OK, upgraded to 2.1.10 as suggested. Thanks. However, I have a different issue now -- seems that the passcode is not being proxied over to the home server. I only see a username, nas IP address and proxy state being proxied in the access-request packet but no user-password. Also get a segmentation fault after the authentication is rejected. Thanks for the help.... Here's the debug output: [root@mackeral-dev raddb]# /usr/sbin/radiusd -X FreeRADIUS Version 2.1.10, for host x86_64-redhat-linux-gnu, built on Dec 15 2010 at 09:27:40 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/proxy-inner-tunnel main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server meddle { ipaddr = 134.252.100.4 port = 1812 type = "auth" secret = "test" response_window = 30 max_outstanding = 65536 zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool test { type = fail-over home_server = meddle } realm test { auth_pool = test } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 134.252.100.101 { require_message_authenticator = no secret = "Test" shortname = "test-switch" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/raddb/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/raddb/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/raddb/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/raddb/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/raddb/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/raddb/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/raddb/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/raddb/modules/unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/raddb/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/raddb/certs" pem_file_type = yes private_key_file = "/etc/raddb/certs/server.pem" certificate_file = "/etc/raddb/certs/server.pem" CA_file = "/etc/raddb/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/raddb/certs/dh" random_file = "/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/raddb/certs/bootstrap" cache { enable = no lifetime = 24 max_entries = 255 } verify { } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "gtc" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/raddb/modules/files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/raddb/modules/radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server proxy-inner-tunnel { # from file /etc/raddb/sites-enabled/proxy-inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking post-proxy {...} for more modules to load } # modules } # server server { # from file /etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/raddb/modules/digest Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/raddb/modules/preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/raddb/modules/detail detail { detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.accounting_response" from file /etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=13, length=151 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x0201000c016d676d69746368 Message-Authenticator = 0xfff47d69fb565addee12523ae360276e NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 13 to 134.252.100.101 port 1645 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d2230aa0cb718e7cf059aa843088 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=14, length=249 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x0202005c190016030100510100004d03014d090f99754a9aa09fb6c2ac0ab658da930045791857816716c39244be7eecb800002600390038003500160013000a00330032002f00050004001500120009001400110008000600030100 Message-Authenticator = 0x6e0724471f481d08d0c919b96767f7aa NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d2230aa0cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 92 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0051], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 020d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 14 to 134.252.100.101 port 1645 EAP-Message = 0x0103040019c000000aad160301002a0200002603014d090f71400ab631ddaeff146bf33fabfe7024cc8f8405d50c45e7773c37a6a500003900160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3130313231353137333335325a170d3131313231353137333335325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100d9c67f82dce4d0202c096f1ee45fa8a24a93c186911e7ca3e1b270468cdb2f65c0a3e75c53f4a3bed11f5807310bf542061ed09deecd032dc66bca8aef1f EAP-Message = 