Hi list, Still setting up a freeradius for eduroam -- internally it is working fine EAP, TTLS and al, however when proxying/connecting to the eduroam, everything seems ok in freeradius logs, however, eapol_test finishes with an error (WARNING: PMK mismatch -- MPPE keys OK: 0 mismatch: 1 FAILURE). Although in this example I have a certificate expired on the other side, I also have another roaming accounting that also has the same behaviour, so it is not the cause, I think. Any hints? I will send bellow eapol_test output and freeradius logs. Best regards, Rui radius2:/opt/bin/eduroam# /opt/bin/eapol_test -c peap-mschapv2-roaming.conf -s passsssss Reading configuration file 'peap-mschapv2-roaming.conf' Line: 4 - start of a new network block ssid - hexdump_ascii(len=7): 65 64 75 72 6f 61 6d eduroam key_mgmt: 0x1 eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00 identity - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt anonymous_identity - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt password - hexdump_ascii(len=9): 72 30 61 6d 31 73 63 74 33 xxxxxxxxxxxx phase2 - hexdump_ascii(len=16): 61 75 74 68 65 61 70 3d 4d 53 43 48 41 50 56 32 autheap=MSCHAPV2 Priority group 0 id=0 ssid='eduroam' Authentication server 127.0.0.1:1812 RADIUS local address: 127.0.0.1:28963 EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using anonymous identity - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=23) TX EAP -> RADIUS - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=144 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=25 Value: 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74 Attribute 80 (Message-Authenticator) length=18 Value: 6a 6b 09 f3 d6 fe 46 19 27 3d 6c 52 8b e4 d7 d8 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 46 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=46 Attribute 79 (EAP-Message) length=8 Value: 01 01 00 06 19 21 Attribute 80 (Message-Authenticator) length=18 Value: e9 81 26 23 af d2 1d 4c 27 b9 8b 22 de 6f 4c 3e STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=6) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 EAP: Initialize selected EAP method: vendor 0 method 25 (PEAP) TLS: Phase2 EAP types - hexdump(len=40): 00 00 00 00 04 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 TLS: using phase1 config options CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected EAP: EAP entering state METHOD SSL: Received packet(len=6) - Flags 0x21 EAP-PEAP: Start (server ver=1, own ver=1) EAP-PEAP: Using PEAP version 1 SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read server hello A SSL: SSL_connect - want more data SSL: 95 bytes pending from ssl_out SSL: 95 bytes left to be sent out (of total 95 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=101) TX EAP -> RADIUS - hexdump(len=101): 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=222 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=103 Value: 02 01 00 65 19 01 16 03 01 00 5a 01 00 00 56 03 01 4f 15 9d a5 c5 f6 73 f8 76 01 d3 a8 bc f8 c4 9c c6 c6 6b 00 f2 e8 64 9e 61 c6 ca 79 f8 c2 40 d6 00 00 28 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 Attribute 80 (Message-Authenticator) length=18 Value: f0 b0 e8 1c 6c 14 d7 5f 5c 8f 09 b2 d1 97 11 43 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 1056 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=1 length=1056 Attribute 79 (EAP-Message) length=255 Value: 01 02 03 f2 19 c1 00 00 06 7b 16 03 01 00 4a 02 00 00 46 03 01 4f 15 9d a5 99 7d 3a e2 a2 6d e1 67 75 9e 63 ff 0e b1 51 b0 1a 9a f1 54 39 b0 8d 0d e9 ca d2 a7 20 9d a9 c9 17 2f b2 10 0a 4a 20 1e 59 9a 2e 44 6f 43 1f cf d0 27 3f 48 40 55 68 72 ba b3 d6 1e d4 00 35 00 16 03 01 06 1e 0b 00 06 1a 00 06 17 00 03 3a 30 82 03 36 30 82 02 1e a0 03 02 01 02 02 01 09 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d 30 35 30 32 31 35 31 36 31 31 33 38 5a 17 0d 30 37 30 32 30 35 31 36 31 31 33 38 5a 30 81 83 31 1e 30 1c 06 03 55 04 03 13 15 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74 31 0f 30 0d 06 03 55 04 08 13 06 4c 69 73 62 6f 61 Attribute 79 (EAP-Message) length=255 Value: 31 0b 30 09 06 03 55 04 06 13 02 50 54 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 31 0d 30 0b 06 03 55 04 0a 13 04 46 43 43 4e 31 14 30 12 06 03 55 04 0b 13 0b 54 65 6c 65 6d 61 74 69 63 6f 73 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 3e 40 c6 96 ba 2d 59 73 54 f1 dc af ac 4b 6f c9 7b dd 38 cd 22 8f 08 b5 a1 f8 93 59 87 59 e5 4e 94 50 b8 c4 06 21 72 fe 5f dc 3b d1 d8 a4 fe f2 00 94 42 96 21 4c ae 25 44 d7 bc 9a 55 2f 46 8a 32 ca f7 a7 30 b0 63 df 20 2b c0 a0 ef f2 7d d8 dd 24 ec 2a 4b 21 2b a9 f7 d2 a6 01 17 0c 43 fc e3 41 ad 68 91 2b 82 7d 41 4c 5e be 05 db 1b 1f ce ad 3d 68 aa bb e4 bc fa 4a 60 a2 d8 36 e4 10 5e 87 32 df fc 77 84 e5 c0 Attribute 79 (EAP-Message) length=255 Value: 0b dc b9 58 19 11 1e 89 b8 1c da 83 e9 bd 6d 73 10 5d 24 34 ed 27 72 53 aa 68 87 24 a9 24 ed c1 3d 2a 37 17 2e d3 0f af 40 81 26 07 6d 88 9b 1a fc 72 d6 f6 eb fc 14 c1 6f fe 0b 61 80 bc 94 cd 86 c0 e8 f8 1c dc 76 2f f8 6f 88 04 fb 80 b9 b7 72 74 73 fb aa 27 4d 01 e9 99 de e3 29 81 e8 ed bb b9 b1 a6 89 03 cf 0c a6 f6 1a 2c 96 0b 0a 4a 79 bb c7 c4 1e 1d 02 03 01 00 01 a3 17 30 15 30 13 06 03 55 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 c5 6c ce 4f 56 41 ec 0b 80 6b 37 6e 95 95 3b 6e 9a a0 b2 4e 18 5d 4e bd 38 8c 28 72 ab ec bc 27 c7 4d 34 5d 4e 3e be d7 25 14 64 97 e9 fd 00 e0 fb f6 d0 ec bf 05 12 17 45 2a 67 c1 4e 97 f3 00 75 7d ea f0 3a 24 d8 d8 39 88 95 8c 01 59 bd 30 27 05 c8 52 3a Attribute 79 (EAP-Message) length=253 Value: 0a 97 b9 21 4b a6 3b fb 06 f7 92 98 98 56 fe 53 ec 6f b9 97 93 b3 5e 8d fc 75 98 47 77 a6 78 53 77 58 dd 5c 52 7a 9d ae 2c 77 33 9c cb 61 a7 1c 3a 22 ac 54 03 1a 36 99 1b b5 82 83 27 69 a4 a9 65 6a f1 8a 04 f4 10 53 e0 e5 9f 91 0d bc 70 82 61 d7 49 e3 cc cc ef 86 1d 6b 44 53 6e 90 16 d7 8b 22 47 2e 7d 53 b3 0e 1f 24 01 0f ce 86 4e 12 6a b4 fb 54 53 b5 99 1a a9 d6 77 dc 66 d8 04 c0 da 9a 12 27 5d 38 eb c4 d7 ac 2c 86 93 a9 12 e4 9d 13 4f 01 73 1b 16 ec 39 f5 3b ff d2 c0 78 4e 44 3b 59 f9 dd 