Hello, I used a FR 1.1.0 under FreeBSD 6.0 I configure it to PEAP auth against a windows 2003 AD through ntlm_auth (samba 3.0.21b). Everything works fine, user auth, machine auth... The problem is that for some obscur reasons, some users ("jpbrunain" in this case) are unable to log in. As I saw in the radius.log, I got "rlm_mschap: External script failed.". Moreover, if I run "ntlm_auth --request-nt-key --domain=CHRT --username=jpbrunain" with the good password, I got this message: "NT_STATUS_OK: Success (0x0)"... This problem concerns only 2 users out of 20... and I don't see anything "special" concerning them on the 2003 AD... Does anyone have the problem ? Is there a way to solve it ? Regards, Jeremy eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = yes cisco_accounting_username_bug = no tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/site.pem certificate_file = ${raddbdir}/certs/site.pem CA_file = ${raddbdir}/certs/root.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random } peap { } } Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/eap.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:-DEFAULTDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = yes eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/site.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/site.pem" tls: CA_file = "/usr/local/etc/raddb/certs/root.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Thread spawned new child 1. Total threads in pool: 1 Thread spawned new child 2. Total threads in pool: 2 Thread spawned new child 3. Total threads in pool: 3 Thread spawned new child 4. Total threads in pool: 4 Thread spawned new child 5. Total threads in pool: 5 Thread pool initialized Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. Thread 1 waiting to be assigned a request Thread 2 waiting to be assigned a request Thread 3 waiting to be assigned a request Thread 4 waiting to be assigned a request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19511, id=114, length=157 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201001301434852545c6a706272756e61696e Message-Authenticator = 0x01534b3d5a6003e6f0043abf208d2b6b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 114 to 172.18.251.101 port 19511 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x259b177cc6b9cd7feec325680c4830d2 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19512, id=115, length=236 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 1, (1 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x259b177cc6b9cd7feec325680c4830d2 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202005019800000004616030100410100003d0301441588ea62f513ec38c4fab4e1a0efdc6e865acfa03c5d78aa06413d775b286300001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x49c0dd55d1ee2383821576285d5c4d26 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 115 to 172.18.251.101 port 19512 EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415891b69b91d75700e3fc447dcd019a87b74466a846931da9eb046f27dcb0920645bdb40884aa4d66b9f7fd5dd6afff8bcc1732e3518bdaa90edbb859ad2375f00040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf79c9a81fd56eea94d7aded976cd358a Finished request 1 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19513, id=116, length=162 --- Walking the entire request list --- Waking up in 5 seconds... Thread 3 got semaphore Thread 3 handling request 2, (1 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xf79c9a81fd56eea94d7aded976cd358a NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xf2a7dc863a296fcb689eb9b2ed40965f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 116 to 172.18.251.101 port 19513 EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb90b5285349681a5c34eed34d0fbaeb8 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19514, id=118, length=157 --- Walking the entire request list --- Waking up in 4 seconds... Thread 4 got semaphore Thread 4 handling request 3, (1 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201001301434852545c6a706272756e61696e Message-Authenticator = 0xf816b4d9bad6282e9eec9b457b7f4304 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 118 to 172.18.251.101 port 19514 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6e71d282039f9a121584370ef1eb4150 Finished request 3 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19515, id=119, length=236 --- Walking the entire request list --- Waking up in 3 seconds... Thread 5 got semaphore Thread 5 handling request 4, (1 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x6e71d282039f9a121584370ef1eb4150 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202005019800000004616030100410100003d0301441588ecf357a70fb2b700646f1611738ac0538a64443143b4ca5eefaad9145a00001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x26dff5886c95710d260b633bff5152f0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 119 to 172.18.251.101 port 19515 EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415891e1f3d280dd97a621a67285c3d6dd4716468a2e622e5cbbb47e8bff8f920fe66dcc00b19ebb122b0bd0ca05b88288563de2ed20d354ba84083a66e49e30300040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa7f9742dc184aa720a1b0705b78edb08 