0x609ca824d0f4433c8183da27f5f9c06257483a9d3c2c68260867965272beaadbb6ed2e511fead11cca2f10fc2e53493dbbb387d8a394905214eeb929ae7e630ddb540b152dafef6136c350b0c53711de213c4c2f4d86a0e6414ef9ad69f54a5eb6f200c277db6aa931e88d4ab6bbedf06588dcc364838b74f280c6b10ad9e3981111366da92596c72b1944e62b5e1f69659aa4df976a58cb36281c3df3fa93e11fe13d460a770cad99cb110d895d34245eb8868f9d4e2a6841dab4fe43ecafdfe39f0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038201010090f589dd90e4c0e865 EAP-Message = 0x520c06dbdedde38b94e85bec468ae0721c109424f3d33569c7592676eb6995047e857194af65b3c55ac0d481903f18acf7a85db86329dd13b44b377f9b7552377be131109b4531f20281174f2a7b0ede173b3e62c8ec03b7ee2eb9540d08e8b9f5c5c1a1511b93e11aa95aa95f75d03d454a6addcb0c7b4f4e9bb6ead6a9cd2d8e4ee8d74b3d095a1883b8e365eb08ebf850b180352bf13a2f4c06b1480d77a70370446cd35cfeb729146223832aa8022b08039cd3cb91fa32f2d9550d356951e87d563dc14f10da17516fe99fc5618543838cfff153d70f5fed7972dc3202b54f63290c65f1ceee6fd110e54ea94e8e93bdbe1135f2bd0004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d2230ba1cb718e7cf059aa843088 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=15, length=163 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x020300061900 Message-Authenticator = 0x44f24e6fe9c42608d4e627ae696bf53d NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d2230ba1cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 15 to 134.252.100.101 port 1645 EAP-Message = 0x010403fc194000bb3d0f8116926fbe300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3130313231353137333335325a170d3131313231353137333335325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100cbc8ca1cb787a478cd1a14b6a887e32a8bd6e3616abbb16e4bd9cccabf3e9421f35b7c4f1f6637972023d9ca9283e5e33b1ad968f7bb9ba7613e2f17c56cf7a87ea0e42cc45c1ef7f2adf40b55869a925dc94050826d62e31657e20ed5f4c16218338c49f3a3ab4fa84facbe834ac4 EAP-Message = 0x66dcaf382fe61faa71cd4a593027aa04fda6de7473a8853cd1ee3615bd0ab1f3c3ff93fb92a51f4f0d300472c28eaaebc2b0646ab8ad0ff17a07232ad0084876b6a5b7da7f225aa9f23db6739594d61e496e71549f13a0ca47ae530ce7cb2458dd7520dd7913b5fd5131deadfad9965715227993282611eb79aa1b1b76692942c89cda7b9ffb7a073dd53904ca2ae7bf850203010001a381fb3081f8301d0603551d0e0416041474f599b81fd78e00931669387bfe1a7b4870e4343081c80603551d230481c03081bd801474f599b81fd78e00931669387bfe1a7b4870e434a18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900bb3d0f8116926fbe300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100caeafede55d0d432fb77f0fa1c8344c78347223e7e18e371d1ac4ea857137cd11b976423199e6ef403052219c29f01a7327b93063ad619bbb009732bb48ffe9589f719e34f1fd23b50d1170fc667b9e9db32 EAP-Message = 0x1bd7363d349e0898 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d22308a6cb718e7cf059aa843088 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=16, length=163 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x020400061900 Message-Authenticator = 0x9efe32076646fa05d4935ab0454b2d32 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d22308a6cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 16 to 134.252.100.101 port 1645 EAP-Message = 0x010502c719005ec683609ed024b287f567e4d64a3fc7d1f2e521cca96db28fc953ca044b17025d0fffc622d11f7a4c1c8c32c6c530f2114dcc6bdcdfb1dfe39b484fb5ac267b75627a4ad9fe2d186f843fad90cd654c60b4c4448e0b067eef69d03f788bab9eef8cef463763cb012b32d64ca4bcda6000b870081a09283c2bca01ff250c5698112bd93e72c2006ce87bd55ac5b8835956a5a791336aa4bb13887386c913984d59f32483ce86160301020d0c0002090080fc9acf09408c0fb7291137c25fb429bc7a168c8f5cff13535f6c59b0d613143d3613060d91e69f7063a1a1fb05279f76689045bd337cc0055ce33708e784810193f210d97bb4 EAP-Message = 0x01fa3ce07e57d8f9b47fda401b5259c4dcdcdf668de5b45edbaf5f2323b9afe21a5fe91a314372af66b97937d53e27646dc144847eccdb43ed230001020080a4e19b3d876141ee6dcab3a399d4be695916aabf169ed7a4a95d0df02dae653ecf00388e54e7b204b7b9d0ecf4235f81f14263a1c5f4b57c100be2641d75a218d5911960d7b17e731ffe78588a6396d7ef2679719b714197c7d5576e3466c83b8fb42be26b3bccf36bc384f1a6d5a48705ac66446e3e5c9e96bb81e2bbb34e7801004f34ce2d47e7b6c056242abc778bb911542711047b8e107aa09f096c62b24467fd9c8b5defede787e275543393437cf7512adf5396483f5656554849 EAP-Message = 0x15682d05bf5e02b20669398839f081064563db387a44c32cf3b1ab9c2ca2c218482ec6e132b0bbf9cdd3eefc2a6a19c6152e22dc78a9fbb91c4b2e673e74d41bafea14432af277a9a35eac72250706622107a81eec23f44649494f9c1cb9a56ee057a9d7ac66ddb106ec4333703da0dec56ba3321dde97a059e3b0bf6d8a646be2833eb68cbd0b2066701339100b76d8fe61cffcb77ab39ecf5a7c1a911815f686ff35fdada6fc6c7990170e3a08a6dae931900161d3132c6bffd0d0e77255dfc7e02af916030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d22309a7cb718e7cf059aa843088 