Freeradius-Users
Threads by month
- ----- 2026 -----
- July
- June
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
January 2026
- 14 participants
- 15 discussions
16 Jan '26
Hi FreeRADIUS:
I've compiled/installed FreeRADIUS 3.2.8 on Ubuntu 24.04 (Linux 6.8.0
and OpenSSL 3.0.13), and it gives the attached "MS-CHAP2 Response is
incorrect" error during inner tunnel negotiation in Phase 0 (PAC file
creation) of EAP-FAST. Upgrading the Linux kernel to 6.16 and OpenSSL
3.0.16 gives the same result. Compiling the latest FreeRADIUS 3.2.x
branch head (3.2.9 dev) as of a few days ago also gives the same
result.
Note that EAP-PEAP/MSCHAPV2 works fine (log also attached) on the
identical supplicant / authenticator / authentication server platform.
The supplicant is also on a Ubuntu 24.04 platform (OpenSSL 3.0.13),
running the latest snapshot of wpa_supplicant, and TLS 1.3 has been
confirmed working with EAP-PEAP when tls_max is set to 1.3 in
FreeRADIUS on the authentication server.
Supplicant version:
dbland@NUC13-Linux2:~$ wpa_supplicant -v
wpa_supplicant v2.12-devel-20251221-hostap_2_11-1307-g3ea5c0df5+
Copyright (c) 2003-2024, Jouni Malinen <j(a)w1.fi> and contributors
dbland@NUC13-Linux2:~$
Supplicant EAP-FAST configuration:
network={
ssid="asus6e_5"
proto=RSN
key_mgmt=WPA-EAP
bgscan="simple:5:-70:60"
eap=FAST
identity="bob_loblaw"
anonymous_identity="FAST-123456789012"
password="password"
phase1="fast_provisioning=1"
phase2="auth=MSCHAPV2"
pac_file="/home/dbland/certs_nuc13/bob_loblaw.pac"
}
Background: Recent Ubuntu versions have forcibly disabled TLS 1.0 and
TLS 1.1, and EAP-FAST support with TLS 1.2 was first introduced in
FreeRADIUS 3.2.8. However, the FreeRADIUS package version bundled
with Ubuntu 24.04 is version 3.2.5, and version 3.2.7 with Ubuntu
25.10. This unfortunately leaves a gap in EAP-FAST support. Until a
newer FreeRADIUS package is available on Ubuntu, compiling the 3.2.8
source seems to be the only option in order to support BOTH TLS 1.3
with EAP-PEAP and TLS 1.2 with EAP-FAST.
Any further troubleshooting suggestions? From reading the mailing
list archives, I've seen this EAP-FAST issue pop up a few times in the
past on earlier 3.0.x versions, but with no resolution.
Best regards,
Dennis Bland
2
7
Dear,
Freeradius Team
I need your support in order to help me to achieve the challenge.
I am trying to run more then 30000 sessions but every time I run the sessions I am reaching the 28232.
Do you know maybe where it can be issue?
Thanks,
Filip
2
3
Hi,
In FR 3.0, in the NAS network link interruptions, I receive the error
*"rlm_sql (sql): Cannot open new connection, already at max"*.
What should I pay attention to when increasing the *max_requests*
value?
Is increasing this value sufficient, or are there any parameters in
the SQL pool settings that I also need to increase?
Regards
2
5
14 Jan '26
Hi,
I would like to get your input on a structural change we are planning.
In our current setup, we have 8 RADIUS instances handling both Authentication (Auth) and Accounting (Acct) on the same server, utilizing PostgreSQL as the storage backend. We are planning to migrate to a scenario where we decouple these responsibilities into dedicated RADIUS instances for Auth and Acct.
Currently, we store only the latest sessions in RadAcct to support functions like simultaneous-use. The rest of the accounting data is generally forwarded through RADIUS to a Kafka server.
My goal is to eliminate SQL from the accounting process entirely. Ideally, I want to forward incoming accounting packets directly to Kafka and immediately return a response. I can find a workaround for maintaining session states without writing them to SQL, but I am stuck on how to manage IP pool (ippool) operations efficiently.
It seems there might be no way to avoid using a database for IP management, and it might not even be logical to do so, but I wanted to hear your perspective on this.
Looking forward to your thoughts.
Best regards,
3
2
Authentication with rlm_python module failes for iphone, works for android, windows, linux
by The2nd 13 Jan '26
by The2nd 13 Jan '26
13 Jan '26
Hello list,
i hope this is the right list for this question.
I've written a python module to be used with freeradius and it works for
wlan authentication (mschapv2) with windows, linux and android devices.
But it fails with iphone/ios. With iOS is see the request in my python
module and it authenticates against my server successfully but the
iPhone always tells me "Unable to join the network <ssid>".
My python module can be found here:
https://github.com/the2nd/otpme/blob/main/otpme/lib/freeradius/otpme.py
As it works with linux, windows and android i think its not completely
wrong.
Debug log of a successful authentication with my android device:
FreeRADIUS Version 3.2.6
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including configuration file /var/run/otpme/freeradius/radiusd.conf
including configuration file /var/run/otpme/freeradius/clients.conf
main {
security {
user = "otpme"
group = "otpme"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
libdir = "/usr/lib"
radacctdir = "/var/log/otpme/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/otpme/pidfiles/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
Debugger not attached
# Creating Auth-Type = python_otpme
# Creating Auth-Type = EAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_mschap
# Loading module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_eap
# Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
# Loading module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
mschap mschap_otp {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket
'%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}'
'%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}'
'%{NAS-Identifier}' '%{Client-IP-Address}'"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_python3
# Loading module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
python3 python_otpme {
mod_instantiate = "otpme.lib.freeradius.otpme"
func_instantiate = "instantiate"
mod_authorize = "otpme.lib.freeradius.otpme"
func_authorize = "authorize"
mod_authenticate = "otpme.lib.freeradius.otpme"
func_authenticate = "authenticate"
python_path =
"/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages"
cext_compat = yes
pass_all_vps = no
pass_all_vps_dict = no
}
# Instantiating module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap): using internal authentication
# Instantiating module "eap" from file
/var/run/otpme/freeradius/radiusd.conf
# Linked to sub-module rlm_eap_md5
rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
pem_file_type = yes
private_key_file = "/var/run/otpme/freeradius/key.pem"
certificate_file = "/var/run/otpme/freeradius/cert.pem"
ca_file = "/var/run/otpme/freeradius/ca.pem"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = no
use_nonce = yes
timeout = 0
softfail = no
}
}
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1'
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1_1'
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "otpme"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "otpme"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth'
# Instantiating module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428]
otpme.py: OTPme config verfied successful.
otpme.py: Instantiated OTPme module.
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /var/run/otpme/freeradius/radiusd.conf
} # server
server otpme { # from file /var/run/otpme/freeradius/radiusd.conf
# Loading authenticate {...}
Compiling Auth-Type EAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
} # server otpme
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
client 10.219.195.225 {
ipv4addr = 10.219.195.225
secret = <<< secret >>>
shortname = "ap01-hbap-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.223 {
ipv4addr = 10.219.195.223
secret = <<< secret >>>
shortname = "cloudix-nextcloud-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
ipv4addr = 127.0.0.1
secret = <<< secret >>>
shortname = "localhost-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.100 {
ipv4addr = 10.219.195.100
secret = <<< secret >>>
shortname = "sharewatcher-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.254 {
ipv4addr = 10.219.195.254
secret = <<< secret >>>
shortname = "smtp-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
Listening on auth address * port 1812 bound to server otpme
Ready to process requests
(0) Received Access-Request Id 162 from 10.219.195.225:38276 to
10.219.195.1:1812 length 204
(0) User-Name = "anonymous"
(0) NAS-Identifier = "ap01-hbap"
(0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 1
(0) Calling-Station-Id = "42-33-75-43-BE-2D"
(0) Connect-Info = "CONNECT 54Mbps 802.11a"
(0) Acct-Session-Id = "BF0C189E956F9999"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x0277000e01616e6f6e796d6f7573
(0) Message-Authenticator = 0xe8db3a835195304aa1c2e8655f6cea44
(0) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(0) authorize {
(0) eap: Peer sent EAP Response (code 2) ID 119 length 14
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) if (!control:Auth-Type) {
(0) if (!control:Auth-Type) -> FALSE
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(0) Auth-Type EAP {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_mschapv2 to process data
(0) eap_mschapv2: Issuing Challenge
(0) eap: Sending EAP Request (code 1) ID 120 length 42
(0) eap: EAP session adding &reply:State = 0x64b8ac1d64c0b641
(0) [eap] = handled
(0) } # Auth-Type EAP = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Sent Access-Challenge Id 162 from 10.219.195.1:1812 to
10.219.195.225:38276 length 100
(0) EAP-Message =
0x0178002a1a0178002510784b2270bd2bafab1ed5f5a37c9ae5e8667265657261646975732d332e322e36
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0x64b8ac1d64c0b641aa9dae41afb34712
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 163 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(1) User-Name = "anonymous"
(1) NAS-Identifier = "ap01-hbap"
(1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 1
(1) Calling-Station-Id = "42-33-75-43-BE-2D"
(1) Connect-Info = "CONNECT 54Mbps 802.11a"
(1) Acct-Session-Id = "BF0C189E956F9999"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x027800060319
(1) State = 0x64b8ac1d64c0b641aa9dae41afb34712
(1) Message-Authenticator = 0x2bd3281b58e070552d01366780334918
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(1) authorize {
(1) eap: Peer sent EAP Response (code 2) ID 120 length 6
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) if (!control:Auth-Type) {
(1) if (!control:Auth-Type) -> FALSE
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(1) Auth-Type EAP {
(1) eap: Removing EAP session with state 0x64b8ac1d64c0b641
(1) eap: Previous EAP request found for state 0x64b8ac1d64c0b641,
released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: (TLS) PEAP -Initiating new session
(1) eap: Sending EAP Request (code 1) ID 121 length 6
(1) eap: EAP session adding &reply:State = 0x64b8ac1d65c1b541
(1) [eap] = handled
(1) } # Auth-Type EAP = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) session-state: Saving cached attributes
(1) Framed-MTU = 994
(1) Sent Access-Challenge Id 163 from 10.219.195.1:1812 to
10.219.195.225:38276 length 64
(1) EAP-Message = 0x017900061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0x64b8ac1d65c1b541aa9dae41afb34712
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 164 from 10.219.195.225:38276 to
10.219.195.1:1812 length 446
(2) User-Name = "anonymous"
(2) NAS-Identifier = "ap01-hbap"
(2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 1
(2) Calling-Station-Id = "42-33-75-43-BE-2D"
(2) Connect-Info = "CONNECT 54Mbps 802.11a"
(2) Acct-Session-Id = "BF0C189E956F9999"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x027900ee1980000000e416030100df010000db0303204b82994ddeede4b1efd09220705397da7cefa712c268070e9c45dd100931cd20e74544c9e44528171eb11e711a721ac7bce002642c974be41e1cbc3625b7f02d0022130113021303c02bc02fc02cc030cca9cca8c009c013c00ac014009c009d002f00350100007000170000ff01000100000a00080006001d00170018000b00020100000d00140012040308040401050308050501080606010201003300260024001d002032c7b45122c64b455fb50da767a2cc4ce59b726e3cd9bd403abba61c883ac722002d00020101002b0009080304030303020301
(2) State = 0x64b8ac1d65c1b541aa9dae41afb34712
(2) Message-Authenticator = 0xcc735b6b3bf60fe0d35655caee8b130a
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 994
(2) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(2) authorize {
(2) eap: Peer sent EAP Response (code 2) ID 121 length 238
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) if (!control:Auth-Type) {
(2) if (!control:Auth-Type) -> FALSE
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(2) Auth-Type EAP {
(2) eap: Removing EAP session with state 0x64b8ac1d65c1b541
(2) eap: Previous EAP request found for state 0x64b8ac1d65c1b541,
released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: (TLS) EAP Peer says that the final record size will be 228
bytes
(2) eap_peap: (TLS) EAP Got all data (228 bytes)
(2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
certificate
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key
exchange
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS
write server done
(2) eap_peap: (TLS) PEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 122 length 1004
(2) eap: EAP session adding &reply:State = 0x64b8ac1d66c2b541
(2) [eap] = handled
(2) } # Auth-Type EAP = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) session-state: Saving cached attributes
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(2) Sent Access-Challenge Id 164 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1068
(2) EAP-Message =
0x017a03ec19c000000bd7160303003d020000390303406d024d9f92625990729dd1d0d2b54f155819983be5efc77c0843cfd0c7410400c02f000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0x64b8ac1d66c2b541aa9dae41afb34712
(2) Finished request
Waking up in 4.8 seconds.