Finished request 4 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19516, id=120, length=162 Waking up in 3 seconds... Thread 1 got semaphore Thread 1 handling request 5, (2 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xa7f9742dc184aa720a1b0705b78edb08 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0x9e0984674cd75634e32e5d5e76a61246 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 120 to 172.18.251.101 port 19516 EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x9a3e7e929b077d07cfd5ff0e15ca9396 Finished request 5 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19517, id=121, length=348 Waking up in 3 seconds... Thread 2 got semaphore Thread 2 handling request 6, (2 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x9a3e7e929b077d07cfd5ff0e15ca9396 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400c01980000000b61603010086100000820080014be3684587856f6f981b15ea11158b0f3bed75c89868f9114159a8c4f5723ae8b7db39af74349880adb4ec608682d57b4bcdb12565f2019cdee86f227f54a105914387b795900c593c3a052ee27a047f580323999f9521436de7e442fa60e9dff4de90a2bdd48dcb9d7fba6a5cf5361e31b26e6d35daca0dddc2898815482d1403010001011603010020126bc0f38e0a0627ec01025b76ad05f5e6e1ab7f0251318ce36cd10173d1bbe8 Message-Authenticator = 0x1e59cd98feca39973851b6339d2012b4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 121 to 172.18.251.101 port 19517 EAP-Message = 0x0105003119001403010001011603010020c4958a39e0d8b376e76a340f749f5917b162f5535c28f34e5d2402e6dd5113cf Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8a509ab298ef8f1237ea19edaeb695e9 Finished request 6 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19518, id=122, length=162 --- Walking the entire request list --- Waking up in 2 seconds... Thread 3 got semaphore Thread 3 handling request 7, (2 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x8a509ab298ef8f1237ea19edaeb695e9 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0x9bca54ef7e51997c8e4e652b6173cfe5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 122 to 172.18.251.101 port 19518 EAP-Message = 0x0106002019001703010015d911d7637aa429cfb6f49242b0a4f800fff27699ab Message-Authenticator = 0x00000000000000000000000000000000 State = 0x749b89b9c75a3c0a3e9c5af8ba7d1288 Finished request 7 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19519, id=123, length=157 --- Walking the entire request list --- Waking up in 1 seconds... Thread 4 got semaphore Thread 4 handling request 8, (2 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201001301434852545c6a706272756e61696e Message-Authenticator = 0x625999e83e7216481b8fc5b9e2282cc3 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 123 to 172.18.251.101 port 19519 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6ff9ac8fcf10cbe4295f4d74c7f443b3 Finished request 8 Going to the next request Thread 4 waiting to be assigned a request --- Walking the entire request list --- Cleaning up request 0 ID 114 with timestamp 4415891b Cleaning up request 1 ID 115 with timestamp 4415891b Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 116 with timestamp 4415891c Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 118 with timestamp 4415891d Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 119 with timestamp 4415891e Cleaning up request 5 ID 120 with timestamp 4415891e Cleaning up request 6 ID 121 with timestamp 4415891e Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 122 with timestamp 4415891f Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:19520, id=124, length=236 --- Walking the entire request list --- Cleaning up request 8 ID 123 with timestamp 44158920 Waking up in 31 seconds... Thread 5 got semaphore Thread 5 handling request 9, (2 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x6ff9ac8fcf10cbe4295f4d74c7f443b3 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202005019800000004616030100410100003d0301441588eea92bba8456075ace53e76cca9bbc4443c6b3f59d02876ce2011ebb7d00001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x9fd5224e0de41de504cd3e99f11719a4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 124 to 172.18.251.101 port 19520 EAP-Message = 0x010303ee19c0000006af160301004a020000460301441589262286b377be54275577aedd72b10847b4791bef1aeffe4b0bdadf8b3b20f907531554da8c71c3f39a3cdbc7190f521f5987831257fbc68e6c2cc11cb0c700040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc7e1b6d1a47f879d1692e733eb79e182 Finished request 9 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19521, id=125, length=162 Waking up in 31 seconds... Thread 1 got semaphore Thread 1 handling request 10, (3 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xc7e1b6d1a47f879d1692e733eb79e182 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0xe3678c5426029d8175e1f151453cdea3 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 125 to 172.18.251.101 port 19521 EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x03e204533146f6df5a7b948fad3481c4 Finished request 10 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19522, id=126, length=348 