notfound
(11) } # policy filter_username = notfound
(11) [preprocess] = ok
(11) [chap] = noop
(11) [mschap] = noop
(11) [digest] = noop
(11) suffix: Checking for suffix after "@"
(11) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(11) suffix: No such realm "NULL"
(11) [suffix] = noop
(11) eap: Peer sent EAP Response (code 2) ID 104 length 45
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) } # authorize = ok
(11) Found Auth-Type = eap
(11) # Executing group from file /etc/freeradius/sites-enabled/default
(11) authenticate {
(11) eap: Removing EAP session with state 0x6501da9e6f69ed03
(11) eap: Previous EAP request found for state 0x6501da9e6f69ed03, released from the list
(11) eap: Peer sent packet with method EAP TEAP (55)
(11) eap: Calling submodule eap_teap to process data
(11) eap_teap: Authenticate
(11) eap_teap: (TLS) EAP Done initial handshake
(11) eap_teap: Session established. Proceeding to decode tunneled attributes
(11) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(11) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026800060d00
(11) eap_teap: Phase 2: Got tunneled request
(11) eap_teap: EAP-Message = 0x026800060d00
(11) eap_teap: Phase 2: Authentication
(11) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(11) Virtual server inner-tunnel received request
(11) EAP-Message = 0x026800060d00
(11) FreeRADIUS-Proxied-To = 127.0.0.1
(11) User-Name = mailto:user@example.org
(11) State = 0x83bbfe7080d3f355f9cbfc53fdd80b9e
(11) server inner-tunnel {
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 911
(11) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(11) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(11) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(11) authorize {
(11) policy filter_username {
(11) if (&User-Name) {
(11) if (&User-Name) -> TRUE
(11) if (&User-Name) {
(11) if (&User-Name =~ / /) {
(11) if (&User-Name =~ / /) -> FALSE
(11) if (&User-Name =~ /@[^@]*@/ ) {
(11) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(11) if (&User-Name =~ /\.\./ ) {
(11) if (&User-Name =~ /\.\./ ) -> FALSE
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(11) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(11) if (&User-Name =~ /\.$/) {
(11) if (&User-Name =~ /\.$/) -> FALSE
(11) if (&User-Name =~ mailto:/@\./) {
(11) if (&User-Name =~ mailto:/@\./) -> FALSE
(11) } # if (&User-Name) = notfound
(11) } # policy filter_username = notfound
(11) [chap] = noop
(11) [mschap] = noop
(11) suffix: Checking for suffix after "@"
(11) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(11) suffix: No such realm "example.org"
(11) [suffix] = noop
(11) update control {
(11) &Proxy-To-Realm := LOCAL
(11) } # update control = noop
(11) eap: Peer sent EAP Response (code 2) ID 104 length 6
(11) eap: No EAP Start, assuming it's an on-going EAP conversation
(11) [eap] = updated
(11) [files] = noop
(11) [expiration] = noop
(11) [logintime] = noop
(11) [pap] = noop
(11) } # authorize = updated
(11) Found Auth-Type = eap
(11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(11) authenticate {
(11) eap: Removing EAP session with state 0x83bbfe7080d3f355
(11) eap: Previous EAP request found for state 0x83bbfe7080d3f355, released from the list
(11) eap: Peer sent packet with method EAP TLS (13)
(11) eap: Calling submodule eap_tls to process data
(11) eap_tls: (TLS) Peer ACKed our handshake fragment
(11) eap: Sending EAP Request (code 1) ID 105 length 256
(11) eap: EAP session adding &reply:State = 0x83bbfe7087d2f355
(11) [eap] = handled
(11) } # authenticate = handled
(11) Using Post-Auth-Type Challenge
(11) Post-Auth-Type sub-section not found. Ignoring.
(11) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(11) session-state: Saving cached attributes
(11) Framed-MTU = 911
(11) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(11) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(11) } # server inner-tunnel
(11) Virtual server sending reply
(11) EAP-Message = 0x016901000d8000000b97e0cc1e80c018f46b6e2235f72bf34331e15d16840d806580bd98437816030300cc0d0000c8030102400028040305030603080708080809080a080b08040805080604010501060103030301030204020502060200980096308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747916030300040e000000
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e
(11) eap_teap: Phase 2: Stage Authentication
(11) eap_teap: Phase 2: Got tunneled Access-Challenge
(11) eap: Sending EAP Request (code 1) ID 105 length 295
(11) eap: EAP session adding &reply:State = 0x6501da9e6e68ed03
(11) [eap] = handled
(11) } # authenticate = handled
(11) Using Post-Auth-Type Challenge
(11) # Executing group from file /etc/freeradius/sites-enabled/default
(11) Challenge { ... } # empty sub-section is ignored
(11) session-state: Saving cached attributes
(11) Framed-MTU = 974
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(11) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(11) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(11) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(11) TLS-Session-Version = "TLS 1.2"
(11) Sent Access-Challenge Id 11 from 192.168.4.151:1812 to 192.168.4.151:48174 length 355
(11) EAP-Message = 0x016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) State = 0x6501da9e6e68ed03dd76d824d918a37a
(11) Finished request
Waking up in 4.9 seconds.
(12) Received Access-Request Id 12 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1521
(12) Message-Authenticator = 0x64422557b5ce8dc6386d2b81b05bb36a
(12) User-Name = "anonymous"
(12) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(12) Framed-MTU = 1400
(12) NAS-Port-Type = Wireless-802.11
(12) Service-Type = Framed-User
(12) Connect-Info = "CONNECT 11Mbps 802.11b"
(12) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(12) NAS-IP-Address = 192.168.4.20
(12) EAP-Message = 0x0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195c
(12) State = 0x6501da9e6e68ed03dd76d824d918a37a
(12) Restoring &session-state
(12) &session-state:Framed-MTU = 974
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(12) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(12) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(12) &session-state:TLS-Session-Version = "TLS 1.2"
(12) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(12) authorize {
(12) policy filter_username {
(12) if (&User-Name) {
(12) if (&User-Name) -> TRUE
(12) if (&User-Name) {
(12) if (&User-Name =~ / /) {
(12) if (&User-Name =~ / /) -> FALSE
(12) if (&User-Name =~ /@[^@]*@/ ) {
(12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(12) if (&User-Name =~ /\.\./ ) {
(12) if (&User-Name =~ /\.\./ ) -> FALSE
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(12) if (&User-Name =~ /\.$/) {
(12) if (&User-Name =~ /\.$/) -> FALSE
(12) if (&User-Name =~ mailto:/@\./) {
(12) if (&User-Name =~ mailto:/@\./) -> FALSE
(12) } # if (&User-Name) = notfound
(12) } # policy filter_username = notfound
(12) [preprocess] = ok
(12) [chap] = noop
(12) [mschap] = noop
(12) [digest] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(12) suffix: No such realm "NULL"
(12) [suffix] = noop
(12) eap: Peer sent EAP Response (code 2) ID 105 length 1347
(12) eap: Continuing tunnel setup
(12) [eap] = ok
(12) } # authorize = ok
(12) Found Auth-Type = eap
(12) # Executing group from file /etc/freeradius/sites-enabled/default
(12) authenticate {
(12) eap: Removing EAP session with state 0x6501da9e6e68ed03
(12) eap: Previous EAP request found for state 0x6501da9e6e68ed03, released from the list
(12) eap: Peer sent packet with method EAP TEAP (55)
(12) eap: Calling submodule eap_teap to process data
(12) eap_teap: Authenticate
(12) eap_teap: (TLS) EAP Done initial handshake
(12) eap_teap: Session established. Proceeding to decode tunneled attributes
(12) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(12) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886
(12) eap_teap: Phase 2: Got tunneled request
(12) eap_teap: EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201
(12) eap_teap: Phase 2: Authentication
(12) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(12) Virtual server inner-tunnel received request
(12) EAP-Message = 0x0269051c0dc000000a8f16030309200b00091c00091900041530820411308202f9a003020102020102300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a3071310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3119301706035504030c1075736572406578616d706c652e6f7267311f301d06092a864886f70d010901161075736572406578616d706c652e6f726730820122300d06092a864886f70d0101010500038201
(12) FreeRADIUS-Proxied-To = 127.0.0.1
(12) User-Name = mailto:user@example.org
(12) State = 0x83bbfe7087d2f355f9cbfc53fdd80b9e
(12) server inner-tunnel {
(12) Restoring &session-state
(12) &session-state:Framed-MTU = 911
(12) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(12) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(12) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(12) authorize {
(12) policy filter_username {
(12) if (&User-Name) {
(12) if (&User-Name) -> TRUE
(12) if (&User-Name) {
(12) if (&User-Name =~ / /) {
(12) if (&User-Name =~ / /) -> FALSE
(12) if (&User-Name =~ /@[^@]*@/ ) {
(12) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(12) if (&User-Name =~ /\.\./ ) {
(12) if (&User-Name =~ /\.\./ ) -> FALSE
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(12) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(12) if (&User-Name =~ /\.$/) {
(12) if (&User-Name =~ /\.$/) -> FALSE
(12) if (&User-Name =~ mailto:/@\./) {
(12) if (&User-Name =~ mailto:/@\./) -> FALSE
(12) } # if (&User-Name) = notfound
(12) } # policy filter_username = notfound
(12) [chap] = noop
(12) [mschap] = noop
(12) suffix: Checking for suffix after "@"
(12) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(12) suffix: No such realm "example.org"
(12) [suffix] = noop
(12) update control {
(12) &Proxy-To-Realm := LOCAL
(12) } # update control = noop
(12) eap: Peer sent EAP Response (code 2) ID 105 length 1308
(12) eap: No EAP Start, assuming it's an on-going EAP conversation
(12) [eap] = updated
(12) [files] = noop
(12) [expiration] = noop
(12) [logintime] = noop
(12) [pap] = noop
(12) } # authorize = updated
(12) Found Auth-Type = eap
(12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(12) authenticate {
(12) eap: Removing EAP session with state 0x83bbfe7087d2f355
(12) eap: Previous EAP request found for state 0x83bbfe7087d2f355, released from the list
(12) eap: Peer sent packet with method EAP TLS (13)
(12) eap: Calling submodule eap_tls to process data
(12) eap_tls: (TLS) EAP Peer says that the final record size will be 2703 bytes
(12) eap_tls: (TLS) EAP Expecting 3 fragments
(12) eap_tls: (TLS) EAP Got first TLS fragment (1298 bytes). Peer says more fragments will follow
(12) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data.
(12) eap: Sending EAP Request (code 1) ID 106 length 6
(12) eap: EAP session adding &reply:State = 0x83bbfe7086d1f355
(12) [eap] = handled
(12) } # authenticate = handled
(12) Using Post-Auth-Type Challenge
(12) Post-Auth-Type sub-section not found. Ignoring.
(12) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(12) session-state: Saving cached attributes
(12) Framed-MTU = 911
(12) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(12) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(12) } # server inner-tunnel
(12) Virtual server sending reply
(12) EAP-Message = 0x016a00060d00
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e
(12) eap_teap: Phase 2: Stage Authentication
(12) eap_teap: Phase 2: Got tunneled Access-Challenge
(12) eap: Sending EAP Request (code 1) ID 106 length 45
(12) eap: EAP session adding &reply:State = 0x6501da9e696bed03
(12) [eap] = handled
(12) } # authenticate = handled
(12) Using Post-Auth-Type Challenge
(12) # Executing group from file /etc/freeradius/sites-enabled/default
(12) Challenge { ... } # empty sub-section is ignored
(12) session-state: Saving cached attributes
(12) Framed-MTU = 974
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(12) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(12) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(12) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(12) TLS-Session-Version = "TLS 1.2"
(12) Sent Access-Challenge Id 12 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(12) EAP-Message = 0x016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830
(12) Message-Authenticator = 0x00000000000000000000000000000000
(12) State = 0x6501da9e696bed03dd76d824d918a37a
(12) Finished request
Waking up in 4.9 seconds.
(13) Received Access-Request Id 13 from 192.168.4.151:48174 to 192.168.4.151:1812 length 1517
(13) Message-Authenticator = 0x014d0f204d5a230240c2986adda2b8ec
(13) User-Name = "anonymous"
(13) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(13) Framed-MTU = 1400
(13) NAS-Port-Type = Wireless-802.11
(13) Service-Type = Framed-User
(13) Connect-Info = "CONNECT 11Mbps 802.11b"
(13) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(13) NAS-IP-Address = 192.168.4.20
(13) EAP-Message = 0x026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f5623ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f
(13) State = 0x6501da9e696bed03dd76d824d918a37a
(13) Restoring &session-state
(13) &session-state:Framed-MTU = 974
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(13) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(13) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(13) &session-state:TLS-Session-Version = "TLS 1.2"
(13) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(13) authorize {
(13) policy filter_username {
(13) if (&User-Name) {
(13) if (&User-Name) -> TRUE
(13) if (&User-Name) {
(13) if (&User-Name =~ / /) {
(13) if (&User-Name =~ / /) -> FALSE
(13) if (&User-Name =~ /@[^@]*@/ ) {
(13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(13) if (&User-Name =~ /\.\./ ) {
(13) if (&User-Name =~ /\.\./ ) -> FALSE
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(13) if (&User-Name =~ /\.$/) {
(13) if (&User-Name =~ /\.$/) -> FALSE
(13) if (&User-Name =~ mailto:/@\./) {
(13) if (&User-Name =~ mailto:/@\./) -> FALSE
(13) } # if (&User-Name) = notfound
(13) } # policy filter_username = notfound
(13) [preprocess] = ok
(13) [chap] = noop
(13) [mschap] = noop
(13) [digest] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(13) suffix: No such realm "NULL"
(13) [suffix] = noop
(13) eap: Peer sent EAP Response (code 2) ID 106 length 1343
(13) eap: Continuing tunnel setup
(13) [eap] = ok
(13) } # authorize = ok
(13) Found Auth-Type = eap
(13) # Executing group from file /etc/freeradius/sites-enabled/default
(13) authenticate {
(13) eap: Removing EAP session with state 0x6501da9e696bed03
(13) eap: Previous EAP request found for state 0x6501da9e696bed03, released from the list
(13) eap: Peer sent packet with method EAP TEAP (55)
(13) eap: Calling submodule eap_teap to process data
(13) eap_teap: Authenticate
(13) eap_teap: (TLS) EAP Done initial handshake
(13) eap_teap: Session established. Proceeding to decode tunneled attributes
(13) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(13) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c206
(13) eap_teap: Phase 2: Got tunneled request
(13) eap_teap: EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53
(13) eap_teap: Phase 2: Authentication
(13) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(13) Virtual server inner-tunnel received request
(13) EAP-Message = 0x026a05180d40310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f53
(13) FreeRADIUS-Proxied-To = 127.0.0.1
(13) User-Name = mailto:user@example.org
(13) State = 0x83bbfe7086d1f355f9cbfc53fdd80b9e
(13) server inner-tunnel {
(13) Restoring &session-state
(13) &session-state:Framed-MTU = 911
(13) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(13) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(13) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(13) authorize {
(13) policy filter_username {
(13) if (&User-Name) {
(13) if (&User-Name) -> TRUE
(13) if (&User-Name) {
(13) if (&User-Name =~ / /) {
(13) if (&User-Name =~ / /) -> FALSE
(13) if (&User-Name =~ /@[^@]*@/ ) {
(13) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(13) if (&User-Name =~ /\.\./ ) {
(13) if (&User-Name =~ /\.\./ ) -> FALSE
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(13) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(13) if (&User-Name =~ /\.$/) {
(13) if (&User-Name =~ /\.$/) -> FALSE
(13) if (&User-Name =~ mailto:/@\./) {
(13) if (&User-Name =~ mailto:/@\./) -> FALSE
(13) } # if (&User-Name) = notfound
(13) } # policy filter_username = notfound
(13) [chap] = noop
(13) [mschap] = noop
(13) suffix: Checking for suffix after "@"
(13) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(13) suffix: No such realm "example.org"
(13) [suffix] = noop
(13) update control {
(13) &Proxy-To-Realm := LOCAL
(13) } # update control = noop
(13) eap: Peer sent EAP Response (code 2) ID 106 length 1304
(13) eap: No EAP Start, assuming it's an on-going EAP conversation
(13) [eap] = updated
(13) [files] = noop
(13) [expiration] = noop
(13) [logintime] = noop
(13) [pap] = noop
(13) } # authorize = updated
(13) Found Auth-Type = eap
(13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(13) authenticate {
(13) eap: Removing EAP session with state 0x83bbfe7086d1f355
(13) eap: Previous EAP request found for state 0x83bbfe7086d1f355, released from the list
(13) eap: Peer sent packet with method EAP TLS (13)
(13) eap: Calling submodule eap_tls to process data
(13) eap_tls: (TLS) EAP Got additional fragment (1298 bytes). Peer says more fragments will follow
(13) eap_tls: (TLS) EAP ACKing fragment, the peer should send more data.
(13) eap: Sending EAP Request (code 1) ID 107 length 6
(13) eap: EAP session adding &reply:State = 0x83bbfe7085d0f355
(13) [eap] = handled
(13) } # authenticate = handled
(13) Using Post-Auth-Type Challenge
(13) Post-Auth-Type sub-section not found. Ignoring.
(13) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(13) session-state: Saving cached attributes
(13) Framed-MTU = 911
(13) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(13) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(13) } # server inner-tunnel
(13) Virtual server sending reply
(13) EAP-Message = 0x016b00060d00
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e
(13) eap_teap: Phase 2: Stage Authentication
(13) eap_teap: Phase 2: Got tunneled Access-Challenge
(13) eap: Sending EAP Request (code 1) ID 107 length 45
(13) eap: EAP session adding &reply:State = 0x6501da9e686aed03
(13) [eap] = handled
(13) } # authenticate = handled
(13) Using Post-Auth-Type Challenge
(13) # Executing group from file /etc/freeradius/sites-enabled/default
(13) Challenge { ... } # empty sub-section is ignored
(13) session-state: Saving cached attributes
(13) Framed-MTU = 974
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(13) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(13) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(13) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(13) TLS-Session-Version = "TLS 1.2"
(13) Sent Access-Challenge Id 13 from 192.168.4.151:1812 to 192.168.4.151:48174 length 103
(13) EAP-Message = 0x016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b
(13) Message-Authenticator = 0x00000000000000000000000000000000
(13) State = 0x6501da9e686aed03dd76d824d918a37a
(13) Finished request
Waking up in 4.9 seconds.
