This is a windows XP laptop logging in as db and the mac address is 0003:471f:9744. I was not able to find the mac address in the output, so would there need to be something that I need to configure to get this info? Where do find information on the linelog module? tnt@kalik.net wrote:
Can I get the mac address or computer name of the computer written to the log file? I see that the computer name is logged when the user is denied.
Do radiusd -X and see if mac address (computer name will not appear for user authentication) appears in the request attributes (Calling-Station-Id is the most likely). If it does, you can log it. See linelog module.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=69 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" EAP-Message = 0x02010007016462 Message-Authenticator = 0x6cf174049e73916e850b9cd445f2425b +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 7 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010200160410f43f631dda6ea458c36c654f666e7c24 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c4c49dc928a82c4f8dbb2dbf Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=86 Cleaning up request 0 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c4c49dc928a82c4f8dbb2dbf EAP-Message = 0x020200060319 Message-Authenticator = 0xbe4aa971c4100fa839166c318dd6ded1 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c5c580c928a82c4f8dbb2dbf Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=160 Cleaning up request 1 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c5c580c928a82c4f8dbb2dbf EAP-Message = 0x0203005019800000004616030100410100003d03014939381309817df59b25a5b17df37c14546f41cb32caceb84db43cb1977a8d4100001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x92c16642be16c4c8c883fabef163ce4e +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 70 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0041], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x0104040019c00000089b160301002a0200002603014939378f4f79715c33d3fcb8d151624a459b0dfe4ff75e75dfa0c57a97ab07ff00000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3038313132313132333634325a170d3039313132313132333634325a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b0d1c53761f23ed6bcbe5829ae1f7ee42bb872a471a41a406c39245c5eee1eff466b53e9c0a408c0b2193ebd6038534cf776bcca7bd5e5fb3e4523f37a3a EAP-Message = 0xf0d64da701b2c341de791bbef1dd368e05d57b2e29da4a622b4c4cec28110f2889274f38c16839070c91df46cf25df2ea57c9430b5818de736cf53198dbbfbbd612836537aee3b02d4bcdd35a6290ce04172f810ba195bbfb9b691b902efb8d7400664682d38adf5efd3b27bddaa133a34c9d37a9cff5f2457beeaa7e281640f5ea49c41ea3d4e37e6e7cec05ac5baf34f7a56e95f32347c259486a042dc8be27aaf804ba086f7f6c45126f67405f8198325f03c9d423e792c883c228c08ec49c2ab0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010405000382010100b31304040677886af3 EAP-Message = 0x46cedef774d9e364c150b372405812bd7129734528eace0193907e520ac4b8943bb8271a4371a560b86d278b555de22e7a2a85e8cfa0de9a23b3ac73d0f1942d6a7dc811864f1cdf1aac81852e10f0ea07bba51b5a88750c72066938331be9ea6a606415329df18838d45f9f770dd375ffd76f246d5a0737e2c05c08bc6e9f6e7c51194bc2268f8489282f0fbbbefabd5e9627ea615a405c3536f80b402b86f87ff9386e4fe6a4316943025fb26855646fba0c6cf5ffb71f0638efe63339715d0d5c2564ee8c85dead273ed8d0a2c642fa584cf8db1dc7a92c32b86d9a4c3a4ee9e2f9c6f34bf4ad0f933860e9493806697c50d55272b80004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c6c280c928a82c4f8dbb2dbf Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=86 Cleaning up request 2 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c6c280c928a82c4f8dbb2dbf EAP-Message = 0x020400061900 Message-Authenticator = 0xcb57c55cec7c517d2b6cf487656813a0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010503fc194000e933f589b2cf8a9f300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038313132313132333634325a170d3038313232313132333634325a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ccc29daa54a5c71b482dcf462ab915fd2de753ac7324da27dc7d9ec352897bb8bad924b8033ba4a4b23da8f479b3e28456df616968ce61063dc8e99b01990fa37ff16e1e7fa20d225e52bb1c832f9a1eed1645fa50365a74a9cd71841f06268abec5731e6d309df5eb34c139f522e5 EAP-Message = 0x919f9e1cc1670ba28debb5561f56bc6e71aaab2463325a2d0fbbba5073316a612fa3ddc10189cc94f31650011a69b0951231073b1500030c397da571ddcab803d6921d0ccb779f31ca5c56f6ccd070ea1a2ee9355cd29769861f8ffc8771449aebab34e5844b75d0a750bd07ceec98efd31a5206824b4833aa79334b48122b385b0d0208b61449fe44f1b238fa03d89df10203010001a381fb3081f8301d0603551d0e041604140c52de42b880fdc7dc21d255fc2be207fbe5a4ff3081c80603551d230481c03081bd80140c52de42b880fdc7dc21d255fc2be207fbe5a4ffa18199a48196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e933f589b2cf8a9f300c0603551d13040530030101ff300d06092a864886f70d0101050500038201010051cc8a8eadc15606b782734a28394423079b02e4a72b9fc701b840ef85001e4a3971bc70ea74df086e03c6db30b3f739408ba02bcebb7d74a722cb7a0c107b03598969ec3c75cc44e55f1ca588c3100c91d1 