rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=204, length=216 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x0201000a017465737431 Message-Authenticator = 0xe6779e106762bcbc7fc6bd6cc8085350 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 204 to 192.168.225.110 port 32770 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7713961f0cae58d860d864cbf Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=205, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020200060319 State = 0x713b6cb7713961f0cae58d860d864cbf Message-Authenticator = 0x2129c09897a63325a77232a341d016f6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry test1 at line 173 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 205 to 192.168.225.110 port 32770 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7703875f0cae58d860d864cbf Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=206, length=329 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x0203006919800000005f160301005a01000056030153094435e1248bf43acb9364d15157f38ef20afac3c1ff459e173e79430de30600002800390038003500160013000a00330032002f000500040015001200090014001100080006000300ff020100000400230000 State = 0x713b6cb7703875f0cae58d860d864cbf Message-Authenticator = 0x3c7203091e2a767e2cd46fe3429c3f66 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 105 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0035], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 07e5], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 206 to 192.168.225.110 port 32770 EAP-Message = 0x0104040019c0000009bf16030100350200003103015309441f92c4d6c0f0c41a2b133d59349ec24f1e3dd2365034a56a603d3fbe2c000039000009ff010001000023000016030107e50b0007e10007de0003df308203db308202c3a003020102020102300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d31 EAP-Message = 0x33313232353132353235305a170d3134313232353132353235305a308193310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e65743110300e060355040b130753657276657273311a3018060355040313117261646975732e62656c6c75742e6e65743120301e06092a864886f70d01090116117365727665724062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100cb4786994b449b8a9c5bcf4798b27e4ad8604540a13fc83f8eae0ffdd85db353ce4e8472c92c4d4e01d3f2 EAP-Message = 0xbf0b9b29d8fbc0373ed56483bed82efcea87f6086d448778cc9e1073fcc86fc1fa7809b1a9580a48fb9e580aa9d6f7ef1010566bcfa964997a00f54dae27e42efa13a965e4d0a84fd7a9509b00d39c0e1b811a69dda3630a512b28854a4243c1704e18e9702c50fcc81172160c4a6c27c69fa5b68842df779bf33a002fc0bc4d3284f109ddd447620f6685d0e0d6edcaf58a3fe4690996d26f11cdebefdd52ca4173db81458796fcdc0a781e483abe534e618410b35be42622cbc424cccd4445467b158da33aa2acb9cbd14318f2d791a3192463390203010001a3483046300f0603551d11040830068704c0a8e10730130603551d25040c300a06082b EAP-Message = 0x06010505070301301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d0101050500038201010018341317f2fb362959dfd6de7f954c4851ca93f3e956c9b7a0caed3b9d68237938b2186dc4c15e5df5bc8e22ab3a3ab7605397436bfac31c78ccace423d8cbffcb1929d1d7e86455b28303c01bd12d017d10a4d38b7de95284a92cca07a91ce482d4e3d639bf36a246c2738ae77b37d3d04bcd9ea38053b7c4b44475f069a842fa5540083adb97c92a0636af5431170e528798c21c893afa0ca7fd6f171db091ceda1c1dde6c3c53cf3ffa74e5452373f2a4420a86ec51835f1e90f0ea942f6aa113 EAP-Message = 0x8a8816c7284801c65782ec34 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7733f75f0cae58d860d864cbf Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=207, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020400061900 State = 0x713b6cb7733f75f0cae58d860d864cbf Message-Authenticator = 0x8d8cfbed14bd8616d67cf97cce1e9356 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 207 to 192.168.225.110 port 32770 EAP-Message = 0x010503fc1940813bd4a0af69f6c42454671ef43d861815c7161169b4a5134dc29b7c3a94dd00fd374389bea7bc26fe9c92ae0cd5010c1ea50003f9308203f5308202dda003020102020101300d06092a864886f70d0101050500308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e6574301e170d3133313232353132343531335a170d32333132323331323435 EAP-Message = 0x31335a308183310b3009060355040613024445310c300a060355040813034e52573111300f06035504071308446f72746d756e6431133011060355040a130a62656c6c75742e6e6574310b3009060355040b13024341311330110603550403130a62656c6c75742e6e6574311c301a06092a864886f70d010901160d43414062656c6c75742e6e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b5f6d60368abaf2d893b6e578414b7b12b4e3a9c02ef11684aca9c09fb6741c4e37bbea9fa05ec634687190cfcc155c78e0ce51d8dd42ccf895277ea844792af5f1f36e9ddca12a0c4c29467075f5441d26b30 EAP-Message = 