Hi, We are trying to configure freeradius (v1.1.2) server hierarchy where authentication request are sent from wireless supplicants (802.1x) through the proxy radius server (host 'radius') to the authentication server (host 'pdc'). We use EAP-PEAP and EAP-TTLS and 'ntlm_auth' feature on the 'pdc' for authentication. The same hierarchy is used for VPN box authentication (using LDAP). Authentication when access-points use 'pdc' directly works fine for EAP-PEAP/TTLS. Authentication for the topology access-point <-> proxy <-> pdc fails. Probably supplicant/access-point ignores "access-challenge (EAP)" response. VPN (LDAP) authentication works fine with proxy (and directly with pdc). Attached log files for the 'pdc' (pdc_log.txt) and the proxy 'radius' (radius_log.txt) - for failed EAP-PEAP authentication and successful authentication directly against the 'pdc' (pdc_ok_log.txt). Any suggestions what goes wrong with EAP through the proxy and how to correct the problem? Regards, -- W. A. Pietraszek email: wap@cs.aau.dk Computer Science Dept. phone: (+45) 96 35 89 07 Aalborg University fax: (+45) 98 15 98 89 Fredrik Bajers Vej 7E , DK-9220 Aalborg, Denmark Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/proxy.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/clients.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/snmp.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/eap.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/sql.conf main: prefix = "/usr/priv/1x/freeradius-1.1.2" main: localstatedir = "/usr/priv/1x/freeradius-1.1.2/var" main: logdir = "/usr/priv/1x/freeradius-1.1.2/var/log/radius" main: libdir = "/usr/priv/1x/freeradius-1.1.2/lib" main: radacctdir = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1782 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/usr/priv/1x/freeradius-1.1.2/var/run/radiusd/radiusd.pid" main: bind_address = pdc.cs.aau.dk IP address [130.225.194.5] main: user = "pack" main: group = "pack" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/priv/1x/freeradius-1.1.2/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/priv/1x/freeradius-1.1.2/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "/q/disk_0/samba/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded LDAP ldap: server = "pdc.cs.aau.dk" ldap: port = 636 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=admin,ou=DSA,dc=cs,dc=aau,dc=dk" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "xxxxxx" ldap: basedn = "ou=Accounts,dc=cs,dc=aau,dc=dk" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "uid" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /usr/priv/1x/freeradius-1.1.2/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x828f8f8 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/pdc.key" tls: certificate_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/pdc.pem" tls: CA_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/cacert.pem" tls: private_key_password = "(null)" tls: dh_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/dh" tls: random_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/huntgroups" preprocess: hints = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded files files: usersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/users" files: acctusersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 130.225.194.5:1782 Listening on accounting 130.225.194.5:1783 Ready to process requests. rad_recv: Access-Request packet from host 130.225.52.58:1814, id=0, length=152 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xfc75c11029fcdc986608144b9ebe982a EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Proxy-State = 0x3830 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to pdc.cs.aau.dk:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: bind as cn=admin,ou=DSA,dc=cs,dc=aau,dc=dk/xxxxxx to pdc.cs.aau.dk:636 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 0 to 130.225.52.58 port 1814 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff2aa2e2b3383c8094b601e9c2db657c Proxy-State = 0x3830 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 4498eb96 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 130.225.52.58:1814, id=1, length=152 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x2653ef6d35d034c43598a6daccc37a88 EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Proxy-State = 0x3830 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 1 to 130.225.52.58 port 1814 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x636421d236e97c2c6fbb4ee39070fb77 Proxy-State = 0x3830 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 1 with timestamp 4498eba1 Nothing to do. Sleeping until we see a request. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/proxy.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/clients.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/snmp.