(14) Received Access-Request Id 14 from 192.168.4.151:48174 to 192.168.4.151:1812 length 316
(14) Message-Authenticator = 0x9df89c02b33d950e479313932c0f1bdc
(14) User-Name = "anonymous"
(14) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(14) Framed-MTU = 1400
(14) NAS-Port-Type = Wireless-802.11
(14) Service-Type = Framed-User
(14) Connect-Info = "CONNECT 11Mbps 802.11b"
(14) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(14) NAS-IP-Address = 192.168.4.20
(14) EAP-Message = 0x026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859
(14) State = 0x6501da9e686aed03dd76d824d918a37a
(14) Restoring &session-state
(14) &session-state:Framed-MTU = 974
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(14) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(14) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) &session-state:TLS-Session-Version = "TLS 1.2"
(14) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(14) authorize {
(14) policy filter_username {
(14) if (&User-Name) {
(14) if (&User-Name) -> TRUE
(14) if (&User-Name) {
(14) if (&User-Name =~ / /) {
(14) if (&User-Name =~ / /) -> FALSE
(14) if (&User-Name =~ /@[^@]*@/ ) {
(14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(14) if (&User-Name =~ /\.\./ ) {
(14) if (&User-Name =~ /\.\./ ) -> FALSE
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(14) if (&User-Name =~ /\.$/) {
(14) if (&User-Name =~ /\.$/) -> FALSE
(14) if (&User-Name =~ mailto:/@\./) {
(14) if (&User-Name =~ mailto:/@\./) -> FALSE
(14) } # if (&User-Name) = notfound
(14) } # policy filter_username = notfound
(14) [preprocess] = ok
(14) [chap] = noop
(14) [mschap] = noop
(14) [digest] = noop
(14) suffix: Checking for suffix after "@"
(14) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(14) suffix: No such realm "NULL"
(14) [suffix] = noop
(14) eap: Peer sent EAP Response (code 2) ID 107 length 152
(14) eap: Continuing tunnel setup
(14) [eap] = ok
(14) } # authorize = ok
(14) Found Auth-Type = eap
(14) # Executing group from file /etc/freeradius/sites-enabled/default
(14) authenticate {
(14) eap: Removing EAP session with state 0x6501da9e686aed03
(14) eap: Previous EAP request found for state 0x6501da9e686aed03, released from the list
(14) eap: Peer sent packet with method EAP TEAP (55)
(14) eap: Calling submodule eap_teap to process data
(14) eap_teap: Authenticate
(14) eap_teap: (TLS) EAP Done initial handshake
(14) eap_teap: Session established. Proceeding to decode tunneled attributes
(14) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(14) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) eap_teap: Phase 2: Got tunneled request
(14) eap_teap: EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) eap_teap: Phase 2: Authentication
(14) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(14) Virtual server inner-tunnel received request
(14) EAP-Message = 0x026b00710d004fa3722b26215e804f53455a5d5b8c216d23a3ca292faf03bec44a462e3e12d27f001fa5e65d69d1d9d40cff109b7589abd5581f48fd097614030300010116030300282f20310812142f839123d004933db87f810adcb1443c2efb9f3f3cd1ff02b14c37a241e00a94267f
(14) FreeRADIUS-Proxied-To = 127.0.0.1
(14) User-Name = mailto:user@example.org
(14) State = 0x83bbfe7085d0f355f9cbfc53fdd80b9e
(14) server inner-tunnel {
(14) Restoring &session-state
(14) &session-state:Framed-MTU = 911
(14) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(14) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(14) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(14) authorize {
(14) policy filter_username {
(14) if (&User-Name) {
(14) if (&User-Name) -> TRUE
(14) if (&User-Name) {
(14) if (&User-Name =~ / /) {
(14) if (&User-Name =~ / /) -> FALSE
(14) if (&User-Name =~ /@[^@]*@/ ) {
(14) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(14) if (&User-Name =~ /\.\./ ) {
(14) if (&User-Name =~ /\.\./ ) -> FALSE
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(14) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(14) if (&User-Name =~ /\.$/) {
(14) if (&User-Name =~ /\.$/) -> FALSE
(14) if (&User-Name =~ mailto:/@\./) {
(14) if (&User-Name =~ mailto:/@\./) -> FALSE
(14) } # if (&User-Name) = notfound
(14) } # policy filter_username = notfound
(14) [chap] = noop
(14) [mschap] = noop
(14) suffix: Checking for suffix after "@"
(14) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(14) suffix: No such realm "example.org"
(14) [suffix] = noop
(14) update control {
(14) &Proxy-To-Realm := LOCAL
(14) } # update control = noop
(14) eap: Peer sent EAP Response (code 2) ID 107 length 113
(14) eap: No EAP Start, assuming it's an on-going EAP conversation
(14) [eap] = updated
(14) [files] = noop
(14) [expiration] = noop
(14) [logintime] = noop
(14) [pap] = noop
(14) } # authorize = updated
(14) Found Auth-Type = eap
(14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(14) authenticate {
(14) eap: Removing EAP session with state 0x83bbfe7085d0f355
(14) eap: Previous EAP request found for state 0x83bbfe7085d0f355, released from the list
(14) eap: Peer sent packet with method EAP TLS (13)
(14) eap: Calling submodule eap_tls to process data
(14) eap_tls: (TLS) EAP Got final fragment (107 bytes) total 2703
(14) eap_tls: (TLS) EAP Done initial handshake
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write server done
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Certificate
(14) eap_tls: (TLS) TLS - Creating attributes from 2 certificate in chain
(14) eap_tls: TLS-Cert-Serial := "07c1092ab93c84caf4a4cebe5ffd49c091f025b2"
(14) eap_tls: TLS-Cert-Expiration := "250413112228Z"
(14) eap_tls: TLS-Cert-Valid-Since := "250212112228Z"
(14) eap_tls: TLS-Cert-Subject := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Cert-Common-Name := "Example Certificate Authority"
(14) eap_tls: TLS-Cert-CRL-Distribution-Points += http://www.example.org/example_ca.crl
(14) eap_tls: (TLS) TLS - Creating attributes from 1 certificate in chain
(14) eap_tls: TLS-Client-Cert-Serial := "02"
(14) eap_tls: TLS-Client-Cert-Expiration := "250413112229Z"
(14) eap_tls: TLS-Client-Cert-Valid-Since := "250212112229Z"
(14) eap_tls: TLS-Client-Cert-Subject := "/C=FR/ST=Radius/O=Example mailto:Inc./CN=user@example.org/emailAddress=user@example.org"
(14) eap_tls: TLS-Client-Cert-Issuer := "/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority"
(14) eap_tls: TLS-Client-Cert-Common-Name := mailto:user@example.org
(14) eap_tls: TLS-Client-Cert-CRL-Distribution-Points += http://www.example.com/example_ca.crl
(14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage += "TLS Web Client Authentication"
(14) eap_tls: TLS-Client-Cert-X509v3-Subject-Key-Identifier += "C0:D4:19:99:E9:00:1D:48:E9:00:1A:54:49:BC:DE:99:F6:3B:D7:15"
(14) eap_tls: TLS-Client-Cert-X509v3-Authority-Key-Identifier += "A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52"
(14) eap_tls: TLS-Client-Cert-X509v3-Extended-Key-Usage-OID += "1.3.6.1.5.5.7.3.2"
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client certificate
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read client key exchange
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read certificate verify
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read change cipher spec
(14) eap_tls: (TLS) TLS - recv TLS 1.2 Handshake, Finished
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS read finished
(14) eap_tls: (TLS) TLS - send TLS 1.2 ChangeCipherSpec
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write change cipher spec
(14) eap_tls: (TLS) TLS - send TLS 1.2 Handshake, Finished
(14) eap_tls: (TLS) TLS - Handshake state - Server SSLv3/TLS write finished
(14) eap_tls: (TLS) TLS - Handshake state - SSL negotiation finished successfully
(14) eap_tls: (TLS) TLS - Connection Established
(14) eap_tls: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) eap_tls: TLS-Session-Version = "TLS 1.2"
(14) eap: Sending EAP Request (code 1) ID 108 length 61
(14) eap: EAP session adding &reply:State = 0x83bbfe7084d7f355
(14) [eap] = handled
(14) } # authenticate = handled
(14) Using Post-Auth-Type Challenge
(14) Post-Auth-Type sub-section not found. Ignoring.
(14) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(14) session-state: Saving cached attributes
(14) Framed-MTU = 911
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify"
(14) TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec"
(14) TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished"
(14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) TLS-Session-Version = "TLS 1.2"
(14) } # server inner-tunnel
(14) Virtual server sending reply
(14) EAP-Message = 0x016c003d0d8000000033140303000101160303002847c8eebd55963cb54e9efba792027375f7e3584ab6d14ddb9fa827af0df9e0dd4d0378470c2ae2a9
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e
(14) eap_teap: Phase 2: Stage Authentication
(14) eap_teap: Phase 2: Got tunneled Access-Challenge
(14) eap: Sending EAP Request (code 1) ID 108 length 100
(14) eap: EAP session adding &reply:State = 0x6501da9e6b6ded03
(14) [eap] = handled
(14) } # authenticate = handled
(14) Using Post-Auth-Type Challenge
(14) # Executing group from file /etc/freeradius/sites-enabled/default
(14) Challenge { ... } # empty sub-section is ignored
(14) session-state: Saving cached attributes
(14) Framed-MTU = 974
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(14) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(14) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(14) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(14) TLS-Session-Version = "TLS 1.2"
(14) Sent Access-Challenge Id 14 from 192.168.4.151:1812 to 192.168.4.151:48174 length 158
(14) EAP-Message = 0x016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5
(14) Message-Authenticator = 0x00000000000000000000000000000000
(14) State = 0x6501da9e6b6ded03dd76d824d918a37a
(14) Finished request
Waking up in 4.9 seconds.
(15) Received Access-Request Id 15 from 192.168.4.151:48174 to 192.168.4.151:1812 length 209
(15) Message-Authenticator = 0xa40374886e256fec561e9328c05e4109
(15) User-Name = "anonymous"
(15) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(15) Framed-MTU = 1400
(15) NAS-Port-Type = Wireless-802.11
(15) Service-Type = Framed-User
(15) Connect-Info = "CONNECT 11Mbps 802.11b"
(15) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(15) NAS-IP-Address = 192.168.4.20
(15) EAP-Message = 0x026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3
(15) State = 0x6501da9e6b6ded03dd76d824d918a37a
(15) Restoring &session-state
(15) &session-state:Framed-MTU = 974
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(15) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) &session-state:TLS-Session-Version = "TLS 1.2"
(15) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(15) authorize {
(15) policy filter_username {
(15) if (&User-Name) {
(15) if (&User-Name) -> TRUE
(15) if (&User-Name) {
(15) if (&User-Name =~ / /) {
(15) if (&User-Name =~ / /) -> FALSE
(15) if (&User-Name =~ /@[^@]*@/ ) {
(15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(15) if (&User-Name =~ /\.\./ ) {
(15) if (&User-Name =~ /\.\./ ) -> FALSE
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(15) if (&User-Name =~ /\.$/) {
(15) if (&User-Name =~ /\.$/) -> FALSE
(15) if (&User-Name =~ mailto:/@\./) {
(15) if (&User-Name =~ mailto:/@\./) -> FALSE
(15) } # if (&User-Name) = notfound
(15) } # policy filter_username = notfound
(15) [preprocess] = ok
(15) [chap] = noop
(15) [mschap] = noop
(15) [digest] = noop
(15) suffix: Checking for suffix after "@"
(15) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(15) suffix: No such realm "NULL"
(15) [suffix] = noop
(15) eap: Peer sent EAP Response (code 2) ID 108 length 45
(15) eap: Continuing tunnel setup
(15) [eap] = ok
(15) } # authorize = ok
(15) Found Auth-Type = eap
(15) # Executing group from file /etc/freeradius/sites-enabled/default
(15) authenticate {
(15) eap: Removing EAP session with state 0x6501da9e6b6ded03
(15) eap: Previous EAP request found for state 0x6501da9e6b6ded03, released from the list
(15) eap: Peer sent packet with method EAP TEAP (55)
(15) eap: Calling submodule eap_teap to process data
(15) eap_teap: Authenticate
(15) eap_teap: (TLS) EAP Done initial handshake
(15) eap_teap: Session established. Proceeding to decode tunneled attributes
(15) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(15) eap_teap: FreeRADIUS-EAP-TEAP-EAP-Payload = 0x026c00060d00
(15) eap_teap: Phase 2: Got tunneled request
(15) eap_teap: EAP-Message = 0x026c00060d00
(15) eap_teap: Phase 2: Authentication
(15) eap_teap: Phase 2: Forcing inner TEAP authentication to &control:EAP-Type = MSCHAPv2
(15) Virtual server inner-tunnel received request
(15) EAP-Message = 0x026c00060d00
(15) FreeRADIUS-Proxied-To = 127.0.0.1
(15) User-Name = mailto:user@example.org
(15) State = 0x83bbfe7084d7f355f9cbfc53fdd80b9e
(15) server inner-tunnel {
(15) Restoring &session-state
(15) &session-state:Framed-MTU = 911
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.3 Handshake, ClientHello"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHello"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, CertificateRequest"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, ServerHelloDone"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Certificate"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, CertificateVerify"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - recv TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 ChangeCipherSpec"
(15) &session-state:TLS-Session-Information = "(TLS) TLS - send TLS 1.2 Handshake, Finished"
(15) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) &session-state:TLS-Session-Version = "TLS 1.2"
(15) # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel
(15) authorize {
(15) policy filter_username {
(15) if (&User-Name) {
(15) if (&User-Name) -> TRUE
(15) if (&User-Name) {
(15) if (&User-Name =~ / /) {
(15) if (&User-Name =~ / /) -> FALSE
(15) if (&User-Name =~ /@[^@]*@/ ) {
(15) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(15) if (&User-Name =~ /\.\./ ) {
(15) if (&User-Name =~ /\.\./ ) -> FALSE
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(15) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(15) if (&User-Name =~ /\.$/) {
(15) if (&User-Name =~ /\.$/) -> FALSE
(15) if (&User-Name =~ mailto:/@\./) {
(15) if (&User-Name =~ mailto:/@\./) -> FALSE
(15) } # if (&User-Name) = notfound
(15) } # policy filter_username = notfound
(15) [chap] = noop
(15) [mschap] = noop
(15) suffix: Checking for suffix after "@"
(15) suffix: Looking up realm "example.org" for User-Name = mailto:user@example.org
(15) suffix: No such realm "example.org"
(15) [suffix] = noop
(15) update control {
(15) &Proxy-To-Realm := LOCAL
(15) } # update control = noop
(15) eap: Peer sent EAP Response (code 2) ID 108 length 6
(15) eap: No EAP Start, assuming it's an on-going EAP conversation
(15) [eap] = updated
(15) [files] = noop
(15) [expiration] = noop
(15) [logintime] = noop
(15) [pap] = noop
(15) } # authorize = updated
(15) Found Auth-Type = eap
(15) # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
(15) authenticate {
(15) eap: Removing EAP session with state 0x83bbfe7084d7f355
(15) eap: Previous EAP request found for state 0x83bbfe7084d7f355, released from the list
(15) eap: Peer sent packet with method EAP TLS (13)
(15) eap: Calling submodule eap_tls to process data
(15) eap_tls: (TLS) Peer ACKed our handshake fragment. handshake is finished
(15) eap: Sending EAP Success (code 3) ID 108 length 4
(15) eap: Freeing handler
(15) [eap] = ok
(15) } # authenticate = ok
(15) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel
(15) post-auth {
(15) if (0) {
(15) if (0) -> FALSE
(15) } # post-auth = noop
(15) } # server inner-tunnel
(15) Virtual server sending reply
(15) MS-MPPE-Recv-Key = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db7
(15) MS-MPPE-Send-Key = 0x3159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e
(15) EAP-MSK = 0xab1734be08884816a508c6f44b0c058c010d7dda183e4229f47c2e309e815db73159245319546b368ede956416028f60f9d76da1ae58b8326650d9bae3485d0e
(15) EAP-EMSK = 0x457028b49ae6c786baac050a6809b14781896214d356eaba00d8c0394b81b484f128973365a45fa304ae62b5432b8b67b3a09e74bec7f9c360ae80d4b73fce8d
(15) EAP-Session-Id = 0x0da18188572a90ca5b7683a3149032802dfd9174b9e38876cc1b72f5b2a15b7e28ba214b95cbecbeb54093ec803db277546647a37d1b61584271afd9461326b213
(15) EAP-Message = 0x036c0004
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) User-Name = mailto:user@example.org
(15) eap_teap: Phase 2: Stage Authentication
(15) eap_teap: Phase 2: Got tunneled Access-Accept
(15) eap_teap: Phase 2: Intermediate-Result = Success
(15) eap_teap: Phase 2: Sending Cryptobinding
(15) eap_teap: Phase 2: Calculating ICMK for round (j = 1)
(15) eap_teap: Phase 2: All inner authentications have succeeded
(15) eap_teap: Phase 2: Result = Success
(15) eap: Sending EAP Request (code 1) ID 109 length 127
(15) eap: EAP session adding &reply:State = 0x6501da9e6a6ced03
(15) [eap] = handled
(15) } # authenticate = handled
(15) Using Post-Auth-Type Challenge
(15) # Executing group from file /etc/freeradius/sites-enabled/default
(15) Challenge { ... } # empty sub-section is ignored
(15) session-state: Saving cached attributes
(15) Framed-MTU = 974
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(15) TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(15) TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(15) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(15) TLS-Session-Version = "TLS 1.2"
(15) Sent Access-Challenge Id 15 from 192.168.4.151:1812 to 192.168.4.151:48174 length 185
(15) EAP-Message = 0x016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b
(15) Message-Authenticator = 0x00000000000000000000000000000000
(15) State = 0x6501da9e6a6ced03dd76d824d918a37a
(15) Finished request
Waking up in 4.9 seconds.