0x31fd6b25bb7b27ca59ffeeb8656b4d4ae16027a3788cf65d6e602b148de9c52e72534acbc0e5d290f50981e3243ff5df6a6518bee07ec4174b669e3691ac28e456aac6a6fd92023a96642f579d176b2f7288f30fdad59077c876ca656d569b6f322f3644e031af8a4327ebe17c00bc9231be001bce462e00620cbb5f0b0966870cd900644ea82cd85f6a780cb22c887fb9bd1c91a9920c1fb5708326817e43a49473df27d1d2f111693e70b4610203010001a3723070300f0603551d130101ff040530030101ff301d0603551d0e04160414ca807faad8496bfc2e9e6dae67d105c2ee04c8d4300b0603551d0f040403020106301106096086480186f8 EAP-Message = 0x420101040403020007301e06096086480186f842010d0411160f786361206365727469666963617465300d06092a864886f70d010105050003820101002e6a0e584cce19ea36b2293a4ed18adc6bf8fd8d2bd273e419fdb13eeb1cd1c7b41de06ae30c1d2ce065e9ad2378a31e61902f58eed22a1b94802412b4767d13487853ad39c273323078dc8cdc07b99b3b4f7e28d3b47737295b98f91c3056e0bf4612be71c3337a0413bf12c2630de3099e4ebafc00db4925c6a887ed1d263d262ad717937870858f541f47b40d4e9d523cc25cac618235bc9d1719cf887edc3573df9e582762aac4a55fbfbb78379adea421b06693723ab6fb784bd348059e EAP-Message = 0x29d4893d8c42aaf9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7723e75f0cae58d860d864cbf Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=208, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020500061900 State = 0x713b6cb7723e75f0cae58d860d864cbf Message-Authenticator = 0x78a3af4863a48fc287b3afb1c3107e38 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 208 to 192.168.225.110 port 32770 EAP-Message = 0x010601d91900f5c2e96a0e9664f74a459562fff56b31552daba5b018fec2d3ab1501bd59526690f0cdf38dfb482c3c97b864151bd5db3d126dddb3d63fc6160301018d0c0001890040e2fddb80f2668b34eb9f1f6651f13e17d9ec405e7497c6f572b16233384711d07b758ba1282ef87b3550e73fe299b0c2794757ba89ba148c626bac5ab5df02e700010500403b20b8fd4c2a4405bb808df8d72b29be7ca0fac2bedfa5e50ad58d739056d2dc818a726ed56e06605ea93d5ef130e05e53bd5e446b1e7225238e45e706f308d201004a178aa45739683acf13a7cc77f1f2880e12fb871b84be2f37436fa6b877e0f557af543c58abd636f4c4ff09b0 EAP-Message = 0x787c544da7acc3aa21481d6adc15866528a0e333fcfb2acf7a668f903878cf933765081e29ce54246bb163c75fa64e8065718a82b21b173c1167326d168f79806450da87f8d086404445f4fda1c9cdbb20130e147a4fc0cd01bba791e63c8da2b569e34e9c3a602130e69b611f8f454cc926bccf78ebc8782005b048148ed1aaad6ff3292629082ff24c3998cf260eb1de779a258ade6cc56509d695f7132de8bc2414ff6e8deb97e6a172518df4199e9a3d829faeb28acfca2adb41ec27ee9ba951b2f2d010d983a79d01788fc63caf6ed8a416030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7753d75f0cae58d860d864cbf Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=209, length=368 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020600901980000000861603010046100000420040af24aec814fdac1c7f09f5fb00d35c100460e36dd5bee0babd122d88d680b7964517ee587a6d33de2067b308162bcc5f1e76c049c066f046f7ea392f31cc65c9140301000101160301003064eaae1e5c1db05fc2757f6d21763a098748410e46295ba4f74c7fef5c41ea3409a7ea26691fb88c9041a0cbea4c54f2 State = 0x713b6cb7753d75f0cae58d860d864cbf Message-Authenticator = 0xbf33182e95ce257e82f839fdbc3c05fc +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 Handshake [length 00aa]??? [peap] TLS_accept: SSLv3 write session ticket A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 209 to 192.168.225.110 port 32770 EAP-Message = 0x010700f0190016030100aa040000a60000000000a07b261dc6bacf562c69d34b96fe5777daa39c3bbe2681c7b4c8199aad49579c47205a059c759fe5a6bbd2c45c1989a9c7d95b8609d9a6af24d822bc4ee8188135e987950495866b04590cb8da887c139774affe086438faa50845d695fb9b294153c86f167510bec452e8d52c7fad99c10c20a9c3f6b18d132b15cc01da53bb829a392119bc503ea25dc940911498cd945323989890623649bf207e7a14c3416014030100010116030100309714be978904215117ed406481b6b3e741d68012f2807ed6b1591f606d5e0485b9cec55f381556c75f614dacbda64dcb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7743c75f0cae58d860d864cbf Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=210, length=230 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020700061900 State = 0x713b6cb7743c75f0cae58d860d864cbf Message-Authenticator = 0x5cace8eb6cd014c3cfc73b31efd1bdbc +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 210 to 192.168.225.110 port 32770 EAP-Message = 0x0108002b190017030100207b311514c36dd13d9f20da1c3b1a9f26abc727168a424cf898a8ff3c951a0606 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7773375f0cae58d860d864cbf Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=211, length=304 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x02080050190017030100204645a30a5b06899ca2f5fe0ac3242e90ff526141edb80a019c4fd3115a451476170301002008bcd16f248aeafe2b7d3d58509712b7ae2256bfe374eb1a41a68c2c821746d6 State = 0x713b6cb7773375f0cae58d860d864cbf Message-Authenticator = 0xe470a09584fd82372493a924070d5d81 