(3) Received Access-Request Id 165 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(3) User-Name = "anonymous"
(3) NAS-Identifier = "ap01-hbap"
(3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 1
(3) Calling-Station-Id = "42-33-75-43-BE-2D"
(3) Connect-Info = "CONNECT 54Mbps 802.11a"
(3) Acct-Session-Id = "BF0C189E956F9999"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x027a00061900
(3) State = 0x64b8ac1d66c2b541aa9dae41afb34712
(3) Message-Authenticator = 0xeb39f94920377984aec242aa3813e06a
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(3) authorize {
(3) eap: Peer sent EAP Response (code 2) ID 122 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) if (!control:Auth-Type) {
(3) if (!control:Auth-Type) -> FALSE
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(3) Auth-Type EAP {
(3) eap: Removing EAP session with state 0x64b8ac1d66c2b541
(3) eap: Previous EAP request found for state 0x64b8ac1d66c2b541,
released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 123 length 1000
(3) eap: EAP session adding &reply:State = 0x64b8ac1d67c3b541
(3) [eap] = handled
(3) } # Auth-Type EAP = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) session-state: Saving cached attributes
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(3) Sent Access-Challenge Id 165 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(3) EAP-Message =
0x017b03e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0x64b8ac1d67c3b541aa9dae41afb34712
(3) Finished request
Waking up in 4.8 seconds.
(4) Received Access-Request Id 166 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(4) User-Name = "anonymous"
(4) NAS-Identifier = "ap01-hbap"
(4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 1
(4) Calling-Station-Id = "42-33-75-43-BE-2D"
(4) Connect-Info = "CONNECT 54Mbps 802.11a"
(4) Acct-Session-Id = "BF0C189E956F9999"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x027b00061900
(4) State = 0x64b8ac1d67c3b541aa9dae41afb34712
(4) Message-Authenticator = 0xed6b5266742723e30e700e8b4f75739f
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 994
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(4) authorize {
(4) eap: Peer sent EAP Response (code 2) ID 123 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) if (!control:Auth-Type) {
(4) if (!control:Auth-Type) -> FALSE
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(4) Auth-Type EAP {
(4) eap: Removing EAP session with state 0x64b8ac1d67c3b541
(4) eap: Previous EAP request found for state 0x64b8ac1d67c3b541,
released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 124 length 1000
(4) eap: EAP session adding &reply:State = 0x64b8ac1d60c4b541
(4) [eap] = handled
(4) } # Auth-Type EAP = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) session-state: Saving cached attributes
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(4) Sent Access-Challenge Id 166 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(4) EAP-Message =
0x017c03e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0x64b8ac1d60c4b541aa9dae41afb34712
(4) Finished request
Waking up in 4.8 seconds.
(5) Received Access-Request Id 167 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(5) User-Name = "anonymous"
(5) NAS-Identifier = "ap01-hbap"
(5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 1
(5) Calling-Station-Id = "42-33-75-43-BE-2D"
(5) Connect-Info = "CONNECT 54Mbps 802.11a"
(5) Acct-Session-Id = "BF0C189E956F9999"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message = 0x027c00061900
(5) State = 0x64b8ac1d60c4b541aa9dae41afb34712
(5) Message-Authenticator = 0xd495f330c78e196eb11dc3995b88a242
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 994
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(5) authorize {
(5) eap: Peer sent EAP Response (code 2) ID 124 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) if (!control:Auth-Type) {
(5) if (!control:Auth-Type) -> FALSE
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(5) Auth-Type EAP {
(5) eap: Removing EAP session with state 0x64b8ac1d60c4b541
(5) eap: Previous EAP request found for state 0x64b8ac1d60c4b541,
released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: (TLS) Peer ACKed our handshake fragment
(5) eap: Sending EAP Request (code 1) ID 125 length 55
(5) eap: EAP session adding &reply:State = 0x64b8ac1d61c5b541
(5) [eap] = handled
(5) } # Auth-Type EAP = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) session-state: Saving cached attributes
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(5) Sent Access-Challenge Id 167 from 10.219.195.1:1812 to
10.219.195.225:38276 length 113
(5) EAP-Message =
0x017d00371900501263aad1ec47677b3c48e295891733e13224af67d346d25d68f13a27dd1b6060701aa6f7a4003816030300040e000000
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0x64b8ac1d61c5b541aa9dae41afb34712
(5) Finished request
Waking up in 4.8 seconds.
(6) Received Access-Request Id 168 from 10.219.195.225:38276 to
10.219.195.1:1812 length 344
(6) User-Name = "anonymous"
(6) NAS-Identifier = "ap01-hbap"
(6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 1
(6) Calling-Station-Id = "42-33-75-43-BE-2D"
(6) Connect-Info = "CONNECT 54Mbps 802.11a"
(6) Acct-Session-Id = "BF0C189E956F9999"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message =
0x027d008819800000007e1603030046100000424104d03773246fb4ee58f2b210f0d7e78f044a507dfb457b56f714c4f99379b7b54a81c78f01ba73c7a855d726a53e8e06b20bcdd4e9ff3eb63d2aab0e6075f697e114030300010116030300280000000000000000eb102ea08ec0ea6bf3ef1493251569d7fb91064e446e30581e1839c200c0883c
(6) State = 0x64b8ac1d61c5b541aa9dae41afb34712
(6) Message-Authenticator = 0x06debe813bbb88b569740faf21dbdcb9
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 994
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(6) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(6) authorize {
(6) eap: Peer sent EAP Response (code 2) ID 125 length 136
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) if (!control:Auth-Type) {
(6) if (!control:Auth-Type) -> FALSE
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(6) Auth-Type EAP {
(6) eap: Removing EAP session with state 0x64b8ac1d61c5b541
(6) eap: Previous EAP request found for state 0x64b8ac1d61c5b541,
released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: (TLS) EAP Peer says that the final record size will be 126
bytes
(6) eap_peap: (TLS) EAP Got all data (126 bytes)
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client key exchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
change cipher spec
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished
(6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
change cipher spec
(6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished
(6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished
successfully
(6) eap_peap: (TLS) PEAP - Connection Established
(6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) eap_peap: TLS-Session-Version = "TLS 1.2"
(6) eap: Sending EAP Request (code 1) ID 126 length 57
(6) eap: EAP session adding &reply:State = 0x64b8ac1d62c6b541
(6) [eap] = handled
(6) } # Auth-Type EAP = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) session-state: Saving cached attributes
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 168 from 10.219.195.1:1812 to
10.219.195.225:38276 length 115
(6) EAP-Message =
0x017e0039190014030300010116030300283fbfcc47e7ff15335d94fe3f3b7f1d2683dbacec358f9dfdd26341970bf6679ebf855cd4a6aafe17
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0x64b8ac1d62c6b541aa9dae41afb34712
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 169 from 10.219.195.225:38276 to
10.219.195.1:1812 length 214
(7) User-Name = "anonymous"
(7) NAS-Identifier = "ap01-hbap"
(7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 1
(7) Calling-Station-Id = "42-33-75-43-BE-2D"
(7) Connect-Info = "CONNECT 54Mbps 802.11a"
(7) Acct-Session-Id = "BF0C189E956F9999"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message = 0x027e00061900
(7) State = 0x64b8ac1d62c6b541aa9dae41afb34712
(7) Message-Authenticator = 0xe942008c55e4659b864a6a49b1848ae5
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 994
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(7) authorize {
(7) eap: Peer sent EAP Response (code 2) ID 126 length 6
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) if (!control:Auth-Type) {
(7) if (!control:Auth-Type) -> FALSE
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(7) Auth-Type EAP {
(7) eap: Removing EAP session with state 0x64b8ac1d62c6b541
(7) eap: Previous EAP request found for state 0x64b8ac1d62c6b541,
released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is
finished
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state TUNNEL ESTABLISHED
(7) eap: Sending EAP Request (code 1) ID 127 length 40
(7) eap: EAP session adding &reply:State = 0x64b8ac1d63c7b541
(7) [eap] = handled
(7) } # Auth-Type EAP = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) session-state: Saving cached attributes
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 169 from 10.219.195.1:1812 to
10.219.195.225:38276 length 98
(7) EAP-Message =
0x017f00281900170303001d3fbfcc47e7ff15344cfac04ed63722fa13bff21b90d93b042ce8c29282
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0x64b8ac1d63c7b541aa9dae41afb34712
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 170 from 10.219.195.225:38276 to
10.219.195.1:1812 length 257
(8) User-Name = "anonymous"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "42-33-75-43-BE-2D"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "BF0C189E956F9999"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x027f0031190017030300260000000000000001c658b8d37ccad3ed1c1cb348b9a92784ffb1c57cf6dfcd328673aaf30788
(8) State = 0x64b8ac1d63c7b541aa9dae41afb34712
(8) Message-Authenticator = 0x4db29f5f022a1b50adf137196caea97c
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 994
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 127 length 49
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Removing EAP session with state 0x64b8ac1d63c7b541
(8) eap: Previous EAP request found for state 0x64b8ac1d63c7b541,
released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: (TLS) EAP Done initial handshake
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(8) eap_peap: Identity - heiko.baumann
(8) eap_peap: Got inner identity 'heiko.baumann'
(8) eap_peap: Setting default EAP type for tunneled EAP session
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) eap_peap: Setting User-Name to heiko.baumann
(8) eap_peap: Sending tunneled request to otpme
(8) eap_peap: EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "heiko.baumann"
(8) eap_peap: NAS-Identifier = "ap01-hbap"
(8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: NAS-Port = 1
(8) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(8) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(8) eap_peap: WLAN-Pairwise-Cipher = 1027076
(8) eap_peap: WLAN-Group-Cipher = 1027076
(8) eap_peap: WLAN-AKM-Suite = 1027073
(8) eap_peap: Framed-MTU = 1400
(8) Virtual server otpme received request
(8) EAP-Message = 0x027f0012016865696b6f2e6261756d616e6e
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "heiko.baumann"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 1
(8) Calling-Station-Id = "42-33-75-43-BE-2D"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "BF0C189E956F9999"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) server otpme {
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 127 length 18
(8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Peer sent packet with method EAP Identity (1)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: Issuing Challenge
(8) eap: Sending EAP Request (code 1) ID 128 length 42
(8) eap: EAP session adding &reply:State = 0xfae70ce5fa67161a
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) } # server otpme
(8) Virtual server sending reply
(8) EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: EAP-Message =
0x0180002a1a0180002510920798cb42b9ebd036cf4ec5f867de88667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 128 length 73
(8) eap: EAP session adding &reply:State = 0x64b8ac1d6c38b541
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) session-state: Saving cached attributes
(8) Framed-MTU = 994
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 170 from 10.219.195.1:1812 to
10.219.195.225:38276 length 131
(8) EAP-Message =
0x018000491900170303003e3fbfcc47e7ff15357d447a7f7984baab3d24cc5e608d3e9b1f1732d6a0ca80dc81cb5017596f1ecb3eb7dab2ad8c55187f67c2271843c3645767e378659b
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x64b8ac1d6c38b541aa9dae41afb34712
(8) Finished request
Waking up in 4.8 seconds.
