On Fri, 2 Oct 2015 21:35:17 +0100 Matthew Newton <mcn4@leicester.ac.uk> wrote: [snip]
Can you run
radiusd -X | tee logfile
then connect the laptop to the network, and then post the logfile to the list? Otherwise we've got nothing really to go on.
Wellll... Okay. It's gigantic, tho. Included below.
Long shot, have you got the default EAP type (eap.conf) configured to the same on that you're using? Shouldn't cause this, but all I can think of without seeing any debug output.
Set to "peap" in eap.conf and set to "Microsoft: Protected EAP (PEAP)" in the config on the laptop. Here's the debug output... freeradius: FreeRADIUS Version 2.2.9, for host i686-pc-linux-gnu, built on Oct 2 2015 at 07:12:08 Copyright (C) 1999-2015 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/dhcp_sqlippool including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/cache including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/modules/radrelay including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client 172.24.0.0/16 { ipaddr = 172.24.0.0 netmask = 16 require_message_authenticator = no secret = "xxxxxxxxxxxxxxxxxxxx" shortname = "localhost" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes timeout = 10 } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/ssl/certs" pem_file_type = yes private_key_file = "/etc/ssl/private/skynet-n_wtccorp_com.key" certificate_file = "/etc/ssl/certs/skynet-n_wtccorp_com.crt" CA_file = "/etc/ssl/certs/skynet-n_wtccorp_com_ca.pem" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no check_all_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/ssl/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_detail Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log detail auth_log { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no escape_filenames = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no escape_filenames = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap ldap { server = "localhost" port = 389 password = "slurp2~maybe" expect_password = yes identity = "uid=radius,ou=People,dc=wtccorp,dc=com" net_timeout = 1 timeout = 4 timelimit = 3 max_uses = 0 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = yes cacertfile = "/etc/ssl/certs/skynet-n_wtccorp_com_ca.pem" require_cert = "allow" } basedn = "ou=People,dc=wtccorp,dc=com" filter = "(uid=%{mschap:User-Name})" base_filter = "(objectclass=radiusprofile)" password_attribute = "userPassword" auto_header = no access_attr_used_for_allow = yes groupname_attribute = "cn" groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = yes keepalive { idle = 60 probes = 3 interval = 3 } } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: Over-riding set_auth_type, as there is no module ldap listed in the "authenticate" section. rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP sambaLMPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNTPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP sambaAcctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x87ce2f8 Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 56664 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=0, length=203 Message-Authenticator = 0xf3fee44722450f2f835bda228c2d88a6 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020000140177696e303035345c6a656666726579 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:26 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 20 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 172.24.0.48 port 1509 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98bd762098bc6f3a092a404097a6cf8c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=1, length=340 Message-Authenticator = 0x179741121daee4790499573ef410e994 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x98bd762098bc6f3a092a404097a6cf8c Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201008b198000000081160301007c010000780301560ef3ca1db6af18753547212e86a4c29231188ea25d38e9fc506a22d24e4ded204bac48082d3304551bb3dc2591a3abb1481a4b9e1f411604b120384460512c0d0018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:26 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 139 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 129 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 