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - test1 [peap] Got tunneled request EAP-Message = 0x0208000a017465737431 server { PEAP: Got tunneled identity of test1 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to test1 Sending tunneled request EAP-Message = 0x0208000a017465737431 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test1" server { +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server [peap] Got tunneled reply code 11 EAP-Message = 0x0109001f1a0109001a107d6d0e2befe8963f7f0fd38ff6f049767465737431 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6ad1a8676ad8b2489a3b38f793f59205 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0109001f1a0109001a107d6d0e2befe8963f7f0fd38ff6f049767465737431 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6ad1a8676ad8b2489a3b38f793f59205 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 211 to 192.168.225.110 port 32770 EAP-Message = 0x0109003b19001703010030ca3cf317ad166dcaa8ab4913405925acc25203a96f952fb7022150c06d11d32d1b61bcb71c6de9af454c2818ee731ed3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7763275f0cae58d860d864cbf Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=212, length=368 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x02090090190017030100205fb0a58ae2c8142015c882adba079b1b788dfe6c5e64e4316a8582be142b517517030100603ff3511ba6f4c8bf3b15c3b102891adcfb23a8a3c5ad51837ebcea6b764f3103b451d438f869fbea7ee670057862fa817c9ccf7c67b27e491cff386bda5f3533641c264e525489d3dedca83ccdf48114031995694ef361b6812d5b6a2fff230f State = 0x713b6cb7763275f0cae58d860d864cbf Message-Authenticator = 0x2d9b585c9608b9155a30b1c646c1f6a6 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900401a0209003b3178e098e04f02b236fcead04fa2581f6c000000000000000074ba9accfcfd5463c735b9fa7754afa73946d70befda06ec007465737431 server { PEAP: Setting User-Name to test1 Sending tunneled request EAP-Message = 0x020900401a0209003b3178e098e04f02b236fcead04fa2581f6c000000000000000074ba9accfcfd5463c735b9fa7754afa73946d70befda06ec007465737431 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "test1" State = 0x6ad1a8676ad8b2489a3b38f793f59205 server { +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 64 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for test1 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2 Login incorrect: [test1/] (from client wlc port 0 via TLS tunnel) , NAS: , Station: , Auth-Type: EAP, EAP-Type: MS-CHAP-V2 } # server [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 212 to 192.168.225.110 port 32770 EAP-Message = 0x010a002b19001703010020aec406619276a3ef6571f01c389b526fdb889ede26e9742e3fea6f76ab33ae51 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x713b6cb7793175f0cae58d860d864cbf Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.225.110 port 32770, id=213, length=304 User-Name = "test1" Calling-Station-Id = "00-0e-35-0b-fa-86" Called-Station-Id = "00-23-eb-38-c0-b0:iLAN" NAS-Port = 1 Cisco-AVPair = "audit-session-id=6ee1a8c00000000b1e440953" NAS-IP-Address = 192.168.225.110 NAS-Identifier = "WLC2106" Airespace-Wlan-Id = 2 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "40" EAP-Message = 0x020a00501900170301002091118076fa001246650ff83152af2a159afb8b0a7e4e555cc392bd2ed6f2b23117030100208997b7163c58f5ce62bd7c5562860740f0c16c27b84a87a35e205065dd5eba0c State = 0x713b6cb7793175f0cae58d860d864cbf Message-Authenticator = 0x133ca2631afa245d0ae92223e33800db +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "test1", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. expand: , NAS: %{Calling-Station-Id}, Station: %{Called-Station-Id}, Auth-Type: %{control:Auth-Type}, EAP-Type: %{EAP-Type} -> , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP Login incorrect: [test1/] (from client wlc port 1 cli 00-0e-35-0b-fa-86) , NAS: 00-0e-35-0b-fa-86, Station: 00-23-eb-38-c0-b0:iLAN, Auth-Type: EAP, EAP-Type: PEAP Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> test1 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 213 to 192.168.225.110 port 32770 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.9 seconds. Cleaning up request 0 ID 204 with timestamp +14 Cleaning up request 1 ID 205 with timestamp +14 Cleaning up request 2 ID 206 with timestamp +14 Cleaning up request 3 ID 207 with timestamp +14 Cleaning up request 4 ID 208 with timestamp +14 Cleaning up request 5 ID 209 with timestamp +14 Cleaning up request 6 ID 210 with timestamp +14 Cleaning up request 7 ID 211 with timestamp +14 Cleaning up request 8 ID 212 with timestamp +14 Waking up in 1.0 seconds. Cleaning up request 9 ID 213 with timestamp +14 Ready to process requests.