(16) Received Access-Request Id 16 from 192.168.4.151:48174 to 192.168.4.151:1812 length 291
(16) Message-Authenticator = 0xd7189876b0b6015b5824181f72f99123
(16) User-Name = "anonymous"
(16) Calling-Station-Id = "DE-AD-BE-EF-42-42"
(16) Framed-MTU = 1400
(16) NAS-Port-Type = Wireless-802.11
(16) Service-Type = Framed-User
(16) Connect-Info = "CONNECT 11Mbps 802.11b"
(16) Called-Station-Id = "00:11:22:33:44:55:UConnect"
(16) NAS-IP-Address = 192.168.4.20
(16) EAP-Message = 0x026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e
(16) State = 0x6501da9e6a6ced03dd76d824d918a37a
(16) Restoring &session-state
(16) &session-state:Framed-MTU = 974
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHello"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Certificate"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - recv TLS 1.2 Handshake, Finished"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 ChangeCipherSpec"
(16) &session-state:TLS-Session-Information = "(TLS) TEAP - send TLS 1.2 Handshake, Finished"
(16) &session-state:TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(16) &session-state:TLS-Session-Version = "TLS 1.2"
(16) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(16) authorize {
(16) policy filter_username {
(16) if (&User-Name) {
(16) if (&User-Name) -> TRUE
(16) if (&User-Name) {
(16) if (&User-Name =~ / /) {
(16) if (&User-Name =~ / /) -> FALSE
(16) if (&User-Name =~ /@[^@]*@/ ) {
(16) if (&User-Name =~ /@[^@]*@/ ) -> FALSE
(16) if (&User-Name =~ /\.\./ ) {
(16) if (&User-Name =~ /\.\./ ) -> FALSE
(16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) {
(16) if ((&User-Name =~ /@/) && (&User-Name !~ mailto:/@(.+)\.(.+)$/)) -> FALSE
(16) if (&User-Name =~ /\.$/) {
(16) if (&User-Name =~ /\.$/) -> FALSE
(16) if (&User-Name =~ mailto:/@\./) {
(16) if (&User-Name =~ mailto:/@\./) -> FALSE
(16) } # if (&User-Name) = notfound
(16) } # policy filter_username = notfound
(16) [preprocess] = ok
(16) [chap] = noop
(16) [mschap] = noop
(16) [digest] = noop
(16) suffix: Checking for suffix after "@"
(16) suffix: No '@' in User-Name = "anonymous", looking up realm NULL
(16) suffix: No such realm "NULL"
(16) [suffix] = noop
(16) eap: Peer sent EAP Response (code 2) ID 109 length 127
(16) eap: Continuing tunnel setup
(16) [eap] = ok
(16) } # authorize = ok
(16) Found Auth-Type = eap
(16) # Executing group from file /etc/freeradius/sites-enabled/default
(16) authenticate {
(16) eap: Removing EAP session with state 0x6501da9e6a6ced03
(16) eap: Previous EAP request found for state 0x6501da9e6a6ced03, released from the list
(16) eap: Peer sent packet with method EAP TEAP (55)
(16) eap: Calling submodule eap_teap to process data
(16) eap_teap: Authenticate
(16) eap_teap: (TLS) EAP Done initial handshake
(16) eap_teap: Session established. Proceeding to decode tunneled attributes
(16) eap_teap: Phase 2: Got Tunneled TEAP TLVs
(16) eap_teap: FreeRADIUS-EAP-TEAP-Intermediate-Result = Success
(16) eap_teap: FreeRADIUS-EAP-TEAP-Result = Success
(16) eap_teap: FreeRADIUS-EAP-TEAP-Crypto-Binding = 0x0001013102d60ab4c0b469590ebcb606ba04c14498e8384e848fd102f93e03c5da855d2ddd71031af74465d8ba7c029d747f50f30daed36d3c70056f802f8a7f78742b4164a8e857d44f35cf
(16) eap: Sending EAP Success (code 3) ID 109 length 4
(16) eap: Freeing handler
(16) [eap] = ok
(16) } # authenticate = ok
(16) # Executing section post-auth from file /etc/freeradius/sites-enabled/default
(16) post-auth {
(16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) {
(16) if (session-state:User-Name && reply:User-Name && request:User-Name && (reply:User-Name == request:User-Name)) -> FALSE
(16) update {
(16) &reply::Framed-MTU += &session-state:Framed-MTU[*] -> 974
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.3 Handshake, ClientHello'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHello'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Certificate'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerKeyExchange'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, ServerHelloDone'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, ClientKeyExchange'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - recv TLS 1.2 Handshake, Finished'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 ChangeCipherSpec'
(16) &reply::TLS-Session-Information += &session-state:TLS-Session-Information[*] -> '(TLS) TEAP - send TLS 1.2 Handshake, Finished'
(16) &reply::TLS-Session-Cipher-Suite += &session-state:TLS-Session-Cipher-Suite[*] -> 'ECDHE-RSA-AES256-GCM-SHA384'
(16) &reply::TLS-Session-Version += &session-state:TLS-Session-Version[*] -> 'TLS 1.2'
(16) } # update = noop
(16) [exec] = noop
(16) policy remove_reply_message_if_eap {
(16) if (&reply:EAP-Message && &reply:Reply-Message) {
(16) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(16) else {
(16) [noop] = noop
(16) } # else = noop
(16) } # policy remove_reply_message_if_eap = noop
(16) if (EAP-Key-Name && &reply:EAP-Session-Id) {
(16) if (EAP-Key-Name && &reply:EAP-Session-Id) -> FALSE
(16) } # post-auth = noop
(16) Sent Access-Accept Id 16 from 192.168.4.151:1812 to 192.168.4.151:48174 length 177
(16) MS-MPPE-Recv-Key = 0xee59aa95cffe96ce43dec130a01484acdd7222baa3cd822bf0eb9da56be2e489
(16) MS-MPPE-Send-Key = 0x8e09c39543cbd159100a92a24f70edfe6d089fb9ce28d459539fe48fc1c9f427
(16) EAP-Message = 0x036d0004
(16) Message-Authenticator = 0x00000000000000000000000000000000
(16) User-Name = "anonymous"
(16) Framed-MTU += 974
(16) Finished request
Waking up in 4.9 seconds.
------------------------------------------------------------------------------------------------------------------
Here is the log of TEAP TLS from eapol_test:
root@debian-freeradius:~/wpa_supplicant-2.11# /usr/local/bin/eapol_test -c teap_user.conf -s secret -a 192.168.4.151 -M de:ad:be:ef:42:42 -N 30:s:00:11:22:33:44:55:UConnect -N4:x:c0a80414
Reading configuration file 'teap_user.conf'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=8):
55 43 6f 6e 6e 65 63 74 UConnect
key_mgmt: 0x8
eap methods - hexdump(len=16): 00 00 00 00 37 00 00 00 00 00 00 00 00 00 00 00
phase1 - hexdump_ascii(len=66):
74 65 61 70 5f 63 6f 6d 70 61 74 3d 66 72 65 65 teap_compat=free
72 61 64 69 75 73 2c 74 6c 73 5f 64 69 73 61 62 radius,tls_disab
6c 65 5f 74 6c 73 76 31 5f 30 3d 31 2c 74 6c 73 le_tlsv1_0=1,tls
5f 64 69 73 61 62 6c 65 5f 74 6c 73 76 31 5f 31 _disable_tlsv1_1
3d 31 =1
pac_file - hexdump_ascii(len=0):
anonymous_identity - hexdump_ascii(len=9):
61 6e 6f 6e 79 6d 6f 75 73 anonymous
identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user@example.org
phase2 - hexdump_ascii(len=11):
61 75 74 68 65 61 70 3d 54 4c 53 autheap=TLS
ca_cert - hexdump_ascii(len=28):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 61 2e 64 65 72 certs/ca.der
ca_cert2 - hexdump_ascii(len=28):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 61 2e 70 65 6d certs/ca.pem
client_cert2 - hexdump_ascii(len=32):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 70 65 6d certs/client.pem
private_key2 - hexdump_ascii(len=32):
2f 65 74 63 2f 66 72 65 65 72 61 64 69 75 73 2f /etc/freeradius/
63 65 72 74 73 2f 63 6c 69 65 6e 74 2e 6b 65 79 certs/client.key
private_key2_passwd - hexdump_ascii(len=8):
77 68 61 74 65 76 65 72 whatever
Priority group 0
id=0 ssid='UConnect'
Authentication server 192.168.4.151:1812
RADIUS local address: 192.168.4.151:48174
ENGINE: Loading builtin engines
ENGINE: Loading builtin engines
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Sending fake EAP-Request-Identity
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=93 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: Status notification: started (param=)
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
61 6e 6f 6e 79 6d 6f 75 73 anonymous
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=14)
TX EAP -> RADIUS - hexdump(len=14): 02 5d 00 0e 01 61 6e 6f 6e 79 6d 6f 75 73
Encapsulating EAP message into a RADIUS packet
Learned identity from EAP-Response-Identity - hexdump(len=9): 61 6e 6f 6e 79 6d 6f 75 73
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=0 length=160
Attribute 80 (Message-Authenticator) length=18
Value: c938b5ec4719f3cb4f38776ab8243bac
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=16
Value: 025d000e01616e6f6e796d6f7573
RADIUS: Send 160 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 80 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=0 length=80
Attribute 80 (Message-Authenticator) length=18
Value: 151cc4c4d2e9b64c942bf5233651ea0c
Attribute 79 (EAP-Message) length=24
Value: 015e001604103f9a6c780e20a2ce97b652c4f8ec438e
Attribute 24 (State) length=18
Value: 6501da9e655fde03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=94 len=22) from RADIUS server: EAP-Request-MD5 (4)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=94 method=4 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 4
EAP: vendor 0 method 4 not allowed
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
EAP: Status notification: refuse proposed method (param=MD5)
EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 37
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 5e 00 06 03 37
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=1 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 29df9753dac0a17e614ec7d921f2799c
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 025e00060337
Attribute 24 (State) length=18
Value: 6501da9e655fde03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 76 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=1 length=76
Attribute 80 (Message-Authenticator) length=18
Value: 6a4862edf13113214f7faa287c25a6fb
Attribute 79 (EAP-Message) length=20
Value: 015f00123731000000080001000431323334
Attribute 24 (State) length=18
Value: 6501da9e645eed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=95 len=18) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=95 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=55
EAP: Status notification: accept proposed method (param=TEAP)
EAP: Initialize selected EAP method: vendor 0 method 55 (TEAP)
TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00
TLS: using phase1 config options
OpenSSL: tls_connection_ca_cert - Failed to load root certificates error:05800088:x509 certificate routines::no certificate or crl found
OpenSSL: tls_connection_ca_cert - loaded DER format CA certificate
EAP-TEAP: No PAC file '' - assume no PAC entries have been provisioned
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 55 (TEAP) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=18) - Flags 0x31
EAP-TEAP: Start (server ver=1, own ver=1)
EAP-TEAP: Using TEAP version 1
EAP-TEAP: Start message payload - hexdump(len=12): 00 00 00 08 00 01 00 04 31 32 33 34
EAP-TEAP: Start message Outer TLVs - hexdump(len=8): 00 01 00 04 31 32 33 34
EAP-TEAP: Outer TLV: Type=1 Length=4
EAP-TEAP: Authority-ID - hexdump(len=4): 31 32 33 34
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b7
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=183): 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 188 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 188 bytes left to be sent out (of total 188 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f64c20
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=194)
TX EAP -> RADIUS - hexdump(len=194): 02 5f 00 c2 37 01 16 03 01 00 b7 01 00 00 b3 03 03 b3 ad ab 7f c0 e5 48 26 60 e9 97 2d ac 89 63 21 38 d4 68 6b 47 b0 a0 0a 24 fe 95 f3 05 15 ed 93 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 52 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=2 length=358
Attribute 80 (Message-Authenticator) length=18
Value: 2a6f6c950df89f514c76e62f7965e649
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=196
Value: 025f00c2370116030100b7010000b30303b3adab7fc0e5482660e9972dac89632138d4686b47b0a00a24fe95f30515ed93000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000052000b000403000102000a000c000a001d0017001e00190018002300000016000000170000000d002a0028040305030603080708080809080a080b080408050806040105010601030303010302040205020602
Attribute 24 (State) length=18
Value: 6501da9e645eed03dd76d824d918a37a
RADIUS: Send 358 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1048 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=2 length=1048
Attribute 80 (Message-Authenticator) length=18
Value: 7ab1c01749d761b76dc804248d8f7774
Attribute 79 (EAP-Message) length=255
Value: 016003d837c100000ac6160303003d0200003903038f2da11ae8e4a9d2008d944ffa08071b7500ca3a0f7d150cf6877a5d06b8bd4800c030000011ff01000100000b0004030001020017000016030309450b00094100093e00043a308204363082031ea003020102020101300d06092a864886f70d01010b0500308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c65204365
Attribute 79 (EAP-Message) length=255
Value: 72746966696361746520417574686f72697479301e170d3235303231323131323232395a170d3235303431333131323232395a307c310b3009060355040613024652310f300d06035504080c0652616469757331153013060355040a0c0c4578616d706c6520496e632e3123302106035504030c1a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e6f726730820122300d06092a864886f70d01010105000382010f003082010a0282010100b3edbbc6f0df4851e5e65706c955eff059f9889c6ce15d1252c933f5b7d84ef3fb2de818eb6060710e8bdb
Attribute 79 (EAP-Message) length=255
Value: 39634e238087e88ad274b4b497a9d5924dc5ce01fd1cce8096231211e0359e8ccecb78cd362ea5e64d59c0188ce8e55ff97ebdc5846323e6acf86c45006a98b69c5749df3574e3395119dfd31d42693a253acfcfb8fa95f00c4ef6e35e04a3380c5cf0fdf10bc4124ca2cb763c913e9d3bbe295cdb4f04bf9cf458b644b13cf23301b14f7f1e7c613a2d13b98b44d45f188c568594ad5951c80372f010fdac6eca6f78c94df8d9012d51dafa1e87e6584046bdfb3ad923e4e98edede4e401ad2d9580ac73859d3193bada2b33f9f09e18cc761d38d0203010001a381aa3081a730130603551d25040c300a06082b0601050507030130360603551d1f04
Attribute 79 (EAP-Message) length=227
Value: 2f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e636f6d2f6578616d706c655f63612e63726c30180603551d200411300f300d060b2b0601040182be68010302301d0603551d0e04160414c0f613a262ad5ee53e77fada04299eb081b1802d301f0603551d23041830168014a68b8782fdf060ffecd2f37fe80fa76de241a352300d06092a864886f70d01010b050003820101002ae3260d8b01f1452de49cc0fb89eeab041571329b014eeb1461987ee823c2df88bb071075e42483679c72df85707c0837b10ed529cc9815ba6114b63fbe6605b8602b
Attribute 24 (State) length=18
Value: 6501da9e6761ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=96 len=984) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=96 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=984) - Flags 0xc1
SSL: TLS Message Length: 2758
SSL: Need 1784 bytes more input data
SSL: Building ACK (type=55 id=96 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 60 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=3 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 903dc237de7c9b8695484a34ea240185
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026000063701
Attribute 24 (State) length=18
Value: 6501da9e6761ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1044 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=3 length=1044
Attribute 80 (Message-Authenticator) length=18
Value: c52d4c7279d4f4c2db0eff6d68ad7287
Attribute 79 (EAP-Message) length=255
Value: 016103d43741a332fe465d6ca3da54ce4106656170713c77fb3013d01c3374cb86ed0cb686ab878136acfecf9f6fb2e076cf99130fdfb39eaed1e8536756d0957288b829ae7b446618fbded540de385d7a530018b7537d8d4a80cbc5e76748752bd1e79e8cfb7c7f1857cf3278dcf3f8a53ea49f088123c3ec711a282ee0ab37b8da0db4a83eec4dfc278fad71aaed061a0eb0e22751d1be587207e322a610e5d88a7ba0b21cb37206add13e48e487a956dd65ddb4e2bd9d8ad6a80b117a143e12463e0004fe308204fa308203e2a003020102021407c1092ab93c84caf4a4cebe5ffd49c091f025b2300d06092a864886f70d01010b0500308193310b
Attribute 79 (EAP-Message) length=255
Value: 3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479301e170d3235303231323131323232385a170d3235303431333131323232385a308193310b3009060355040613024652310f300d06035504080c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e