007c], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0899], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 1 to 172.24.0.48 port 1509 EAP-Message = 0x0102040019c000000a351603010039020000350301e3d36991a480cff0a07864e77a040402f7c8ffb3fa033663de15ee5670a7e1b600c01400000dff01000100000b00040300010216030108990b000895000892000469308204653082034da003020102020900db98278c91c043a9300d06092a864886f70d01010b05003081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a30 EAP-Message = 0x2806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323735335a170d3136303932393133323735335a3081c0310b30090603550406130255533111300f06035504080c084d6963686967616e3119301706035504070c104661726d696e67746f6e2048696c6c733121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077 EAP-Message = 0x656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d2d1c7948966ed1341d267fc4f9cbb7296b538e6c723798db5cf417e57e0620f717df13563fa3ee95d91c6cbd0f2919d7cc0574e3525b145ce67bd29b491b13c0521b0d0790a9e1e153f8f5120ec29c3ef45e90eac80eceb1a72e4092484908d485fa92fa5707513fd6af7f510b56d1d0faaadb9e7cd299346fefef85bc2ea77fa161428c0c5282c5c55eff7e3eea1eb2174f802bf43d03232ada75c5e05ab926885f6f67667fab1d529a55db4bb05e1b96eb29372385b57e3b3a7adf39e856aff11f754675e831d57d5fdbacc EAP-Message = 0x6c871053262f2b628752fb8fe5f810342b04f8a001177ebd1722fb02c1fe13ba9d97a5fbfe928d7b4e5ec19a8158f75d44d1c90203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143fd748d1e67b96f55218a8d3506b1520021ead6f301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300d06092a864886f70d01010b05000382010100499ce5c07f4f002837484b1de16566030fd0a519c6f66b6600ddecacbb55c50be98fc448739e30aef582ac786a65a70b38f0a53c EAP-Message = 0x205bb219d9d0950173a6e052 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98bd762099bf6f3a092a404097a6cf8c Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=2, length=207 Message-Authenticator = 0xbd29cd2a85b34482305e73ddbeb9fc70 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x98bd762099bf6f3a092a404097a6cf8c Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:26 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 2 to 172.24.0.48 port 1509 EAP-Message = 0x010303fc1940b6da580861b855560215e1bcddc7cf7827141faabad978a814118c0396af66bb9de3c68f723e7daa398182692569baf4e2286c6ce5036cfc997577ecebc2727ff1ecbf4f7310651cf9ea2752d40b0ffa8f3d93d4e344fede5db5104358bd0361b15d3a673789d36d86caa0800071c88c6f149459efd07b25be0dd75ca2b2aa276c22bd6c8f7481af26b84dda57b527c3ed8889a96b232aba9105d1750cfd3fcf97c1ee8a9339d19ab87264461497c80c8adf4010e1a03fe4048cd611b4fdb0330004233082041f30820307a003020102020900db98278c91c043a8300d06092a864886f70d01010b05003081a5310b3009060355040613 EAP-Message = 0x0255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323732315a170d3230303932383133323732315a3081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f67792043 EAP-Message = 0x6f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c944842f637fef492dcb8b64ea061235ea559291b19a5ae5edc0ed30743c49f613d8e02b4f1c550e2a10a2949470e97d1bfa77fd2d72cf5705e203ab73384d91885043238a0a28aba3da3852a88569281c07f2625df0c9fc44bd7e2b74e1bd17b30e13a34ce06642eb8ea20eab0ac013b1e0295106d8 EAP-Message = 0xdebfec3c001b3f97c99db881f0bc8175bc2f8a06a57dd173f43d092f406832fa4d379b4e3d139fcd2b17ffc3d462ee2d1bb7f4170af942c0d04e00a7d9735378bca2b39c5442683a6a0311a8c0c24d4782e969362ea68480960546166f7683dde3e32638fb36b04b302198f997e2afb50880b63ffdff863a7812b4e9c0cc7ccda4424c344f3f7f180bf70203010001a350304e301d0603551d0e041604143edcdf7a0e78b6c903868bf018eb6df83782ab9d301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010059c531727c748cb0 EAP-Message = 0xa73687495c5cba6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98bd76209abe6f3a092a404097a6cf8c Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=3, length=207 Message-Authenticator = 0xff40c27f0968df6b3d4a998482366677 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x98bd76209abe6f3a092a404097a6cf8c Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:26 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 3 to 172.24.0.48 port 1509 EAP-Message = 