(9) Received Access-Request Id 171 from 10.219.195.225:38276 to
10.219.195.1:1812 length 311
(9) User-Name = "anonymous"
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "42-33-75-43-BE-2D"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "BF0C189E956F9999"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x028000671900170303005c00000000000000020b045bbce75f04f16e2985586e3d8ddbb45c4e798479b6033a504fc6a1cb4e043e8039b454a3da869b72d32d72c5c2654d8c11604829788b46e22513ff41d8a0e6b4d9fcd835b3c3cdfe90e8d4b22b911d2c7298
(9) State = 0x64b8ac1d6c38b541aa9dae41afb34712
(9) Message-Authenticator = 0x3118fa5cac060f01aad3516f4dfc5902
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 994
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 128 length 103
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0x64b8ac1d6c38b541
(9) eap: Previous EAP request found for state 0x64b8ac1d6c38b541,
released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: (TLS) EAP Done initial handshake
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) eap_peap: Setting User-Name to heiko.baumann
(9) eap_peap: Sending tunneled request to otpme
(9) eap_peap: EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "heiko.baumann"
(9) eap_peap: State = 0xfae70ce5fa67161a0a330e080f4ac17b
(9) eap_peap: NAS-Identifier = "ap01-hbap"
(9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) eap_peap: NAS-Port-Type = Wireless-802.11
(9) eap_peap: Service-Type = Framed-User
(9) eap_peap: NAS-Port = 1
(9) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(9) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(9) eap_peap: WLAN-Pairwise-Cipher = 1027076
(9) eap_peap: WLAN-Group-Cipher = 1027076
(9) eap_peap: WLAN-AKM-Suite = 1027073
(9) eap_peap: Framed-MTU = 1400
(9) Virtual server otpme received request
(9) EAP-Message =
0x028000481a028000433172039eb9ff06e5540b22dd821eaa1c9d0000000000000000f106b113ed0eb2328181e98bcff722c56cee58e54f33ca1c006865696b6f2e6261756d616e6e
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "heiko.baumann"
(9) State = 0xfae70ce5fa67161a0a330e080f4ac17b
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 1
(9) Calling-Station-Id = "42-33-75-43-BE-2D"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "BF0C189E956F9999"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) server otpme {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 128 length 72
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = updated
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0xfae70ce5fa67161a
(9) eap: Previous EAP request found for state 0xfae70ce5fa67161a,
released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file
/var/run/otpme/freeradius/radiusd.conf
(9) eap_mschapv2: Auth-Type MS-CHAP {
otpme.py: adding MS-CHAP2-Success:
'3S=44f6bccdca0cf8377cbd06122065d7f895050076'
otpme.py: adding MS-MPPE-Send-Key: '99420b0d55925232c6c62e7e8b913301'
otpme.py: adding MS-MPPE-Recv-Key: '1114b25f146360e67f9bad689e3e9c88'
otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001'
otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006'
otpme.py: adding Auth-Type: 'MS-CHAP'
authenticate - 'reply:Reply-Message' = 'Authentication successful'
authenticate - 'reply:MS-CHAP2-Success' =
'0x33533d34346636626363646361306366383337376362643036313232303635643766383935303530303736'
authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001'
authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006'
authenticate - 'reply:MS-MPPE-Send-Key' =
'0x99420b0d55925232c6c62e7e8b913301'
authenticate - 'reply:MS-MPPE-Recv-Key' =
'0x1114b25f146360e67f9bad689e3e9c88'
authenticate - 'config:Auth-Type' = 'MS-CHAP'
(9) eap_mschapv2: [python_otpme] = ok
(9) eap_mschapv2: } # Auth-Type MS-CHAP = ok
(9) eap_mschapv2: MSCHAP Success
(9) eap: Sending EAP Request (code 1) ID 129 length 51
(9) eap: EAP session adding &reply:State = 0xfae70ce5fb66161a
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) } # server otpme
(9) Virtual server sending reply
(9) Reply-Message = "Authentication successful"
(9) EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled reply code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled reply RADIUS code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x018100331a0380002e533d34346636626363646361306366383337376362643036313232303635643766383935303530303736
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(9) eap_peap: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 129 length 82
(9) eap: EAP session adding &reply:State = 0x64b8ac1d6d39b541
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) session-state: Saving cached attributes
(9) Framed-MTU = 994
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 171 from 10.219.195.1:1812 to
10.219.195.225:38276 length 140
(9) EAP-Message =
0x01810052190017030300473fbfcc47e7ff153625de7e663dc1113d94046a6050434ba068b90ab3a11c1d9f82ea1de4187ef8e19cf8f9fbc5dbf084c02faa214014b226b04d2f410be0964a728ea31d7d7d6d
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x64b8ac1d6d39b541aa9dae41afb34712
(9) Finished request
Waking up in 3.4 seconds.
(10) Received Access-Request Id 172 from 10.219.195.225:38276 to
10.219.195.1:1812 length 245
(10) User-Name = "anonymous"
(10) NAS-Identifier = "ap01-hbap"
(10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "42-33-75-43-BE-2D"
(10) Connect-Info = "CONNECT 54Mbps 802.11a"
(10) Acct-Session-Id = "BF0C189E956F9999"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027076
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) EAP-Message =
0x028100251900170303001a00000000000000031685834550dd6a5554a79de46d67b072c3cb
(10) State = 0x64b8ac1d6d39b541aa9dae41afb34712
(10) Message-Authenticator = 0xce20e30f4de7c6a5a7563cd6ac38935f
(10) Restoring &session-state
(10) &session-state:Framed-MTU = 994
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(10) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(10) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(10) &session-state:TLS-Session-Version = "TLS 1.2"
(10) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(10) authorize {
(10) eap: Peer sent EAP Response (code 2) ID 129 length 37
(10) eap: Continuing tunnel setup
(10) [eap] = ok
(10) if (!control:Auth-Type) {
(10) if (!control:Auth-Type) -> FALSE
(10) } # authorize = ok
(10) Found Auth-Type = EAP
(10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(10) Auth-Type EAP {
(10) eap: Removing EAP session with state 0x64b8ac1d6d39b541
(10) eap: Previous EAP request found for state 0x64b8ac1d6d39b541,
released from the list
(10) eap: Peer sent packet with method EAP PEAP (25)
(10) eap: Calling submodule eap_peap to process data
(10) eap_peap: (TLS) EAP Done initial handshake
(10) eap_peap: Session established. Decoding tunneled attributes
(10) eap_peap: PEAP state phase2
(10) eap_peap: EAP method MSCHAPv2 (26)
(10) eap_peap: Got tunneled request
(10) eap_peap: EAP-Message = 0x028100061a03
(10) eap_peap: Setting User-Name to heiko.baumann
(10) eap_peap: Sending tunneled request to otpme
(10) eap_peap: EAP-Message = 0x028100061a03
(10) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: State = 0xfae70ce5fb66161a0a330e080f4ac17b
(10) eap_peap: NAS-Identifier = "ap01-hbap"
(10) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) eap_peap: NAS-Port-Type = Wireless-802.11
(10) eap_peap: Service-Type = Framed-User
(10) eap_peap: NAS-Port = 1
(10) eap_peap: Calling-Station-Id = "42-33-75-43-BE-2D"
(10) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(10) eap_peap: Acct-Session-Id = "BF0C189E956F9999"
(10) eap_peap: WLAN-Pairwise-Cipher = 1027076
(10) eap_peap: WLAN-Group-Cipher = 1027076
(10) eap_peap: WLAN-AKM-Suite = 1027073
(10) eap_peap: Framed-MTU = 1400
(10) Virtual server otpme received request
(10) EAP-Message = 0x028100061a03
(10) FreeRADIUS-Proxied-To = 127.0.0.1
(10) User-Name = "heiko.baumann"
(10) State = 0xfae70ce5fb66161a0a330e080f4ac17b
(10) NAS-Identifier = "ap01-hbap"
(10) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(10) NAS-Port-Type = Wireless-802.11
(10) Service-Type = Framed-User
(10) NAS-Port = 1
(10) Calling-Station-Id = "42-33-75-43-BE-2D"
(10) Connect-Info = "CONNECT 54Mbps 802.11a"
(10) Acct-Session-Id = "BF0C189E956F9999"
(10) WLAN-Pairwise-Cipher = 1027076
(10) WLAN-Group-Cipher = 1027076
(10) WLAN-AKM-Suite = 1027073
(10) Framed-MTU = 1400
(10) server otpme {
(10) session-state: No cached attributes
(10) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(10) authorize {
(10) eap: Peer sent EAP Response (code 2) ID 129 length 6
(10) eap: No EAP Start, assuming it's an on-going EAP conversation
(10) [eap] = updated
(10) if (!control:Auth-Type) {
(10) if (!control:Auth-Type) -> FALSE
(10) } # authorize = updated
(10) Found Auth-Type = EAP
(10) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(10) Auth-Type EAP {
(10) eap: Removing EAP session with state 0xfae70ce5fb66161a
(10) eap: Previous EAP request found for state 0xfae70ce5fb66161a,
released from the list
(10) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(10) eap: Calling submodule eap_mschapv2 to process data
(10) eap: Sending EAP Success (code 3) ID 129 length 4
(10) eap: Freeing handler
(10) [eap] = ok
(10) } # Auth-Type EAP = ok
(10) } # server otpme
(10) Virtual server sending reply
(10) MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) EAP-Message = 0x03810004
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) User-Name = "heiko.baumann"
(10) eap_peap: Got tunneled reply code 2
(10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) eap_peap: EAP-Message = 0x03810004
(10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: Got tunneled reply RADIUS code 2
(10) eap_peap: MS-MPPE-Encryption-Policy = Encryption-Allowed
(10) eap_peap: MS-MPPE-Encryption-Types = RC4-40or128-bit-Allowed
(10) eap_peap: MS-MPPE-Send-Key = 0x99420b0d55925232c6c62e7e8b913301
(10) eap_peap: MS-MPPE-Recv-Key = 0x1114b25f146360e67f9bad689e3e9c88
(10) eap_peap: EAP-Message = 0x03810004
(10) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(10) eap_peap: User-Name = "heiko.baumann"
(10) eap_peap: Tunneled authentication was successful
(10) eap_peap: SUCCESS
(10) eap_peap: Saving tunneled attributes for later
(10) eap: Sending EAP Request (code 1) ID 130 length 46
(10) eap: EAP session adding &reply:State = 0x64b8ac1d6e3ab541
(10) [eap] = handled
(10) } # Auth-Type EAP = handled
(10) Using Post-Auth-Type Challenge
(10) Post-Auth-Type sub-section not found. Ignoring.