71 8e d1 3b f2 50 00 02 d7 30 82 02 d3 30 82 01 bb a0 03 02 01 02 02 09 00 cf 11 a4 0b 54 c2 30 de 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 1e 17 0d Attribute 80 (Message-Authenticator) length=18 Value: dc 80 67 84 43 16 0e b0 a4 ae e3 24 a7 dc 77 3c STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=2 len=1010) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=1010) - Flags 0xc1 SSL: TLS Message Length: 1659 SSL: Need 659 bytes more input data SSL: Building ACK (type=25 id=2 ver=1) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 02 00 06 19 01 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=127 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 02 00 06 19 01 Attribute 80 (Message-Authenticator) length=18 Value: 6b 8c 7e b6 90 e5 56 8f fb 63 df c3 5a 6b 75 8e Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 709 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=2 length=709 Attribute 79 (EAP-Message) length=255 Value: 01 03 02 99 19 01 30 35 30 32 31 35 31 34 34 35 31 39 5a 17 0d 30 36 30 32 31 35 31 34 34 35 31 39 5a 30 20 31 1e 30 1c 06 09 2a 86 48 86 f7 0d 01 09 01 16 0f 70 73 69 6d 6f 65 73 40 66 63 63 6e 2e 70 74 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 ce 05 f6 73 da ef 56 db 29 f8 b2 71 5f 3d 95 05 f0 db 08 d7 da d1 5b f7 c1 2e 34 96 e2 ce 99 91 54 18 3e 50 62 ef 8a fe 1c f2 44 97 e2 32 81 ad 74 ed 31 d7 b4 5c 33 3c 21 2a c8 54 e2 49 03 8b 25 f9 39 81 cb f8 24 37 e7 90 a9 ef 7d 51 0b c5 a9 10 1f 50 50 d1 bd 32 d4 03 b9 0e 4f 93 0b ad 3f 3c e7 bc c3 7b 30 21 b3 bc 34 ec 80 c1 09 fb e5 dd 2f 07 dc fe f8 38 3c aa 36 9b 77 7b 64 4f 29 b7 f2 09 31 6b c8 19 60 db 25 dd 19 ce 05 25 87 85 bd d4 07 56 cb 05 Attribute 79 (EAP-Message) length=255 Value: db ba f4 08 97 fa 98 fe d6 86 8c 40 78 f3 49 48 d7 c3 97 24 95 11 e2 dd af 1f 0c b0 3f 13 e8 51 1d a7 42 fb 46 16 ac 9f ad 9b 9e 61 3b 05 e2 50 9c fd a2 12 b4 96 43 c9 93 c0 5f c1 db e5 b5 23 d0 b4 b3 3b a3 de b6 00 d0 f8 f6 cb cf 32 e4 12 63 b8 17 07 d9 2e 5e 80 71 cd 18 59 f2 7c 09 4d 67 eb be 6e 3c 07 9f 75 02 03 01 00 01 a3 10 30 0e 30 0c 06 03 55 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 82 01 01 00 11 3b 6f b8 cb 0a 39 42 78 f3 5a 5d 11 8c b9 87 70 78 00 08 0a 36 33 a4 d0 65 8d 86 f0 00 e4 6a 7e aa d5 13 6a fe cb 91 0f 5d 65 17 fe 36 87 8c 5f 81 24 8f 38 85 61 db 0f 02 7e b2 1c 26 03 7b af 28 41 2a 08 85 ff fc 8e d6 4d 92 7b 9d f2 6a c3 9f 00 02 bb 06 73 35 63 10 61 47 5f 64 2e 66 a3 36 6a f1 4c a9 55 97 37 c0 Attribute 79 (EAP-Message) length=161 Value: a2 74 62 41 2c a6 e6 06 74 a1 b0 c4 c8 d0 d4 78 a3 b4 55 26 84 97 46 93 fb ad 38 70 bf ef 25 9a d1 ab 68 3d 6d 50 fa 35 4e 14 02 5b b3 81 e2 2f a7 26 49 dc 33 fa 76 dc 12 52 6e 46 9e fe 39 df 0c 24 ae f5 96 a8 46 4b 3e 5a b1 47 67 44 b5 fb eb 6c 42 7d 66 3f 8e b1 bc 10 49 9b 1d b4 28 b7 7c 59 0a 00 a1 e9 f0 85 c5 a7 db 25 f6 52 1e 8c 93 93 9b 25 f7 d8 ff 90 02 4e 93 fd c0 4a 56 54 83 76 3e 78 60 b3 59 56 a6 81 08 75 c4 51 b3 6d cb 40 e5 c0 1c 5a 16 03 01 00 04 0e 00 00 00 Attribute 80 (Message-Authenticator) length=18 Value: b7 46 fb 5b cb 21 63 7d d7 f0 c0 55 4d e5 8f 1d STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=3 len=665) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=3 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=665) - Flags 0x01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server hello A TLS: tls_verify_cb - preverify_ok=1 err=19 (self signed certificate in certificate chain) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes@fccn.pt' CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes@fccn.pt' TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes@fccn.pt' CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes@fccn.pt' TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=1 buf='/emailAddress=psimoes@fccn.pt' CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/emailAddress=psimoes@fccn.pt' TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes@fccn.pt/O=FCCN/OU=Telematicos' CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes@fccn.pt/O=FCCN/OU=Telematicos' TLS: tls_verify_cb - preverify_ok=1 err=10 (certificate has expired) ca_cert_verify=0 depth=0 buf='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes@fccn.pt/O=FCCN/OU=Telematicos' CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=rad-cv-testes.fccn.pt/ST=Lisboa/C=PT/emailAddress=psimoes@fccn.pt/O=FCCN/OU=Telematicos' SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server certificate A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read server done A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write client key exchange A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write change cipher spec A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 write finished A SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 flush data SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv3 read finished A SSL: SSL_connect - want more data SSL: 326 bytes pending from ssl_out SSL: 326 bytes left to be sent out (of total 326 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=332) TX EAP -> RADIUS - hexdump(len=332): 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=3 length=455 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=255 Value: 02 03 01 4c 19 01 16 03 01 01 06 10 00 01 02 01 00 60 a5 f9 2f d4 3c 90 f5 ac 6c 65 0b 35 08 f7 d3 79 02 ec 80 aa b3 10 97 d1 dc b3 4f ef aa c6 7b 1e 92 c1 68 8e 0a f5 2f 67 89 67 d0 06 5c 96 7b 1d 4d af 4c 6f d7 79 83 e7 0a 50 8a da 6f 4d f1 fc a8 1d fa a5 df e0 09 e9 40 9a 21 91 15 98 06 51 71 52 9b 23 55 f2 f8 e5 ae c6 8f b8 a2 83 cf 16 d3 48 06 f1 c7 78 ed bc 25 d2 8a a9 8b dd b4 03 30 9c 3c 43 f2 4b 43 ab 17 e6 22 e6 c6 6c 63 82 a7 30 c3 79 f2 17 6e 60 96 8b 96 b9 ba 44 1a 96 93 41 1b 1e b4 8d 65 cd 1a dd aa 70 a2 f1 14 4f 92 ab 04 7b 5e a2 8a 59 39 d7 d5 13 b2 d7 19 06 79 40 59 2c 7f 71 c4 a3 49 80 9b 36 e7 88 db 5d 06 d8 02 a7 25 3a ac d4 ca 21 27 1a 53 d2 d9 60 f8 ca ab 68 8f 31 75 7b 79 31 4e e2 bb a3 cf 1d b0 a5 37 56 ca a8 b1 5b 42 10 be Attribute 79 (EAP-Message) length=81 Value: 46 85 91 65 fb 8b e3 