0x0104024f1900e7d5270f188a0f21028c17db0c4d3a4838d86a59ff3eec796b43f0c60983ea0d40fd86610f59e6575677f9700434ca9aaea69f8849614008fd93ade3852afb2eef925278f3b28c615233ec17b84f3299944dcb6c776ef66cbb07c8a503ca018747ef169ce512d4b2f1a102b7f941d62239c3cd554545cc8a0662221db9c71caa130d342979bbe0b1ae33d10737740e92a776c525965e97d1f9ab305c7226f8f26c03063af5d76628eba9e851ae0f807182cd582cf834384de1df8b513aff09dcb8409ca58449b5c987a8f574139352b15b5b73e56114eac58602765d28ea98181c344c48f313d5a29a2f2accfb06d4b7160301014b0c00 EAP-Message = 0x0147030017410458221b4f9563c367cd6345bd1983dd5a0a1d2d9c0c3f3a688675135a2a3dd158eb7ce2a321395da49acebf6d58bb7bc638b6ac01ea1f1dacbbb3f1891effafa701002df95433bd6b5e8b9e54b46658f83af70565a8bacc68904416919cc68c38c00bb8d03e56d7b9825bcbc107f05a8505c371fe58f730e929a777ac59b5f8d8c3ffdb6c1cd8f18f3964224390d311b9d52e76817b0c33d34c42756e9726eb789ecc12975de7b3754bb382aee43ed892b392da09e278fd7b1c1b2a087fdd4ff4a3a9b68abec44550f6fbbedfc24c43eb889c23f921690d5005c4c0d6f09532e9c5fd19bd9f0fad6ec02b28579cdb08e69345d4cabd93 EAP-Message = 0x988e23bbfd7da569b3228fce00255d14115514e296d1cdcabfc471f6a93865e4727403723468dd50253baec481920b34f9bbd4b31d488db221f224bb73a98de198ce3c3bbaea63a73de0640d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98bd76209bb96f3a092a404097a6cf8c Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1509, id=4, length=207 Message-Authenticator = 0x6c8a80ed0cc51c66ebf5cb6850444872 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x98bd76209bb96f3a092a404097a6cf8c Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020400061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:26 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 4 to 172.24.0.48 port 1509 EAP-Message = 0x010500061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x98bd76209cb86f3a092a404097a6cf8c Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=0, length=203 Message-Authenticator = 0x121295a68b11c245e8e2f9154fbba8de Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020000140177696e303035345c6a656666726579 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 0 length 20 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop ++[expiration] = noop ++[logintime] = noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 0 to 172.24.0.48 port 1510 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4464d3fe9d648e243ee182ad Finished request 5. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=1, length=308 Message-Authenticator = 0xed6907899fefd56815ebca6b3afae42d Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4464d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0201006b198000000061160301005c010000580301560ef3ccbf5284b3d32a2f4774af9d62f43b2ee8527a8caeff6653df745e5cef000018c014c013c00ac0090035002f00380032000a00130005000401000017000a00080006001900170018000b00020100ff01000100 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 1 length 107 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 97 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005c], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 0899], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 1 to 172.24.0.48 port 1510 EAP-Message = 0x0102040019c000000a351603010039020000350301563f8767bca18f9ef80d326eb862a320de9154c43e762c9317971aa689858f3600c01400000dff01000100000b00040300010216030108990b000895000892000469308204653082034da003020102020900db98278c91c043a9300d06092a864886f70d01010b05003081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a30 EAP-Message = 0x2806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323735335a170d3136303932393133323735335a3081c0310b30090603550406130255533111300f06035504080c084d6963686967616e3119301706035504070c104661726d696e67746f6e2048696c6c733121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077 EAP-Message = 0x656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d2d1c7948966ed1341d267fc4f9cbb7296b538e6c723798db5cf417e57e0620f717df13563fa3ee95d91c6cbd0f2919d7cc0574e3525b145ce67bd29b491b13c0521b0d0790a9e1e153f8f5120ec29c3ef45e90eac80eceb1a72e4092484908d485fa92fa5707513fd6af7f510b56d1d0faaadb9e7cd299346fefef85bc2ea77fa161428c0c5282c5c55eff7e3eea1eb2174f802bf43d03232ada75c5e05ab926885f6f67667fab1d529a55db4bb05e1b96eb29372385b57e3b3a7adf39e856aff11f754675e831d57d5fdbacc EAP-Message = 