(10) session-state: Saving cached attributes
(10) Framed-MTU = 994
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(10) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2
ChangeCipherSpec"
(10) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(10) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES128-GCM-SHA256"
(10) TLS-Session-Version = "TLS 1.2"
(10) Sent Access-Challenge Id 172 from 10.219.195.1:1812 to
10.219.195.225:38276 length 104
(10) EAP-Message =
0x0182002e190017030300233fbfcc47e7ff153753fdd6108d64e215a21d55da7ef02d5dee925bc76d6a4e6392574b
(10) Message-Authenticator = 0x00000000000000000000000000000000
(10) State = 0x64b8ac1d6e3ab541aa9dae41afb34712
(10) Finished request
Waking up in 3.4 seconds.
(11) Received Access-Request Id 173 from 10.219.195.225:38276 to
10.219.195.1:1812 length 254
(11) User-Name = "anonymous"
(11) NAS-Identifier = "ap01-hbap"
(11) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(11) NAS-Port-Type = Wireless-802.11
(11) Service-Type = Framed-User
(11) NAS-Port = 1
(11) Calling-Station-Id = "42-33-75-43-BE-2D"
(11) Connect-Info = "CONNECT 54Mbps 802.11a"
(11) Acct-Session-Id = "BF0C189E956F9999"
(11) WLAN-Pairwise-Cipher = 1027076
(11) WLAN-Group-Cipher = 1027076
(11) WLAN-AKM-Suite = 1027073
(11) Framed-MTU = 1400
(11) EAP-Message =
0x0282002e190017030300230000000000000004f4cfa29e4ec86e3245b7e5cbd0fb74dea5e8ff12c7bc2100be801a
(11) State = 0x64b8ac1d6e3ab541aa9dae41afb34712
(11) Message-Authenticator = 0x8353375023b7e469efb93d9e282cd1a3
(11) Restoring &session-state
(11) &session-state:Framed-MTU = 994
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(11) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(11) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES128-GCM-SHA256"
(11) &session-state:TLS-Session-Version = "TLS 1.2"
(11) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(11) authorize {
(11) eap: Peer sent EAP Response (code 2) ID 130 length 46
(11) eap: Continuing tunnel setup
(11) [eap] = ok
(11) if (!control:Auth-Type) {
(11) if (!control:Auth-Type) -> FALSE
(11) } # authorize = ok
(11) Found Auth-Type = EAP
(11) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(11) Auth-Type EAP {
(11) eap: Removing EAP session with state 0x64b8ac1d6e3ab541
(11) eap: Previous EAP request found for state 0x64b8ac1d6e3ab541,
released from the list
(11) eap: Peer sent packet with method EAP PEAP (25)
(11) eap: Calling submodule eap_peap to process data
(11) eap_peap: (TLS) EAP Done initial handshake
(11) eap_peap: Session established. Decoding tunneled attributes
(11) eap_peap: PEAP state send tlv success
(11) eap_peap: Received EAP-TLV response
(11) eap_peap: Success
(11) eap_peap: Using saved attributes from the original Access-Accept
(11) eap_peap: User-Name = "heiko.baumann"
(11) eap: Sending EAP Success (code 3) ID 130 length 4
(11) eap: Freeing handler
(11) [eap] = ok
(11) } # Auth-Type EAP = ok
(11) Sent Access-Accept Id 173 from 10.219.195.1:1812 to
10.219.195.225:38276 length 175
(11) User-Name = "heiko.baumann"
(11) MS-MPPE-Recv-Key =
0x7fd1806ac0bae3a4dce0733ee3ba2285ec93eb01ffaa19010f48e0bdabebb623
(11) MS-MPPE-Send-Key =
0x833cfac00c66d42a0bcbc62e008e5591890e585ae00c8d3b56707e5b49a140f5
(11) EAP-Message = 0x03820004
(11) Message-Authenticator = 0x00000000000000000000000000000000
(11) Finished request
Waking up in 3.4 seconds.
Debug output of a failed request with an iPhone:
FreeRADIUS Version 3.2.6
Copyright (C) 1999-2023 The FreeRADIUS server project and contributors
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License
For more information about these matters, see the file named COPYRIGHT
Starting - reading configuration files ...
including dictionary file /usr/share/freeradius/dictionary
including dictionary file /usr/share/freeradius/dictionary.dhcp
including dictionary file /usr/share/freeradius/dictionary.vqp
including configuration file /var/run/otpme/freeradius/radiusd.conf
including configuration file /var/run/otpme/freeradius/clients.conf
main {
security {
user = "otpme"
group = "otpme"
allow_core_dumps = no
}
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
}
main {
name = "freeradius"
prefix = "/usr"
localstatedir = "/var"
sbindir = "/usr/sbin"
logdir = "/var/log/otpme"
run_dir = "/var/run/otpme"
libdir = "/usr/lib"
radacctdir = "/var/log/otpme/radacct"
hostname_lookups = no
max_request_time = 30
proxy_dedup_window = 1
cleanup_delay = 5
max_requests = 16384
max_fds = 512
postauth_client_lost = no
pidfile = "/var/run/otpme/pidfiles/freeradius.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = no
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
colourise = yes
msg_denied = "You are already logged in - access denied"
}
resources {
}
security {
max_attributes = 200
reject_delay = 1.000000
status_server = yes
require_message_authenticator = "auto"
limit_proxy_state = "auto"
}
}
radiusd: #### Loading Realms and Home Servers ####
radiusd: #### Loading Clients ####
Debugger not attached
# Creating Auth-Type = python_otpme
# Creating Auth-Type = EAP
# Creating Auth-Type = MS-CHAP
radiusd: #### Instantiating modules ####
modules {
# Loaded module rlm_mschap
# Loading module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_eap
# Loading module "eap" from file /var/run/otpme/freeradius/radiusd.conf
eap {
default_eap_type = "mschapv2"
timer_expire = 60
max_eap_type = 52
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 16384
dedup_key = ""
}
# Loading module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
mschap mschap_otp {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = yes
ntlm_auth = "/usr/local/bin/otpme-auth verify_mschap --socket
'%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}'
'%{%{mschap_otp:Challenge}:-00}' '%{%{mschap_otp:NT-Response}:-00}'
'%{NAS-Identifier}' '%{Client-IP-Address}'"
passchange {
}
allow_retry = yes
winbind_retry_with_normalised_username = no
}
# Loaded module rlm_python3
# Loading module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
python3 python_otpme {
mod_instantiate = "otpme.lib.freeradius.otpme"
func_instantiate = "instantiate"
mod_authorize = "otpme.lib.freeradius.otpme"
func_authorize = "authorize"
mod_authenticate = "otpme.lib.freeradius.otpme"
func_authenticate = "authenticate"
python_path =
"/var/run/otpme/freeradius/mods-config/python3:/opt/otpme/lib/python3.11/site-packages"
cext_compat = yes
pass_all_vps = no
pass_all_vps_dict = no
}
# Instantiating module "mschap" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap): using internal authentication
# Instantiating module "eap" from file
/var/run/otpme/freeradius/radiusd.conf
# Linked to sub-module rlm_eap_md5
rlm_eap (EAP): Ignoring EAP method 'leap', because it is no longer supported
# Linked to sub-module rlm_eap_tls
tls {
tls = "tls-common"
}
tls-config tls-common {
verify_depth = 0
pem_file_type = yes
private_key_file = "/var/run/otpme/freeradius/key.pem"
certificate_file = "/var/run/otpme/freeradius/cert.pem"
ca_file = "/var/run/otpme/freeradius/ca.pem"
fragment_size = 1024
include_length = yes
auto_chain = yes
check_crl = no
check_all_crl = no
ca_path_reload_interval = 0
cipher_list = "DEFAULT"
cipher_server_preference = no
reject_unknown_intermediate_ca = no
ecdh_curve = "prime256v1"
disable_tlsv1 = yes
disable_tlsv1_1 = yes
tls_max_version = "1.2"
tls_min_version = "1.2"
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
skip_if_ocsp_ok = no
}
ocsp {
enable = no
override_cert_url = no
use_nonce = yes
timeout = 0
softfail = no
}
}
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1'
tls: Please use 'tls_min_version' and 'tls_max_version' instead of
'disable_tlsv1_1'
# Linked to sub-module rlm_eap_ttls
ttls {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "otpme"
include_length = yes
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_peap
peap {
tls = "tls-common"
default_eap_type = "mschapv2"
copy_request_to_tunnel = yes
use_tunneled_reply = yes
proxy_tunneled_request_as_eap = yes
virtual_server = "otpme"
soh = no
require_client_cert = no
}
tls: Using cached TLS configuration from previous invocation
# Linked to sub-module rlm_eap_mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
# Instantiating module "mschap_otp" from file
/var/run/otpme/freeradius/radiusd.conf
rlm_mschap (mschap_otp): authenticating by calling 'ntlm_auth'
# Instantiating module "python_otpme" from file
/var/run/otpme/freeradius/radiusd.conf
Python version: 3.11.13 (main, Jul 3 2025, 11:31:00) [GCC 12.2.1 20230428]
otpme.py: OTPme config verfied successful.
otpme.py: Instantiated OTPme module.