Attribute 79 (EAP-Message) length=255
Value: 3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd129d8ad92c9fb1d32e681a41e42e273937169569938c27a6843ae9d4862869a470c15eb091b89cbbc61b013a0fa39806a6c8b7d33e8968c2016329be59ccb4fb74204f4e6d0245c73d369e7c596920fe10985242a271a5cae50ef77694bef9c1f5ef0037a370816e13f9ce6ea298abf3decb6669158f19725bff4f52307d914bedfc40865628f660ad8055650ab09c9351
Attribute 79 (EAP-Message) length=223
Value: c4c72596430ded0a8883876426b4f7f5615bf2d4a4f43dd01fa43d3f4e5321c2062488ef05b2f61e2a4f534b6f411ac1e20e0a3a30b49bcc3fa51058903aab26d2380399a1fdfc9753961f8eff7fd23ac3b69a975599b30001e84c31b4245d2331c09109f5028cc5415a74fcfca10203010001a38201423082013e301d0603551d0e04160414a68b8782fdf060ffecd2f37fe80fa76de241a3523081d30603551d230481cb3081c88014a68b8782fdf060ffecd2f37fe80fa76de241a352a18199a48196308193310b3009060355040613024652310f300d0603550408
Attribute 24 (State) length=18
Value: 6501da9e6660ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=97 len=980) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=97 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=980) - Flags 0x41
SSL: Need 810 bytes more input data
SSL: Building ACK (type=55 id=97 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f5d460
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 61 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=4 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 4d13af065dc545684c8ff755999fea16
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026100063701
Attribute 24 (State) length=18
Value: 6501da9e6660ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 880 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=4 length=880
Attribute 80 (Message-Authenticator) length=18
Value: 85072cc92d6cad07db05b0626508de28
Attribute 79 (EAP-Message) length=255
Value: 0162033037010c065261646975733112301006035504070c09536f6d65776865726531153013060355040a0c0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e6f72673126302406035504030c1d4578616d706c6520436572746966696361746520417574686f72697479821407c1092ab93c84caf4a4cebe5ffd49c091f025b2300f0603551d130101ff040530030101ff30360603551d1f042f302d302ba029a0278625687474703a2f2f7777772e6578616d706c652e6f72672f6578616d706c655f63612e63726c300d06092a864886f70d01010b05000382010100b1fbfdd99b0946
Attribute 79 (EAP-Message) length=255
Value: e14a71a6cc445581bb32d6a317d4c99d466f16982e189d83025d9cad8425a759d7e745eded6eec71ab3ce454c4f767868117d8d328ac44f63bc8984dc7a2447d1f405b614363101942d640f17b4fbe4566fba6d0c31970a84b413e9d863f214640e61f93de5504f2ed558348c54bb93828b44a14d4404b63ec9602566afd3cb791365eb9572cf69b14da2d40eda3d7d9c697942b70e886be0d967b1a8f88826535f2c6e56c3624ff7c3db9cfd65b3bcc628a0013a29d8af217af8b9966fa2dd828ebd4177ecdb6f2cd3dbb21e6c9337cdcb02885c58e46b4a16599640ca4504673701127b09e5d89aa1cecf087be1a5043d2498049a99aee1d16030301
Attribute 79 (EAP-Message) length=255
Value: 2c0c00012803001d202f3af9a5771ab2bab98cc5db3f6d9efdf4479fd3e35e9f42c9157459dfc9631d08040100060459f7b8432201b9d32f9a924a2192588715e3d4a716ffa75415c7a518025bf0143bbb03d7445421fafd08c2ad9b49c9c835f1dc7b04ef1d79814af7c6ff10f4e328b4ba9989c8ab738a6195d4ad898c078db5d10759b51749e8d7ea5b3d4ba8f394320c74bdfb713fd502cba50f356b2b5b6944ec630b0702332802bd74194a8025f2d459622393c8efe01e7c467b723ebfea4ed3a5c054361845eb51bf745eac97b8c8a689a969569ec92a6987b89e6a25c94ba8c9c711041fef2ce8e41e3b85bbece56a92f846c6672afb7e91ca
Attribute 79 (EAP-Message) length=59
Value: c21c0858279dc926b171dfd9346344a34ba081a860542b4ee433e676643ed2a94b82478d68d92929c31d4fe34e148edb16030300040e000000
Attribute 24 (State) length=18
Value: 6501da9e6163ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=98 len=816) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=98 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=816) - Flags 0x01
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 8f 2d a1 1a e8 e4 a9 d2 00 8d 94 4f fa 08 07 1b 75 00 ca 3a 0f 7d 15 0c f6 87 7a 5d 06 b8 bd 48 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 45
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
OpenSSL: Peer certificate - depth 1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:28 2025 GMT
Not After : Apr 13 11:22:28 2025 GMT
Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4:
2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4:
86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01:
3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63:
29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d:
36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca:
e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81:
6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f:
19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56:
28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25:
96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b:
f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06:
24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1:
e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab:
26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f:
d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4:
24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc:
fc:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
X509v3 Authority Key Identifier:
keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority
serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.org/example_ca.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6:
a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84:
25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67:
86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f:
40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6:
d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de:
55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b:
63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14:
da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b:
1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6:
5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d:
d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc:
b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11:
27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49:
a9:9a:ee:1d
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority'
OpenSSL: Peer certificate - depth 0
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:29 2025 GMT
Not After : Apr 13 11:22:29 2025 GMT
Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin@example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55:
ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7:
d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39:
63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92:
4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e:
8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8:
e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00:
6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3:
1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6:
e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2:
cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c:
f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61:
3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59:
51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8:
d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a:
d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7:
38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61:
d3:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.2
X509v3 Subject Key Identifier:
C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D
X509v3 Authority Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15:
71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10:
75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc:
98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d:
6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c:
33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2:
e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72:
88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00:
18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c:
fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23:
c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc:
27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07:
e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48:
e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14:
3e:12:46:3e
OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 2f 3a f9 a5 77 1a b2 ba b9 8c c5 db 3f 6d 9e fd f4 47 9f d3 e3 5e 9f 42 c9 15 74 59 df c9 63 1d 08 04 01 00 06 04 59 f7 b8 43 22 01 b9 d3 2f 9a 92 4a 21 92 58 87 15 e3 d4 a7 16 ff a7 54 15 c7 a5 18 02 5b f0 14 3b bb 03 d7 44 54 21 fa fd 08 c2 ad 9b 49 c9 c8 35 f1 dc 7b 04 ef 1d 79 81 4a f7 c6 ff 10 f4 e3 28 b4 ba 99 89 c8 ab 73 8a 61 95 d4 ad 89 8c 07 8d b5 d1 07 59 b5 17 49 e8 d7 ea 5b 3d 4b a8 f3 94 32 0c 74 bd fb 71 3f d5 02 cb a5 0f 35 6b 2b 5b 69 44 ec 63 0b 07 02 33 28 02 bd 74 19 4a 80 25 f2 d4 59 62 23 93 c8 ef e0 1e 7c 46 7b 72 3e bf ea 4e d3 a5 c0 54 36 18 45 eb 51 bf 74 5e ac 97 b8 c8 a6 89 a9 69 56 9e c9 2a 69 87 b8 9e 6a 25 c9 4b a8 c9 c7 11 04 1f ef 2c e8 e4 1e 3b 85 bb ec e5 6a 92 f8 46 c6 67 2a fb 7e 91 ca c2 1c 08 58 27 9d c9 26 b1 71 df d9 34 63 44 a3 4b a0 81 a8 60 54 2b 4e e4 33 e6 76 64 3e d2 a9 4b 82 47 8d 68 d9 29 29 c3 1d 4f e3 4e 14 8e db
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 25
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 6f bf 86 34 6f 24 32 54 81 16 df a7
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 93 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 93 bytes left to be sent out (of total 93 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f999e0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=99)
TX EAP -> RADIUS - hexdump(len=99): 02 62 00 63 37 01 16 03 03 00 25 10 00 00 21 20 3f db 36 c4 2c 17 8b 84 fb 58 db c2 73 b1 66 92 2e 8e 5f 78 96 6a 11 0c 08 67 14 4c 60 05 4f 7d 14 03 03 00 01 01 16 03 03 00 28 c3 e8 e0 9e c8 57 32 1f 4d ac fd f4 ad e4 ab 6e 51 f3 2c d7 df 5e 53 43 ab 24 76 c1 38 ce d4 51 8b bc a5 91 da 91 32 16
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=5 length=263
Attribute 80 (Message-Authenticator) length=18
Value: ac942cbe3238ab49d9798f0793b2bf92
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=101
Value: 026200633701160303002510000021203fdb36c42c178b84fb58dbc273b166922e8e5f78966a110c0867144c60054f7d1403030001011603030028c3e8e09ec857321f4dacfdf4ade4ab6e51f32cd7df5e5343ab2476c138ced4518bbca591da913216
Attribute 24 (State) length=18
Value: 6501da9e6163ed03dd76d824d918a37a
RADIUS: Send 263 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 115 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=5 length=115
Attribute 80 (Message-Authenticator) length=18
Value: 9ca1e640bda17e98b6ec87662235aa43
Attribute 79 (EAP-Message) length=59
Value: 0163003937011403030001011603030028288983a38fe43b638f42770f5543607f0558b5ec34693ea104c35ec383476e8483bd43497710874d
Attribute 24 (State) length=18
Value: 6501da9e6062ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=99 len=57) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=99 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=57) - Flags 0x01
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c c0 41 9f fe 54 fe 17 d3 7e 6b ab e4
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-TEAP: TLS done, proceed to Phase 2
EAP-TEAP: TLS cipher suite 0xc030
EAP-TEAP: session_key_seed (S-IMCK[0]) - hexdump(len=40): be 01 98 da 56 38 7c 95 5f 03 2f a4 4a 06 47 15 80 64 8e d7 38 ef 8f fc f3 0c fa c8 73 4a 37 2a 9d ec 4b d8 89 d3 1f ff
SSL: Building ACK (type=55 id=99 ver=1)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f952b0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=6)
TX EAP -> RADIUS - hexdump(len=6): 02 63 00 06 37 01
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=6 length=170
Attribute 80 (Message-Authenticator) length=18
Value: 6043b27893fa00ef96c925d17ad0af71
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=8
Value: 026300063701
Attribute 24 (State) length=18
Value: 6501da9e6062ed03dd76d824d918a37a
RADIUS: Send 170 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 108 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=6 length=108
Attribute 80 (Message-Authenticator) length=18
Value: f5c228a213b5a4bfdbf1384a68b6c04e
Attribute 79 (EAP-Message) length=52
Value: 0164003237011703030027288983a38fe43b64a59087aba7cf508c7e0a35e94014fc7224e15fb13dbf6c1b14d1cf07d454d7
Attribute 24 (State) length=18
Value: 6501da9e6365ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=100 len=50) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=100 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=50) - Flags 0x01
EAP-TEAP: Received 44 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 27
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=15): 00 02 00 02 00 01 80 09 00 05 01 64 00 05 01
EAP-TEAP: Received Phase 2: TLV type 2 (Identity-Type) length 2
EAP-TEAP: Identity-Type: 1
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 5 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=5): 01 64 00 05 01
TLS: Phase2 EAP types - hexdump(len=96): 00 00 00 00 04 00 00 00 00 00 00 00 0d 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 2e 00 00 00 00 00 00 00 30 00 00 00 00 00 00 00 33 00 00 00 00 00 00 00 31 00 00 00 00 00 00 00 26 00 00 00 00 00 00 00 34 00 00 00
EAP-TEAP: Phase 2 Request: type=0:1
EAP: using real identity - hexdump_ascii(len=16):
75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 mailto:user@example.org
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Add Identity-Type TLV(Identity-Type=1)
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=31): 80 09 00 15 02 64 00 15 01 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 00 02 00 02 00 01
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 37
SSL: 60 bytes left to be sent out (of total 60 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f81b50
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=66)
TX EAP -> RADIUS - hexdump(len=66): 02 64 00 42 37 01 17 03 03 00 37 c3 e8 e0 9e c8 57 32 20 2b 5a ef 90 ad 91 c4 37 06 69 6a a3 b3 d9 f4 43 f8 8d 51 52 e8 89 06 a5 31 d5 2f 11 c5 08 89 17 08 31 31 b5 26 35 4f 25 a3 33 b3 8a f1 4f 4b
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=7 length=230
Attribute 80 (Message-Authenticator) length=18
Value: f411907430aea9ad5d123ca2c73ab728
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=68
Value: 0264004237011703030037c3e8e09ec85732202b5aef90ad91c43706696aa3b3d9f443f88d5152e88906a531d52f11c5088917083131b526354f25a333b38af14f4b
Attribute 24 (State) length=18
Value: 6501da9e6365ed03dd76d824d918a37a
RADIUS: Send 230 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=7 length=103
Attribute 80 (Message-Authenticator) length=18
Value: dacf01aecca7fb8a1420fe71994dde06
Attribute 79 (EAP-Message) length=47
Value: 0165002d37011703030022288983a38fe43b655c66480b9f0b485d46c7fb024fa8c21d117c66f781d04cdb8fda
Attribute 24 (State) length=18
Value: 6501da9e6264ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=101 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=101 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 65 00 06 0d 20
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 65 00 06 0d 20
EAP-TEAP: Phase 2 Request: type=0:13
EAP-TEAP: Selected Phase 2 EAP vendor 0 method 13
TLS: using phase2 config options
TLS: Trusted root certificate(s) loaded
OpenSSL: SSL_use_certificate_chain_file --> OK
OpenSSL: tls_use_private_key_file (PEM) --> loaded
SSL: Private key loaded successfully
SSL: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before SSL initialization