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/eap.conf Config: including file: /usr/priv/1x/freeradius-1.1.2/etc/raddb/sql.conf main: prefix = "/usr/priv/1x/freeradius-1.1.2" main: localstatedir = "/usr/priv/1x/freeradius-1.1.2/var" main: logdir = "/usr/priv/1x/freeradius-1.1.2/var/log/radius" main: libdir = "/usr/priv/1x/freeradius-1.1.2/lib" main: radacctdir = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1782 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = "/usr/priv/1x/freeradius-1.1.2/var/run/radiusd/radiusd.pid" main: bind_address = pdc.cs.aau.dk IP address [130.225.194.5] main: user = "pack" main: group = "pack" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/priv/1x/freeradius-1.1.2/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/priv/1x/freeradius-1.1.2/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "/q/disk_0/samba/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded LDAP ldap: server = "pdc.cs.aau.dk" ldap: port = 636 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=admin,ou=DSA,dc=cs,dc=aau,dc=dk" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "xxxxx" ldap: basedn = "ou=Accounts,dc=cs,dc=aau,dc=dk" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "uid" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /usr/priv/1x/freeradius-1.1.2/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message conns: 0x991b948 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/pdc.key" tls: certificate_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/pdc.pem" tls: CA_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/cacert.pem" tls: private_key_password = "(null)" tls: dh_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/dh" tls: random_file = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/huntgroups" preprocess: hints = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded files files: usersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/users" files: acctusersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/priv/1x/freeradius-1.1.2/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/usr/priv/1x/freeradius-1.1.2/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication 130.225.194.5:1782 Listening on accounting 130.225.194.5:1783 Ready to process requests. rad_recv: Access-Request packet from host 192.168.122.32:1645, id=61, length=148 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x6d9f1ff8be15ec0f2b76175a47a684dd EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 348 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to pdc.cs.aau.dk:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: bind as cn=admin,ou=DSA,dc=cs,dc=aau,dc=dk/xxxxx to pdc.cs.aau.dk:636 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 61 to 192.168.122.32 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc62ae1795c8aa7d4290ff3c0b7b1a00a Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=62, length=256 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x68cf38540bdeaeac88136e31b831b8c0 EAP-Message = 0x0203007019800000006616030100610100005d03014498e854c7ba58e9926f91433b8def48bcd3bb83b97ae144638bfb9571cd9c622088283e0b8e48b5a129de3e844bc957997f464a8b195929e29d3d00e41ec05e8c001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0xc62ae1795c8aa7d4290ff3c0b7b1a00a NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 05e0], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 62 to 192.168.122.32 port 1645 EAP-Message = 0x0104040a19c00000063d160301004a0200004603014498e81749069dfc3d073f2fdef59db688ed50c8c0ae1394e8ed9af942d7de6f203b584811302e79d658c9549631d5d39cffec9723b9e5711853017fe57d7305dd00040016030105e00b0005dc0005d900028f3082028b308201f4a003020102020103300d06092a864886f70d01010505003074310b300906035504061302444b3110300e060355040813074a75746c616e643110300e0603550407130741616c626f7267311b3019060355040a131241616c626f726720556e697665727369747931243022060355040b131b436f6d707574657220536369656e6365204465706172746d656e74 EAP-Message = 0x301e170d3036303530393135353833305a170d3131303530383135353833305a308189310b300906035504061302444b3110300e060355040813074a75746c616e643110300e0603550407130741616c626f7267311b3019060355040a131241616c626f726720556e697665727369747931243022060355040b131b436f6d707574657220536369656e6365204465706172746d656e74311330110603550403130a6672656572616469757330819f300d06092a864886f70d010101050003818d0030818902818100b30924832ea6411d9a0834623d82bd03e9e714a273d4bbfa0a2b0bf076a0db66ab4b5a0074216dce8ec9e2b55e984f4cf901e632 EAP-Message = 0x2080638f435e29d16745e648f597f782eae00bb6f626dbc39a27aa3a8ebed8e501354e3484f3c0f07d94936ecde564a1a5e1d52102b5751f79c5b0abce9fd4cc5fc2a796f79c58c30405f7b30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181004bfa2bab77567736b2f940125034ffbebad2fa4fdd1c5f832cc1dbca0f09fdb026038bd1ea635c96ea43b203be67406b60950a19f80bfb2e7cdbcc4e4d0e5fbcf7a9d77c1edfa8f847d187e3277ed34550dbcf1abcfceb97fad8c18acd14ddce48f77334162425959a8b3cd855e1d53a660ea43d7b11d69534fb731fad1dda21 EAP-Message = 