} # modules
radiusd: #### Loading Virtual Servers ####
server { # from file /var/run/otpme/freeradius/radiusd.conf
} # server
server otpme { # from file /var/run/otpme/freeradius/radiusd.conf
# Loading authenticate {...}
Compiling Auth-Type EAP for attr Auth-Type
Compiling Auth-Type MS-CHAP for attr Auth-Type
# Loading authorize {...}
} # server otpme
radiusd: #### Opening IP addresses and Ports ####
listen {
type = "auth"
ipaddr = *
port = 1812
client 10.219.195.225 {
ipv4addr = 10.219.195.225
secret = <<< secret >>>
shortname = "ap01-hbap-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.223 {
ipv4addr = 10.219.195.223
secret = <<< secret >>>
shortname = "cloudix-nextcloud-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 127.0.0.1 {
ipv4addr = 127.0.0.1
secret = <<< secret >>>
shortname = "localhost-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.100 {
ipv4addr = 10.219.195.100
secret = <<< secret >>>
shortname = "sharewatcher-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
client 10.219.195.254 {
ipv4addr = 10.219.195.254
secret = <<< secret >>>
shortname = "smtp-1"
limit {
max_connections = 16
lifetime = 0
idle_timeout = 30
}
}
}
Listening on auth address * port 1812 bound to server otpme
Ready to process requests
(0) Received Access-Request Id 204 from 10.219.195.225:38276 to
10.219.195.1:1812 length 194
(0) User-Name = "test"
(0) NAS-Identifier = "ap01-hbap"
(0) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) NAS-Port = 3
(0) Calling-Station-Id = "A6-5F-75-98-A5-06"
(0) Connect-Info = "CONNECT 54Mbps 802.11a"
(0) Acct-Session-Id = "EEFF590BE3BB6A1C"
(0) WLAN-Pairwise-Cipher = 1027076
(0) WLAN-Group-Cipher = 1027076
(0) WLAN-AKM-Suite = 1027073
(0) Framed-MTU = 1400
(0) EAP-Message = 0x022200090174657374
(0) Message-Authenticator = 0x7dfcffdfd9fbf339765f6ac0c092a78d
(0) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(0) authorize {
(0) eap: Peer sent EAP Response (code 2) ID 34 length 9
(0) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(0) [eap] = ok
(0) if (!control:Auth-Type) {
(0) if (!control:Auth-Type) -> FALSE
(0) } # authorize = ok
(0) Found Auth-Type = EAP
(0) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(0) Auth-Type EAP {
(0) eap: Peer sent packet with method EAP Identity (1)
(0) eap: Calling submodule eap_mschapv2 to process data
(0) eap_mschapv2: Issuing Challenge
(0) eap: Sending EAP Request (code 1) ID 35 length 42
(0) eap: EAP session adding &reply:State = 0xac2b487aac085271
(0) [eap] = handled
(0) } # Auth-Type EAP = handled
(0) Using Post-Auth-Type Challenge
(0) Post-Auth-Type sub-section not found. Ignoring.
(0) Sent Access-Challenge Id 204 from 10.219.195.1:1812 to
10.219.195.225:38276 length 100
(0) EAP-Message =
0x0123002a1a0123002510807cf25a7f0593f308104a2a7f1bbe28667265657261646975732d332e322e36
(0) Message-Authenticator = 0x00000000000000000000000000000000
(0) State = 0xac2b487aac0852714e974a6b4baa7cab
(0) Finished request
Waking up in 4.9 seconds.
(1) Received Access-Request Id 205 from 10.219.195.225:38276 to
10.219.195.1:1812 length 211
(1) User-Name = "test"
(1) NAS-Identifier = "ap01-hbap"
(1) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(1) NAS-Port-Type = Wireless-802.11
(1) Service-Type = Framed-User
(1) NAS-Port = 3
(1) Calling-Station-Id = "A6-5F-75-98-A5-06"
(1) Connect-Info = "CONNECT 54Mbps 802.11a"
(1) Acct-Session-Id = "EEFF590BE3BB6A1C"
(1) WLAN-Pairwise-Cipher = 1027076
(1) WLAN-Group-Cipher = 1027076
(1) WLAN-AKM-Suite = 1027073
(1) Framed-MTU = 1400
(1) EAP-Message = 0x022300080319152b
(1) State = 0xac2b487aac0852714e974a6b4baa7cab
(1) Message-Authenticator = 0x87e934652733a17be1765b4b6f4f24c4
(1) session-state: No cached attributes
(1) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(1) authorize {
(1) eap: Peer sent EAP Response (code 2) ID 35 length 8
(1) eap: No EAP Start, assuming it's an on-going EAP conversation
(1) [eap] = updated
(1) if (!control:Auth-Type) {
(1) if (!control:Auth-Type) -> FALSE
(1) } # authorize = updated
(1) Found Auth-Type = EAP
(1) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(1) Auth-Type EAP {
(1) eap: Removing EAP session with state 0xac2b487aac085271
(1) eap: Previous EAP request found for state 0xac2b487aac085271,
released from the list
(1) eap: Peer sent packet with method EAP NAK (3)
(1) eap: Found mutually acceptable type PEAP (25)
(1) eap: Calling submodule eap_peap to process data
(1) eap_peap: (TLS) PEAP -Initiating new session
(1) eap: Sending EAP Request (code 1) ID 36 length 6
(1) eap: EAP session adding &reply:State = 0xac2b487aad0f5171
(1) [eap] = handled
(1) } # Auth-Type EAP = handled
(1) Using Post-Auth-Type Challenge
(1) Post-Auth-Type sub-section not found. Ignoring.
(1) session-state: Saving cached attributes
(1) Framed-MTU = 994
(1) Sent Access-Challenge Id 205 from 10.219.195.1:1812 to
10.219.195.225:38276 length 64
(1) EAP-Message = 0x012400061920
(1) Message-Authenticator = 0x00000000000000000000000000000000
(1) State = 0xac2b487aad0f51714e974a6b4baa7cab
(1) Finished request
Waking up in 4.9 seconds.
(2) Received Access-Request Id 206 from 10.219.195.225:38276 to
10.219.195.1:1812 length 364
(2) User-Name = "test"
(2) NAS-Identifier = "ap01-hbap"
(2) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(2) NAS-Port-Type = Wireless-802.11
(2) Service-Type = Framed-User
(2) NAS-Port = 3
(2) Calling-Station-Id = "A6-5F-75-98-A5-06"
(2) Connect-Info = "CONNECT 54Mbps 802.11a"
(2) Acct-Session-Id = "EEFF590BE3BB6A1C"
(2) WLAN-Pairwise-Cipher = 1027076
(2) WLAN-Group-Cipher = 1027076
(2) WLAN-AKM-Suite = 1027073
(2) Framed-MTU = 1400
(2) EAP-Message =
0x022400a119800000009716030100920100008e0303696381086bafdecf86b47ad4c93e56a3b253ab52e8d2d1935c21005877f5eeb700002c00ffc02cc02bc024c023c00ac009c008c030c02fc028c027c014c013c012009d009c003d003c0035002f000a01000039000a00080006001700180019000b00020100000d00120010040102010501060104030203050306030005000501000000000012000000170000
(2) State = 0xac2b487aad0f51714e974a6b4baa7cab
(2) Message-Authenticator = 0x8d8adccff2d8071b49b73e04caacb294
(2) Restoring &session-state
(2) &session-state:Framed-MTU = 994
(2) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(2) authorize {
(2) eap: Peer sent EAP Response (code 2) ID 36 length 161
(2) eap: Continuing tunnel setup
(2) [eap] = ok
(2) if (!control:Auth-Type) {
(2) if (!control:Auth-Type) -> FALSE
(2) } # authorize = ok
(2) Found Auth-Type = EAP
(2) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(2) Auth-Type EAP {
(2) eap: Removing EAP session with state 0xac2b487aad0f5171
(2) eap: Previous EAP request found for state 0xac2b487aad0f5171,
released from the list
(2) eap: Peer sent packet with method EAP PEAP (25)
(2) eap: Calling submodule eap_peap to process data
(2) eap_peap: (TLS) EAP Peer says that the final record size will be 151
bytes
(2) eap_peap: (TLS) EAP Got all data (151 bytes)
(2) eap_peap: (TLS) PEAP - Handshake state - before SSL initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - Handshake state - Server before SSL
initialization
(2) eap_peap: (TLS) PEAP - recv TLS 1.3 Handshake, ClientHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHello
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server hello
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Certificate
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
certificate
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerKeyExchange
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write key
exchange
(2) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, ServerHelloDone
(2) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(2) eap_peap: (TLS) PEAP - Server : Need to read more data: SSLv3/TLS
write server done
(2) eap_peap: (TLS) PEAP - In Handshake Phase
(2) eap: Sending EAP Request (code 1) ID 37 length 1004
(2) eap: EAP session adding &reply:State = 0xac2b487aae0e5171
(2) [eap] = handled
(2) } # Auth-Type EAP = handled
(2) Using Post-Auth-Type Challenge
(2) Post-Auth-Type sub-section not found. Ignoring.