OpenSSL: TX ver=0x301 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 01 00 b3
OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello)
OpenSSL: Message - hexdump(len=179): 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write client hello
SSL: SSL_connect - want more data
SSL: 184 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 184 bytes left to be sent out (of total 184 bytes)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=194): 80 09 00 be 02 65 00 be 0d 00 16 03 01 00 b3 01 00 00 af 03 03 a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 00 00 38 c0 2c c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c 00 35 00 2f 00 ff 01 00 00 4e 00 0b 00 04 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 2a 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 da
SSL: 223 bytes left to be sent out (of total 223 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9c890
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=229)
TX EAP -> RADIUS - hexdump(len=229): 02 65 00 e5 37 01 17 03 03 00 da c3 e8 e0 9e c8 57 32 21 ff 5f 3d 27 56 32 2e a0 6f b9 1d 2a 1b 72 e6 48 b5 4b f4 2d 9d 15 80 e0 6a 25 7a 30 e1 72 b5 42 28 a4 31 23 1b be ea 32 e5 76 84 e7 05 f8 79 f8 73 48 0e 40 5c 3a 12 65 86 7b 5f 5b 32 db 50 e7 d5 51 71 6a 63 70 5c 1f bc 18 c7 22 51 65 9d 21 10 59 c8 e4 ad eb 75 28 1f 39 eb 76 3a 99 e4 ba 41 7b 1e aa 8f 55 bc da 98 72 03 eb 5b 43 e5 02 95 69 b8 b9 4b 9e 78 52 3c db f8 13 16 a2 d0 6f cd 5b e7 65 9b ec d9 09 cb fa d2 47 09 0b fb 8e 46 df b9 c9 f8 b3 12 38 13 ed ba ae 2d cd 83 50 80 12 23 5b 1b 46 fb 70 36 23 39 6b f1 c7 fd 1a 79 48 aa 5a 8b cb ee 89 a4 e0 ce 65 89 12 72 64 bc 80 3f 38 fd 12 94 bb 7e fc a5 de 74 da c5 b6 59 10
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=8 length=393
Attribute 80 (Message-Authenticator) length=18
Value: e493082daabdc7c517d0a060a4f96aa0
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=231
Value: 026500e5370117030300dac3e8e09ec8573221ff5f3d2756322ea06fb91d2a1b72e648b54bf42d9d1580e06a257a30e172b54228a431231bbeea32e57684e705f879f873480e405c3a1265867b5f5b32db50e7d551716a63705c1fbc18c72251659d211059c8e4adeb75281f39eb763a99e4ba417b1eaa8f55bcda987203eb5b43e5029569b8b94b9e78523cdbf81316a2d06fcd5be7659becd909cbfad247090bfb8e46dfb9c9f8b3123813edbaae2dcd83508012235b1b46fb703623396bf1c7fd1a7948aa5a8bcbee89a4e0ce6589127264bc803f38fd1294bb7efca5de74dac5b65910
Attribute 24 (State) length=18
Value: 6501da9e6264ed03dd76d824d918a37a
RADIUS: Send 393 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=8 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: b2165d524c3c26ce1315cdcc36ed639a
Attribute 79 (EAP-Message) length=255
Value: 016603bc370117030303b1288983a38fe43b6691525344bcb7cf514e89621ce2b1b61b0f554412fde0bf91b4506e4585b5b4e84081284289e86d317e8c5d1033a6091e99aee31cfdd8b0c67e72f5a5e699016f419eb846770c281d5c4ec3795ef50d98d6cc455070c2715f68f6f256db9fac7b2638958a98a09998f66bc89e7e11eee57d1c848f941c7542c994abbce3ecaf5dbbc32b0c770f17043a887b9e1510a8254002334f321aa3f1a61a0aa0da5896f44cd206c03a7fca26e79b602259f94e52b45cb06fc1cef7b42a577c120f847f2f1f14bab6a3144d75a82f8a62e40d8b9936b8fa22826fd0ae751363100ab7235b6bed0d109d9f1e72add3
Attribute 79 (EAP-Message) length=255
Value: ae167a94d8375a683beed2962ef11a3d6fa9fe0424a67e9d5a815274699a65ff686c73d22af88575da413514cd68bf49da39c61bc8a74b5022f92bf406ed62fe687413efbd7baf39600cb60ecdd2704b7e7bce64b2ef25c65eeb62ca089e8542b530da1879104d9949aa87afd30f7e56678ead260b498d6a62b8100ec74e43e5de0b3caafe6a8eb22251089d2727bf70ae442ff47067ba08d99191c566cf1067ec9e5ed0bd82931794b58a98e953d2ee36795e9bbe4f030fc1534669054510d060a5f5ec7ca7adfcaa94b68f82fa82e7447f7d384acb93b0b03ca8d178b1741937dd125e9273222f98a21e75bb05df6f018f92d6387624197a9257b0ea
Attribute 79 (EAP-Message) length=255
Value: ff7e5b8a665dcb13dc1717b00ba7fc9dd6a948f9b2400896c622efbc798547e52537df38601441ece59cfd7d186591c7d0fc89fd0a2e288b905692d72731bd7933ad933fd7ba5ade01eb4b528246135832bb8a1146d3d511016b1d61e387534197d92c4ed536d649800263602edeb6e79e48e5bd0c19ab11fb9fbb78846de1e50407f5f310fd3ef4dfc7550fd9aa070b1d601ff197eee4a2c0ce80ce0895a00347a6d4ff5a03677029e3a8f931501f91c517d3a061611d9c6c4f3b9da57f04680acb3653bd132cbc047a609bf8322203e372b4be55aec4851aa1977cb01f0c442f5051bba67f7989340b124243e08b44216b8eba5e3f47bc349c01411e
Attribute 79 (EAP-Message) length=199
Value: 426259f595318b8b2bccd44458f39dc95f659d3b969793186305b44b4b7c332bc659c253b93b177c62db085a34db28a5b4ebdda793a5d077d5ff3e011fdc97681566e9aa6077d57d284943255bda653c55e6c5c488d14962beddcf42af2d317e922fa473fb73f67897bf4c7b2bc63ea48d6b553c68b786d2bfaa17d60f1a7942efaaa4f462d3305c3fb51289f3ab28be735ddfc560944df8b73d13d5a4cbd6845f0f9a534fa7f79aa4a926e722a68d12ed6330f3571f078cd3225ed3e0528df4cbdd5614ba
Attribute 24 (State) length=18
Value: 6501da9e6d67ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=102 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=102 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 66 03 95 0d c0 00 00 0b 97 16 03 03 00 3d 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00 16 03 03 09 45 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 2060 bytes more input data
SSL: Building ACK (type=13 id=102 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 66 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f707c0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 66 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 22 3b b2 5a 90 15 90 a0 6f 1c 4e a0 d7 34 74 ff 23 e8 e8 b4 3a 23 bd 4a 5d 2b 58
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=9 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 341b277c653c83befd143024adf91a2e
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0266002d37011703030022c3e8e09ec85732223bb25a901590a06f1c4ea0d73474ff23e8e8b43a23bd4a5d2b58
Attribute 24 (State) length=18
Value: 6501da9e6d67ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=9 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: e733fb8a0afa0d6a714ffa250c31c0ab
Attribute 79 (EAP-Message) length=255
Value: 016703bc370117030303b1288983a38fe43b676f3510dd2f99d961a692c8b8ca1e61c671fd90ad8f09a71923d4d81d04fcf0cbce7ed698e4ee18d01deaf98aa08340130e516fee5db19942bcafae8e75c49f8579ad7b6ef0553990b2e09148b8b23f3eb85974afb400efa78c26c779f5e0bad11e31117cd9858bff84893b0bfbd2982eb4267b4602ce4bb46b8610dca107dacaed309b153ef8dc4925da3c81a09e1755cbac3e67be7eee4cbc2ed6142665bb204fceb4ef581e096e9f48370ca734dd13efe2d4ff098c3ca8c712f5053e103f96bda1ccc56bd0bfd859a2be9300049c0298b188805570ea13fabed97f9e6bddf401b6a484f936ddb70ce4
Attribute 79 (EAP-Message) length=255
Value: 8f9531d1444c52c4893bb262155f028261c7ab0e34602dbc93f13220134b4d6ecce22415f7d33204ee1dcfd2f1d098cc264436a0224963302f802ffdc4850a1a74e4b6aae277ddd4fe6b1eeb15355c99cb6c98dc07ed87e5d1874de5b9ab0fe2f716e26565a4bafd0b1fab8775213b45115448d2b3f11af1f5cb9e866301483eca43ae2cf3b0051ad5c778f9511e825f512842e976ff664e2f7f5b423c847670add812f91df6e6c2ae0646c86725bf2716bba3a34e4c9ed724c8686edae2be15b4b100fe2f0291dc9364522bc902ef3af80c43e6b69a75cd4f45a76a6fc64f66fa5e3f0ef85d17e08e3afc3e93159e72813e29892b00c1c5cd57cdd331
Attribute 79 (EAP-Message) length=255
Value: 4f90684bd9c12de8e039537351e1b6cb662ea886f79f1b09ec0106c9adb39b20358375d337c5e5161bf5a8aa56267bac207b329fa12e8e037917a1a739bdd2b54dcc971a7b2d12be647e33ecd400378199eed5bd8279c9a736b9fb14001f18a7e2296b6e04c78298b5254180f1efa0465302042ce2a3367819325228abd025a598137260863cfef6eec878180a586d87c7f1cd9869bcbe11f121fb9800d04923375f93c5609c70d08aecdb21e5849dbc16066b6da360d9c638c7e3591500e49dafe3bc6620f5d4d03f89c659969b6e9875c2e7d089d1894fa3a5b5093e845c8537f53df0d5e2bfb6bcdceb416442660756c142149a33886f80dea40332
Attribute 79 (EAP-Message) length=199
Value: b9a08392a2de0d8bec88530681b4ca41f66703002b3a14a9f83ae218f7dff8f5887ab109f744e213cf1b65d107f081003d429ac99dc318560ebd4ad82e4c117fdb09ca406672ebbb805d2772a9851cec1dec74c1702f378f85d0fc3aea568803811e44b8f1051a900876f922f3efe8630dfb9d5940ce0437dcd30402dd38515300c7285f8b2513d2086db9e0db03ec9a2303dfee90245092b3ee17d6a5a404951340e35793b2b347fc361236d9e21200b8806f34f2886e5a4b2e7a8a21374007405f2b5a1f
Attribute 24 (State) length=18
Value: 6501da9e6c66ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=103 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=103 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 67 03 95 0d c0 00 00 0b 97 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 1153 bytes more input data
SSL: Building ACK (type=13 id=103 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 67 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f70740
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 67 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 23 47 84 33 92 ec 55 5e d5 87 05 a8 c3 89 e3 c5 d5 92 fb c9 b0 b4 d6 fa db 35 a7
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=10 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 9705583f9f8b83b90430dc98ef7e0c92
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0267002d37011703030022c3e8e09ec857322347843392ec555ed58705a8c389e3c5d592fbc9b0b4d6fadb35a7
Attribute 24 (State) length=18
Value: 6501da9e6c66ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 1020 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=10 length=1020
Attribute 80 (Message-Authenticator) length=18
Value: 9399598b3a5d8de6bcb4a3ba354acc90
Attribute 79 (EAP-Message) length=255
Value: 016803bc370117030303b1288983a38fe43b686cc3923e3b9fb14213934cdc23208df3166cfa3d840b7ee94440fe99eb8eceab7625a871abacba6a28fd8e7e87799d14a716bec497840dbb43b4bcab9e359083276d71eeb99e8bcef1312e2871a1ad8ec140406a944ef5e8e4709acab032451f35f81f8b71439a4bbf827a5c49abb23c1a50a2014c2e31e0e66817b57f9603eabaa8129e98623e6686047bd66bc06ca9c80dd3755afff566091b82131c793c30806df05578c97e97caf280333e5591705bb64ba14e61fc72ddf6b5bbcaf5172e4eaec22829dee1a95574cbdda828222828ffbfc223056ace415664c69afc576752ff611b297247084056
Attribute 79 (EAP-Message) length=255
Value: 0d85fc0439d6a7ca2c989d679134bababeb8e393731b7fbb38d8962d625fe6c00c66c600b8cc575f918e16b190d3683abab85d713055dfa833983cf81224b063a41ad248fe5d9f5f63ad89325ac6511e9b2443f929f4e1ffa773a8820d8fa7cfe99fe4d487a64504760d058fb2b1a3afe574ade7806aab2997e8f81a134b61a1ffad2565db10b366d0d4c44b50e4c6a61f9858c81d4714d3c9efc90ad5c5ef63bbb12e154742d19452bff0df88466a8b687632cfaab9bee5305b0caf3f8653e98a5c32fb10dfdc9f8899071380e310a943db607d4585d4d0e6e93e823eb468e380ca4e16e00cb49838440e38e94dcf380501bf24401a3ee1102297b3ac
Attribute 79 (EAP-Message) length=255
Value: d33fc98bc65fa73d39c2db7953f138488892d8d04fc9715221604dd0d771d5d68c1b9022e5b077a059454219a455b1e60cfd09db55f5702a63d2a59c9d1bc5b63705181454f834ef5d960a428de1947fb450c80f9b86838d3fe2d79efbc8ef48d6d50b954bce0786c4c3b5226791eb8c0a35d46930579610422b40554587224acff8a4f4acf20d0b5ec5708a836b4708d4e471ded18a2ce60826890c81a0fb6e34956feb1769ed91748614be2ef89d012acf9286e1093e94d807eca2ae33ff3bbe6c7bf155bc9dc735cfbfdabb5d8a57a8973e7d73612d86837634d76b2561fb0ed6a513dbfc8e6a8af12499b998e2acba1142b6cd3412c6403ada24df
Attribute 79 (EAP-Message) length=199
Value: 9b492cc0b760665b75b4a76840c3f274981a985096f053ce9b4ad0a2adf36b8e7eb4361c98f2ebedb74f605017456c906263b30992417850dac8f3d7eb7ed892a95c74e0d684b37e06bf57fa790f829099ef0857534f70f62cf8b69af0349a7e05c6bfd923a1d529a349703281e30e44c20da6a4395b7e9999338fd18668704a3465b0a30986853fc5f99e57b240eb5972cf7bab0406382e00fe38fd190076ad222aaa34567917f94383785e950186c975cb5f4d86891747a93cebbb8263e49f8406c16589
Attribute 24 (State) length=18
Value: 6501da9e6f69ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=104 len=956) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=104 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=956) - Flags 0x01
EAP-TEAP: Received 950 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 03 b1
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=921): 80 09 03 95 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 917 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=917): 01 68 03 95 0d c0 00 00 0b 97 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 01 2c 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=917) - Flags 0xc0
SSL: TLS Message Length: 2967
SSL: Need 246 bytes more input data
SSL: Building ACK (type=13 id=104 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 68 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0f9b3e0
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 68 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 24 98 d8 44 2d c5 ad 05 a2 f4 dd f4 64 7b 90 ab ad 9f 33 70 78 37 2d 39 05 d8 ff
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=11 length=209
Attribute 80 (Message-Authenticator) length=18
Value: 9ac9345816cb81e705eb3a1e47b13e36
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 0268002d37011703030022c3e8e09ec857322498d8442dc5ad05a2f4ddf4647b90abad9f337078372d3905d8ff
Attribute 24 (State) length=18
Value: 6501da9e6f69ed03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 355 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=11 length=355
Attribute 80 (Message-Authenticator) length=18
Value: da63f3a5e73778b5d2f3cddf37b319f5
Attribute 79 (EAP-Message) length=255
Value: 016901273701170303011c288983a38fe43b697cf24cb85b76b334af65851f85500de18ca6eff47f27cdf3cfc5301bea8ec3317bfacfb7c2edbd3548fe81461493984f84cbe7859b0717fc3f6aa585dbfa3101bb3d26e58fb8bbb12ea6b564229aef50c1ad0dbca675e09a9a23ec436d6b7604197008d0f8ef5ec3de9da81956e4b67cf966f05da7833b26bb8fb3981f5a49761d451dc65bb9dd56aaeb5c5ff1d20794c0574e79ef47d496051a0d4515fc19dc87d331687e3cbdce934cde5c80bc2d1e9813270404cd6b95278c093c6ccec51514cfcaa8027737a2563787b92eccd4b3f62119ffb1de791606e2406b18c121d76ea8c87a129b3f2043c9
Attribute 79 (EAP-Message) length=44
Value: 835cfe66c7e9547a4a4131c1b57c606d4891b505330cdd04093cc3ec8a6532dc7131d66337847097632f
Attribute 24 (State) length=18
Value: 6501da9e6e68ed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=105 len=295) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=105 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=295) - Flags 0x01
EAP-TEAP: Received 289 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 01 1c
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=260): 80 09 01 00 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 256 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=256): 01 69 01 00 0d 80 00 00 0b 97 e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78 16 03 03 00 cc 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 16 03 03 00 04 0e 00 00 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=256) - Flags 0x80
SSL: TLS Message Length: 2967
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 3d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello)
OpenSSL: Message - hexdump(len=61): 02 00 00 39 03 03 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13 00 c0 30 00 00 11 ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 17 00 00
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 45
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server hello