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 11, (3 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x03e204533146f6df5a7b948fad3481c4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400c01980000000b61603010086100000820080429ec85d9aada81d6aa6c105d2fda77d176743ba65bd272238a345992be92ebd415395c8fce3271ef628a0f3c8c844406b02770043ac682b5a8e2b25032b894d34e85dab4fa68403855d707d4f642ad356f4aab5bc5bccc27a3fdbc0cfb2093f15274a757869367b6f608b6df123f69c0492d7ae41f6dd6f33c11a8a334823ed14030100010116030100204ae823b50d2350f9ae48461c18f6abc7ab8083e4ca1a10d8ae69cc702310165a Message-Authenticator = 0x274b00a00e8339d2a869a485cc06ed2e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 126 to 172.18.251.101 port 19522 EAP-Message = 0x01050031190014030100010116030100203fbb11de01ef27ed787f34097b5d3d185b5429cb62bd1a5d044ec7b9ba838968 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6b927044383b55feeb48b65586a9731b Finished request 11 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19523, id=127, length=162 --- Walking the entire request list --- Waking up in 5 seconds... Thread 3 got semaphore Thread 3 handling request 12, (3 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x6b927044383b55feeb48b65586a9731b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0x7f1b03a50a635f5e94d7004dde52e7da Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 modcall: leaving group authorize (returns updated) for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 12 modcall: leaving group authenticate (returns handled) for request 12 Sending Access-Challenge of id 127 to 172.18.251.101 port 19523 EAP-Message = 0x010600201900170301001504f6a5def3fff687a65ed7e93d4e9a233e6007e75b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xce440cff70bc3b0d52f9ed0103d1329c Finished request 12 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19524, id=128, length=198 Waking up in 5 seconds... Thread 4 got semaphore Thread 4 handling request 13, (3 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xce440cff70bc3b0d52f9ed0103d1329c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206002a1900170301001fb071ec3e8e6fd036374c109a67bff53089d124e9cdc0a3db1e66a8c7172a2d Message-Authenticator = 0xb09f0ff1cec1215739dd600d468f1921 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 rlm_eap: EAP packet type response id 6 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CHRT\jpbrunain rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of CHRT\jpbrunain PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CHRT\jpbrunain Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 rlm_eap: EAP packet type response id 6 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 Sending Access-Challenge of id 128 to 172.18.251.101 port 19524 EAP-Message = 0x0107003f1900170301003468aba24faf299cf0e287148d9b2dab1dd067476df64259821adc6c48abd930acae31a608bcb94f8472a9d56554f3dcf0e5b0993c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb6b2a36b1b7103da9e139243e6610932 Finished request 13 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19525, id=129, length=252 Waking up in 5 seconds... Thread 5 got semaphore Thread 5 handling request 14, (3 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xb6b2a36b1b7103da9e139243e6610932 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207006019001703010055d5a470f751027d6e99b883147e7575fe1652fc0073030c1c31b0307efd2c48e5c5e3722c8f82fbde298366f25bcefb4b9f75172b92ed24de08362c9f6fec89f0427d0b3201f732997aeb01d1258b30b7d249d46eb0 Message-Authenticator = 0x465e312145ccbe73b9df33208e8ad391 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 rlm_eap: EAP packet type response id 7 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CHRT\jpbrunain PEAP: Adding old state with 52 be Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 rlm_eap: EAP packet type response id 7 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 14 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: f2 rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=4cfc39bd5386a9cd --nt-response=f0f4887e245cc3352a1b6141a15e82751e586a4dd8aa5ed1' Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=4cfc39bd5386a9cd --nt-response=f0f4887e245cc3352a1b6141a15e82751e586a4dd8aa5ed1 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 14 modcall: leaving group MS-CHAP (returns reject) for request 14 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 14 modcall: leaving group authenticate (returns reject) for request 14 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 14 modcall: leaving group authenticate (returns handled) for request 14 Sending Access-Challenge of id 129 to 172.18.251.101 port 19525 EAP-Message = 0x010800261900170301001bc23334024bc9aee6b5c0ed5c372addd84565a6fcc69fdeeb63ee48 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7c15e0b7a9e583e51ad067fda35623fd Finished request 14 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19526, id=130, length=194 Waking up in 5 seconds... Thread 1 got semaphore Thread 1 handling request 15, (4 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7c15e0b7a9e583e51ad067fda35623fd NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4 Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 modcall: leaving group authorize (returns updated) for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 15 modcall: leaving group authenticate (returns invalid) for request 15 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 15 for 1 seconds Finished request 15 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19527, id=130, length=194 --- Walking the entire request list --- Sending Access-Reject of id 130 to 172.18.251.101 port 19526 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... Thread 2 got semaphore Thread 2 handling request 16, (4 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7c15e0b7a9e583e51ad067fda35623fd NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4 Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 16 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 16 modcall: leaving group authorize (returns updated) for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 16 modcall: leaving group authenticate (returns invalid) for request 16 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 16 for 1 seconds Finished request 16 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19528, id=130, length=194 --- Walking the entire request list --- Sending Access-Reject of id 130 to 172.18.251.101 port 19527 Waking up in 1 seconds... Thread 3 got semaphore Thread 3 handling request 17, (4 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7c15e0b7a9e583e51ad067fda35623fd NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bbb2c96b3003abdeff875243be379cc3120271e195789f8387d67f4 Message-Authenticator = 0xfc3d6a0d1a5fe84bc3ab74fba7287711 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 modcall: leaving group authorize (returns updated) for request 17 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 17 modcall: leaving group authenticate (returns invalid) for request 17 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 17 for 1 seconds Finished request 17 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Cleaning up request 9 ID 124 with timestamp 44158926 Cleaning up request 10 ID 125 with timestamp 44158926 Cleaning up request 11 ID 126 with timestamp 44158926 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 12 ID 127 with timestamp 44158927 Cleaning up request 13 ID 128 with timestamp 44158927 Cleaning up request 14 ID 129 with timestamp 44158927 Cleaning up request 15 ID 130 with timestamp 44158927 Sending Access-Reject of id 130 to 172.18.251.101 port 19528 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 16 ID 130 with timestamp 44158929 Waking up in 2 seconds... rad_recv: Access-Request packet from host 172.18.251.101:19529, id=131, length=157 Waking up in 2 seconds... Thread 4 got semaphore Thread 4 handling request 18, (4 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0201001301434852545c6a706272756e61696e Message-Authenticator = 0x37daf9ff5b57bebe02db3f2603e9284f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 18 rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 18 modcall: leaving group authorize (returns updated) for request 18 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 18 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 18 modcall: leaving group authenticate (returns handled) for request 18 Sending Access-Challenge of id 131 to 172.18.251.101 port 19529 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x70f4a097799af899825c5555f576ff28 Finished request 18 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19530, id=132, length=236 --- Walking the entire request list --- Waking up in 1 seconds... Thread 5 got semaphore Thread 5 handling request 19, (4 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x70f4a097799af899825c5555f576ff28 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0202005019800000004616030100410100003d0301441588fe60da33dbfcecdfcfbf059a17b89c6ccd6d7bc60c0153578299a1ab7900001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x995310ef409b43695b789a005207db35 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 19 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 19 modcall: leaving group authorize (returns updated) for request 19 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 19 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 19 modcall: leaving group authenticate (returns handled) for request 19 Sending Access-Challenge of id 132 to 172.18.251.101 port 19530 EAP-Message = 0x010303ee19c0000006af160301004a0200004603014415893012c01ecacda995fe6984108679d45179ffb13a35a7373f42c5ae81902093b20866bbef43d26c1701e46bef1d027bf02700b465445b5db0d1fe0109890a00040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x36d8d7f6ebb95d5a7917ba3e5fd14a8d Finished request 19 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19531, id=133, length=162 Cleaning up request 17 ID 130 with timestamp 4415892b Waking up in 1 seconds... Thread 1 got semaphore Thread 1 handling request 20, (5 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x36d8d7f6ebb95d5a7917ba3e5fd14a8d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300061900 