(2) session-state: Saving cached attributes
(2) Framed-MTU = 994
(2) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(2) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(2) Sent Access-Challenge Id 206 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1068
(2) EAP-Message =
0x012503ec19c000000bd7160303003d0200003903037d9615ce8191f6cead070312ee58c68647bb340519841c210fc1a6f586ebbff400c030000011ff01000100000b000403000102001700001603030a350b000a31000a2e000499308204953082027da003020102020705fea02d221361300d06092a864886f70d01010b05003076312a302806035504030c212f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f534954455f4341310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f5353310b3009060355040b0c024954301e170d3233303632313039313330395a170d3338303631373039313330395a3069311d301b06035504030c146b6f626c656e7a2e68626f73732e696e7465726e310b3009060355040613024445310c300a06035504080c03524c503110300e06035504070c074b6f626c656e7a310e300c060355040a0c0548424f535331
(2) Message-Authenticator = 0x00000000000000000000000000000000
(2) State = 0xac2b487aae0e51714e974a6b4baa7cab
(2) Finished request
Waking up in 4.9 seconds.
(3) Received Access-Request Id 207 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(3) User-Name = "test"
(3) NAS-Identifier = "ap01-hbap"
(3) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(3) NAS-Port-Type = Wireless-802.11
(3) Service-Type = Framed-User
(3) NAS-Port = 3
(3) Calling-Station-Id = "A6-5F-75-98-A5-06"
(3) Connect-Info = "CONNECT 54Mbps 802.11a"
(3) Acct-Session-Id = "EEFF590BE3BB6A1C"
(3) WLAN-Pairwise-Cipher = 1027076
(3) WLAN-Group-Cipher = 1027076
(3) WLAN-AKM-Suite = 1027073
(3) Framed-MTU = 1400
(3) EAP-Message = 0x022500061900
(3) State = 0xac2b487aae0e51714e974a6b4baa7cab
(3) Message-Authenticator = 0xbfa1456c3a23563d3ae031e3ab7b871c
(3) Restoring &session-state
(3) &session-state:Framed-MTU = 994
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(3) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(3) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(3) authorize {
(3) eap: Peer sent EAP Response (code 2) ID 37 length 6
(3) eap: Continuing tunnel setup
(3) [eap] = ok
(3) if (!control:Auth-Type) {
(3) if (!control:Auth-Type) -> FALSE
(3) } # authorize = ok
(3) Found Auth-Type = EAP
(3) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(3) Auth-Type EAP {
(3) eap: Removing EAP session with state 0xac2b487aae0e5171
(3) eap: Previous EAP request found for state 0xac2b487aae0e5171,
released from the list
(3) eap: Peer sent packet with method EAP PEAP (25)
(3) eap: Calling submodule eap_peap to process data
(3) eap_peap: (TLS) Peer ACKed our handshake fragment
(3) eap: Sending EAP Request (code 1) ID 38 length 1000
(3) eap: EAP session adding &reply:State = 0xac2b487aaf0d5171
(3) [eap] = handled
(3) } # Auth-Type EAP = handled
(3) Using Post-Auth-Type Challenge
(3) Post-Auth-Type sub-section not found. Ignoring.
(3) session-state: Saving cached attributes
(3) Framed-MTU = 994
(3) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(3) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(3) Sent Access-Challenge Id 207 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(3) EAP-Message =
0x012603e819406729c41ca39fed55f40b0703e590f4ef3fe75165ed505d0e8e33187c7f82a4fa97311282257e3dca08d5818a76cee90d8aea88403b1d62eda2f8ed0e7cc7d72ce4f25e3497d7cbb88d5fb3e76fd5eb2cb7c29126896e5cf175ca9a6b177812f14e4ad1acc69c7a07a33ad3e880179c3971584f08442b7bfe40153886a8e68f88b2ebd088522f0214474a905d560fa04a8f20a966b67e072e644b106f92e95d3fc468afe1b60ff5b30eabfd9eb217f1847f6a24ab5f922365ecc2bb16be43951cbf4cf33735cd9fc4a0337c1632c68690fb8748b78e6f1fe6534e092fc9b9f25123a0a3ed26215dc6b0b765bbe2272058c9bf0935cb8ac47c5b1f7bd20e474f71a760f1db1b8a45da00058f3082058b30820373a003020102020705fea02cf10b27300d06092a864886f70d01010b05003077312b302906035504030c222f68626f73732e696e7465726e2f6b6f626c656e7a2f6361732f5245414c4d5f4341310b3009060355040613024445310c300a06
(3) Message-Authenticator = 0x00000000000000000000000000000000
(3) State = 0xac2b487aaf0d51714e974a6b4baa7cab
(3) Finished request
Waking up in 4.9 seconds.
(4) Received Access-Request Id 208 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(4) User-Name = "test"
(4) NAS-Identifier = "ap01-hbap"
(4) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(4) NAS-Port-Type = Wireless-802.11
(4) Service-Type = Framed-User
(4) NAS-Port = 3
(4) Calling-Station-Id = "A6-5F-75-98-A5-06"
(4) Connect-Info = "CONNECT 54Mbps 802.11a"
(4) Acct-Session-Id = "EEFF590BE3BB6A1C"
(4) WLAN-Pairwise-Cipher = 1027076
(4) WLAN-Group-Cipher = 1027076
(4) WLAN-AKM-Suite = 1027073
(4) Framed-MTU = 1400
(4) EAP-Message = 0x022600061900
(4) State = 0xac2b487aaf0d51714e974a6b4baa7cab
(4) Message-Authenticator = 0x5cb8800c3a7ed09d207a2ef341573028
(4) Restoring &session-state
(4) &session-state:Framed-MTU = 994
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(4) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(4) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(4) authorize {
(4) eap: Peer sent EAP Response (code 2) ID 38 length 6
(4) eap: Continuing tunnel setup
(4) [eap] = ok
(4) if (!control:Auth-Type) {
(4) if (!control:Auth-Type) -> FALSE
(4) } # authorize = ok
(4) Found Auth-Type = EAP
(4) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(4) Auth-Type EAP {
(4) eap: Removing EAP session with state 0xac2b487aaf0d5171
(4) eap: Previous EAP request found for state 0xac2b487aaf0d5171,
released from the list
(4) eap: Peer sent packet with method EAP PEAP (25)
(4) eap: Calling submodule eap_peap to process data
(4) eap_peap: (TLS) Peer ACKed our handshake fragment
(4) eap: Sending EAP Request (code 1) ID 39 length 1000
(4) eap: EAP session adding &reply:State = 0xac2b487aa80c5171
(4) [eap] = handled
(4) } # Auth-Type EAP = handled
(4) Using Post-Auth-Type Challenge
(4) Post-Auth-Type sub-section not found. Ignoring.
(4) session-state: Saving cached attributes
(4) Framed-MTU = 994
(4) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(4) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(4) Sent Access-Challenge Id 208 from 10.219.195.1:1812 to
10.219.195.225:38276 length 1064
(4) EAP-Message =
0x012703e81940603ef2f2884b299ace212671ea16a0df8d30640875c03aaef2ac1e4cd0b45487fcb99234083e915ecded1171c41b3eb10b7c736e781a97f17e3aa3b85d0f5b5f35d09ce1570d621b9dc5be4b4f9ecae899a6d0949b7eed4ebcbf64a48aa40d41d3c07d33da2e8d816dd2eba719a8b75d53dfa7ecb5a35b7cec093710efea7ff30203010001a31d301b300c0603551d13040530030101ff300b0603551d0f040403020106300d06092a864886f70d01010b0500038202010048ed80b6b8d9f45c988d3a8c439f33112acf5a1a90a3e79a8622a919c7fa078d6bcfcb743a26ddd8bc1bc56f9071c89b8a986b33eeb0c6defe6f99834b9a90da8089c002815951b451f4b9d4ed8225888e5b77b04f9131487a830c71082209525143b143d9335eb02b382660f462e5b6d5e4dd2991b894148e23f6ce2be12f76406890fe48dba3e0c97b33089c20f7466a37daa34eb110f7d9cf47553fae6f7453ad44e48fa154f1db59066d3250216bde12320eed158d5197
(4) Message-Authenticator = 0x00000000000000000000000000000000
(4) State = 0xac2b487aa80c51714e974a6b4baa7cab
(4) Finished request
Waking up in 4.9 seconds.
(5) Received Access-Request Id 209 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(5) User-Name = "test"
(5) NAS-Identifier = "ap01-hbap"
(5) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(5) NAS-Port-Type = Wireless-802.11
(5) Service-Type = Framed-User
(5) NAS-Port = 3
(5) Calling-Station-Id = "A6-5F-75-98-A5-06"
(5) Connect-Info = "CONNECT 54Mbps 802.11a"
(5) Acct-Session-Id = "EEFF590BE3BB6A1C"
(5) WLAN-Pairwise-Cipher = 1027076
(5) WLAN-Group-Cipher = 1027076
(5) WLAN-AKM-Suite = 1027073
(5) Framed-MTU = 1400
(5) EAP-Message = 0x022700061900
(5) State = 0xac2b487aa80c51714e974a6b4baa7cab
(5) Message-Authenticator = 0x4904b50139129c9ee3d149be137fb45e
(5) Restoring &session-state
(5) &session-state:Framed-MTU = 994
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(5) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(5) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(5) authorize {
(5) eap: Peer sent EAP Response (code 2) ID 39 length 6
(5) eap: Continuing tunnel setup
(5) [eap] = ok
(5) if (!control:Auth-Type) {
(5) if (!control:Auth-Type) -> FALSE
(5) } # authorize = ok
(5) Found Auth-Type = EAP
(5) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(5) Auth-Type EAP {
(5) eap: Removing EAP session with state 0xac2b487aa80c5171
(5) eap: Previous EAP request found for state 0xac2b487aa80c5171,
released from the list
(5) eap: Peer sent packet with method EAP PEAP (25)
(5) eap: Calling submodule eap_peap to process data
(5) eap_peap: (TLS) Peer ACKed our handshake fragment
(5) eap: Sending EAP Request (code 1) ID 40 length 55
(5) eap: EAP session adding &reply:State = 0xac2b487aa9035171
(5) [eap] = handled
(5) } # Auth-Type EAP = handled
(5) Using Post-Auth-Type Challenge
(5) Post-Auth-Type sub-section not found. Ignoring.