0x6c871053262f2b628752fb8fe5f810342b04f8a001177ebd1722fb02c1fe13ba9d97a5fbfe928d7b4e5ec19a8158f75d44d1c90203010001a37b307930090603551d1304023000302c06096086480186f842010d041f161d4f70656e53534c2047656e657261746564204365727469666963617465301d0603551d0e041604143fd748d1e67b96f55218a8d3506b1520021ead6f301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300d06092a864886f70d01010b05000382010100499ce5c07f4f002837484b1de16566030fd0a519c6f66b6600ddecacbb55c50be98fc448739e30aef582ac786a65a70b38f0a53c EAP-Message = 0x205bb219d9d0950173a6e052 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4567d3fe9d648e243ee182ad Finished request 6. Going to the next request Waking up in 2.9 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=2, length=207 Message-Authenticator = 0xe82b5064a4f1a842ea017d1df9ed2249 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4567d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020200061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 2 to 172.24.0.48 port 1510 EAP-Message = 0x010303fc1940b6da580861b855560215e1bcddc7cf7827141faabad978a814118c0396af66bb9de3c68f723e7daa398182692569baf4e2286c6ce5036cfc997577ecebc2727ff1ecbf4f7310651cf9ea2752d40b0ffa8f3d93d4e344fede5db5104358bd0361b15d3a673789d36d86caa0800071c88c6f149459efd07b25be0dd75ca2b2aa276c22bd6c8f7481af26b84dda57b527c3ed8889a96b232aba9105d1750cfd3fcf97c1ee8a9339d19ab87264461497c80c8adf4010e1a03fe4048cd611b4fdb0330004233082041f30820307a003020102020900db98278c91c043a8300d06092a864886f70d01010b05003081a5310b3009060355040613 EAP-Message = 0x0255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f677920436f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d301e170d3135303933303133323732315a170d3230303932383133323732315a3081a5310b30090603550406130255533111300f06035504080c084d6963686967616e3121301f060355040a0c1857656c64696e6720546563686e6f6c6f67792043 EAP-Message = 0x6f72702e31153013060355040b0c0c546563682e2043656e746572311d301b06035504030c14736b796e65742d6e2e777463636f72702e636f6d312a302806092a864886f70d010901161b686f73746d61737465724077656c6474656368636f72702e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c944842f637fef492dcb8b64ea061235ea559291b19a5ae5edc0ed30743c49f613d8e02b4f1c550e2a10a2949470e97d1bfa77fd2d72cf5705e203ab73384d91885043238a0a28aba3da3852a88569281c07f2625df0c9fc44bd7e2b74e1bd17b30e13a34ce06642eb8ea20eab0ac013b1e0295106d8 EAP-Message = 0xdebfec3c001b3f97c99db881f0bc8175bc2f8a06a57dd173f43d092f406832fa4d379b4e3d139fcd2b17ffc3d462ee2d1bb7f4170af942c0d04e00a7d9735378bca2b39c5442683a6a0311a8c0c24d4782e969362ea68480960546166f7683dde3e32638fb36b04b302198f997e2afb50880b63ffdff863a7812b4e9c0cc7ccda4424c344f3f7f180bf70203010001a350304e301d0603551d0e041604143edcdf7a0e78b6c903868bf018eb6df83782ab9d301f0603551d230418301680143edcdf7a0e78b6c903868bf018eb6df83782ab9d300c0603551d13040530030101ff300d06092a864886f70d01010b0500038201010059c531727c748cb0 EAP-Message = 0xa73687495c5cba6d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4666d3fe9d648e243ee182ad Finished request 7. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=3, length=207 Message-Authenticator = 0xa1bb90d986293276b7e1daa26bbb9422 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4666d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 3 to 172.24.0.48 port 1510 EAP-Message = 0x0104024f1900e7d5270f188a0f21028c17db0c4d3a4838d86a59ff3eec796b43f0c60983ea0d40fd86610f59e6575677f9700434ca9aaea69f8849614008fd93ade3852afb2eef925278f3b28c615233ec17b84f3299944dcb6c776ef66cbb07c8a503ca018747ef169ce512d4b2f1a102b7f941d62239c3cd554545cc8a0662221db9c71caa130d342979bbe0b1ae33d10737740e92a776c525965e97d1f9ab305c7226f8f26c03063af5d76628eba9e851ae0f807182cd582cf834384de1df8b513aff09dcb8409ca58449b5c987a8f574139352b15b5b73e56114eac58602765d28ea98181c344c48f313d5a29a2f2accfb06d4b7160301014b0c00 EAP-Message = 0x01470300174104f94f27db84c936ece3f8f2dabd1578d95d6ac7a27dfb6daa83d62030d7be1f8298f1889a729c7ed1475895e8f796516031e5bb67c5779570fe2e3baa4fc59f980100656917d6493b86f841676412f995ab7e1ba7c1e28e39d94c08325c836b0887772396b6b04f6db1bcbc09f143184d3d37677a484de33a58e0b182788527dede27c5345dba9bd4e06dd487cb32c55e95efeab1cf8b4b5726b5950c473d5264c03ec379147429d3492e4695a1153ba005598749f4a9f13e3847148f3455cffc4121180cdc839bc84dccf2758f4d624583bf051e94fcaecded9834a0e7c632087051a0cada0de572368894b07c019e3e85a379e8df26 EAP-Message = 0x3c7a29973798e12add22ade92b3511a131fb4d81bfcdec1d7106d6c70b89fed598f1aca96b1ce9d45de544b8f2d96c2bde80f76ae69041e752e6ddbfcbafca70df67258cdeff72cc52f1958616030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4761d3fe9d648e243ee182ad Finished request 8. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=4, length=345 Message-Authenticator = 0x8bc28ce67ea7ac4969fbf9ae2e9e208f Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4761d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0204009019800000008616030100461000004241043c809efc0e0a2ca176b2606111d62bf84fc511208a5bf64b3017688baf469126994847f9f55b6a4a9a14f69a5cc2d9093ca45977068034173e49aa8c6567ef231403010001011603010030cfd781c88abc2f1f2308318db52c884dc33bb5034282e0be3ae40b6265ee2d415484e772c9889a03bfd6d113e8b7b925 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 4 length 144 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 4 to 172.24.0.48 port 1510 EAP-Message = 0x010500411900140301000101160301003013153c9bcbbbc61fdf54f31d9dc1f6e0f0688aed91c84831ea12d943c445d4bc36982989b0a1c12ffff77e06438851c7 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4060d3fe9d648e243ee182ad Finished request 9. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=5, length=207 Message-Authenticator = 0xe672cfd12303a02af4cd8bf93844cc0a Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4060d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020500061900 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 5 to 172.24.0.48 port 1510 EAP-Message = 0x0106002b190017030100206e4c28c25fa0be9b294a675f54f4795ab01b00a6d1c9b7001d7da69b3807e510 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4163d3fe9d648e243ee182ad Finished request 10. Going to the next request Waking up in 2.8 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=6, length=260 Message-Authenticator = 0xdbd26e3f6b395640e552601e0c30b267 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4163d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0206003b19001703010030ace4d439a4ad129c9a846d74d6695ccaea39e77e2c524cf5065c69ae97d02d1c7dc9ec9c5a4e7d530ef19a7485a6d6f0 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 6 length 59 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - win0054\jeffrey [peap] Got inner identity 'win0054\jeffrey' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x020600140177696e303035345c6a656666726579 server { [peap] Setting User-Name to win0054\jeffrey Sending tunneled request EAP-Message = 0x020600140177696e303035345c6a656666726579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "win0054\\jeffrey" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 6 length 20 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [ldap] performing user authorization for win0054\jeffrey [ldap] expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey) [ldap] expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to localhost:389, authentication 0 [ldap] setting TLS CACert File to /etc/ssl/certs/skynet-n_wtccorp_com_ca.pem [ldap] starting TLS [ldap] bind as uid=radius,ou=People,dc=wtccorp,dc=com/slurp2~maybe to localhost:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]" [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435 [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545 [ldap] looking for reply items in directory... [ldap] ldap_release_conn: Release Id: 0 ++[ldap] = ok ++[expiration] = noop ++[logintime] = noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010700291a01070024109974050545ffc02dfc8e72d8f44f439b77696e303035345c6a656666726579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05a66f0605a1753bbd5d795e1c248c9d [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x010700291a01070024109974050545ffc02dfc8e72d8f44f439b77696e303035345c6a656666726579 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05a66f0605a1753bbd5d795e1c248c9d [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 6 to 172.24.0.48 port 1510 EAP-Message = 0x0107004b19001703010040a9546f8399001b6a8bd342e619ae8162f76fc837888a09fa384a010c9e2dee9268df149f6f8055970ae10d2cc4a47f0cac733dd468db1838054de093bc3dec3f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4262d3fe9d648e243ee182ad Finished request 11. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=7, length=308 Message-Authenticator = 0x0ca2718b291fbbe28082bcdb84c545b7 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4262d3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0207006b190017030100609050f71be529e8a4298db7da8502b8faeadcba74fc99e9ddfe0960259c3f195a921fa28d69ba8df233282f6a29547be7c11310bccfed272c506a790337ba47b73fdd5ff2760bd67eb09d62a5a385bbf54ed00eb3066e8955bdf5f48dc46b93f3 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 7 length 107 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020700421a0207003d31f613ab6b1e8f20d69b72000370a616000000000000000000a0ae9b346e3a9f3f939556588b676a35929c01f270327e77006a656666726579 server { [peap] Setting User-Name to win0054\jeffrey Sending tunneled request EAP-Message = 0x020700421a0207003d31f613ab6b1e8f20d69b72000370a616000000000000000000a0ae9b346e3a9f3f939556588b676a35929c01f270327e77006a656666726579 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "win0054\\jeffrey" State = 0x05a66f0605a1753bbd5d795e1c248c9d server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 7 length 66 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [ldap] performing user authorization for win0054\jeffrey [ldap] expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey) [ldap] expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]" [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435 [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545 [ldap] looking for reply items in directory... [ldap] ldap_release_conn: Release Id: 0 ++[ldap] = ok ++[expiration] = noop ++[logintime] = noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +group MS-CHAP { [mschap] Found LM-Password [mschap] Found NT-Password [mschap] WARNING: User-Name (win0054\jeffrey) is not the same as MS-CHAP Name (jeffrey) from EAP-MSCHAPv2 [mschap] Creating challenge hash with username: jeffrey [mschap] Client is using MS-CHAPv2 for jeffrey, we need NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] = ok +} # group MS-CHAP = ok MSCHAP Success ++[eap] = handled +} # group authenticate = handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010800331a0307002e533d41343938333341454445323745364436324232423838464442363141453031334334344641353133 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05a66f0604ae753bbd5d795e1c248c9d [peap] Got tunneled reply RADIUS code Access-Challenge EAP-Message = 0x010800331a0307002e533d41343938333341454445323745364436324232423838464442363141453031334334344641353133 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05a66f0604ae753bbd5d795e1c248c9d [peap] Got tunneled Access-Challenge ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 7 to 172.24.0.48 port 1510 EAP-Message = 0x0108005b19001703010050e447287e8c32c97b3bba2d5ddcebbb2a7a5072606bb3985055cb0d1e42f19cab85b5e3ba2c1c3d5911d6088e96ba61543cb4a2730c2de449aca8322d707acff85d1c89e4719868c37ece12a7858d0ce0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b436dd3fe9d648e243ee182ad Finished request 12. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=8, length=244 Message-Authenticator = 0x1e3e0ca33e12a9b4057830f377b82244 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b436dd3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0208002b1900170301002058ac08dc09598152957686e0d9ec0bfb4af9ed80b8e98be8b21c0d7ba2a73c78 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020800061a03 server { [peap] Setting User-Name to win0054\jeffrey Sending tunneled request EAP-Message = 0x020800061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "win0054\\jeffrey" State = 0x05a66f0604ae753bbd5d795e1c248c9d server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +group authorize { ++[chap] = noop ++[mschap] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop ++update control { ++} # update control = noop [eap] EAP packet type response id 8 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] = updated ++[files] = noop [ldap] performing user authorization for win0054\jeffrey [ldap] expand: (uid=%{mschap:User-Name}) -> (uid=jeffrey) [ldap] expand: ou=People,dc=wtccorp,dc=com -> ou=People,dc=wtccorp,dc=com [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in ou=People,dc=wtccorp,dc=com, with filter (uid=jeffrey) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] sambaAcctFlags -> SMB-Account-CTRL-TEXT == "[U]" [ldap] sambaNTPassword -> NT-Password == 0x4338374239333639433331343843433241314331363738344134363645463435 [ldap] sambaLMPassword -> LM-Password == 