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2373): 0b 00 09 41 00 09 3e 00 04 3a 30 82 04 36 30 82 03 1e a0 03 02 01 02 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 7c 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 0c 1a 45 78 61 6d 70 6c 65 20 53 65 72 76 65 72 20 43 65 72 74 69 66 69 63 61 74 65 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 b3 ed bb c6 f0 df 48 51 e5 e6 57 06 c9 55 ef f0 59 f9 88 9c 6c e1 5d 12 52 c9 33 f5 b7 d8 4e f3 fb 2d e8 18 eb 60 60 71 0e 8b db 39 63 4e 23 80 87 e8 8a d2 74 b4 b4 97 a9 d5 92 4d c5 ce 01 fd 1c ce 80 96 23 12 11 e0 35 9e 8c ce cb 78 cd 36 2e a5 e6 4d 59 c0 18 8c e8 e5 5f f9 7e bd c5 84 63 23 e6 ac f8 6c 45 00 6a 98 b6 9c 57 49 df 35 74 e3 39 51 19 df d3 1d 42 69 3a 25 3a cf cf b8 fa 95 f0 0c 4e f6 e3 5e 04 a3 38 0c 5c f0 fd f1 0b c4 12 4c a2 cb 76 3c 91 3e 9d 3b be 29 5c db 4f 04 bf 9c f4 58 b6 44 b1 3c f2 33 01 b1 4f 7f 1e 7c 61 3a 2d 13 b9 8b 44 d4 5f 18 8c 56 85 94 ad 59 51 c8 03 72 f0 10 fd ac 6e ca 6f 78 c9 4d f8 d9 01 2d 51 da fa 1e 87 e6 58 40 46 bd fb 3a d9 23 e4 e9 8e de de 4e 40 1a d2 d9 58 0a c7 38 59 d3 19 3b ad a2 b3 3f 9f 09 e1 8c c7 61 d3 8d 02 03 01 00 01 a3 81 aa 30 81 a7 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 18 06 03 55 1d 20 04 11 30 0f 30 0d 06 0b 2b 06 01 04 01 82 be 68 01 03 02 30 1d 06 03 55 1d 0e 04 16 04 14 c0 f6 13 a2 62 ad 5e e5 3e 77 fa da 04 29 9e b0 81 b1 80 2d 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 2a e3 26 0d 8b 01 f1 45 2d e4 9c c0 fb 89 ee ab 04 15 71 32 9b 01 4e eb 14 61 98 7e e8 23 c2 df 88 bb 07 10 75 e4 24 83 67 9c 72 df 85 70 7c 08 37 b1 0e d5 29 cc 98 15 ba 61 14 b6 3f be 66 05 b8 60 2b a3 32 fe 46 5d 6c a3 da 54 ce 41 06 65 61 70 71 3c 77 fb 30 13 d0 1c 33 74 cb 86 ed 0c b6 86 ab 87 81 36 ac fe cf 9f 6f b2 e0 76 cf 99 13 0f df b3 9e ae d1 e8 53 67 56 d0 95 72 88 b8 29 ae 7b 44 66 18 fb de d5 40 de 38 5d 7a 53 00 18 b7 53 7d 8d 4a 80 cb c5 e7 67 48 75 2b d1 e7 9e 8c fb 7c 7f 18 57 cf 32 78 dc f3 f8 a5 3e a4 9f 08 81 23 c3 ec 71 1a 28 2e e0 ab 37 b8 da 0d b4 a8 3e ec 4d fc 27 8f ad 71 aa ed 06 1a 0e b0 e2 27 51 d1 be 58 72 07 e3 22 a6 10 e5 d8 8a 7b a0 b2 1c b3 72 06 ad d1 3e 48 e4 87 a9 56 dd 65 dd b4 e2 bd 9d 8a d6 a8 0b 11 7a 14 3e 12 46 3e 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
OpenSSL: Peer certificate - depth 1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:c1:09:2a:b9:3c:84:ca:f4:a4:ce:be:5f:fd:49:c0:91:f0:25:b2
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:28 2025 GMT
Not After : Apr 13 11:22:28 2025 GMT
Subject: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bd:12:9d:8a:d9:2c:9f:b1:d3:2e:68:1a:41:e4:
2e:27:39:37:16:95:69:93:8c:27:a6:84:3a:e9:d4:
86:28:69:a4:70:c1:5e:b0:91:b8:9c:bb:c6:1b:01:
3a:0f:a3:98:06:a6:c8:b7:d3:3e:89:68:c2:01:63:
29:be:59:cc:b4:fb:74:20:4f:4e:6d:02:45:c7:3d:
36:9e:7c:59:69:20:fe:10:98:52:42:a2:71:a5:ca:
e5:0e:f7:76:94:be:f9:c1:f5:ef:00:37:a3:70:81:
6e:13:f9:ce:6e:a2:98:ab:f3:de:cb:66:69:15:8f:
19:72:5b:ff:4f:52:30:7d:91:4b:ed:fc:40:86:56:
28:f6:60:ad:80:55:65:0a:b0:9c:93:51:c4:c7:25:
96:43:0d:ed:0a:88:83:87:64:26:b4:f7:f5:61:5b:
f2:d4:a4:f4:3d:d0:1f:a4:3d:3f:4e:53:21:c2:06:
24:88:ef:05:b2:f6:1e:2a:4f:53:4b:6f:41:1a:c1:
e2:0e:0a:3a:30:b4:9b:cc:3f:a5:10:58:90:3a:ab:
26:d2:38:03:99:a1:fd:fc:97:53:96:1f:8e:ff:7f:
d2:3a:c3:b6:9a:97:55:99:b3:00:01:e8:4c:31:b4:
24:5d:23:31:c0:91:09:f5:02:8c:c5:41:5a:74:fc:
fc:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
X509v3 Authority Key Identifier:
keyid:A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
DirName:/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority
serial:07:C1:09:2A:B9:3C:84:CA:F4:A4:CE:BE:5F:FD:49:C0:91:F0:25:B2
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.org/example_ca.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
b1:fb:fd:d9:9b:09:46:e1:4a:71:a6:cc:44:55:81:bb:32:d6:
a3:17:d4:c9:9d:46:6f:16:98:2e:18:9d:83:02:5d:9c:ad:84:
25:a7:59:d7:e7:45:ed:ed:6e:ec:71:ab:3c:e4:54:c4:f7:67:
86:81:17:d8:d3:28:ac:44:f6:3b:c8:98:4d:c7:a2:44:7d:1f:
40:5b:61:43:63:10:19:42:d6:40:f1:7b:4f:be:45:66:fb:a6:
d0:c3:19:70:a8:4b:41:3e:9d:86:3f:21:46:40:e6:1f:93:de:
55:04:f2:ed:55:83:48:c5:4b:b9:38:28:b4:4a:14:d4:40:4b:
63:ec:96:02:56:6a:fd:3c:b7:91:36:5e:b9:57:2c:f6:9b:14:
da:2d:40:ed:a3:d7:d9:c6:97:94:2b:70:e8:86:be:0d:96:7b:
1a:8f:88:82:65:35:f2:c6:e5:6c:36:24:ff:7c:3d:b9:cf:d6:
5b:3b:cc:62:8a:00:13:a2:9d:8a:f2:17:af:8b:99:66:fa:2d:
d8:28:eb:d4:17:7e:cd:b6:f2:cd:3d:bb:21:e6:c9:33:7c:dc:
b0:28:85:c5:8e:46:b4:a1:65:99:64:0c:a4:50:46:73:70:11:
27:b0:9e:5d:89:aa:1c:ec:f0:87:be:1a:50:43:d2:49:80:49:
a9:9a:ee:1d
CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority' hash=7808349207dba06be1fc23faa6a240c97900fd8a2c3d84118f10270e470f56b7
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=1 buf='/C=FR/ST=Radius/L=Somewhere/O=Example mailto:Inc./emailAddress=admin@example.org/CN=Example Certificate Authority'
OpenSSL: Peer certificate - depth 0
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=FR, ST=Radius, L=Somewhere, O=Example mailto:Inc./emailAddress=admin@example.org, CN=Example Certificate Authority
Validity
Not Before: Feb 12 11:22:29 2025 GMT
Not After : Apr 13 11:22:29 2025 GMT
Subject: C=FR, ST=Radius, O=Example Inc., CN=Example Server mailto:Certificate/emailAddress=admin@example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b3:ed:bb:c6:f0:df:48:51:e5:e6:57:06:c9:55:
ef:f0:59:f9:88:9c:6c:e1:5d:12:52:c9:33:f5:b7:
d8:4e:f3:fb:2d:e8:18:eb:60:60:71:0e:8b:db:39:
63:4e:23:80:87:e8:8a:d2:74:b4:b4:97:a9:d5:92:
4d:c5:ce:01:fd:1c:ce:80:96:23:12:11:e0:35:9e:
8c:ce:cb:78:cd:36:2e:a5:e6:4d:59:c0:18:8c:e8:
e5:5f:f9:7e:bd:c5:84:63:23:e6:ac:f8:6c:45:00:
6a:98:b6:9c:57:49:df:35:74:e3:39:51:19:df:d3:
1d:42:69:3a:25:3a:cf:cf:b8:fa:95:f0:0c:4e:f6:
e3:5e:04:a3:38:0c:5c:f0:fd:f1:0b:c4:12:4c:a2:
cb:76:3c:91:3e:9d:3b:be:29:5c:db:4f:04:bf:9c:
f4:58:b6:44:b1:3c:f2:33:01:b1:4f:7f:1e:7c:61:
3a:2d:13:b9:8b:44:d4:5f:18:8c:56:85:94:ad:59:
51:c8:03:72:f0:10:fd:ac:6e:ca:6f:78:c9:4d:f8:
d9:01:2d:51:da:fa:1e:87:e6:58:40:46:bd:fb:3a:
d9:23:e4:e9:8e:de:de:4e:40:1a:d2:d9:58:0a:c7:
38:59:d3:19:3b:ad:a2:b3:3f:9f:09:e1:8c:c7:61:
d3:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.example.com/example_ca.crl
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.40808.1.3.2
X509v3 Subject Key Identifier:
C0:F6:13:A2:62:AD:5E:E5:3E:77:FA:DA:04:29:9E:B0:81:B1:80:2D
X509v3 Authority Key Identifier:
A6:8B:87:82:FD:F0:60:FF:EC:D2:F3:7F:E8:0F:A7:6D:E2:41:A3:52
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
2a:e3:26:0d:8b:01:f1:45:2d:e4:9c:c0:fb:89:ee:ab:04:15:
71:32:9b:01:4e:eb:14:61:98:7e:e8:23:c2:df:88:bb:07:10:
75:e4:24:83:67:9c:72:df:85:70:7c:08:37:b1:0e:d5:29:cc:
98:15:ba:61:14:b6:3f:be:66:05:b8:60:2b:a3:32:fe:46:5d:
6c:a3:da:54:ce:41:06:65:61:70:71:3c:77:fb:30:13:d0:1c:
33:74:cb:86:ed:0c:b6:86:ab:87:81:36:ac:fe:cf:9f:6f:b2:
e0:76:cf:99:13:0f:df:b3:9e:ae:d1:e8:53:67:56:d0:95:72:
88:b8:29:ae:7b:44:66:18:fb:de:d5:40:de:38:5d:7a:53:00:
18:b7:53:7d:8d:4a:80:cb:c5:e7:67:48:75:2b:d1:e7:9e:8c:
fb:7c:7f:18:57:cf:32:78:dc:f3:f8:a5:3e:a4:9f:08:81:23:
c3:ec:71:1a:28:2e:e0:ab:37:b8:da:0d:b4:a8:3e:ec:4d:fc:
27:8f:ad:71:aa:ed:06:1a:0e:b0:e2:27:51:d1:be:58:72:07:
e3:22:a6:10:e5:d8:8a:7b:a0:b2:1c:b3:72:06:ad:d1:3e:48:
e4:87:a9:56:dd:65:dd:b4:e2:bd:9d:8a:d6:a8:0b:11:7a:14:
3e:12:46:3e
OpenSSL: Certificate Policy 1.3.6.1.4.1.40808.1.3.2
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org' hash=d90d58ad04e655b4e1aff7e32069fe5c3d0c3edd4f35e2092274b5055097136a
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) ca_cert_verify=1 depth=0 buf='/C=FR/ST=Radius/O=Example Inc./CN=Example Server mailto:Certificate/emailAddress=admin@example.org'
EAP: Status notification: remote certificate verification (param=success)
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 2c
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate
OpenSSL: RX ver=0x303 content_type=22 (handshake/server key exchange)
OpenSSL: Message - hexdump(len=300): 0c 00 01 28 03 00 1d 20 d5 7a 6e b8 33 92 6d f5 55 5f 9f e7 fa ed 33 c1 8f 8c 0b fe 08 70 bc c7 a4 1d b1 d2 05 34 7b 31 08 04 01 00 9f 10 37 61 29 13 4c 22 9c f0 fd 45 e9 27 d4 ca fc 35 23 ce 8c a8 8c 3d a8 83 d0 41 59 ed d1 a7 96 01 7d 6a 9b ed 6a a4 30 26 0c bd c9 49 58 96 c9 22 8e 39 fa ed 42 20 88 64 8c f1 d3 e3 4a 28 14 8b 7e d2 94 35 66 dd 48 8d 53 f2 7a df 39 d3 47 20 36 b2 d3 d3 2f 2f d3 1e e1 f4 1f 69 c0 2c a5 14 fb 8f c2 4a 94 82 5f b8 80 b0 f0 82 9d 04 ef 55 bc 19 27 3c e8 47 98 db c8 df 1d a8 57 b0 47 ea 7e ed 28 e5 77 7b 0c 94 de 6c fc b3 32 eb d1 e8 0a e3 4c 28 b8 74 62 df b2 4e f9 d8 20 4d a9 03 b2 3d b1 29 25 c3 92 98 47 c1 81 2d 67 bb 75 e4 9d 9d b6 81 d4 e3 55 e3 5c da c2 bc 22 53 0e 3b 71 dc 4e 52 4c 98 8f c3 29 e8 42 fc 58 31 9b cb b6 3e 67 1c 5c 1b ec fa 31 7f 0f eb ef 6b 5e 4f 8b 6e e0 cc 1e 80 c0 18 f4 6b 6e 22 35 f7 2b f3 43 31 e1 5d 16 84 0d 80 65 80 bd 98 43 78
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 cc
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server key exchange
OpenSSL: RX ver=0x303 content_type=22 (handshake/certificate request)
OpenSSL: Message - hexdump(len=204): 0d 00 00 c8 03 01 02 40 00 28 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 03 03 03 01 03 02 04 02 05 02 06 02 00 98 00 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 04
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server certificate request
OpenSSL: RX ver=0x303 content_type=22 (handshake/server hello done)
OpenSSL: Message - hexdump(len=4): 0e 00 00 00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read server done
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 09 20
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate)
OpenSSL: Message - hexdump(len=2336): 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client certificate
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 25
OpenSSL: TX ver=0x303 content_type=22 (handshake/client key exchange)
OpenSSL: Message - hexdump(len=37): 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write client key exchange
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 01 08
OpenSSL: TX ver=0x303 content_type=22 (handshake/certificate verify)
OpenSSL: Message - hexdump(len=264): 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write certificate verify
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
OpenSSL: TX ver=0x303 content_type=20 (change cipher spec/)
OpenSSL: Message - hexdump(len=1): 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write change cipher spec
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
OpenSSL: TX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 69 5c e4 a4 ff 00 0b d8 45 25 ff 3e
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3/TLS write finished
SSL: SSL_connect - want more data
SSL: 2703 bytes pending from ssl_out
SSL: Using TLS version TLSv1.2
SSL: 2703 bytes left to be sent out (of total 2703 bytes)
SSL: sending 1298 bytes, more fragments will follow
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1312): 80 09 05 1c 02 69 05 1c 0d c0 00 00 0a 8f 16 03 03 09 20 0b 00 09 1c 00 09 19 00 04 15 30 82 04 11 30 82 02 f9 a0 03 02 01 02 02 01 02 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 39 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 39 5a 30 71 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 19 30 17 06 03 55 04 03 0c 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 1f 30 1d 06 09 2a 86 48 86 f7 0d 01 09 01 16 10 75 73 65 72 40 65 78 61 6d 70 6c 65 2e 6f 72 67 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d6 7f 45 d2 d2 df ce 1f 6f ca 42 09 0d a7 9f a6 b1 fc 6e c7 f0 b0 fa 1b 74 1f 7f d9 07 d5 63 6a f2 01 78 17 2b 8c 97 53 b9 e7 35 f9 18 35 62 6e 91 13 8b 62 23 a5 87 22 d6 0f 03 65 5d 38 1b d4 b5 26 0b 12 ed 8b 53 15 62 52 ed 1b 66 27 91 74 7d 4b f8 06 d0 30 80 48 27 8f 89 78 65 ca 9c dd 38 cf 63 0d 79 be 59 ab c7 74 7f 28 df ce d6 37 48 98 3d 66 8d 61 80 7a b1 26 f6 98 f2 57 26 6a f3 37 7c 10 ce 2e ea 98 37 3f 2f 6e 99 c7 42 22 73 4c f1 12 90 9d 45 2a ad f8 fd 0d 91 7a f9 3f 8b 08 69 88 e2 f8 51 1b 7b 19 db 1b 42 ad 94 51 ba c5 8d e8 c5 e7 3f 50 ce e6 e9 cc b8 59 89 91 a7 f5 7a a0 24 b8 57 f6 a7 cd 36 95 bc 56 24 61 1e ff 31 44 2f 2d 62 bd 12 2e 41 3b ce 02 73 61 63 15 9e 44 fe 3b f6 bd 50 7a 82 bb 02 8d 38 cf 22 17 5c d5 ca 62 52 71 5b 39 9a 60 f7 5a 0d bd 02 03 01 00 01 a3 81 90 30 81 8d 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 02 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 63 6f 6d 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 c0 d4 19 99 e9 00 1d 48 e9 00 1a 54 49 bc de 99 f6 3b d7 15 30 1f 06 03 55 1d 23 04 18 30 16 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 52 65 81 90 45 d7 35 0b 01 fe cb db 63 d0 d7 05 4d 80 5d df 91 89 04 37 8f cf a2 1d 95 e4 99 e3 02 a5 a1 64 8e 63 a1 17 39 f3 e9 21 d5 34 42 d2 52 db ce 08 6f 00 92 b5 c8 61 aa b7 69 21 79 0f 6d 4d 93 fe 95 1a da e2 a7 57 fb d1 a0 57 8d 88 f0 3f 0b 7a dc dc 8e 18 b7 9b 55 6d e7 ab 72 38 7b bd f2 7a 91 e0 70 41 66 63 ef 98 37 14 5f ec 3a 66 d6 07 4a 2b 18 ef ad 3f 7d a1 c6 11 43 d6 2c dd df 28 b3 72 2f de 50 1c 2c b3 31 e8 e6 53 22 9d df f3 ae 49 39 d1 2b 39 7e 7a a2 87 e0 c6 56 aa fd 91 60 1c eb 61 5a cb 18 b1 ee 97 55 7a 0f d9 e9 c7 af 7f 87 cb d0 a4 b2 5d 97 da df 61 07 89 25 68 36 5b 22 c8 3b f2 c0 b0 54 d5 20 e6 4f aa 3c d3 53 61 16 fb 7f 84 10 91 ed 5a 93 ea eb b5 fb 65 a3 96 0d fc 3c f9 78 98 72 e9 97 81 e2 7d 52 fb ba e8 1f d0 81 a3 7e ea d7 d8 47 b3 00 04 fe 30 82 04 fa 30 82 03 e2 a0 03 02 01 02 02 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 1e 17 0d 32 35 30 32 31 32 31 31 32 32 32 38 5a 17 0d 32 35 30 34 31 33 31 31 32 32 32 38 5a 30 81 93
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 05 38
SSL: 1341 bytes left to be sent out (of total 1341 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb0170
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=1347)
TX EAP -> RADIUS - hexdump(len=1347): 02 69 05 43 37 01 17 03 03 05 38 c3 e8 e0 9e c8 57 32 25 81 d9 fe 26 25 ba d2 05 da 05 36 04 66 08 ac ee 0e 12 4d 95 47 a8 8e 13 80 68 75 cf b5 ac 0b 8c 00 44 35 3c 3c 9e 16 d7 ac 66 c1 e5 a4 ad 0c 60 cd 19 00 3b 43 72 ac eb 23 a7 1e 44 0a bb ab b4 bc a3 c6 89 ee 78 5f 8e 4c 67 b4 3f f2 7b f7 e9 86 5d ce 58 a8 d2 b0 f9 2a 4f 50 34 ae 13 07 36 56 09 c4 7a 93 6f de eb f3 73 50 a5 58 c4 ea 4c a6 43 7b 92 dc a3 72 79 2f 32 4c 57 a4 79 12 43 59 2a 6a 08 d7 e2 e0 7e 7c 74 46 20 1a 5e 98 67 14 04 0a ed c4 d6 5e 19 45 a3 59 5a ba a7 39 88 61 53 7b 24 7d ee 04 a7 c2 80 23 c1 7a 9a 52 1b b6 08 59 5a 65 81 42 6f d1 51 54 b7 cd 66 db 0d 9d 37 98 d2 1d 99 05 1e 15 0d 15 bd 7c 4c 47 c8 fd d4 00 1f f8 1f 67 26 00 f5 23 7b bd 6d 2b 45 7d 33 ca 09 e5 b7 79 28 cc 17 da 7b 95 04 4a 35 6d 10 1e bd 2a 0e fa e5 98 99 98 04 f2 49 e8 8c 77 e6 59 b7 61 95 94 ea c2 d2 a8 03 cf 65 92 21 d4 52 54 47 d8 3e 40 9d a2 e4 3a 82 8c 77 2a 5f b6 25 1b c8 80 2e 27 13 85 03 3c ba c4 9c f0 21 ba 56 f2 f5 24 10 55 75 d5 0d 83 d3 91 c1 61 65 4a ea 43 e0 00 92 4b 1f c4 c6 47 8e 4f 1a ed f8 79 ef 12 ce ee e9 b9 67 8e 16 fc 3a 2c 12 b4 40 72 5c 19 5c ae 5e 89 59 71 ac 28 4e d5 ab c9 d4 29 fc ca 70 f0 8f a0 a3 e2 e1 fe 7e 71 77 6b 93 63 ca 25 65 22 bf bd 7b 86 f3 8f 3b 96 87 00 5d e0 59 70 7d e8 46 de 4e b4 26 16 59 9f ef c2 9e ea 8c ee da 73 22 10 09 de 50 f8 ae 42 4d 93 76 89 9b f8 45 46 a2 19 a0 24 8b 3d 67 c6 4b 19 42 b4 2a b1 f7 bb 4f 31 f7 0d 50 ca b8 d4 26 6e 94 4c 82 3a c8 f3 c2 e0 fd a7 26 39 94 ce 09 3f 5e d7 77 1e f8 77 42 e3 97 1c fb 7e 8d 2e 4b 19 7a 02 b5 31 9f e7 78 ef 41 45 9b f3 6a 3d 4b 22 dc 65 d8 67 68 29 e7 d6 82 8e 92 b9 2c 05 d4 d1 31 0f b8 87 a0 1c 40 37 f0 34 d4 22 5e 21 c3 d8 dd 81 eb 00 aa 97 4d 4a 75 c5 a3 99 f8 85 44 fd 46 aa f0 07 32 48 01 1c 32 cc ff 98 39 31 28 22 e3 f6 61 4a 2a 1e 08 f2 c1 f9 19 ce 82 09 c1 d2 80 92 e6 33 23 22 c1 95 1b a1 cc d9 99 02 49 36 a2 b7 c5 aa d4 cd fb f6 2c 9e 9a cf dc f3 70 b4 98 78 f1 44 00 8a f9 8c 3d a7 68 e2 63 28 a3 b7 21 c5 f7 a1 c1 4e b7 1e 5b 6d 58 b5 e3 1f 71 ad b5 62 dc 31 52 8c 57 7a 73 08 f6 82 79 e3 e2 8c 87 35 91 f6 21 52 7c 6b e1 59 11 c4 7d 86 9f d7 40 38 1d d8 a2 a4 b5 53 02 7e 79 67 86 01 f4 52 a8 72 ba b5 22 e6 4a ce 96 73 1a 92 05 3c c5 1e 7b 45 ab a2 1c a0 e3 8a ec 06 d0 a4 a1 b1 87 7d c3 f2 f0 5c 1f 0a 19 69 d8 11 b7 07 84 43 37 aa 33 10 fd 4a ee a5 81 a0 f6 95 3f ec 69 01 28 71 ea 58 23 c7 54 ff a7 f8 e5 d3 d6 5d 13 3c 1a 04 e0 a1 a4 eb 28 d9 2a 55 82 0d 88 8b 02 f2 e4 dc c5 d2 a7 69 db 9f 5e 86 ca c6 45 0a b2 74 9b 58 c0 7f 1d 76 67 e3 06 52 2b 7b d7 16 1c cb b0 c5 60 0a 04 25 d6 16 21 cc b4 10 43 ea 0e 8f aa 7f 17 15 59 49 60 f2 da 2b 41 b2 46 b4 54 52 52 00 38 f6 39 22 19 e8 95 cf d3 e8 b3 ad 00 ba b8 3e 69 5d 08 a5 22 75 87 5c 5a e3 5b 78 50 e2 ff 29 d0 e6 1e d7 fe 30 82 10 5e e8 d5 4d e4 f3 03 d9 31 f9 59 c9 b2 22 2e 98 57 c7 70 27 cb 9b 21 a4 0d e2 38 3f 70 11 a6 83 9a 7c 1d 98 5d bc fe 7c 08 15 d2 2c aa b4 81 05 b0 de 9f 38 fc 37 33 f1 19 10 ae 5b 89 b9 5d 0d 1d 4c 87 52 55 93 22 2b 8c 5d a3 2a 47 e5 f2 d6 9f 7e 39 e6 79 03 95 4f 68 01 4c 3c 89 e8 e8 51 e9 97 af bc 26 86 b0 b8 8b 11 44 25 8a ae ec f5 ca 41 fa f9 3c 2d 74 54 d0 f3 0d b1 92 e7 11 7e ca 8d 55 62 46 81 48 c2 38 f6 ef f8 8b 03 33 30 45 31 d5 59 ca 5b 61 58 27 94 b9 80 b0 bf 6c 6a 56 7e 6e b2 01 02 49 5a 0a 06 e1 ee 7a c3 12 d9 7e dd 66 57 30 3d ba 5c 39 9a 43 f8 55 a4 ea b1 25 65 9a 21 5c 97 bc 92 bd e8 6a 46 77 22 ac 1e 10 59 22 ec f3 08 a4 b3 65 04 d6 3d ea 6f 16 d2 7c b9 f6 42 e4 4a 88 b5 39 c8 5f 35 09 37 43 66 32 e9 9f 92 e7 62 3e 01 54 a6 e1 7c 88 aa c1 8e 9d e6 8d 34 3b ce b5 40 3f ae ae c0 08 0c 4a 69 a9 7a e9 9e c5 dc b1 3c ac 84 96 e7 5a 6f 57 96 f5 5e 75 f6 9a f4 39 75 c7 19 36 06 a2 69 52 c5 ae 88 c5 41 ca 60 6f 12 68 c4 fc d1 dd 5e 8a 39 eb bd 7f b1 a4 3f 2e 33 6f da 71 3e 0c 14 e9 36 ca 52 1e c5 dd c5 e0 7d f8 4e ae 47 ae 51 95 79 2b c7 f0 ec 7a be b1 68 c1 19 cd 2c 8e b2 df 0b df 29 d1 fe ef ff ac 8a eb 53 7a 95 d7 d5 d4 71 77 d9 ef 78 7b c8 1b 52 34 e2 22 52 af 3a 16 0a 23 ae ec b6 e0 f0 fa 39 89 71 50 65 56 8a 99 84 e6 80 13 50 7e 2c b1 cf c3