76 bd ff 84 d8 6d e2 dd cd 05 fa 86 9c 14 03 01 00 01 01 16 03 01 00 30 cd 1e 4a 5d 45 6d 24 e4 50 55 1f e6 e2 03 c9 73 79 42 27 98 fd 4b 44 8b 99 7e db ca ef e1 22 9b bb 6f ae 9a fb 2a 43 4c 57 dc 4d c0 94 53 d9 8e Attribute 80 (Message-Authenticator) length=18 Value: b9 1f da af 64 06 b0 73 3b 7f 91 e9 48 3e e6 57 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 109 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=3 length=109 Attribute 79 (EAP-Message) length=71 Value: 01 04 00 45 19 81 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 e2 76 e3 ef cd bf 27 37 9f ac dd a9 33 78 d6 b5 8b 06 72 00 7a 0e ff dc e0 79 0f 2f 37 ac 3d d9 a8 10 e3 4b 17 93 2a 35 28 a4 37 c3 3f da 12 c5 Attribute 80 (Message-Authenticator) length=18 Value: d4 c1 65 3a f0 b2 e1 80 ce bb f0 8d 86 ff 54 17 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.16 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=4 len=69) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=4 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=69) - Flags 0x81 SSL: TLS Message Length: 59 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv3 read finished A SSL: (where=0x20 ret=0x1) SSL: (where=0x1002 ret=0x1) SSL: 0 bytes pending from ssl_out SSL: No Application Data included SSL: No data to be sent out EAP-PEAP: TLS done, proceed to Phase 2 EAP-PEAP: using label 'client EAP encryption' in key derivation EAP-PEAP: Derived key - hexdump(len=64): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78 5a 3c 4b 88 19 71 fe c1 7e c4 a5 04 5c c0 25 36 fe a7 ca a2 b6 33 97 eb e8 f7 e5 f7 04 9a 1e 9f SSL: Building ACK (type=25 id=4 ver=1) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 04 00 06 19 01 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=4 length=127 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 02 04 00 06 19 01 Attribute 80 (Message-Authenticator) length=18 Value: b9 a8 9d dd 12 bd ae f0 a7 70 5a 26 e2 64 9d c4 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 83 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=4 length=83 Attribute 79 (EAP-Message) length=45 Value: 01 05 00 2b 19 01 17 03 01 00 20 d2 ab 6c 49 63 f5 00 3a bf bf d7 fe 09 fb 32 f9 45 5f ef 30 c3 69 aa 7c 25 93 6f bf d3 bd 09 3a Attribute 80 (Message-Authenticator) length=18 Value: 66 d1 f4 59 59 7d 90 59 67 c6 df 28 8b cc 82 ef STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=5 len=43) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=5 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=43) - Flags 0x01 EAP-PEAP: received 37 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=5): 01 00 00 05 01 EAP-PEAP: received Phase 2: code=1 identifier=0 length=5 EAP-PEAP: Phase 2 Request: type=1 EAP: using real identity - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt EAP-PEAP: Encrypting Phase 2 data - hexdump(len=23): 02 00 00 17 01 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74 SSL: 90 bytes left to be sent out (of total 90 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=96) TX EAP -> RADIUS - hexdump(len=96): 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=5 length=217 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=98 Value: 02 05 00 60 19 01 17 03 01 00 20 61 86 fa 5a 58 25 2e 3a 08 61 3e b2 b5 95 c3 f5 30 fa 6e 4f 31 ea 49 b3 81 59 96 af e3 40 69 7b 17 03 01 00 30 fa bd ef 3c 38 48 3f aa 0b 2a 9e 07 b8 9c a9 b0 33 31 90 67 46 a4 ad 8d dd 4a 89 4c 64 57 04 cd 56 63 e1 dc 6a 26 2c 5f 04 a3 b7 e3 71 7c c4 81 Attribute 80 (Message-Authenticator) length=18 Value: 11 4a 60 a4 56 bc 8f 75 e7 c3 23 88 57 ba ea d7 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 131 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=5 length=131 Attribute 79 (EAP-Message) length=93 Value: 01 06 00 5b 19 01 17 03 01 00 50 b8 e4 19 3b 90 e3 a5 c7 32 0f a8 d4 15 dd 4d 7b 47 a3 84 0a cf 4a d7 02 45 5d c9 48 18 6e ff 4d 1c 58 ce 6a ce 9d bb a2 7c de 87 20 99 2c c8 68 e7 e7 31 d0 98 92 47 d9 a8 8a 88 e6 5f 59 1d 5e 2c a5 e5 ae 0c 61 47 e6 ee bf aa e8 dd bd d3 49 Attribute 80 (Message-Authenticator) length=18 Value: 38 d0 0a 86 1a 73 ed 22 31 4a 56 f0 d9 02 93 3b STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=6 len=91) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=6 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=91) - Flags 0x01 EAP-PEAP: received 85 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=47): 01 01 00 2f 1a 01 01 00 2a 10 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 63 6e 2e 70 74 EAP-PEAP: received Phase 2: code=1 identifier=1 length=47 EAP-PEAP: Phase 2 Request: type=26 EAP-PEAP: Selected Phase 2 EAP vendor 0 method 26 EAP-MSCHAPV2: RX identifier 1 mschapv2_id 1 EAP-MSCHAPV2: Received challenge EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=21): 72 61 64 2d 63 76 2d 74 65 73 74 65 73 2e 66 63 rad-cv-testes.fc 63 6e 2e 70 74 cn.pt EAP-MSCHAPV2: Generating Challenge Response MSCHAPV2: Identity - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt MSCHAPV2: Username - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt MSCHAPV2: auth_challenge - hexdump(len=16): 98 20 2f 14 94 b5 56 d5 c0 12 dc cc 88 df 09 eb MSCHAPV2: peer_challenge - hexdump(len=16): 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c MSCHAPV2: username - hexdump_ascii(len=18): 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e iscte@roam.fccn. 70 74 pt MSCHAPV2: password - hexdump_ascii(len=9): 72 30 61 6d 31 73 63 74 33 xxxxxxxx MSCHAPV2: NT Response - hexdump(len=24): cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16 MSCHAPV2: Auth Response - hexdump(len=20): d9 ff 32 e7 61 1a f9 d4 0b ed a5 60 ed b2 ac 43 9c 58 4f 94 MSCHAPV2: Master Key - hexdump(len=16): ab b4 d5 57 32 57 f2 f2 42 b0 1a 13 20 27 fc e8 EAP-MSCHAPV2: TX identifier 1 mschapv2_id 1 (response) EAP-PEAP: Encrypting Phase 2 data - hexdump(len=77): 02 01 00 4d 1a 02 01 00 48 31 0f 8e 0a f4 55 31 35 02 5f ae ad 9c e5 80 18 9c 00 00 00 00 00 00 00 00 cc d4 11 73 9e 23 ce 86 3a 44 bb c9 88 55 33 e5 95 94 81 3f cd 30 be 16 00 69 73 63 74 65 40 72 6f 61 6d 2e 66 63 63 6e 2e 