Message-Authenticator = 0x7092467bed276e385e1643f6ec0584e5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 133 to 172.18.251.101 port 19531 EAP-Message = 0x010402d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0f64693f87c54d28249a2ef8ec3fda26 Finished request 20 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19532, id=134, length=348 Waking up in 1 seconds... Thread 2 got semaphore Thread 2 handling request 21, (5 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x0f64693f87c54d28249a2ef8ec3fda26 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400c01980000000b616030100861000008200806bf4f04187bcdbd2e2176bcaf72dc94da05d0ee0142f79388ca0ec746be817bfb10ea2b38f698ba29aa7e70f88eb9f3fe2ab1cc4b7a1fcb9dbbad4de51702cf3361362ed2a9ce6a21e527f29f25efa255ffe91744aaae15ae46b76bcf1b7259f193779243e1f43d7f5a55a11c89c9301b787e027b14663090088b9e02ead32f01403010001011603010020d333351920022c34ce7f581f2816eaed76481a7f18e85b41f25ee58c67347fcf Message-Authenticator = 0xa0382018ca6755cf9b9375629d06380a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 21 modcall: leaving group authenticate (returns handled) for request 21 Sending Access-Challenge of id 134 to 172.18.251.101 port 19532 EAP-Message = 0x01050031190014030100010116030100205c46dfa9729bfe4cbbc4d776b05be437ffc42b6826edee4bc950b19a3fbdd426 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x812edbb19e98e6bbaa4efe49ab642b1d Finished request 21 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19533, id=135, length=162 Waking up in 1 seconds... Thread 3 got semaphore Thread 3 handling request 22, (5 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x812edbb19e98e6bbaa4efe49ab642b1d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500061900 Message-Authenticator = 0x31833ad04516978568276f2217e9951d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 22 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 22 modcall: leaving group authorize (returns updated) for request 22 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 22 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 22 modcall: leaving group authenticate (returns handled) for request 22 Sending Access-Challenge of id 135 to 172.18.251.101 port 19533 EAP-Message = 0x010600201900170301001527218bd88a945d702b8e58bd1eebd0d120959b8ac0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xca1a9289e5a74a4193c63d85d0a7fd99 Finished request 22 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19534, id=136, length=198 Waking up in 1 seconds... Thread 4 got semaphore Thread 4 handling request 23, (5 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xca1a9289e5a74a4193c63d85d0a7fd99 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206002a1900170301001f5dd02390a8d076cbebf2b6abb1a799cec8de3470f9715e70b6f4482805176c Message-Authenticator = 0x6ca47697b7cef02a3d4425ddb44ebd8b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 23 rlm_eap: EAP packet type response id 6 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 23 modcall: leaving group authorize (returns updated) for request 23 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CHRT\jpbrunain rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of CHRT\jpbrunain PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CHRT\jpbrunain Processing the authorize section of radiusd.conf modcall: entering group authorize for request 23 rlm_eap: EAP packet type response id 6 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 23 modcall: leaving group authorize (returns updated) for request 23 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 23 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 23 modcall: leaving group authenticate (returns handled) for request 23 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 23 modcall: leaving group authenticate (returns handled) for request 23 Sending Access-Challenge of id 136 to 172.18.251.101 port 19534 EAP-Message = 0x0107003f190017030100348e96e794436e2b745dcc6735c24e1681e4784145fd1329e2db7464f7bd0ea25cb92240484c4e08ce985af48b474b7b89ed9fec69 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x05632450620b5ad07f68889dec4b15ee Finished request 23 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19535, id=137, length=252 --- Walking the entire request list --- Waking up in 4 seconds... Thread 5 got semaphore Thread 5 handling request 24, (5 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x05632450620b5ad07f68889dec4b15ee NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700601900170301005565c137e8bf4c325d29c8c0f03317ef5fab3c280f7febd2d2a09ac3332f0dcad22a9e3796e5c5245462f18dfda9a58518ac5057c8d68e18984848fb8bdeb1f1f33b17b2c08eec8be4a296f35e8dc57eeb7f57a840d5 Message-Authenticator = 0x51b35c728805e403d81cfeb94bf03986 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 24 rlm_eap: EAP packet type response id 7 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 24 modcall: leaving group authorize (returns updated) for request 24 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 24 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CHRT\jpbrunain