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=17, length=361 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x020500cc19001603010086100000820080260c98ad95d05c3f6d43065b84ea9035d539330250625e8dbc6ba3df6ab433ec1df18bfeac8abfb695b2480df71439270ca777928a8bb2a5cd11d4194f06900dc5c24617bd1ad94769750e34741a54f82778b7379d76a76f1a7d74b7ca353765d29ba4d0624b37b1064bc7f6182db29b141040317b93508fe8f7dec817158bec1403010001011603010030790ff0638fa3dab6ea239cb6270504dc81ae4cfe1c916dccc2cbc205d21bdabfec046eb4033c6a782919fe95e1b762fd Message-Authenticator = 0x664d7e9278ea342ce4b764610141cb2b NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d22309a7cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 204 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 17 to 134.252.100.101 port 1645 EAP-Message = 0x01060041190014030100010116030100300f24ad21bcb20b197c8c331a1454ae5cfb148a3b52bd49058807bea9ab3f6cfe9970873032e245c75f0bb6f3497eb266 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d2230ea4cb718e7cf059aa843088 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=18, length=163 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x020600061900 Message-Authenticator = 0x21e58c0c30402dd15914c2f101514f24 NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d2230ea4cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 18 to 134.252.100.101 port 1645 EAP-Message = 0x0107002b19001703010020598cb7d843234db29292fd06a18df1d74e45608280818e156732be210abf6006 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0aa2d2230fa5cb718e7cf059aa843088 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 134.252.100.101 port 1645, id=19, length=237 User-Name = "mgmitch" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1C-B0-AB-3D-81" Calling-Station-Id = "00-16-D3-22-CD-24" EAP-Message = 0x02070050190017030100200842c33f1f23bbc06e236ad99df23be2624ddd7bdc31399e68f415942cabdb1a170301002029dd3cffcc960257563b3ac74f5789158e7ac623e544986ff7bcdc75f1944fbf Message-Authenticator = 0x2c9342d1d678d60374bfb6e0dabff1af NAS-Port-Type = Ethernet NAS-Port = 50101 NAS-Port-Id = "GigabitEthernet1/0/1" State = 0x0aa2d2230fa5cb718e7cf059aa843088 NAS-IP-Address = 134.252.100.101 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - mgmitch [peap] Got inner identity 'mgmitch' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0207000c016d676d69746368 server { PEAP: Setting User-Name to mgmitch Sending tunneled request EAP-Message = 0x0207000c016d676d69746368 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "mgmitch" server { # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "mgmitch", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 12 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry DEFAULT at line 1 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server [peap] Got tunneled reply code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type gtc [eap] Not-EAP proxy set. Not composing EAP ++[eap] returns handled PEAP: Tunneled authentication will be proxied to test PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. [eap] Tunneled session will be proxied. Not doing EAP. ++[eap] returns handled WARNING: Empty pre-proxy section. Using default return values. Sending Access-Request of id 8 to 134.252.100.4 port 1812 User-Name = "mgmitch" NAS-IP-Address = 134.252.100.101 Proxy-State = 0x3139 Proxying request 6 to home server 134.252.100.4 port 1812 Sending Access-Request of id 8 to 134.252.100.4 port 1812 User-Name = "mgmitch" NAS-IP-Address = 134.252.100.101 Proxy-State = 0x3139 Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. rad_recv: Access-Reject packet from host 134.252.100.4 port 1812, id=8, length=24 Proxy-State = 0x3139 # Executing section post-proxy from file /etc/raddb/sites-enabled/default +- entering group post-proxy {...} [eap] Doing post-proxy callback [eap] Passing reply from proxy back into the tunnel. Segmentation fault [root@mackeral-dev raddb]# [root@mackeral-dev raddb]# [root@mackeral-dev raddb]# -- View this message in context: http://freeradius.1045715.n5.nabble.com/PEAP-EAP-GTC-proxy-tp3305142p3306797... Sent from the FreeRadius - User mailing list archive at Nabble.com.