(5) session-state: Saving cached attributes
(5) Framed-MTU = 994
(5) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(5) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(5) Sent Access-Challenge Id 209 from 10.219.195.1:1812 to
10.219.195.225:38276 length 113
(5) EAP-Message =
0x012800371900b048c07ac17f86f9c727014f0cc6a508653ff99a95e6e84a4829d48058b9132be05c9c1b68de733316030300040e000000
(5) Message-Authenticator = 0x00000000000000000000000000000000
(5) State = 0xac2b487aa90351714e974a6b4baa7cab
(5) Finished request
Waking up in 4.9 seconds.
(6) Received Access-Request Id 210 from 10.219.195.225:38276 to
10.219.195.1:1812 length 339
(6) User-Name = "test"
(6) NAS-Identifier = "ap01-hbap"
(6) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(6) NAS-Port-Type = Wireless-802.11
(6) Service-Type = Framed-User
(6) NAS-Port = 3
(6) Calling-Station-Id = "A6-5F-75-98-A5-06"
(6) Connect-Info = "CONNECT 54Mbps 802.11a"
(6) Acct-Session-Id = "EEFF590BE3BB6A1C"
(6) WLAN-Pairwise-Cipher = 1027076
(6) WLAN-Group-Cipher = 1027076
(6) WLAN-AKM-Suite = 1027073
(6) Framed-MTU = 1400
(6) EAP-Message =
0x0228008819800000007e16030300461000004241041914318456c90b3eed960cc0f427749a4a58dea1c45b04d88e0d4aa358aa753149db3707404dba0da11104816db305bfb16c221d10d02ca05f66f05e90868b1914030300010116030300284ae33342f449b98c815966dbee60f4bfb147c6898c284415f0f4f449d2ff033a5ec9027ddb4ce85f
(6) State = 0xac2b487aa90351714e974a6b4baa7cab
(6) Message-Authenticator = 0x4765ff00e4d57c7b8098fe86dc4fa440
(6) Restoring &session-state
(6) &session-state:Framed-MTU = 994
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(6) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(6) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(6) authorize {
(6) eap: Peer sent EAP Response (code 2) ID 40 length 136
(6) eap: Continuing tunnel setup
(6) [eap] = ok
(6) if (!control:Auth-Type) {
(6) if (!control:Auth-Type) -> FALSE
(6) } # authorize = ok
(6) Found Auth-Type = EAP
(6) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(6) Auth-Type EAP {
(6) eap: Removing EAP session with state 0xac2b487aa9035171
(6) eap: Previous EAP request found for state 0xac2b487aa9035171,
released from the list
(6) eap: Peer sent packet with method EAP PEAP (25)
(6) eap: Calling submodule eap_peap to process data
(6) eap_peap: (TLS) EAP Peer says that the final record size will be 126
bytes
(6) eap_peap: (TLS) EAP Got all data (126 bytes)
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
server done
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, ClientKeyExchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
client key exchange
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read
change cipher spec
(6) eap_peap: (TLS) PEAP - recv TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS read finished
(6) eap_peap: (TLS) PEAP - send TLS 1.2 ChangeCipherSpec
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write
change cipher spec
(6) eap_peap: (TLS) PEAP - send TLS 1.2 Handshake, Finished
(6) eap_peap: (TLS) PEAP - Handshake state - Server SSLv3/TLS write finished
(6) eap_peap: (TLS) PEAP - Handshake state - SSL negotiation finished
successfully
(6) eap_peap: (TLS) PEAP - Connection Established
(6) eap_peap: TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) eap_peap: TLS-Session-Version = "TLS 1.2"
(6) eap: Sending EAP Request (code 1) ID 41 length 57
(6) eap: EAP session adding &reply:State = 0xac2b487aaa025171
(6) [eap] = handled
(6) } # Auth-Type EAP = handled
(6) Using Post-Auth-Type Challenge
(6) Post-Auth-Type sub-section not found. Ignoring.
(6) session-state: Saving cached attributes
(6) Framed-MTU = 994
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(6) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(6) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(6) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(6) TLS-Session-Version = "TLS 1.2"
(6) Sent Access-Challenge Id 210 from 10.219.195.1:1812 to
10.219.195.225:38276 length 115
(6) EAP-Message =
0x01290039190014030300010116030300282209ea55626d5fee2bc36d1a8a06ba29ee44eb2847cffb3da18d6d212b1f8b681bddb7d42c7dc10a
(6) Message-Authenticator = 0x00000000000000000000000000000000
(6) State = 0xac2b487aaa0251714e974a6b4baa7cab
(6) Finished request
Waking up in 4.8 seconds.
(7) Received Access-Request Id 211 from 10.219.195.225:38276 to
10.219.195.1:1812 length 209
(7) User-Name = "test"
(7) NAS-Identifier = "ap01-hbap"
(7) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(7) NAS-Port-Type = Wireless-802.11
(7) Service-Type = Framed-User
(7) NAS-Port = 3
(7) Calling-Station-Id = "A6-5F-75-98-A5-06"
(7) Connect-Info = "CONNECT 54Mbps 802.11a"
(7) Acct-Session-Id = "EEFF590BE3BB6A1C"
(7) WLAN-Pairwise-Cipher = 1027076
(7) WLAN-Group-Cipher = 1027076
(7) WLAN-AKM-Suite = 1027073
(7) Framed-MTU = 1400
(7) EAP-Message = 0x022900061900
(7) State = 0xac2b487aaa0251714e974a6b4baa7cab
(7) Message-Authenticator = 0xb01820edd9de0eb9ebd79cea4c818884
(7) Restoring &session-state
(7) &session-state:Framed-MTU = 994
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(7) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(7) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(7) &session-state:TLS-Session-Version = "TLS 1.2"
(7) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(7) authorize {
(7) eap: Peer sent EAP Response (code 2) ID 41 length 6
(7) eap: Continuing tunnel setup
(7) [eap] = ok
(7) if (!control:Auth-Type) {
(7) if (!control:Auth-Type) -> FALSE
(7) } # authorize = ok
(7) Found Auth-Type = EAP
(7) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(7) Auth-Type EAP {
(7) eap: Removing EAP session with state 0xac2b487aaa025171
(7) eap: Previous EAP request found for state 0xac2b487aaa025171,
released from the list
(7) eap: Peer sent packet with method EAP PEAP (25)
(7) eap: Calling submodule eap_peap to process data
(7) eap_peap: (TLS) Peer ACKed our handshake fragment. handshake is
finished
(7) eap_peap: Session established. Decoding tunneled attributes
(7) eap_peap: PEAP state TUNNEL ESTABLISHED
(7) eap: Sending EAP Request (code 1) ID 42 length 40
(7) eap: EAP session adding &reply:State = 0xac2b487aab015171
(7) [eap] = handled
(7) } # Auth-Type EAP = handled
(7) Using Post-Auth-Type Challenge
(7) Post-Auth-Type sub-section not found. Ignoring.
(7) session-state: Saving cached attributes
(7) Framed-MTU = 994
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(7) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(7) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(7) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(7) TLS-Session-Version = "TLS 1.2"
(7) Sent Access-Challenge Id 211 from 10.219.195.1:1812 to
10.219.195.225:38276 length 98
(7) EAP-Message =
0x012a00281900170303001d2209ea55626d5fef324c805c6b28f660cb29d8bd4026022faedaf16c29
(7) Message-Authenticator = 0x00000000000000000000000000000000
(7) State = 0xac2b487aab0151714e974a6b4baa7cab
(7) Finished request
Waking up in 4.8 seconds.
(8) Received Access-Request Id 212 from 10.219.195.225:38276 to
10.219.195.1:1812 length 243
(8) User-Name = "test"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 3
(8) Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) EAP-Message =
0x022a00281900170303001d4ae33342f449b98d13c961f594f00dcb253fa40f83e7aec02fab3fb55a
(8) State = 0xac2b487aab0151714e974a6b4baa7cab
(8) Message-Authenticator = 0xcea0cff4f6afbee50b7007acbe9993a1
(8) Restoring &session-state
(8) &session-state:Framed-MTU = 994
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(8) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(8) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(8) &session-state:TLS-Session-Version = "TLS 1.2"
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 42 length 40
(8) eap: Continuing tunnel setup
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Removing EAP session with state 0xac2b487aab015171
(8) eap: Previous EAP request found for state 0xac2b487aab015171,
released from the list
(8) eap: Peer sent packet with method EAP PEAP (25)
(8) eap: Calling submodule eap_peap to process data
(8) eap_peap: (TLS) EAP Done initial handshake
(8) eap_peap: Session established. Decoding tunneled attributes
(8) eap_peap: PEAP state WAITING FOR INNER IDENTITY
(8) eap_peap: Identity - test
(8) eap_peap: Got inner identity 'test'
(8) eap_peap: Setting default EAP type for tunneled EAP session
(8) eap_peap: Got tunneled request
(8) eap_peap: EAP-Message = 0x022a00090174657374
(8) eap_peap: Setting User-Name to test
(8) eap_peap: Sending tunneled request to otpme
(8) eap_peap: EAP-Message = 0x022a00090174657374
(8) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(8) eap_peap: User-Name = "test"
(8) eap_peap: NAS-Identifier = "ap01-hbap"
(8) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) eap_peap: NAS-Port-Type = Wireless-802.11
(8) eap_peap: Service-Type = Framed-User
(8) eap_peap: NAS-Port = 3
(8) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(8) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) eap_peap: WLAN-Pairwise-Cipher = 1027076
(8) eap_peap: WLAN-Group-Cipher = 1027076
(8) eap_peap: WLAN-AKM-Suite = 1027073
(8) eap_peap: Framed-MTU = 1400
(8) Virtual server otpme received request
(8) EAP-Message = 0x022a00090174657374
(8) FreeRADIUS-Proxied-To = 127.0.0.1
(8) User-Name = "test"
(8) NAS-Identifier = "ap01-hbap"
(8) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) NAS-Port = 3
(8) Calling-Station-Id = "A6-5F-75-98-A5-06"
(8) Connect-Info = "CONNECT 54Mbps 802.11a"
(8) Acct-Session-Id = "EEFF590BE3BB6A1C"
(8) WLAN-Pairwise-Cipher = 1027076
(8) WLAN-Group-Cipher = 1027076
(8) WLAN-AKM-Suite = 1027073
(8) Framed-MTU = 1400
(8) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(8) server otpme {
(8) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(8) authorize {
(8) eap: Peer sent EAP Response (code 2) ID 42 length 9
(8) eap: EAP-Identity reply, returning 'ok' so we can short-circuit the
rest of authorize
(8) [eap] = ok
(8) if (!control:Auth-Type) {
(8) if (!control:Auth-Type) -> FALSE
(8) } # authorize = ok
(8) Found Auth-Type = EAP
(8) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(8) Auth-Type EAP {
(8) eap: Peer sent packet with method EAP Identity (1)
(8) eap: Calling submodule eap_mschapv2 to process data
(8) eap_mschapv2: Issuing Challenge
(8) eap: Sending EAP Request (code 1) ID 43 length 42
(8) eap: EAP session adding &reply:State = 0x4d7ab8054d51a258
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) } # server otpme
(8) Virtual server sending reply
(8) EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled reply code 11
(8) eap_peap: EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled reply RADIUS code 11
(8) eap_peap: EAP-Message =
0x012b002a1a012b002510b158d692e01e55d324fba4bd46d9b3a1667265657261646975732d332e322e36
(8) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(8) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(8) eap_peap: Got tunneled Access-Challenge
(8) eap: Sending EAP Request (code 1) ID 43 length 73
(8) eap: EAP session adding &reply:State = 0xac2b487aa4005171
(8) [eap] = handled
(8) } # Auth-Type EAP = handled
(8) Using Post-Auth-Type Challenge
(8) Post-Auth-Type sub-section not found. Ignoring.