70 74 SSL: 154 bytes left to be sent out (of total 154 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=160) TX EAP -> RADIUS - hexdump(len=160): 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=6 length=281 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=162 Value: 02 06 00 a0 19 01 17 03 01 00 20 c2 6f 7a 73 72 5d f8 64 d5 b8 0e 51 de 31 4c 98 0b db 15 5a 80 ea ee 9e b7 2a 47 fd fd 18 68 d7 17 03 01 00 70 2c c2 d6 6f 3e e6 ca 76 15 50 67 98 32 7d 38 86 29 09 26 0b 34 7e 3b 78 db d6 f3 6f 78 23 4a df 34 7d 23 57 b9 fe f6 8f ea e8 9b 28 bb d8 52 a2 92 1d cc 9a 14 df b9 a0 a2 9c 59 b9 60 d6 b1 3d 83 1e 3b db bb 70 df 7b ef 3d 06 0c ec 48 67 c1 24 68 8f 40 ec 46 19 0d 2d da c1 01 f0 be c8 83 78 02 ac e1 37 38 d2 49 bb 17 d8 be 7b de 15 28 Attribute 80 (Message-Authenticator) length=18 Value: 86 77 d9 31 f7 ec dd 73 aa 83 1e 2e d1 6c 70 27 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 147 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=6 length=147 Attribute 79 (EAP-Message) length=109 Value: 01 07 00 6b 19 01 17 03 01 00 60 ae fd e3 9e 5c dd 3b 31 86 ec 76 d8 ea a8 d0 e5 f7 9a f7 6e 58 61 20 48 60 a5 bf 5b ef bd ca b2 e7 de 66 31 49 3a 3a d1 ee e9 ab 01 67 72 5c 0d 03 cf 59 c1 ed 8f 69 21 63 00 c7 19 60 b7 4b 64 2f fd 89 61 81 5f 57 8e b9 fa 59 41 ff 7c 09 01 c4 51 11 62 dd 81 5e f3 57 d1 c3 b3 05 a9 09 be Attribute 80 (Message-Authenticator) length=18 Value: 21 f5 36 e6 26 05 7c 36 4a 58 96 ad 96 bd 9e 12 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.08 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=7 len=107) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=7 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=107) - Flags 0x01 EAP-PEAP: received 101 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=61): 01 02 00 3d 1a 03 01 00 38 53 3d 44 39 46 46 33 32 45 37 36 31 31 41 46 39 44 34 30 42 45 44 41 35 36 30 45 44 42 32 41 43 34 33 39 43 35 38 34 46 39 34 20 4d 3d 73 75 63 63 65 73 73 EAP-PEAP: received Phase 2: code=1 identifier=2 length=61 EAP-PEAP: Phase 2 Request: type=26 EAP-MSCHAPV2: RX identifier 2 mschapv2_id 1 EAP-MSCHAPV2: Received success EAP-MSCHAPV2: Success message - hexdump_ascii(len=9): 4d 3d 73 75 63 63 65 73 73 M=success EAP-MSCHAPV2: Authentication succeeded EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 02 00 06 1a 03 SSL: 74 bytes left to be sent out (of total 74 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=80) TX EAP -> RADIUS - hexdump(len=80): 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=7 length=201 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=82 Value: 02 07 00 50 19 01 17 03 01 00 20 5e c8 6f 50 06 1b 70 cd a3 3e 35 15 6c 11 7a 5e 33 c5 7c fd e5 8b 3e 69 f7 e4 5c 25 60 8a 93 de 17 03 01 00 20 a0 fb ce 5c 33 f0 04 95 c8 1c 3d 55 d7 64 b7 54 c0 57 c0 05 92 4a e8 08 f5 19 24 45 d9 ac 1b 38 Attribute 80 (Message-Authenticator) length=18 Value: ec 20 4b 31 88 04 44 92 f6 14 da f8 2e 49 7c 8e Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 83 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=7 length=83 Attribute 79 (EAP-Message) length=45 Value: 01 08 00 2b 19 01 17 03 01 00 20 f4 80 cb 7c 9b 7b 52 c1 c8 1d b2 ce fd cc 8b b7 37 ad a5 86 04 db b5 ad ed f2 3a 93 fe 48 7b 11 Attribute 80 (Message-Authenticator) length=18 Value: 30 50 52 80 65 07 9c 63 55 6e ea 2d 85 8f 05 8e STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.06 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=8 len=43) from RADIUS server: EAP-Request-PEAP (25) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=8 method=25 vendor=0 vendorMethod=0 EAP: EAP entering state METHOD SSL: Received packet(len=43) - Flags 0x01 EAP-PEAP: received 37 bytes encrypted data for Phase 2 EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 08 00 0b 21 80 03 00 02 00 01 EAP-PEAP: received Phase 2: code=1 identifier=8 length=11 EAP-PEAP: Phase 2 Request: type=33 EAP-TLV: Received TLVs - hexdump(len=6): 80 03 00 02 00 01 EAP-TLV: Result TLV - hexdump(len=2): 00 01 EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 08 00 0b 21 80 03 00 02 00 01 SSL: 74 bytes left to be sent out (of total 74 bytes) EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=80) TX EAP -> RADIUS - hexdump(len=80): 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7 Encapsulating EAP message into a RADIUS packet Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=8 length=201 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=82 Value: 02 08 00 50 19 01 17 03 01 00 20 83 65 79 c5 60 67 65 82 9d 19 63 b0 34 5e 3f 5e 84 6b bd af 7b fb 66 44 c4 e8 10 5e a8 18 62 5c 17 03 01 00 20 14 a9 d2 aa 5a f2 7e 8f 9c 2a 10 9d a9 ff 19 01 90 db 4e b0 c3 69 f1 8a ac 6e d8 57 a4 83 1a a7 Attribute 80 (Message-Authenticator) length=18 Value: 2f db bf 8d 3f 07 fd 8a 21 e6 a5 10 25 31 af 43 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 180 bytes from RADIUS server Received RADIUS message RADIUS message: code=2 (Access-Accept) identifier=8 length=180 Attribute 79 (EAP-Message) length=6 Value: 03 08 00 04 Attribute 80 (Message-Authenticator) length=18 Value: 24 b5 20 6c e8 0f e1 3f 56 82 bb ce 26 f2 54 d2 Attribute 1 (User-Name) length=20 Value: 'iscte@roam.fccn.pt' Attribute 26 (Vendor-Specific) length=58 Value: 00 00 01 37 10 34 80 75 a6 7d 39 0e 6d eb 0d dd c6 f8 d6 37 d3 27 95 f6 21 d9 1c 5a 28 94 a9 70 d0 48 b2 08 9a 6a 69 79 63 7c 0f 6b 11 9a 07 39 78 ab a0 c8 08 82 4a fc Attribute 26 (Vendor-Specific) length=58 Value: 00 00 01 37 11 34 8d 18 62 8a 92 c9 d6 f9 31 5c 70 1e 82 24 ee e0 a3 b4 ea 12 aa c5 98 08 43 23 b1 95 f7 8e f6 2c 9b 50 7c f8 02 76 c3 84 98 4b 7d 4b 46 37 2f 3f a7 d6 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.05 sec RADIUS packet matching with station MS-MPPE-Send-Key (sign) - hexdump(len=32): fe 03 b8 a7 4c c7 a2 64 85 b4 ef 6d d8 ef d9 58 b3 eb 6c f6 0f 2c c7 25 38 0e c3 24 8b 72 0a ef MS-MPPE-Recv-Key (crypt) - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48 decapsulated EAP packet (code=3 id=8 len=4) from RADIUS server: EAP Success EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required