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=12 length=1521
Attribute 80 (Message-Authenticator) length=18
Value: 64422557b5ce8dc6386d2b81b05bb36a
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=255
Value: 0269054337011703030538c3e8e09ec857322581d9fe2625bad205da0536046608acee0e124d9547a88e13806875cfb5ac0b8c0044353c3c9e16d7ac66c1e5a4ad0c60cd19003b4372aceb23a71e440abbabb4bca3c689ee785f8e4c67b43ff27bf7e9865dce58a8d2b0f92a4f5034ae1307365609c47a936fdeebf37350a558c4ea4ca6437b92dca372792f324c57a4791243592a6a08d7e2e07e7c7446201a5e986714040aedc4d65e1945a3595abaa7398861537b247dee04a7c28023c17a9a521bb608595a6581426fd15154b7cd66db0d9d3798d21d99051e150d15bd7c4c47c8fdd4001ff81f672600f5237bbd6d2b457d33ca09e5b77928cc17
Attribute 79 (EAP-Message) length=255
Value: da7b95044a356d101ebd2a0efae598999804f249e88c77e659b7619594eac2d2a803cf659221d4525447d83e409da2e43a828c772a5fb6251bc8802e271385033cbac49cf021ba56f2f524105575d50d83d391c161654aea43e000924b1fc4c6478e4f1aedf879ef12ceeee9b9678e16fc3a2c12b440725c195cae5e895971ac284ed5abc9d429fcca70f08fa0a3e2e1fe7e71776b9363ca256522bfbd7b86f38f3b9687005de059707de846de4eb42616599fefc29eea8ceeda73221009de50f8ae424d9376899bf84546a219a0248b3d67c64b1942b42ab1f7bb4f31f70d50cab8d4266e944c823ac8f3c2e0fda7263994ce093f5ed7771ef87742e3
Attribute 79 (EAP-Message) length=255
Value: 971cfb7e8d2e4b197a02b5319fe778ef41459bf36a3d4b22dc65d8676829e7d6828e92b92c05d4d1310fb887a01c4037f034d4225e21c3d8dd81eb00aa974d4a75c5a399f88544fd46aaf0073248011c32ccff9839312822e3f6614a2a1e08f2c1f919ce8209c1d28092e6332322c1951ba1ccd999024936a2b7c5aad4cdfbf62c9e9acfdcf370b49878f144008af98c3da768e26328a3b721c5f7a1c14eb71e5b6d58b5e31f71adb562dc31528c577a7308f68279e3e28c873591f621527c6be15911c47d869fd740381dd8a2a4b553027e79678601f452a872bab522e64ace96731a92053cc51e7b45aba21ca0e38aec06d0a4a1b1877dc3f2f05c1f
Attribute 79 (EAP-Message) length=255
Value: 0a1969d811b707844337aa3310fd4aeea581a0f6953fec69012871ea5823c754ffa7f8e5d3d65d133c1a04e0a1a4eb28d92a55820d888b02f2e4dcc5d2a769db9f5e86cac6450ab2749b58c07f1d7667e306522b7bd7161ccbb0c5600a0425d61621ccb41043ea0e8faa7f1715594960f2da2b41b246b45452520038f6392219e895cfd3e8b3ad00bab83e695d08a52275875c5ae35b7850e2ff29d0e61ed7fe3082105ee8d54de4f303d931f959c9b2222e9857c77027cb9b21a40de2383f7011a6839a7c1d985dbcfe7c0815d22caab48105b0de9f38fc3733f11910ae5b89b95d0d1d4c87525593222b8c5da32a47e5f2d69f7e39e67903954f6801
Attribute 79 (EAP-Message) length=255
Value: 4c3c89e8e851e997afbc2686b0b88b1144258aaeecf5ca41faf93c2d7454d0f30db192e7117eca8d5562468148c238f6eff88b0333304531d559ca5b61582794b980b0bf6c6a567e6eb20102495a0a06e1ee7ac312d97edd6657303dba5c399a43f855a4eab125659a215c97bc92bde86a467722ac1e105922ecf308a4b36504d63dea6f16d27cb9f642e44a88b539c85f350937436632e99f92e7623e0154a6e17c88aac18e9de68d343bceb5403faeaec0080c4a69a97ae99ec5dcb13cac8496e75a6f5796f55e75f69af43975c7193606a26952c5ae88c541ca606f1268c4fcd1dd5e8a39ebbd7fb1a43f2e336fda713e0c14e936ca521ec5ddc5e0
Attribute 79 (EAP-Message) length=84
Value: 7df84eae47ae5195792bc7f0ec7abeb168c119cd2c8eb2df0bdf29d1feefffac8aeb537a95d7d5d47177d9ef787bc81b5234e22252af3a160a23aeecb6e0f0fa3989715065568a9984e68013507e2cb1cfc3
Attribute 24 (State) length=18
Value: 6501da9e6e68ed03dd76d824d918a37a
RADIUS: Send 1521 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=12 length=103
Attribute 80 (Message-Authenticator) length=18
Value: f54382ba149e5cb83a0afe04041ea48f
Attribute 79 (EAP-Message) length=47
Value: 016a002d37011703030022288983a38fe43b6a79a9a1be241b2c5021aeee1b135efc1cc4a65f4a314b530ec830
Attribute 24 (State) length=18
Value: 6501da9e696bed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=106 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=106 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6a 00 06 0d 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6a 00 06 0d 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=6) - Flags 0x00
SSL: 1405 bytes left to be sent out (of total 2703 bytes)
SSL: sending 1298 bytes, more fragments will follow
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=1308): 80 09 05 18 02 6a 05 18 0d 40 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bd 12 9d 8a d9 2c 9f b1 d3 2e 68 1a 41 e4 2e 27 39 37 16 95 69 93 8c 27 a6 84 3a e9 d4 86 28 69 a4 70 c1 5e b0 91 b8 9c bb c6 1b 01 3a 0f a3 98 06 a6 c8 b7 d3 3e 89 68 c2 01 63 29 be 59 cc b4 fb 74 20 4f 4e 6d 02 45 c7 3d 36 9e 7c 59 69 20 fe 10 98 52 42 a2 71 a5 ca e5 0e f7 76 94 be f9 c1 f5 ef 00 37 a3 70 81 6e 13 f9 ce 6e a2 98 ab f3 de cb 66 69 15 8f 19 72 5b ff 4f 52 30 7d 91 4b ed fc 40 86 56 28 f6 60 ad 80 55 65 0a b0 9c 93 51 c4 c7 25 96 43 0d ed 0a 88 83 87 64 26 b4 f7 f5 61 5b f2 d4 a4 f4 3d d0 1f a4 3d 3f 4e 53 21 c2 06 24 88 ef 05 b2 f6 1e 2a 4f 53 4b 6f 41 1a c1 e2 0e 0a 3a 30 b4 9b cc 3f a5 10 58 90 3a ab 26 d2 38 03 99 a1 fd fc 97 53 96 1f 8e ff 7f d2 3a c3 b6 9a 97 55 99 b3 00 01 e8 4c 31 b4 24 5d 23 31 c0 91 09 f5 02 8c c5 41 5a 74 fc fc a1 02 03 01 00 01 a3 82 01 42 30 82 01 3e 30 1d 06 03 55 1d 0e 04 16 04 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 30 81 d3 06 03 55 1d 23 04 81 cb 30 81 c8 80 14 a6 8b 87 82 fd f0 60 ff ec d2 f3 7f e8 0f a7 6d e2 41 a3 52 a1 81 99 a4 81 96 30 81 93 31 0b 30 09 06 03 55 04 06 13 02 46 52 31 0f 30 0d 06 03 55 04 08 0c 06 52 61 64 69 75 73 31 12 30 10 06 03 55 04 07 0c 09 53 6f 6d 65 77 68 65 72 65 31 15 30 13 06 03 55 04 0a 0c 0c 45 78 61 6d 70 6c 65 20 49 6e 63 2e 31 20 30 1e 06 09 2a 86 48 86 f7 0d 01 09 01 16 11 61 64 6d 69 6e 40 65 78 61 6d 70 6c 65 2e 6f 72 67 31 26 30 24 06 03 55 04 03 0c 1d 45 78 61 6d 70 6c 65 20 43 65 72 74 69 66 69 63 61 74 65 20 41 75 74 68 6f 72 69 74 79 82 14 07 c1 09 2a b9 3c 84 ca f4 a4 ce be 5f fd 49 c0 91 f0 25 b2 30 0f 06 03 55 1d 13 01 01 ff 04 05 30 03 01 01 ff 30 36 06 03 55 1d 1f 04 2f 30 2d 30 2b a0 29 a0 27 86 25 68 74 74 70 3a 2f 2f 77 77 77 2e 65 78 61 6d 70 6c 65 2e 6f 72 67 2f 65 78 61 6d 70 6c 65 5f 63 61 2e 63 72 6c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 82 01 01 00 b1 fb fd d9 9b 09 46 e1 4a 71 a6 cc 44 55 81 bb 32 d6 a3 17 d4 c9 9d 46 6f 16 98 2e 18 9d 83 02 5d 9c ad 84 25 a7 59 d7 e7 45 ed ed 6e ec 71 ab 3c e4 54 c4 f7 67 86 81 17 d8 d3 28 ac 44 f6 3b c8 98 4d c7 a2 44 7d 1f 40 5b 61 43 63 10 19 42 d6 40 f1 7b 4f be 45 66 fb a6 d0 c3 19 70 a8 4b 41 3e 9d 86 3f 21 46 40 e6 1f 93 de 55 04 f2 ed 55 83 48 c5 4b b9 38 28 b4 4a 14 d4 40 4b 63 ec 96 02 56 6a fd 3c b7 91 36 5e b9 57 2c f6 9b 14 da 2d 40 ed a3 d7 d9 c6 97 94 2b 70 e8 86 be 0d 96 7b 1a 8f 88 82 65 35 f2 c6 e5 6c 36 24 ff 7c 3d b9 cf d6 5b 3b cc 62 8a 00 13 a2 9d 8a f2 17 af 8b 99 66 fa 2d d8 28 eb d4 17 7e cd b6 f2 cd 3d bb 21 e6 c9 33 7c dc b0 28 85 c5 8e 46 b4 a1 65 99 64 0c a4 50 46 73 70 11 27 b0 9e 5d 89 aa 1c ec f0 87 be 1a 50 43 d2 49 80 49 a9 9a ee 1d 16 03 03 00 25 10 00 00 21 20 4c 05 94 96 1a 41 19 73 9d 26 73 0f 89 28 31 ae 7c 83 36 83 48 62 cf 67 93 01 b6 d5 b6 a3 0a 3b 16 03 03 01 08 0f 00 01 04 08 04 01 00 63 dc 96 0b c7 d6 e3 28 6d 0c c3 b2 6a 6e 6b 46 f3 84 9d 89 66 08 9f d9 ac 51 f5 2c ff f8 f8 16 e1 b3 5e f2 1b 2c 26 d5 be 33 4d e7 7e 60 f7 2e 38 7e c7 2d eb 27 99 ae 43 35 64 8c 3c 23 ee cc 7e a8 2c 74 64 3d 2e b5 75 b6 d4 bb c3 08 75 4f 45 0a df 06 5d c3 a9 d3 5f 34 37 3f a5 7f a0 02 5f 29 54 73 dd 45 2c 9b 71 ba e8 85 48 86 74 57 b2 78 2f 1f 7b 1b e4 bb 0c 7e 1a 3d 0a f6 d8 86 32 f1 48 22 80 e9 47 52 ae aa 86 66 89 ed 65 22 bc e3 10 78 7d ce bf 1e 85 b9 dc 8e 22 c8 f9 4c 2e 45 fb fa 7c 68 d6 84 0b fd 5b 48 0c c4 32 c0 2c c2 4c d9 32 38 79 f0 f2 8e bb 5d 0b a9 1a 9c a6 fa ea 32 e9 59 e3 0a
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 05 34
SSL: 1337 bytes left to be sent out (of total 1337 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb8d90
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=1343)
TX EAP -> RADIUS - hexdump(len=1343): 02 6a 05 3f 37 01 17 03 03 05 34 c3 e8 e0 9e c8 57 32 26 36 dd 17 02 1d a3 03 76 09 8f c2 f0 63 fa 72 f2 ee 10 4d f8 5d 62 e5 9b ce 06 20 47 bd 57 5f 2a 9c 39 ab 48 cc e7 70 19 e3 55 b0 b0 19 3a 1c ca 99 71 a3 34 0a 8a 61 30 d2 a9 1a cf 20 35 cc 9e e7 1e c8 1a ff 29 bd 1e 29 1d cb ea 8c f0 f3 1e ce 44 12 f7 80 c4 74 73 7c a1 17 0c 22 01 c4 ba 99 de ca 18 79 00 c7 1b 83 3c 7d 29 d0 b3 21 ee 75 31 0b 2c 7c 65 d8 55 05 f9 ea 65 c7 ae fd 8e c3 ab 6b ce 56 92 d5 77 93 9c 7b 5f 7d f2 bd c5 65 07 b4 32 7a 0c 35 7e dd f1 fc 65 72 15 bc 3c ec 81 10 88 32 4f 78 7f 36 e7 ad 61 1a b4 58 ba 56 c9 13 dc 38 c3 87 1c 75 41 c9 6d 33 76 4a 44 95 3d 34 48 6b 6e 98 b6 38 3e 59 3d 7f 8a 54 92 ec 6f d8 65 3c 68 25 f8 05 d0 7e 26 bc 38 50 dd ba 54 fb 5e af dc 8c ca 9f 56 23 ad 0d be 9c 3c 55 8d 58 0f b9 cd 84 1e 3e 6f 3c 8f c0 2f 1a e8 ab 2c b1 e4 d6 11 4e 7d 11 34 3e 76 db fe 0f 5f 4b 02 7a b7 2b cb ed a0 e4 10 3d 77 a7 a2 1d 88 25 f4 d9 95 4c 73 9c 29 01 6a 0d 2c e4 5a 9e c6 ef 3d 5b a9 c0 e6 3d 2c 13 db e0 28 a6 b5 15 15 b0 87 b5 9f 84 10 a5 3c 38 fc 02 b4 85 f1 ba 60 c0 a6 58 cc ba f0 92 a7 29 5f 40 36 f4 c6 9a 51 77 8b 44 4f 99 4a 29 5f 5f 11 6f 4f 10 d1 cc 5c f9 99 39 28 df c1 e1 59 27 75 b5 e1 e2 81 71 5b fd 67 a5 80 c5 d7 60 15 62 fd 80 ae 7e 9e a7 93 b3 10 58 5b 84 f2 8f 21 98 3d fc a1 11 50 0b 72 17 94 5e c6 7e 54 dd 87 c3 f7 8a d2 a3 99 b0 c4 22 c3 0d 45 d9 51 eb f3 60 b3 cf 7b 52 7c cc c9 b3 62 f9 83 33 ff 15 07 86 a2 e5 33 58 86 58 ff 78 03 00 31 1d 42 d2 3d 19 c6 a3 75 0f 23 79 89 c1 9b d6 91 e3 97 dd 68 63 d5 27 44 b1 b2 da 6c c2 0f b4 51 d6 f1 2a 47 3e 98 d2 7b 4a f3 b1 c9 8b 98 d3 25 9c 8e 98 5f 7b 3b 1b 9a 31 92 3e a2 9d ad ab af ee 8e 50 44 7b 81 be fa 07 0f 11 37 d5 85 67 8a b9 a3 64 bf da c9 66 03 82 3a 2f aa 76 85 33 e7 4c d6 06 34 9e d7 bf 1f 6c 41 2d 95 96 d3 c9 04 a6 1d 0a 2d 8c 17 7d b1 54 cc 4a 2a 90 86 1e 55 ac 20 85 15 33 b4 23 1e 39 db 6c 77 fd ad 9d e8 a2 78 1a 20 d1 43 8b 04 fe 94 96 02 82 f7 1d f4 64 9a 9c 4a ef d4 5e 43 3f 01 a2 96 22 55 95 f3 60 f8 82 bb 15 9f 44 8e 2f 54 9d 75 6d dd 78 d8 7d de fc ff 72 5a aa 9e 5b a2 43 1b 99 49 86 79 f1 c6 d6 ee 69 93 e9 4b 8c 53 84 60 c2 f0 e9 24 de c9 50 5f 62 74 25 ec 30 ed af 42 8e 69 01 19 ba fe bb 73 ae 11 81 10 6a 13 8c 4c cc 98 b1 5b 2e d9 20 e1 5d 23 9d 8b aa 38 de c4 21 53 bb b9 26 a6 2f 52 db 59 df 96 42 a4 75 3c 44 75 50 f6 5e b4 c8 e7 1a 7d 5b 17 84 42 d7 92 05 59 1a 23 5d b4 6e 53 d4 88 40 48 8e 96 9a ee 72 4e 3e b7 ed 84 4b d2 b1 85 16 22 ad ab 8c 37 eb 17 50 c3 6f a6 17 10 fb 71 2d f6 2c ce 8b b5 83 d3 67 2b ba 01 3b 6a 17 1d 69 84 56 b4 dd 88 c6 71 8c 23 83 ab a0 a1 30 62 5b 8e ed 37 f5 a4 91 61 86 13 4f 80 44 7c 81 7a 94 16 c5 e8 c8 23 04 95 84 5f f5 4b 93 47 28 8c b8 5b 32 3f c5 94 bf 35 d5 33 30 d8 16 b8 7c e1 6b 39 ec 72 cf 3a 6d e7 d5 40 84 9b c2 00 eb cd 66 a4 4d a5 c6 10 de 91 de fb 5a a6 d9 68 fb a8 4a 48 96 64 f8 c5 a2 f3 0f 8d 26 d1 0d 20 5e 1b 18 73 cc bb 30 d0 8f e5 3d e3 8d 5b 40 14 7a 30 b6 b6 9b 5e 1e 87 1c 9e 61 63 a3 1c 00 f6 a9 a4 1e c4 1a 69 43 46 d4 97 6d d9 8d cd 12 ed 0d 5e e2 c9 f3 67 18 89 11 4c cd 06 b3 c2 74 a7 15 e5 23 ed 3d 64 32 19 56 50 8f 66 b9 75 31 c3 c4 b3 08 eb 46 d0 c8 fe 6a 16 70 ea dd a7 1a 15 a2 e3 98 c9 29 1f 61 6c d5 26 b9 6b 6d 52 25 9a cc 57 8f 7e e3 7a 11 c1 31 d3 5f ef 6c 63 8e e2 16 8e 1d 18 a7 ec c6 e7 64 20 d7 94 16 18 05 4b ae 69 4b 04 60 b5 44 58 17 0c c7 14 ca 30 09 51 6b e8 c8 10 24 c8 f4 07 a3 f3 6c 90 9c 05 6f eb ae e0 ce cc c2 bb 33 95 be 8e 8a 24 c2 a5 05 3e 81 d5 69 a4 dd 49 11 4e d5 f0 91 d9 83 8a a4 f1 d8 e7 8d b9 18 3f 2a 5b f5 57 e0 c2 a2 db a7 86 87 6b d2 d3 61 44 25 5a d0 f3 3e 3a cf 34 4d da 80 fe cd 4d 79 98 32 5c 7e 21 38 14 f2 da 9e 11 aa be 40 83 87 fb e7 5d 58 d1 df 60 a9 e5 6d 9f 67 73 1c c9 14 7d ed 25 6e 6f 05 e8 03 7d 65 b0 fb 52 40 28 ed 59 6f e6 71 6e e5 e7 75 98 a4 1f 1f ae 35 b3 ac 4b 4b 8a 99 44 38 38 99 49 fd fa fb 49 75 60 1a f9 bf 9a 15 5d 72 45 2f e1 0f 9c a8 72 4a c2 5b 81 d2 69 df 8b d9 26 0f 3d 39 20 fd 50 7c 26 86 06 d7 73 b5 1a 52 8f ee 2c 5a ba 82 2a 6f 7e b8 4e 43 d6 57 e1 77 88 fc 4f 19 02 c1 b7 d9 ab
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=13 length=1517
Attribute 80 (Message-Authenticator) length=18
Value: 014d0f204d5a230240c2986adda2b8ec
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=255
Value: 026a053f37011703030534c3e8e09ec857322636dd17021da30376098fc2f063fa72f2ee104df85d62e59bce062047bd575f2a9c39ab48cce77019e355b0b0193a1cca9971a3340a8a6130d2a91acf2035cc9ee71ec81aff29bd1e291dcbea8cf0f31ece4412f780c474737ca1170c2201c4ba99deca187900c71b833c7d29d0b321ee75310b2c7c65d85505f9ea65c7aefd8ec3ab6bce5692d577939c7b5f7df2bdc56507b4327a0c357eddf1fc657215bc3cec811088324f787f36e7ad611ab458ba56c913dc38c3871c7541c96d33764a44953d34486b6e98b6383e593d7f8a5492ec6fd8653c6825f805d07e26bc3850ddba54fb5eafdc8cca9f56
Attribute 79 (EAP-Message) length=255
Value: 23ad0dbe9c3c558d580fb9cd841e3e6f3c8fc02f1ae8ab2cb1e4d6114e7d11343e76dbfe0f5f4b027ab72bcbeda0e4103d77a7a21d8825f4d9954c739c29016a0d2ce45a9ec6ef3d5ba9c0e63d2c13dbe028a6b51515b087b59f8410a53c38fc02b485f1ba60c0a658ccbaf092a7295f4036f4c69a51778b444f994a295f5f116f4f10d1cc5cf9993928dfc1e1592775b5e1e281715bfd67a580c5d7601562fd80ae7e9ea793b310585b84f28f21983dfca111500b7217945ec67e54dd87c3f78ad2a399b0c422c30d45d951ebf360b3cf7b527cccc9b362f98333ff150786a2e533588658ff780300311d42d23d19c6a3750f237989c19bd691e397dd
Attribute 79 (EAP-Message) length=255
Value: 6863d52744b1b2da6cc20fb451d6f12a473e98d27b4af3b1c98b98d3259c8e985f7b3b1b9a31923ea29dadabafee8e50447b81befa070f1137d585678ab9a364bfdac96603823a2faa768533e74cd606349ed7bf1f6c412d9596d3c904a61d0a2d8c177db154cc4a2a90861e55ac20851533b4231e39db6c77fdad9de8a2781a20d1438b04fe94960282f71df4649a9c4aefd45e433f01a296225595f360f882bb159f448e2f549d756ddd78d87ddefcff725aaa9e5ba2431b99498679f1c6d6ee6993e94b8c538460c2f0e924dec9505f627425ec30edaf428e690119bafebb73ae1181106a138c4ccc98b15b2ed920e15d239d8baa38dec42153bbb9
Attribute 79 (EAP-Message) length=255
Value: 26a62f52db59df9642a4753c447550f65eb4c8e71a7d5b178442d79205591a235db46e53d48840488e969aee724e3eb7ed844bd2b1851622adab8c37eb1750c36fa61710fb712df62cce8bb583d3672bba013b6a171d698456b4dd88c6718c2383aba0a130625b8eed37f5a4916186134f80447c817a9416c5e8c8230495845ff54b9347288cb85b323fc594bf35d53330d816b87ce16b39ec72cf3a6de7d540849bc200ebcd66a44da5c610de91defb5aa6d968fba84a489664f8c5a2f30f8d26d10d205e1b1873ccbb30d08fe53de38d5b40147a30b6b69b5e1e871c9e6163a31c00f6a9a41ec41a694346d4976dd98dcd12ed0d5ee2c9f367188911
Attribute 79 (EAP-Message) length=255
Value: 4ccd06b3c274a715e523ed3d64321956508f66b97531c3c4b308eb46d0c8fe6a1670eadda71a15a2e398c9291f616cd526b96b6d52259acc578f7ee37a11c131d35fef6c638ee2168e1d18a7ecc6e76420d7941618054bae694b0460b54458170cc714ca3009516be8c81024c8f407a3f36c909c056febaee0ceccc2bb3395be8e8a24c2a5053e81d569a4dd49114ed5f091d9838aa4f1d8e78db9183f2a5bf557e0c2a2dba786876bd2d36144255ad0f33e3acf344dda80fecd4d7998325c7e213814f2da9e11aabe408387fbe75d58d1df60a9e56d9f67731cc9147ded256e6f05e8037d65b0fb524028ed596fe6716ee5e77598a41f1fae35b3ac4b