PEAP: Adding old state with 8e df Processing the authorize section of radiusd.conf modcall: entering group authorize for request 24 rlm_eap: EAP packet type response id 7 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 24 modcall: leaving group authorize (returns updated) for request 24 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 24 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 24 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 8b rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=7dc8cbea28bf15f0 --nt-response=bc3041545116eafb59753b4e62b4ddb09fae2452b604eb38' Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=7dc8cbea28bf15f0 --nt-response=bc3041545116eafb59753b4e62b4ddb09fae2452b604eb38 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 24 modcall: leaving group MS-CHAP (returns reject) for request 24 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 24 modcall: leaving group authenticate (returns reject) for request 24 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 24 modcall: leaving group authenticate (returns handled) for request 24 Sending Access-Challenge of id 137 to 172.18.251.101 port 19535 EAP-Message = 0x010800261900170301001b793424a5cbb4572b56c27a140542fe91dbf9b9dc55840cd06f2dca Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc82c2b743d3a6c32c38f687df3fb49 Finished request 24 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19536, id=138, length=194 Waking up in 4 seconds... Thread 1 got semaphore Thread 1 handling request 25, (6 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7bc82c2b743d3a6c32c38f687df3fb49 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59 Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 25 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 25 modcall: leaving group authorize (returns updated) for request 25 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 25 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 25 modcall: leaving group authenticate (returns invalid) for request 25 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 25 for 1 seconds Finished request 25 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.18.251.101:19537, id=138, length=194 --- Walking the entire request list --- Sending Access-Reject of id 138 to 172.18.251.101 port 19536 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 2 seconds... Thread 2 got semaphore Thread 2 handling request 26, (6 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7bc82c2b743d3a6c32c38f687df3fb49 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59 Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 26 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 26 modcall: leaving group authorize (returns updated) for request 26 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 26 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 26 modcall: leaving group authenticate (returns invalid) for request 26 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 26 for 1 seconds Finished request 26 Going to the next request Thread 2 waiting to be assigned a request --- Walking the entire request list --- Cleaning up request 18 ID 131 with timestamp 4415892f Sending Access-Reject of id 138 to 172.18.251.101 port 19537 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:19538, id=138, length=194 Cleaning up request 19 ID 132 with timestamp 44158930 Cleaning up request 20 ID 133 with timestamp 44158930 Cleaning up request 21 ID 134 with timestamp 44158930 Cleaning up request 22 ID 135 with timestamp 44158930 Cleaning up request 23 ID 136 with timestamp 44158930 Waking up in 1 seconds... Thread 3 got semaphore Thread 3 handling request 27, (6 handled so far) User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7bc82c2b743d3a6c32c38f687df3fb49 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001becfeb680d6c83fc105c971ea40660815fd6e2208e4f53470722a59 Message-Authenticator = 0x1d4cd76524bac4692df99b5f69e06989 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 27 modcall: leaving group authenticate (returns invalid) for request 27 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 27 for 1 seconds Finished request 27 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 24 ID 137 with timestamp 44158931 Cleaning up request 25 ID 138 with timestamp 44158931 Sending Access-Reject of id 138 to 172.18.251.101 port 19538 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 26 ID 138 with timestamp 44158933 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 27 ID 138 with timestamp 44158935 Nothing to do. Sleeping until we see a request. prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = yes usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad proxy_requests = no $INCLUDE ${confdir}/clients.conf snmp = no modules { $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP ntlm_auth = "/usr/local/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --domain=%{mschap:NT-Domain:-DEFAULTDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } } authorize { eap } authenticate { Auth-Type MS-CHAP { mschap } eap }