WPA: EAPOL processing complete EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=1 EAPOL: Successfully fetched key (len=32) PMK from EAPOL - hexdump(len=32): b5 3a 8c 7f 8f 17 d1 1b a8 b8 a1 3d ca fa ba 06 85 9b ad f5 82 7d 23 76 dd 6a 43 ba 9c 1c ec 78 WARNING: PMK mismatch PMK from AS - hexdump(len=32): e7 aa d7 72 cb 0f ab 27 8c 9a 9a 46 6f 50 2d d4 b8 e1 83 3c 9b 11 66 a4 c5 fe 14 52 84 f2 ad 48 EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE FREERADIUS -X LOGS ……………………………. radius2:~# freeradius -X FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/f_ticks including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/status including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 256000 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 0 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 1 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } realm iscte.pt { authhost = LOCAL accthost = LOCAL } realm teste.iscte.pt { authhost = LOCAL accthost = LOCAL } realm ~.*\.iscte\.intranet { } realm ~.*\.iul\.intra { } realm ~.*\.iscte\.pt { } realm NULL { } realm DEFAULT { nostrip ldflag = round_robin authhost = 193.136.192.43:1812 accthost = 193.136.192.43:1813 secret = testeradiusfccn2 } realm DEFAULT { ldflag = round_robin authhost = 193.136.192.44:1812 accthost = 193.136.192.44:1813 secret = testeradiusfccn2 } # realm DEFAULT radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "xxxxxxxxx" nastype = "other" } client 193.136.188.36 { ipaddr = 193.136.188.36 netmask = 32 require_message_authenticator = no secret = "xxxxxxxx" nastype = "other" } client 10.10.66.18/32 { ipaddr = 10.10.66.18 netmask = 32 require_message_authenticator = no secret = "wdsiscte" shortname = "nut" nastype = "other" } client 10.10.65.0/24 { require_message_authenticator = no secret = "xxxxxxxx" shortname = "rede1_aps" nastype = "cisco" } client 10.10.66.0/24 { require_message_authenticator = no secret = "xxxxxxxxx" shortname = "rede2_aps" nastype = "cisco" } client 10.10.32.35/32 { require_message_authenticator = no secret = "xxxxxxxxxxx" shortname = "syslog" nastype = "other" } client 193.136.192.43 { require_message_authenticator = no secret = "xxxxxxxxx" shortname = "proxyNacional1" } client 193.136.192.44 { require_message_authenticator = no secret = "xxxxxxxxxx" shortname = "proxyNacional2" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server status { # from file /etc/freeradius/sites-enabled/status modules { Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/freeradius/modules/always always ok { rcode = "ok" simulcount = 0 mpp = no } } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{%{Stripped-User-Name}:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --domain=IUL --nt-response=%{mschap:NT-Response:-00}" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "mschap" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "xxxxxxxxxx" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" cache { enable = no lifetime = 24 max_entries = 255 } verify { } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = no include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } [/etc/freeradius/users]:6 WARNING! Check item "Stripped-User-Name" found in reply item list for user "DEFAULT". This attribute MUST go on the first line with the other check items [/etc/freeradius/users]:35 WARNING! Changing 'Reply-Message =' to 'Reply-Message ==' for comparing RADIUS attribute in check item list for user DEFAULT Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking pre-proxy {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "reply_log" from file /etc/freeradius/modules/detail.log detail reply_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_ldap Module: Instantiating module "ldap" from file /etc/freeradius/modules/ldap ldap { server = "10.10.32.14" port = 389 password = "xxxxxxxx" identity = "CN=xxxxxxxx,CN=Users,DC=xxxxx,DC=xxxxx" net_timeout = 10 timeout = 4 timelimit = 3 tls_mode = no start_tls = no tls_require_cert = "allow" tls { start_tls = no require_cert = "allow" } basedn = "cn=Users,dc=wiscte,dc=wfarm" filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})" base_filter = "(objectclass=radiusprofile)" auto_header = no access_attr_used_for_allow = yes rebind = yes groupname_attribute = "sAMAccountName" groupmembership_filter = "(sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}})" groupmembership_attribute = "memberOf" dictionary_mapping = "/etc/freeradius/ldap.attrmap" ldap_debug = 0 ldap_connections_number = 5 compare_check_items = no do_xlat = yes edir_account_policy_check = no set_auth_type = no } rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/freeradius/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP sambaLmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP sambaNtPassword mapped to RADIUS NT-Password rlm_ldap: LDAP dBCSPwd mapped to RADIUS LM-Password rlm_ldap: LDAP userPassword mapped to RADIUS Password-With-Header rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x8f50208 Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { # from file /etc/freeradius/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Instantiating module "auth_log" from file /etc/freeradius/modules/detail.log detail auth_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Checking preacct {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_counter Module: Instantiating module "daily" from file /etc/freeradius/modules/counter counter daily { filename = "/etc/freeradius/db.daily" key = "User-Name" reset = "daily" count-attribute = "Acct-Session-Time" counter-name = "Daily-Session-Time" check-name = "Max-Daily-Session" reply-name = "Session-Timeout" allowed-servicetype = "Framed-User" cache-size = 5000 } rlm_counter: Counter attribute Daily-Session-Time is number 11276 rlm_counter: Current Time: 1326816675 [2012-01-17 16:11:15], Next reset 1326844800 [2012-01-18 00:00:00] Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Instantiating module "sradutmp" from file /etc/freeradius/modules/sradutmp radutmp sradutmp { filename = "/var/log/freeradius/sradutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 420 callerid = no } Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking pre-proxy {...