(8) session-state: Saving cached attributes
(8) Framed-MTU = 994
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(8) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(8) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(8) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(8) TLS-Session-Version = "TLS 1.2"
(8) Sent Access-Challenge Id 212 from 10.219.195.1:1812 to
10.219.195.225:38276 length 131
(8) EAP-Message =
0x012b00491900170303003e2209ea55626d5ff0baf80a2c42ec6788dd5d4663e3245c6aaaef10c2c1deb1d2ad96fab8a4438ea319ff3f70d6d27ae2c8a9d4aa8dc68429000232767ded
(8) Message-Authenticator = 0x00000000000000000000000000000000
(8) State = 0xac2b487aa40051714e974a6b4baa7cab
(8) Finished request
Waking up in 4.8 seconds.
(9) Received Access-Request Id 213 from 10.219.195.225:38276 to
10.219.195.1:1812 length 297
(9) User-Name = "test"
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 3
(9) Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) EAP-Message =
0x022b005e190017030300534ae33342f449b98e94136a54fa9773216317d2ebacdd3c8cea4603265909a0054c9dbb0bc8083fe2bd3ff8548dde3574e03c15d2b5a9ba2568d6711d69a8859b8fe148f477919afc4ccdbd64664e50b2cf5a5f
(9) State = 0xac2b487aa40051714e974a6b4baa7cab
(9) Message-Authenticator = 0x70ed0ad4ec446ceb8871e3c49ec3026a
(9) Restoring &session-state
(9) &session-state:Framed-MTU = 994
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.3 Handshake, ClientHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHello"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Certificate"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, ServerHelloDone"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, ClientKeyExchange"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - recv TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 ChangeCipherSpec"
(9) &session-state:TLS-Session-Information = "(TLS) PEAP - send TLS
1.2 Handshake, Finished"
(9) &session-state:TLS-Session-Cipher-Suite =
"ECDHE-RSA-AES256-GCM-SHA384"
(9) &session-state:TLS-Session-Version = "TLS 1.2"
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 43 length 94
(9) eap: Continuing tunnel setup
(9) [eap] = ok
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = ok
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0xac2b487aa4005171
(9) eap: Previous EAP request found for state 0xac2b487aa4005171,
released from the list
(9) eap: Peer sent packet with method EAP PEAP (25)
(9) eap: Calling submodule eap_peap to process data
(9) eap_peap: (TLS) EAP Done initial handshake
(9) eap_peap: Session established. Decoding tunneled attributes
(9) eap_peap: PEAP state phase2
(9) eap_peap: EAP method MSCHAPv2 (26)
(9) eap_peap: Got tunneled request
(9) eap_peap: EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) eap_peap: Setting User-Name to test
(9) eap_peap: Sending tunneled request to otpme
(9) eap_peap: EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) eap_peap: FreeRADIUS-Proxied-To = 127.0.0.1
(9) eap_peap: User-Name = "test"
(9) eap_peap: State = 0x4d7ab8054d51a258be49ba37bb208c58
(9) eap_peap: NAS-Identifier = "ap01-hbap"
(9) eap_peap: Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) eap_peap: NAS-Port-Type = Wireless-802.11
(9) eap_peap: Service-Type = Framed-User
(9) eap_peap: NAS-Port = 3
(9) eap_peap: Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) eap_peap: Connect-Info = "CONNECT 54Mbps 802.11a"
(9) eap_peap: Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) eap_peap: WLAN-Pairwise-Cipher = 1027076
(9) eap_peap: WLAN-Group-Cipher = 1027076
(9) eap_peap: WLAN-AKM-Suite = 1027073
(9) eap_peap: Framed-MTU = 1400
(9) Virtual server otpme received request
(9) EAP-Message =
0x022b003f1a022b003a3106a05c6e463eb6c51b322211d9918db400000000000000002d5a72c8ea7f1462f326cb9167cd3ef55e1d254c2141aafa0074657374
(9) FreeRADIUS-Proxied-To = 127.0.0.1
(9) User-Name = "test"
(9) State = 0x4d7ab8054d51a258be49ba37bb208c58
(9) NAS-Identifier = "ap01-hbap"
(9) Called-Station-Id = "B4-4B-D6-26-BA-86:hboss"
(9) NAS-Port-Type = Wireless-802.11
(9) Service-Type = Framed-User
(9) NAS-Port = 3
(9) Calling-Station-Id = "A6-5F-75-98-A5-06"
(9) Connect-Info = "CONNECT 54Mbps 802.11a"
(9) Acct-Session-Id = "EEFF590BE3BB6A1C"
(9) WLAN-Pairwise-Cipher = 1027076
(9) WLAN-Group-Cipher = 1027076
(9) WLAN-AKM-Suite = 1027073
(9) Framed-MTU = 1400
(9) WARNING: Outer and inner identities are the same. User privacy is
compromised.
(9) server otpme {
(9) session-state: No cached attributes
(9) # Executing section authorize from file
/var/run/otpme/freeradius/radiusd.conf
(9) authorize {
(9) eap: Peer sent EAP Response (code 2) ID 43 length 63
(9) eap: No EAP Start, assuming it's an on-going EAP conversation
(9) [eap] = updated
(9) if (!control:Auth-Type) {
(9) if (!control:Auth-Type) -> FALSE
(9) } # authorize = updated
(9) Found Auth-Type = EAP
(9) # Executing group from file /var/run/otpme/freeradius/radiusd.conf
(9) Auth-Type EAP {
(9) eap: Removing EAP session with state 0x4d7ab8054d51a258
(9) eap: Previous EAP request found for state 0x4d7ab8054d51a258,
released from the list
(9) eap: Peer sent packet with method EAP MSCHAPv2 (26)
(9) eap: Calling submodule eap_mschapv2 to process data
(9) eap_mschapv2: # Executing group from file
/var/run/otpme/freeradius/radiusd.conf
(9) eap_mschapv2: Auth-Type MS-CHAP {
otpme.py: adding MS-CHAP2-Success:
'3S=c3971529e7869293a9a388ede7e667182aeaa22c'
otpme.py: adding MS-MPPE-Send-Key: 'c7726ce0b854c17314668bc50df88203'
otpme.py: adding MS-MPPE-Recv-Key: '7019a1e6577898bd8acfecd45e55a41d'
otpme.py: adding MS-MPPE-Encryption-Policy: '0x00000001'
otpme.py: adding MS-MPPE-Encryption-Types: '0x00000006'
otpme.py: adding Auth-Type: 'MS-CHAP'
authenticate - 'reply:Reply-Message' = 'Authentication successful'
authenticate - 'reply:MS-CHAP2-Success' =
'0x33533d63333937313532396537383639323933613961333838656465376536363731383261656161323263'
authenticate - 'reply:MS-MPPE-Encryption-Policy' = '0x00000001'
authenticate - 'reply:MS-MPPE-Encryption-Types' = '0x00000006'
authenticate - 'reply:MS-MPPE-Send-Key' =
'0xc7726ce0b854c17314668bc50df88203'
authenticate - 'reply:MS-MPPE-Recv-Key' =
'0x7019a1e6577898bd8acfecd45e55a41d'
authenticate - 'config:Auth-Type' = 'MS-CHAP'
(9) eap_mschapv2: [python_otpme] = ok
(9) eap_mschapv2: } # Auth-Type MS-CHAP = ok
(9) eap_mschapv2: MSCHAP Success
(9) eap: Sending EAP Request (code 1) ID 44 length 51
(9) eap: EAP session adding &reply:State = 0x4d7ab8054c56a258
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) } # server otpme
(9) Virtual server sending reply
(9) Reply-Message = "Authentication successful"
(9) EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled reply code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled reply RADIUS code 11
(9) eap_peap: Reply-Message = "Authentication successful"
(9) eap_peap: EAP-Message =
0x012c00331a032b002e533d63333937313532396537383639323933613961333838656465376536363731383261656161323263
(9) eap_peap: Message-Authenticator = 0x00000000000000000000000000000000
(9) eap_peap: State = 0x4d7ab8054c56a258be49ba37bb208c58
(9) eap_peap: Got tunneled Access-Challenge
(9) eap: Sending EAP Request (code 1) ID 44 length 82
(9) eap: EAP session adding &reply:State = 0xac2b487aa5075171
(9) [eap] = handled
(9) } # Auth-Type EAP = handled
(9) Using Post-Auth-Type Challenge
(9) Post-Auth-Type sub-section not found. Ignoring.
(9) session-state: Saving cached attributes
(9) Framed-MTU = 994
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.3 Handshake,
ClientHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHello"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Certificate"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
ServerHelloDone"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
ClientKeyExchange"
(9) TLS-Session-Information = "(TLS) PEAP - recv TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 ChangeCipherSpec"
(9) TLS-Session-Information = "(TLS) PEAP - send TLS 1.2 Handshake,
Finished"
(9) TLS-Session-Cipher-Suite = "ECDHE-RSA-AES256-GCM-SHA384"
(9) TLS-Session-Version = "TLS 1.2"
(9) Sent Access-Challenge Id 213 from 10.219.195.1:1812 to
10.219.195.225:38276 length 140
(9) EAP-Message =
0x012c0052190017030300472209ea55626d5ff1c5bfe6da41424c37ee71bb77118b8f1f51e7bdb050466709030848e8afe46e99cd47ef4337957aa870e14a5a42c006d97a017640d76c88fd54daf3585dae47
(9) Message-Authenticator = 0x00000000000000000000000000000000
(9) State = 0xac2b487aa50751714e974a6b4baa7cab
(9) Finished request
Waking up in 4.0 seconds.
2
3