EAP-Message = 0x3cd7058f5a59b0ca Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c7c380c928a82c4f8dbb2dbf Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=86 Cleaning up request 3 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c7c380c928a82c4f8dbb2dbf EAP-Message = 0x020500061900 Message-Authenticator = 0x37173b6aba30f116e1fcd6d53e96390b +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010600b5190059972b202db051598212ff893b78971e21047260bec8269a3fdd020f5c9b2e875e9b20e738e834ff7a498fad311be07332acf6603ebf392b9aa1fa5adcbd8f9d33dab28fba6e2508987e38befb861ffbd1f01b823aad1e356716f702c7d0d78b773e2ab24f1b0bbfabf5f0b95e474f21c839299ac88cd3658f401899800dd48bd2ba50fa9aada70b984559335b326944e8f071670c7b1c2221d7eaad8d8bec4e43e15dd8701416030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c0c080c928a82c4f8dbb2dbf Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=402 Cleaning up request 4 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c0c080c928a82c4f8dbb2dbf EAP-Message = 0x02060140198000000136160301010610000102010002237bfe5672b9bcde15c59157a22efb23da9feb6d1f89de112098a30ecd91dcab118d3c648669603f24aec63759b3576bb39f36af0499488fde03257f3fcaf463155e8f6293f863845f1fc8ef608324c5f162a1cf68d3c1b488e5234626e6de1e4017fe4ddb407c0150dac8491f01c992c06ce7b80a9255675d755310b54b0bc326e1f761bab6b3e93a90c0e96f61842ae3d8ca4b6bbec3aba4b154a933c5818a34bbcd6a90f8cd54a3558af289309ae78f11bcea937c3fa0c29d377420ae062d98a169c992c078a67990d967d76d770adf2a6ed42ea06c3953dccd3b4fd8c4af16408c11f53d70 EAP-Message = 0xb202b05886f6e9e72e033ca94b80d26b25f60953ce05e23114030100010116030100200f510987043545e82e1971f24b11813eb17234847d9a74fd9f0ab9aac30cbb14 Message-Authenticator = 0xa555bff659a2646eae293793983303db +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 310 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010700311900140301000101160301002085517dd00f76c063c85e979cd89e2a79c96c4621985f0bad90420313b60f0778 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c1c180c928a82c4f8dbb2dbf Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=86 Cleaning up request 5 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c1c180c928a82c4f8dbb2dbf EAP-Message = 0x020700061900 Message-Authenticator = 0x15b89f3e60f5ba33ceb319cd34460358 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010800201900170301001589ad3dc08a7ecfe44d6e4f913f94a09baf106599a0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c2ce80c928a82c4f8dbb2dbf Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=110 Cleaning up request 6 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c2ce80c928a82c4f8dbb2dbf EAP-Message = 0x0208001e19001703010013d1bcc00702a0a3bcf542d967aaebbdae12296d Message-Authenticator = 0x0f53010212ba875747d9a449f48314be +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 30 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - db [peap] Got tunnled request EAP-Message = 0x02080007016462 server (null) { PEAP: Got tunneled identity of db PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to db Sending tunneled request EAP-Message = 0x02080007016462 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "db" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 7 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0109001c1a0109001710675bee5b2ceb4d7bf7cc4b868dc35a5d6462 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05ea8e8705e3949e67eba3369f01d8cb [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0109001c1a0109001710675bee5b2ceb4d7bf7cc4b868dc35a5d6462 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05ea8e8705e3949e67eba3369f01d8cb [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x01090033190017030100286fff7a6f6a41c4a59725c9dce4ad8cd38a4990df1dc0dbf937e5f12702f9d01c6c4e1c1350473e8d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974c3cf80c928a82c4f8dbb2dbf Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=164 Cleaning up request 7 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974c3cf80c928a82c4f8dbb2dbf EAP-Message = 0x02090054190017030100499b829184f088842c6e7a85463ee5a01f489219530924984de0169ccb86c43faf0acf6859660636e1facfa2ca3192318f3d0afe992745eb1be73f3a6d616a8acbeb1f4e53e27ae83104 