} for more modules to load Module: Instantiating module "pre_proxy_log" from file /etc/freeradius/modules/detail.log detail pre_proxy_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.pre-proxy" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.pre-proxy { attrsfile = "/etc/freeradius/attrs.pre-proxy" key = "%{Realm}" } Module: Checking post-proxy {...} for more modules to load Module: Instantiating module "post_proxy_log" from file /etc/freeradius/modules/detail.log detail post_proxy_log { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating module "attr_filter.post-proxy" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.post-proxy { attrsfile = "/etc/freeradius/attrs" key = "%{Realm}" } Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_linelog Module: Instantiating module "f_ticks" from file /etc/freeradius/modules/f_ticks linelog f_ticks { filename = "syslog" format = "" reference = "f_ticks.%{%{reply:Packet-Type}:-format}" } } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 193.136.188.36 port = 0 } listen { type = "acct" ipaddr = 193.136.188.36 port = 0 } listen { type = "status" ipaddr = * port = 18120 client admin { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "xxxxxxxxxx" } client admin2 { ipaddr = 193.136.188.36 require_message_authenticator = no secret = "xxxxxxxxx" } client syslog { ipaddr = 10.10.32.35 require_message_authenticator = no secret = "xxxxxxxxx" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 1812 } listen { type = "acct" ipaddr = 127.0.0.1 port = 1813 } Listening on authentication address 193.136.188.36 port 1812 Listening on accounting interface eth0 address 193.136.188.36 port 1813 Listening on status address * port 18120 as server status Listening on authentication address 127.0.0.1 port 1812 as server inner-tunnel Listening on accounting address 127.0.0.1 port 1813 as server inner-tunnel Listening on proxy address 193.136.188.36 port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=0, length=144 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074 Message-Authenticator = 0x6a6b09f3d6fe4619273d6c528be4d7d8 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 102 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x30 Proxying request 0 to home server 193.136.192.44 port 1812 Sending Access-Request of id 102 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200001701697363746540726f616d2e6663636e2e7074 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x30 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=102, length=49 EAP-Message = 0x010100061921 Message-Authenticator = 0x9d3192b332a0c590e6d83c3b4e3380bf Proxy-State = 0x30 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 0 to 127.0.0.1 port 28963 EAP-Message = 0x010100061921 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=1, length=222 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 Message-Authenticator = 0xf0b0e81c6c14d75f5c8f09b2d1971143 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 88 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x31 Proxying request 1 to home server 193.136.192.44 port 1812 Sending Access-Request of id 88 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100651901160301005a0100005603014f159da5c5f673f87601d3a8bcf8c49cc6c66b00f2e8649e61c6ca79f8c240d600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x31 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=88, length=1059 EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61 EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0 EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d Message-Authenticator = 0xeae477a143ccf9b691e2096ea5103711 Proxy-State = 0x31 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 1 to 127.0.0.1 port 28963 EAP-Message = 0x010203f219c10000067b160301004a0200004603014f159da5997d3ae2a26de167759e63ff0eb151b01a9af15439b08d0de9cad2a7209da9c9172fb2100a4a201e599a2e446f431fcfd0273f4840556872bab3d61ed4003500160301061e0b00061a00061700033a308203363082021ea003020102020109300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d3035303231353136313133385a170d3037303230353136313133385a308183311e301c060355040313157261642d63762d7465737465732e6663636e2e7074310f300d060355040813064c6973626f61 EAP-Message = 0x310b3009060355040613025054311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074310d300b060355040a13044643434e31143012060355040b130b54656c656d617469636f7330820122300d06092a864886f70d01010105000382010f003082010a02820101009c3e40c696ba2d597354f1dcafac4b6fc97bdd38cd228f08b5a1f893598759e54e9450b8c4062172fe5fdc3bd1d8a4fef200944296214cae2544d7bc9a552f468a32caf7a730b063df202bc0a0eff27dd8dd24ec2a4b212ba9f7d2a601170c43fce341ad68912b827d414c5ebe05db1b1fcead3d68aabbe4bcfa4a60a2d836e4105e8732dffc7784e5c0 EAP-Message = 0x0bdcb95819111e89b81cda83e9bd6d73105d2434ed277253aa688724a924edc13d2a37172ed30faf408126076d889b1afc72d6f6ebfc14c16ffe0b6180bc94cd86c0e8f81cdc762ff86f8804fb80b9b7727473fbaa274d01e999dee32981e8edbbb9b1a68903cf0ca6f61a2c960b0a4a79bbc7c41e1d0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100c56cce4f5641ec0b806b376e95953b6e9aa0b24e185d4ebd388c2872abecbc27c74d345d4e3ebed725146497e9fd00e0fbf6d0ecbf051217452a67c14e97f300757deaf03a24d8d83988958c0159bd302705c8523a EAP-Message = 0x0a97b9214ba63bfb06f792989856fe53ec6fb99793b35e8dfc75984777a678537758dd5c527a9dae2c77339ccb61a71c3a22ac54031a36991bb582832769a4a9656af18a04f41053e0e59f910dbc708261d749e3ccccef861d6b44536e9016d78b22472e7d53b30e1f24010fce864e126ab4fb5453b5991aa9d677dc66d804c0da9a12275d38ebc4d7ac2c8693a912e49d134f01731b16ec39f53bffd2c0784e443b59f9dd718ed13bf2500002d7308202d3308201bba003020102020900cf11a40b54c230de300d06092a864886f70d01010405003020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e7074301e170d Message-Authenticator = 0x00000000000000000000000000000000 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=2, length=127 