Attribute 79 (EAP-Message) length=80
Value: 4b8a994438389949fdfafb4975601af9bf9a155d72452fe10f9ca8724ac25b81d269df8bd9260f3d3920fd507c268606d773b51a528fee2c5aba822a6f7eb84e43d657e17788fc4f1902c1b7d9ab
Attribute 24 (State) length=18
Value: 6501da9e696bed03dd76d824d918a37a
RADIUS: Send 1517 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 103 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=13 length=103
Attribute 80 (Message-Authenticator) length=18
Value: 2590e8ed3356c3cb0ef1c38d479010d8
Attribute 79 (EAP-Message) length=47
Value: 016b002d37011703030022288983a38fe43b6b7205fb27447f6a361e2f8e1cd2f189d85ab5f239e621e22d2f9b
Attribute 24 (State) length=18
Value: 6501da9e686aed03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=107 len=45) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=107 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=45) - Flags 0x01
EAP-TEAP: Received 39 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=10): 80 09 00 06 01 6b 00 06 0d 00
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 6 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=6): 01 6b 00 06 0d 00
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=6) - Flags 0x00
SSL: 107 bytes left to be sent out (of total 2703 bytes)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=117): 80 09 00 71 02 6b 00 71 0d 00 4f a3 72 2b 26 21 5e 80 4f 53 45 5a 5d 5b 8c 21 6d 23 a3 ca 29 2f af 03 be c4 4a 46 2e 3e 12 d2 7f 00 1f a5 e6 5d 69 d1 d9 d4 0c ff 10 9b 75 89 ab d5 58 1f 48 fd 09 76 14 03 03 00 01 01 16 03 03 00 28 2f 20 31 08 12 14 2f 83 91 23 d0 04 93 3d b8 7f 81 0a dc b1 44 3c 2e fb 9f 3f 3c d1 ff 02 b1 4c 37 a2 41 e0 0a 94 26 7f
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 8d
SSL: 146 bytes left to be sent out (of total 146 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0faff30
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=152)
TX EAP -> RADIUS - hexdump(len=152): 02 6b 00 98 37 01 17 03 03 00 8d c3 e8 e0 9e c8 57 32 27 f8 99 38 84 d8 f1 26 1f 6a 6c b2 79 e2 52 42 f6 42 42 a2 4b 3b cc c0 55 d1 0b 91 fa 67 e2 f2 71 a1 f7 cd 2c 22 a9 4f 78 89 a5 c4 4b c4 2a ca 87 02 a4 8b 81 03 7b 1f f5 fb b1 da 07 85 2c 35 8e 91 f8 e6 c5 53 13 83 b0 7a 2a 16 e6 8d ce c0 0f 03 d5 9a d7 4c e7 79 88 72 59 78 9b d9 38 9e b3 c2 c9 7c 96 36 55 ad 79 78 79 d1 c8 15 3c 74 60 d3 db 3c e9 16 9d 7c 7b bc 23 5c e0 38 cf 71 e4 14 41 c1 08 59
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=14 length=316
Attribute 80 (Message-Authenticator) length=18
Value: 9df89c02b33d950e479313932c0f1bdc
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=154
Value: 026b00983701170303008dc3e8e09ec8573227f8993884d8f1261f6a6cb279e25242f64242a24b3bccc055d10b91fa67e2f271a1f7cd2c22a94f7889a5c44bc42aca8702a48b81037b1ff5fbb1da07852c358e91f8e6c5531383b07a2a16e68dcec00f03d59ad74ce779887259789bd9389eb3c2c97c963655ad797879d1c8153c7460d3db3ce9169d7c7bbc235ce038cf71e41441c10859
Attribute 24 (State) length=18
Value: 6501da9e686aed03dd76d824d918a37a
RADIUS: Send 316 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 158 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=14 length=158
Attribute 80 (Message-Authenticator) length=18
Value: 7ebe83849b0c8002be85ccf9db8ca807
Attribute 79 (EAP-Message) length=102
Value: 016c006437011703030059288983a38fe43b6c0b28c9559df65d77f0ad9a4099487ea9a750debdcad8fb27c3f5611a45c94405adba48567e89d0ff604c2192eaafe13c1292b50b5d0e53c250a687ff04862d670715871479770df466480f319183b0cdf5
Attribute 24 (State) length=18
Value: 6501da9e6b6ded03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=108 len=100) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=108 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=100) - Flags 0x01
EAP-TEAP: Received 94 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 59
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=65): 80 09 00 3d 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9
EAP-TEAP: Received Phase 2: TLV type 9 (EAP-Payload) length 61 (mandatory)
EAP-TEAP: EAP-Payload TLV - hexdump(len=61): 01 6c 00 3d 0d 80 00 00 00 33 14 03 03 00 01 01 16 03 03 00 28 47 c8 ee bd 55 96 3c b5 4e 9e fb a7 92 02 73 75 f7 e3 58 4a b6 d1 4d db 9f a8 27 af 0d f9 e0 dd 4d 03 78 47 0c 2a e2 a9
EAP-TEAP: Phase 2 Request: type=0:13
SSL: Received packet(len=61) - Flags 0x80
SSL: TLS Message Length: 51
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 14 03 03 00 01
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS write finished
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 16 03 03 00 28
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read change cipher spec
OpenSSL: RX ver=0x303 content_type=22 (handshake/finished)
OpenSSL: Message - hexdump(len=16): 14 00 00 0c 98 7d 4f a9 7f c9 90 b2 06 7e 66 bc
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3/TLS read finished
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
SSL: No Application Data included
SSL: Using TLS version TLSv1.2
SSL: No data to be sent out
EAP-TLS: Done
EAP-TLS: Derived key - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e
EAP-TLS: Derived EMSK - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d
EAP-TLS: Derived Session-Id - hexdump(len=65): 0d a1 81 88 57 2a 90 ca 5b 76 83 a3 14 90 32 80 2d fd 91 74 b9 e3 88 76 cc 1b 72 f5 b2 a1 5b 7e 28 ba 21 4b 95 cb ec be b5 40 93 ec 80 3d b2 77 54 66 47 a3 7d 1b 61 58 42 71 af d9 46 13 26 b2 13
SSL: Building ACK (type=13 id=108 ver=0)
EAP-TEAP: Add EAP-Payload TLV
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=10): 80 09 00 06 02 6c 00 06 0d 00
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 22
SSL: 39 bytes left to be sent out (of total 39 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x5614c0fb3850
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=45)
TX EAP -> RADIUS - hexdump(len=45): 02 6c 00 2d 37 01 17 03 03 00 22 c3 e8 e0 9e c8 57 32 28 e3 ba 6b 0b de bf d4 f5 e6 2a d0 25 9b 38 07 7c 11 c3 cb f8 50 c3 1c 98 18 b3
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=15 length=209
Attribute 80 (Message-Authenticator) length=18
Value: a40374886e256fec561e9328c05e4109
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=47
Value: 026c002d37011703030022c3e8e09ec8573228e3ba6b0bdebfd4f5e62ad0259b38077c11c3cbf850c31c9818b3
Attribute 24 (State) length=18
Value: 6501da9e6b6ded03dd76d824d918a37a
RADIUS: Send 209 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 185 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=11 (Access-Challenge) identifier=15 length=185
Attribute 80 (Message-Authenticator) length=18
Value: 4516f6067de73352b078510d41e2492e
Attribute 79 (EAP-Message) length=129
Value: 016d007f37011703030074288983a38fe43b6db4f6b522f0efe64022ddb91fda06f70c560b3ae9c0cc272dc4248c2a1a071cb7ec6cde1b5b0a509cd05c2e7aaa7026d0b6634ed9574ee1d144e163c0f9a01474d48c94c86591752dcb0d4c8213997f31ea238f4c069ef531579e70f435d4b89e99c28626b4dcbcc31992492b
Attribute 24 (State) length=18
Value: 6501da9e6a6ced03dd76d824d918a37a
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
decapsulated EAP packet (code=1 id=109 len=127) from RADIUS server: EAP-Request-TEAP (55)
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=109 method=55 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=127) - Flags 0x01
EAP-TEAP: Received 121 bytes encrypted data for Phase 2
OpenSSL: RX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 74
EAP-TEAP: Decrypted Phase 2 TLV(s) - hexdump(len=92): 80 0a 00 02 00 01 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47 80 03 00 02 00 01
EAP-TEAP: Received Phase 2: TLV type 10 (Intermediate-Result) length 2 (mandatory)
EAP-TEAP: Intermediate-Result TLV - hexdump(len=2): 00 01
EAP-TEAP: Intermediate Result: Success
EAP-TEAP: Received Phase 2: TLV type 12 (Crypto-Binding) length 76 (mandatory)
EAP-TEAP: Crypto-Binding TLV - hexdump(len=76): 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25 e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Received Phase 2: TLV type 3 (Result) length 2 (mandatory)
EAP-TEAP: Result TLV - hexdump(len=2): 00 01
EAP-TEAP: Result: Success
EAP-TEAP: Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 Sub-Type 0
EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c
EAP-TEAP: EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Determining CMK[1] for Compound MAC calculation
EAP-TEAP: MSK[j] - hexdump(len=64): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7 31 59 24 53 19 54 6b 36 8e de 95 64 16 02 8f 60 f9 d7 6d a1 ae 58 b8 32 66 50 d9 ba e3 48 5d 0e
EAP-TEAP: EMSK[j] - hexdump(len=64): 45 70 28 b4 9a e6 c7 86 ba ac 05 0a 68 09 b1 47 81 89 62 14 d3 56 ea ba 00 d8 c0 39 4b 81 b4 84 f1 28 97 33 65 a4 5f a3 04 ae 62 b5 43 2b 8b 67 b3 a0 9e 74 be c7 f9 c3 60 ae 80 d4 b7 3f ce 8d
EAP-TEAP: IMSK from EMSK - hexdump(len=32): 32 6d 28 0e b8 c0 d0 d2 cb 5d 01 3e bc da 73 db fa 06 32 73 ec c2 5e 28 ae 79 6f e7 95 6d 29 69
EAP-TEAP: EMSK S-IMCK[j] - hexdump(len=40): e7 f0 81 5a 82 28 cc 53 d4 15 a1 e0 e5 4c 49 66 11 0e 40 e7 24 ab 6f 9f 81 47 f0 49 39 b0 e8 f3 7c 07 7f 1d d2 73 63 1e
EAP-TEAP: EMSK CMK[j] - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: IMSK from MSK - hexdump(len=32): ab 17 34 be 08 88 48 16 a5 08 c6 f4 4b 0c 05 8c 01 0d 7d da 18 3e 42 29 f4 7c 2e 30 9e 81 5d b7
EAP-TEAP: MSK S-IMCK[j] - hexdump(len=40): 32 7f 21 f9 c1 4f c5 5f 3a 7f 39 99 4b 00 ea ce 27 f3 d0 6c d9 9d 36 07 ac 66 4e a3 55 6b d2 ba 54 aa 17 7f 95 fc 8c 85
EAP-TEAP: MSK CMK[j] - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Received MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: Calculated MSK Compound MAC - hexdump(len=20): e0 60 ea c7 b4 4b 93 66 7d 88 3a 2b fc d7 81 30 61 d3 26 47
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 30 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Received EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: Calculated EMSK Compound MAC - hexdump(len=20): 72 cf bf 70 67 bd f5 e0 01 82 05 ee 87 4b 49 48 b3 6b 77 25
EAP-TEAP: Derived key (MSK) - hexdump(len=64): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08 33 df c1 ab a0 8e 83 b6 3a 36 92 69 99 78 18 2f a1 b8 9b 84 22 2a 23 8c fa 8f 3f 3f f0 f2 f0 f9
EAP-TEAP: Derived key (EMSK) - hexdump(len=64): 34 cb 3d 09 88 64 b0 7b 1c 27 6c d6 8a 54 db 95 53 13 45 68 08 42 37 5f 08 f1 e1 59 e4 8c f4 e1 b9 98 8a d8 d0 68 33 ce 14 1b 5b ca 75 38 0c fc 4d 4d a6 7f 68 03 b1 f2 e7 4a fe 4f e5 67 12 92
EAP-TEAP: Derived Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 36 95 e7 1d cf 27 47 f1 4c c2 b2 e0 2a 48 03 75 0b f7 30 10
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: CMK for Compound MAC calculation - hexdump(len=20): 01 1b f8 4f 16 4d 6d 29 a5 8e 66 cb 5e 47 fd 81 18 ef c8 61
EAP-TEAP: BUFFER for Compound MAC calculation - hexdump(len=89): 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 00 01 00 04 31 32 33 34
EAP-TEAP: MAC algorithm: HMAC-SHA384
EAP-TEAP: Reply Crypto-Binding TLV: Version 1 Received Version 1 Flags 3 SubType 1
EAP-TEAP: Nonce - hexdump(len=32): 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d
EAP-TEAP: EMSK Compound MAC - hexdump(len=20): dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d
EAP-TEAP: MSK Compound MAC - hexdump(len=20): 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf
EAP-TEAP: Add Result TLV(status=Success)
EAP-TEAP: Add Intermediate-Result TLV(status=Success)
EAP-TEAP: Authentication completed successfully
EAP-TEAP: Encrypting Phase 2 data - hexdump(len=92): 80 0a 00 02 00 01 80 03 00 02 00 01 80 0c 00 4c 00 01 01 31 02 d6 0a b4 c0 b4 69 59 0e bc b6 06 ba 04 c1 44 98 e8 38 4e 84 8f d1 02 f9 3e 03 c5 da 85 5d 2d dd 71 03 1a f7 44 65 d8 ba 7c 02 9d 74 7f 50 f3 0d ae d3 6d 3c 70 05 6f 80 2f 8a 7f 78 74 2b 41 64 a8 e8 57 d4 4f 35 cf
OpenSSL: TX ver=0x303 content_type=256 (TLS header info/)
OpenSSL: Message - hexdump(len=5): 17 03 03 00 74
SSL: 121 bytes left to be sent out (of total 121 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=UNCOND_SUCC eapRespData=0x5614c0fb0480
EAP: Session-Id - hexdump(len=13): 37 6f bf 86 34 6f 24 32 54 81 16 df a7
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
WPA: eapol_test_eapol_send(type=0 len=127)
TX EAP -> RADIUS - hexdump(len=127): 02 6d 00 7f 37 01 17 03 03 00 74 c3 e8 e0 9e c8 57 32 29 34 54 72 69 86 39 13 f6 91 df 2d 96 85 72 20 ae d0 84 f6 f6 00 99 11 df 2e 6f 55 df 70 5d 83 e3 f1 93 88 31 bd 3f e4 0e ef 10 54 ea 9b e3 93 d4 03 23 79 fb 93 7e d2 97 37 9e e7 d2 e4 49 3d 41 d9 ec 98 29 c1 bc 82 ee 4c 41 f8 10 c8 36 f9 6f a9 ed ee a2 b0 46 c6 39 fd a3 d3 f3 28 a9 32 94 cd 31 95 fb 9d d3 86 5b 21 b8 bd 1e
Encapsulating EAP message into a RADIUS packet
Copied RADIUS State Attribute
Sending RADIUS message to authentication server
RADIUS message: code=1 (Access-Request) identifier=16 length=291
Attribute 80 (Message-Authenticator) length=18
Value: d7189876b0b6015b5824181f72f99123
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 31 (Calling-Station-Id) length=19
Value: 'DE-AD-BE-EF-42-42'
Attribute 12 (Framed-MTU) length=6
Value: 1400
Attribute 61 (NAS-Port-Type) length=6
Value: 19
Attribute 6 (Service-Type) length=6
Value: 2
Attribute 77 (Connect-Info) length=24
Value: 'CONNECT 11Mbps 802.11b'
Attribute 30 (Called-Station-Id) length=28
Value: '00:11:22:33:44:55:UConnect'
Attribute 4 (NAS-IP-Address) length=6
Value: 192.168.4.20
Attribute 79 (EAP-Message) length=129
Value: 026d007f37011703030074c3e8e09ec857322934547269863913f691df2d96857220aed084f6f6009911df2e6f55df705d83e3f1938831bd3fe40eef1054ea9be393d4032379fb937ed297379ee7d2e4493d41d9ec9829c1bc82ee4c41f810c836f96fa9edeea2b046c639fda3d3f328a93294cd3195fb9dd3865b21b8bd1e
Attribute 24 (State) length=18
Value: 6501da9e6a6ced03dd76d824d918a37a
RADIUS: Send 291 bytes to the server
Next RADIUS client retransmit in 3 seconds
EAPOL: SUPP_BE entering state RECEIVE
Received 177 bytes from RADIUS server
Received RADIUS message
RADIUS message: code=2 (Access-Accept) identifier=16 length=177
Attribute 80 (Message-Authenticator) length=18
Value: 79408ea0aa6e7e121a7fe60f36847969
Attribute 26 (Vendor-Specific) length=58
Value: 000001371134831ef5a48eda8cd424a09602d9f6e6707c0bf0bf7ddf3e2a794e28ca4965deade919a69d244e247cf20a6bca42d8da16a25d
Attribute 26 (Vendor-Specific) length=58
Value: 0000013710348cd477c07de14a4f1450a187746d1533e168e852534eec23835ac98b01ae81ade9af03e2f8ef8b532d8b70efb80e28c36b94
Attribute 79 (EAP-Message) length=6
Value: 036d0004
Attribute 1 (User-Name) length=11
Value: 'anonymous'
Attribute 12 (Framed-MTU) length=6
Value: 974
STA de:ad:be:ef:42:42: Received RADIUS packet matched with a pending request, round trip time 0.00 sec
RADIUS packet matching with station
MS-MPPE-Send-Key (sign) - hexdump(len=32): 8e 09 c3 95 43 cb d1 59 10 0a 92 a2 4f 70 ed fe 6d 08 9f b9 ce 28 d4 59 53 9f e4 8f c1 c9 f4 27
MS-MPPE-Recv-Key (crypt) - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89
decapsulated EAP packet (code=3 id=109 len=4) from RADIUS server: EAP Success
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Status notification: completion (param=success)
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required
WPA: EAPOL processing complete
Cancelling authentication timeout
State: DISCONNECTED -> COMPLETED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
eapol_sm_cb: result=1
EAPOL: Successfully fetched key (len=32)
PMK from EAPOL - hexdump(len=32): db d6 41 75 31 4c 06 4b a0 01 e1 84 39 49 35 84 19 93 3d ad c5 7a 2a 1c 56 69 5a d4 08 19 9f 08
WARNING: PMK mismatch
PMK from AS - hexdump(len=32): ee 59 aa 95 cf fe 96 ce 43 de c1 30 a0 14 84 ac dd 72 22 ba a3 cd 82 2b f0 eb 9d a5 6b e2 e4 89
No EAP-Key-Name received from server
WPA: Clear old PMK and PTK
EAP: deinitialize previously used EAP method (55, TEAP) at EAP deinit
ENGINE: engine deinit
ENGINE: engine deinit
MPPE keys OK: 0 mismatch: 1
FAILURE
mailto:root@debian-freeradius:~/wpa_supplicant-2.11#
2
2