Message-Authenticator = 0xedfe8dce463dee7ad4b9b2c7bcf853fe +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 84 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunnled request EAP-Message = 0x0209003d1a0209003831e1be910c4be80d86af472f9e74dc68300000000000000000abc52c2ca80f2469100aecdc5ac5be45e7df91778a8d1168006462 server (null) { PEAP: Setting User-Name to db Sending tunneled request EAP-Message = 0x0209003d1a0209003831e1be910c4be80d86af472f9e74dc68300000000000000000abc52c2ca80f2469100aecdc5ac5be45e7df91778a8d1168006462 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "db" State = 0x05ea8e8705e3949e67eba3369f01d8cb server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 61 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for db with NT-Password [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [mschap] WARNING: Deprecated conditional expansion ":-". See "man unlang" for details [mschap] expand: --username=%{Stripped-User-Name:-%{User-Name:-None}} -> --username=db [mschap] mschap2: 67 [mschap] expand: --challenge=%{mschap:Challenge:-00} -> --challenge=7902fb728a15bd02 [mschap] expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=abc52c2ca80f2469100aecdc5ac5be45e7df91778a8d1168 Exec-Program output: NT_KEY: 48C51DE27D32D2A8BF7F254E8D34BD38 Exec-Program-Wait: plaintext: NT_KEY: 48C51DE27D32D2A8BF7F254E8D34BD38 Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a00331a0309002e533d30393542343545424233314639324634423331384134333633423138343735343938303742343433 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05ea8e8704e0949e67eba3369f01d8cb [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a00331a0309002e533d30393542343545424233314639324634423331384134333633423138343735343938303742343433 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05ea8e8704e0949e67eba3369f01d8cb [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010a004a1900170301003ff12a6fe47b20c40575e8fbcfc89163be1ef59b3319c5adca26a0d159e7af4f3345544bfdb3879a41cc16769896a3f31cc960836ef523b911d9bf47e169c720 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974cccc80c928a82c4f8dbb2dbf Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=109 Cleaning up request 8 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974cccc80c928a82c4f8dbb2dbf EAP-Message = 0x020a001d19001703010012855c27de1b549acfa34df91ecdca58a62d6d Message-Authenticator = 0xb935a35d8e8abda7c24fd8eb24cac102 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 29 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunnled request EAP-Message = 0x020a00061a03 server (null) { PEAP: Setting User-Name to db Sending tunneled request EAP-Message = 0x020a00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "db" State = 0x05ea8e8704e0949e67eba3369f01d8cb server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 10 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [db/<via Auth-Type = EAP>] (from client linksys port 0 via TLS tunnel) } # server inner-tunnel [peap] Got tunneled reply code 2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "db" [peap] Got tunneled reply RADIUS code 2 EAP-Message = 0x030a0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "db" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 0 to 128.227.232.133 port 49155 EAP-Message = 0x010b00261900170301001b1d9cb0acf60f1112a8580a3eb5b975b5a4562dc977ed63f4640939 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4c69974cdcd80c928a82c4f8dbb2dbf Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 128.227.232.133 port 49155, id=0, length=118 Cleaning up request 9 ID 0 with timestamp +36 NAS-IP-Address = 128.227.232.133 NAS-Port-Type = Ethernet NAS-Port = 15 User-Name = "db" State = 0xc4c69974cdcd80c928a82c4f8dbb2dbf EAP-Message = 0x020b00261900170301001bef1aa91d4301bbe1fdc0b799dce0719ad4379167abe630fe97a299 Message-Authenticator = 0x0de154814807ff989649f7d3900a019a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "db", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 38 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [db/<via Auth-Type = EAP>] (from client linksys port 15) +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 0 to 128.227.232.133 port 49155 MS-MPPE-Recv-Key = 0xc4410c2bd2e93ebb0a941a7729d1852e8502c49d8534fc2fb04a6defed9d5cc4 MS-MPPE-Send-Key = 0x24163650684a8c48c1f20d09ee3b89ec226aab12d16627d00a62d376b3756e00 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "db" Finished request 10. Going to the next request Waking up in 4.9 seconds. Cleaning up request 10 ID 0 with timestamp +36 Ready to process requests.