0x3936393736373035453543463432463941414433423433354235313430344545 [ldap] looking for reply items in directory... [ldap] ldap_release_conn: Release Id: 0 ++[ldap] = ok ++[expiration] = noop ++[logintime] = noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] = noop +} # group authorize = updated Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +group authenticate { [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x14cdaa5dd80a97d68f9a273925682cff MS-MPPE-Recv-Key = 0x0d3dced83362f21239048b9280abfc62 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "win0054\\jeffrey" [peap] Got tunneled reply RADIUS code Access-Accept MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0x14cdaa5dd80a97d68f9a273925682cff MS-MPPE-Recv-Key = 0x0d3dced83362f21239048b9280abfc62 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "win0054\\jeffrey" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] = handled +} # group authenticate = handled Sending Access-Challenge of id 8 to 172.24.0.48 port 1510 EAP-Message = 0x0109002b19001703010020789df7189a45a0b33091349b5e386e2fc1ff4a2f09623998d30272a775b4cb92 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4465ca6b4c6cd3fe9d648e243ee182ad Finished request 13. Going to the next request Waking up in 2.7 seconds. rad_recv: Access-Request packet from host 172.24.0.48 port 1510, id=9, length=244 Message-Authenticator = 0xc85bfd7428baa565719f188f4e6077f2 Service-Type = Framed-User User-Name = "win0054\\jeffrey" Framed-MTU = 1488 State = 0x4465ca6b4c6cd3fe9d648e243ee182ad Called-Station-Id = "00-0F-B5-6E-31-73:fh-test-ap" Calling-Station-Id = "00-1F-3C-B2-AD-72" NAS-Identifier = "FWAG114" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x0209002b190017030100201f684809b50701513be173c26cfb7cb773d3d2ff3af2d82a04e5aa5203930ec2 NAS-IP-Address = 0.0.0.0 NAS-Port = 1 NAS-Port-Id = "STA port # 1" # Executing section authorize from file /etc/freeradius/sites-enabled/default +group authorize { ++[preprocess] = ok [auth_log] expand: %{Packet-Src-IP-Address} -> 172.24.0.48 [auth_log] expand: /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d -> /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] /var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/auth-detail-%Y%m%d expands to /var/log/freeradius/radacct/172.24.0.48/auth-detail-20151002 [auth_log] expand: %t -> Fri Oct 2 17:14:28 2015 ++[auth_log] = ok ++[chap] = noop ++[mschap] = noop ++[digest] = noop [suffix] No '@' in User-Name = "win0054\jeffrey", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] = noop [eap] EAP packet type response id 9 length 43 [eap] Continuing tunnel setup. ++[eap] = ok +} # group authorize = ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +group authenticate { [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] = ok +} # group authenticate = ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +group post-auth { ++[exec] = noop +} # group post-auth = noop Sending Access-Accept of id 9 to 172.24.0.48 port 1510 MS-MPPE-Recv-Key = 0xb6366ecd1300654a450cf0f52f17764ceef21afb49657ae5569ac80e7ac85529 MS-MPPE-Send-Key = 0xfe041f1c30415092e2a826a51a0ff7eff3d0fceac33d78f95f08a36ad310fec0 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "win0054\\jeffrey" Finished request 14. Going to the next request Waking up in 2.7 seconds. Cleaning up request 0 ID 0 with timestamp +32 Cleaning up request 1 ID 1 with timestamp +32 Cleaning up request 2 ID 2 with timestamp +32 Cleaning up request 3 ID 3 with timestamp +32 Cleaning up request 4 ID 4 with timestamp +32 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x98bd76209cb86f3a did not finish! WARNING: !! Please read http://wiki.freeradius.org/guide/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Waking up in 2.0 seconds. Cleaning up request 5 ID 0 with timestamp +34 Cleaning up request 6 ID 1 with timestamp +34 Cleaning up request 7 ID 2 with timestamp +34 Cleaning up request 8 ID 3 with timestamp +34 Cleaning up request 9 ID 4 with timestamp +34 Cleaning up request 10 ID 5 with timestamp +34 Cleaning up request 11 ID 6 with timestamp +34 Cleaning up request 12 ID 7 with timestamp +34 Cleaning up request 13 ID 8 with timestamp +34 Cleaning up request 14 ID 9 with timestamp +34 Ready to process requests. Regards, Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>.