0x00034430820340308202a9a003020102020900e9aa7ab489db156e300d06092a864886f70d01010505003074310b300906035504061302444b3110300e060355040813074a75746c616e643110300e0603550407130741616c626f7267311b3019060355040a131241616c626f726720556e697665727369747931243022060355040b131b436f6d707574657220536369656e6365204465706172746d656e74301e170d3036303530393134343331355a170d3136303530363134343331355a3074310b300906035504061302444b3110300e060355040813074a75746c616e643110300e0603550407130741616c626f7267311b3019060355040a13 EAP-Message = 0x1241616c626f726720556e6976657273697479312430 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf0400f71d8f464e4673d628ae94e7397 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=63, length=150 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xe2781fc2f07a9ec3d2d4566d4d729137 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0xf0400f71d8f464e4673d628ae94e7397 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 63 to 192.168.122.32 port 1645 EAP-Message = 0x01050243190022060355040b131b436f6d707574657220536369656e6365204465706172746d656e7430819f300d06092a864886f70d010101050003818d0030818902818100cc9760212c6da3fb3ceb2cb47009b1ea2b04d711687965823d06f5a0e8d14675c4c4bc8403cbde33b5e60fc76b8a0dd626405c460b19594563d7a045defb07414913839889d4681a0bc0e956628fed52da7ea9127e809c464733e7fbd464b80f5685a60fdbec2d86f181813e70a7ab56bae7acf9d3d250b93dacb2f644f3f4ad0203010001a381d93081d6301d0603551d0e04160414f077e14958ba3b3a6fa2f0d531e70b9d473a96e93081a60603551d2304819e3081 EAP-Message = 0x9b8014f077e14958ba3b3a6fa2f0d531e70b9d473a96e9a178a4763074310b300906035504061302444b3110300e060355040813074a75746c616e643110300e0603550407130741616c626f7267311b3019060355040a131241616c626f726720556e697665727369747931243022060355040b131b436f6d707574657220536369656e6365204465706172746d656e74820900e9aa7ab489db156e300c0603551d13040530030101ff300d06092a864886f70d01010505000381810050c867731b3b237f56561764f84d5a0c8433c8076585841ebf11c3aafad5faa0e0ff198c9b6d98c583d5284d93dda282f0949c69461fd4e5666fefd9a1619411 EAP-Message = 0x364fecb7f81ab08bd9be02084f7c0abbe9be3b90499588e29d15708513815fb1571e34621aceac7d702b8bf0d07e332b5c8e524a964109613be254583ef286cd16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdf5257eba7c2f430d490fb96ba1055de Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=64, length=336 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xc5ab87b22101604f8ba002315c80b951 EAP-Message = 0x020500c01980000000b6160301008610000082008071b69d4bda80b0a37f7c0ab9a8fa830f4debe662413e95321ca6dbb83173ededed45d69777928ee1aad3b6de3c8e41212c04cd49af5dedf29951f015a6ca4f6c9a00bbef06475dff5ac86b4255a5fb5db3368667c7a371b9b08d26de777746c42e7e9c25f7dc7229a0d58f1b6229b83590bb3ec325dee94a86e232307cf991be140301000101160301002011479ea5cf95c5342cc3ffae6a9357392bf16062e595591e2fecdc090f6bf3f2 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0xdf5257eba7c2f430d490fb96ba1055de NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 64 to 192.168.122.32 port 1645 EAP-Message = 0x0106003119001403010001011603010020ffc3017da415f531022d9a0a5b5a802ba23a164e76fdd03987fcc5592ba0a46e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5b43cd3d8064fc01c2f2fa4e18891710 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=65, length=150 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x4e1e320a71ad631b17a9ec5a5d12c1ce EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0x5b43cd3d8064fc01c2f2fa4e18891710 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 65 to 192.168.122.32 port 1645 EAP-Message = 0x010700201900170301001564ab7676ece7efb7b2cb88708cf0b7e17651cb23d8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5c294841288a361fade916d6dee8fc09 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=66, length=189 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xf4fe2a81fd842c6a362f158d30d84b24 EAP-Message = 0x0207002d19001703010022aae375b4b000aebb976c90a6058c91a776bfced8f2985de2586273d66fb58225f772 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0x5c294841288a361fade916d6dee8fc09 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 45 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - guest10@cs.aau.dk rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of guest10@cs.aau.dk PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to guest10@cs.aau.dk Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 66 to 192.168.122.32 port 1645 EAP-Message = 0x0108004219001703010037ee66f237337386ba24a8dc0421f217181ed1f28332b96e9c267fce5437a43a5617b66ae51dd1adeda0b39dd6386296e86525d62ff19025 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4ae826703a54f4de0b4115b6c34aa9f3 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=67, length=243 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x4bcd3b5231a96c088823ad3c798abe51 EAP-Message = 0x0208006319001703010058d6a83493b54b2afd6bd139f8c0a3c56eecce1cf2de36f241d94811f51c4b960f52a5a3024a36314431d2a615088912a075353845599d18c8c4bde76f08b09d69738372aa6100cf5cf2093801b270075612a9ececa3ab7b5d NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0x4ae826703a54f4de0b4115b6c34aa9f3 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 99 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to guest10@cs.aau.dk PEAP: Adding old state with 6d e3 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 76 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for guest10@cs.aau.dk with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 4b radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/q/disk_0/samba/bin/ntlm_auth --request-nt-key --username=guest10 --challenge=92f8502315992439 --nt-response=1322cac37f44c9c94ba2927766cf7a47084dc758fc0badc4' Exec-Program: /q/disk_0/samba/bin/ntlm_auth --request-nt-key --username=guest10 --challenge=92f8502315992439 --nt-response=1322cac37f44c9c94ba2927766cf7a47084dc758fc0badc4 Exec-Program output: NT_KEY: C940054D24058EB8F249BBD458AD700E Exec-Program-Wait: plaintext: NT_KEY: C940054D24058EB8F249BBD458AD700E Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 6 modcall: leaving group MS-CHAP (returns ok) for request 6 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 67 to 192.168.122.32 port 1645 EAP-Message = 0x0109004a1900170301003f4edab2ab6535cd05b5e6d0e37cf80440eb5418c86fc760b3e0bc7fd04dc7e96ceed7bedc6f39154b668c399019185b0e5d65c26fb3fb15525d864f96ed77d5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x91db25be408a393a4c9a032a3c2e2d10 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=68, length=173 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x8bb1fe1cf45835c57876ccb557b29053 EAP-Message = 0x0209001d19001703010012d3e80445602235c1be37caa9839ec80dfb21 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0x91db25be408a393a4c9a032a3c2e2d10 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to guest10@cs.aau.dk PEAP: Adding old state with c3 03 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 7 modcall: leaving group authenticate (returns ok) for request 7 Login OK: [guest10@cs.aau.dk] (from client localhost port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 68 to 192.168.122.32 port 1645 EAP-Message = 0x010a00261900170301001b23f5fd8c34da57125bca62097763a709e6f242b22f404dc707a437 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaa16f80f99772db86aa1c9b9d12951b1 Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=69, length=182 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9181" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xceec87fbe7850d0515dab5a31215c281 EAP-Message = 0x020a00261900170301001b33f9521d112cd79adeeaa3fe4018589e325b1ed0fb27f3f52052a3 NAS-Port-Type = Wireless-802.11 NAS-Port = 348 State = 0xaa16f80f99772db86aa1c9b9d12951b1 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Adding Stripped-User-Name = "guest10" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 10 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for guest10 radius_xlat: '(uid=guest10)' radius_xlat: 'ou=Accounts,dc=cs,dc=aau,dc=dk' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Accounts,dc=cs,dc=aau,dc=dk, with filter (uid=guest10) rlm_ldap: checking if remote access for guest10 is allowed by uid rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user guest10 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 8 modcall: leaving group authenticate (returns ok) for request 8 Login OK: [guest10@cs.aau.dk] (from client ap2 port 348 cli 000f.2093.9f60) Sending Access-Accept of id 69 to 192.168.122.32 port 1645 MS-MPPE-Recv-Key = 0x3b11f0200048eacb63576c939989267c503e8d7854209192690645d6bbd05061 MS-MPPE-Send-Key = 0xfd4248e5981e86309b3f86bd87730462eb70bb84989cd8ea74b2ec2861368a79 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "guest10" Finished request 8 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 61 with timestamp 4498e817 Cleaning up request 1 ID 62 with timestamp 4498e817 Cleaning up request 2 ID 63 with timestamp 4498e817 Cleaning up request 3 ID 64 with timestamp 4498e817 Cleaning up request 4 ID 65 with timestamp 4498e817 Cleaning up request 5 ID 66 with timestamp 4498e817 Cleaning up request 6 ID 67 with timestamp 4498e817 Cleaning up request 7 ID 68 with timestamp 4498e817 Cleaning up request 8 ID 69 with timestamp 4498e817 Nothing to do. Sleeping until we see a request. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/priv/freeradius-1.1.2/etc/raddb/proxy.conf Config: including file: /usr/priv/freeradius-1.1.2/etc/raddb/clients.conf Config: including file: /usr/priv/freeradius-1.1.2/etc/raddb/snmp.conf Config: including file: /usr/priv/freeradius-1.1.2/etc/raddb/eap.conf Config: including file: /usr/priv/freeradius-1.1.2/etc/raddb/sql.conf main: prefix = "/usr/priv/freeradius-1.1.2" main: localstatedir = "/usr/priv/freeradius-1.1.2/var" main: logdir = "/usr/priv/freeradius-1.1.2/var/log/radius" main: libdir = "/usr/priv/freeradius-1.1.2/lib" main: radacctdir = "/usr/priv/freeradius-1.1.2/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/priv/freeradius-1.1.2/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/priv/freeradius-1.1.2/var/run/radiusd/radiusd.pid" main: bind_address = 130.225.52.58 IP address [130.225.52.58] main: user = "pack" main: group = "pack" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/priv/freeradius-1.1.2/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/priv/freeradius-1.1.2/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/priv/freeradius-1.1.2/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/priv/freeradius-1.1.2/etc/raddb/huntgroups" preprocess: hints = "/usr/priv/freeradius-1.1.2/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/priv/freeradius-1.1.2/etc/raddb/users" files: acctusersfile = "/usr/priv/freeradius-1.1.2/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/priv/freeradius-1.1.2/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/priv/freeradius-1.1.2/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/priv/freeradius-1.1.2/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/priv/freeradius-1.1.2/etc/raddb/certs/radius.key" tls: certificate_file = "/usr/priv/freeradius-1.1.2/etc/raddb/certs/radius.pem" tls: CA_file = "/usr/priv/freeradius-1.1.2/etc/raddb/certs/cacert.pem" tls: private_key_password = "(null)" tls: dh_file = "/usr/priv/freeradius-1.1.2/etc/raddb/certs/dh" tls: random_file = "/usr/priv/freeradius-1.1.2/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Listening on authentication 130.225.52.58:1812 Listening on accounting 130.225.52.58:1813 Listening on proxy 130.225.52.58:1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.122.32:1645, id=80, length=148 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xa2d5b0c1608a1d2d89a66fa41a7f03c9 EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Preparing to proxy authentication request to realm "cs.aau.dk" modcall[authorize]: module "suffix" returns updated for request 0 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 Sending Access-Request of id 0 to 130.225.194.5 port 1782 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x00000000000000000000000000000000 EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Proxy-State = 0x3830 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 130.225.194.5:1782, id=0, length=68 EAP-Message = 0x010300061920 Message-Authenticator = 0x5dd2782ec2e80055cc9226ee5fc548d6 State = 0xff2aa2e2b3383c8094b601e9c2db657c Proxy-State = 0x3830 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: leaving group post-proxy (returns noop) for request 0 Sending Access-Challenge of id 80 to 192.168.122.32 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff2aa2e2b3383c8094b601e9c2db657c Finished request 0 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=80, length=148 Sending duplicate reply to client ap2:1645 - ID: 80 Re-sending Access-Challenge of id 80 to 192.168.122.32 port 1645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 80 with timestamp 4498eb96 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.122.32:1645, id=80, length=148 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0xa2d5b0c1608a1d2d89a66fa41a7f03c9 EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 rlm_realm: Looking up realm "cs.aau.dk" for User-Name = "guest10@cs.aau.dk" rlm_realm: Found realm "cs.aau.dk" rlm_realm: Proxying request from user guest10 to realm cs.aau.dk rlm_realm: Adding Realm = "cs.aau.dk" rlm_realm: Preparing to proxy authentication request to realm "cs.aau.dk" modcall[authorize]: module "suffix" returns updated for request 1 users: Matched entry DEFAULT at line 153 users: Matched entry DEFAULT at line 155 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 Sending Access-Request of id 1 to 130.225.194.5 port 1782 User-Name = "guest10@cs.aau.dk" Framed-MTU = 1400 Called-Station-Id = "0015.c729.9180" Calling-Station-Id = "000f.2093.9f60" Service-Type = Login-User Message-Authenticator = 0x00000000000000000000000000000000 EAP-Message = 0x0202001601677565737431304063732e6161752e646b NAS-Port-Type = Wireless-802.11 NAS-Port = 353 NAS-IP-Address = 192.168.122.32 NAS-Identifier = "ap2" Proxy-State = 0x3830 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 130.225.194.5:1782, id=1, length=68 EAP-Message = 0x010300061920 Message-Authenticator = 0x033ff05c9d7efe2efe613a985a0b6fb9 State = 0x636421d236e97c2c6fbb4ee39070fb77 Proxy-State = 0x3830 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 1 modcall[post-proxy]: module "eap" returns noop for request 1 modcall: leaving group post-proxy (returns noop) for request 1 Sending Access-Challenge of id 80 to 192.168.122.32 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x636421d236e97c2c6fbb4ee39070fb77 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.122.32:1645, id=80, length=148 Sending duplicate reply to client ap2:1645 - ID: 80 Re-sending Access-Challenge of id 80 to 192.168.122.32 port 1645 --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 80 with timestamp 4498eba1 Nothing to do. Sleeping until we see a request.