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061901 Message-Authenticator = 0x6b8c7eb690e5568ffb63dfc35a6b758e server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 52 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061901 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x32 Proxying request 2 to home server 193.136.192.43 port 1812 Sending Access-Request of id 52 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061901 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x32 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=52, length=712 EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05 EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0 EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000 Message-Authenticator = 0xd1399986b0591af190302a3c02203cab Proxy-State = 0x32 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 2 to 127.0.0.1 port 28963 EAP-Message = 0x0103029919013035303231353134343531395a170d3036303231353134343531395a3020311e301c06092a864886f70d010901160f7073696d6f6573406663636e2e707430820122300d06092a864886f70d01010105000382010f003082010a0282010100ce05f673daef56db29f8b2715f3d9505f0db08d7dad15bf7c12e3496e2ce999154183e5062ef8afe1cf24497e23281ad74ed31d7b45c333c212ac854e249038b25f93981cbf82437e790a9ef7d510bc5a9101f5050d1bd32d403b90e4f930bad3f3ce7bcc37b3021b3bc34ec80c109fbe5dd2f07dcfef8383caa369b777b644f29b7f209316bc81960db25dd19ce05258785bdd40756cb05 EAP-Message = 0xdbbaf40897fa98fed6868c4078f34948d7c397249511e2ddaf1f0cb03f13e8511da742fb4616ac9fad9b9e613b05e2509cfda212b49643c993c05fc1dbe5b523d0b4b33ba3deb600d0f8f6cbcf32e41263b81707d92e5e8071cd1859f27c094d67ebbe6e3c079f750203010001a310300e300c0603551d13040530030101ff300d06092a864886f70d01010405000382010100113b6fb8cb0a394278f35a5d118cb987707800080a3633a4d0658d86f000e46a7eaad5136afecb910f5d6517fe36878c5f81248f388561db0f027eb21c26037baf28412a0885fffc8ed64d927b9df26ac39f0002bb067335631061475f642e66a3366af14ca9559737c0 EAP-Message = 0xa27462412ca6e60674a1b0c4c8d0d478a3b4552684974693fbad3870bfef259ad1ab683d6d50fa354e14025bb381e22fa72649dc33fa76dc12526e469efe39df0c24aef596a8464b3e5ab1476744b5fbeb6c427d663f8eb1bc10499b1db428b77c590a00a1e9f085c5a7db25f6521e8c93939b25f7d8ff90024e93fdc04a565483763e7860b35956a6810875c451b36dcb40e5c01c5a16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 2. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=3, length=455 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e Message-Authenticator = 0xb91fdaaf6406b0733b7f91e9483ee657 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 153 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x33 Proxying request 3 to home server 193.136.192.44 port 1812 Sending Access-Request of id 153 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0203014c1901160301010610000102010060a5f92fd43c90f5ac6c650b3508f7d37902ec80aab31097d1dcb34fefaac67b1e92c1688e0af52f678967d0065c967b1d4daf4c6fd77983e70a508ada6f4df1fca81dfaa5dfe009e9409a21911598065171529b2355f2f8e5aec68fb8a283cf16d34806f1c778edbc25d28aa98bddb403309c3c43f24b43ab17e622e6c66c6382a730c379f2176e60968b96b9ba441a9693411b1eb48d65cd1addaa70a2f1144f92ab047b5ea28a5939d7d513b2d719067940592c7f71c4a349809b36e788db5d06d802a7253aacd4ca21271a53d2d960f8caab688f31757b79314ee2bba3cf1db0a53756caa8b15b4210be EAP-Message = 0x46859165fb8be376bdff84d86de2ddcd05fa869c1403010001011603010030cd1e4a5d456d24e450551fe6e203c97379422798fd4b448b997edbcaefe1229bbb6fae9afb2a434c57dc4dc09453d98e Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x33 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=153, length=112 EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5 Message-Authenticator = 0x37c8aa8ca78cbde6982e905ea1ba80d0 Proxy-State = 0x33 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 3 to 127.0.0.1 port 28963 EAP-Message = 0x0104004519810000003b1403010001011603010030e276e3efcdbf27379facdda93378d6b58b0672007a0effdce0790f2f37ac3dd9a810e34b17932a3528a437c33fda12c5 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 3. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=4, length=127 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061901 Message-Authenticator = 0xb9a89ddd12bdaef0a7705a26e2649dc4 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 43 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061901 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x34 Proxying request 4 to home server 193.136.192.43 port 1812 Sending Access-Request of id 43 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400061901 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x34 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=43, length=86 EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a Message-Authenticator = 0x410568e4497fe7939e091ac47ed1ed0e Proxy-State = 0x34 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 4 to 127.0.0.1 port 28963 EAP-Message = 0x0105002b19011703010020d2ab6c4963f5003abfbfd7fe09fb32f9455fef30c369aa7c25936fbfd3bd093a Message-Authenticator = 0x00000000000000000000000000000000 Finished request 4. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=5, length=217 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481 Message-Authenticator = 0x114a60a456bc8f75e7c3238857baead7 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 56 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x35 Proxying request 5 to home server 193.136.192.43 port 1812 Sending Access-Request of id 56 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02050060190117030100206186fa5a58252e3a08613eb2b595c3f530fa6e4f31ea49b3815996afe340697b1703010030fabdef3c38483faa0b2a9e07b89ca9b03331906746a4ad8ddd4a894c645704cd5663e1dc6a262c5f04a3b7e3717cc481 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x35 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=56, length=134 EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349 Message-Authenticator = 0x68749e4c5e76f8af20c589c4cd89f1e3 Proxy-State = 0x35 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 5 to 127.0.0.1 port 28963 EAP-Message = 0x0106005b19011703010050b8e4193b90e3a5c7320fa8d415dd4d7b47a3840acf4ad702455dc948186eff4d1c58ce6ace9dbba27cde8720992cc868e7e731d0989247d9a88a88e65f591d5e2ca5e5ae0c6147e6eebfaae8ddbdd349 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 5. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=6, length=281 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528 Message-Authenticator = 0x8677d931f7ecdd73aa831e2ed16c7027 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 9 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x36 Proxying request 6 to home server 193.136.192.43 port 1812 Sending Access-Request of id 9 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020600a019011703010020c26f7a73725df864d5b80e51de314c980bdb155a80eaee9eb72a47fdfd1868d717030100702cc2d66f3ee6ca7615506798327d38862909260b347e3b78dbd6f36f78234adf347d2357b9fef68feae89b28bbd852a2921dcc9a14dfb9a0a29c59b960d6b13d831e3bdbbb70df7bef3d060cec4867c124688f40ec46190d2ddac101f0bec8837802ace13738d249bb17d8be7bde1528 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x36 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.43 port 1812, id=9, length=150 EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be Message-Authenticator = 0x60351fa43a0b55f031e4eafd0c37dc69 Proxy-State = 0x36 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 6 to 127.0.0.1 port 28963 EAP-Message = 0x0107006b19011703010060aefde39e5cdd3b3186ec76d8eaa8d0e5f79af76e5861204860a5bf5befbdcab2e7de6631493a3ad1eee9ab0167725c0d03cf59c1ed8f69216300c71960b74b642ffd8961815f578eb9fa5941ff7c0901c4511162dd815ef357d1c3b305a909be Message-Authenticator = 0x00000000000000000000000000000000 Finished request 6. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=7, length=201 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38 Message-Authenticator = 0xec204b3188044492f614daf82e497c8e server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 79 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x37 Proxying request 7 to home server 193.136.192.44 port 1812 Sending Access-Request of id 79 to 193.136.192.44 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02070050190117030100205ec86f50061b70cda33e35156c117a5e33c57cfde58b3e69f7e45c25608a93de1703010020a0fbce5c33f00495c81c3d55d764b754c057c005924ae808f5192445d9ac1b38 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x37 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Challenge packet from host 193.136.192.44 port 1812, id=79, length=86 EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11 Message-Authenticator = 0x9af5db8ede876b1959f0d34034ab8531 Proxy-State = 0x37 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { } # server inner-tunnel Sending Access-Challenge of id 7 to 127.0.0.1 port 28963 EAP-Message = 0x0108002b19011703010020f480cb7c9b7b52c1c81db2cefdcc8bb737ada58604dbb5adedf23a93fe487b11 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 7. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 28963, id=8, length=201 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7 Message-Authenticator = 0x2fdbbf8d3f07fd8a21e6a5102531af43 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "roam.fccn.pt" for User-Name = "iscte@roam.fccn.pt" [suffix] Found realm "DEFAULT" [suffix] Adding Realm = "DEFAULT" [suffix] Proxying request from user iscte to realm DEFAULT [suffix] Preparing to proxy authentication request to realm "DEFAULT" ++[suffix] returns updated ++[control] returns updated [eap] Request is supposed to be proxied to Realm LOCAL. Not doing EAP. ++[eap] returns noop [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT [files] expand: %{Realm} -> DEFAULT ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop } # server inner-tunnel # Executing section pre-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group pre-proxy {...} ++[files] returns noop Sending Access-Request of id 172 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x38 Proxying request 8 to home server 193.136.192.43 port 1812 Sending Access-Request of id 172 to 193.136.192.43 port 1812 User-Name = "iscte@roam.fccn.pt" NAS-IP-Address = 127.0.0.1 Calling-Station-Id = "02-00-00-00-00-01" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0208005019011703010020836579c5606765829d1963b0345e3f5e846bbdaf7bfb6644c4e8105ea818625c170301002014a9d2aa5af27e8f9c2a109da9ff190190db4eb0c369f18aac6ed857a4831aa7 Message-Authenticator = 0x00000000000000000000000000000000 Proxy-State = 0x38 Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Accept packet from host 193.136.192.43 port 1812, id=172, length=183 EAP-Message = 0x03080004 Message-Authenticator = 0x6edc227038f16b2d8a8ca2bd26310465 User-Name = "iscte@roam.fccn.pt" MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48 Proxy-State = 0x38 # Executing section post-proxy from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-proxy {...} [eap] No pre-existing handler found ++[eap] returns noop server inner-tunnel { Found Auth-Type = Accept Auth-Type = Accept, accepting the user Login OK: [iscte@roam.fccn.pt/<no User-Password attribute>] (from client localhost port 0 cli 02-00-00-00-00-01) # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group post-auth {...} [reply_log] expand: /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d -> /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117 [reply_log] /var/log/freeradius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/127.0.0.1/reply-detail-20120117 [reply_log] expand: %t -> Tue Jan 17 16:11:17 2012 ++[reply_log] returns ok ++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) ) ?? Evaluating (Realm == "iscte.pt" ) -> FALSE ?? Evaluating (Realm == "teste.iscte.pt" ) -> FALSE ++? if (( Realm == "iscte.pt" ) || ( Realm == "teste.iscte.pt" ) ) -> FALSE } # server inner-tunnel Sending Access-Accept of id 8 to 127.0.0.1 port 28963 EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "iscte@roam.fccn.pt" MS-MPPE-Send-Key = 0xfe03b8a74cc7a26485b4ef6dd8efd958b3eb6cf60f2cc725380ec3248b720aef MS-MPPE-Recv-Key = 0xe7aad772cb0fab278c9a9a466f502dd4b8e1833c9b1166a4c5fe145284f2ad48 Finished request 8. Going to the next request Waking up in 4.4 seconds. ^C radius2:~#