Hi Catriona, If this is for the JRS, you can also get support (from me or Alan Buxey, who is also on this list!) from service@ukerna.ac.uk. Anyway, could you please post the ldap { } section in radiusd.conf? (please obfuscate any passwords, etc). josh. On 26 Jul 2006, at 13:47, O'Connell Catriona wrote:
Dear All,
I'm trying (and failing) to implement 802.1x using WPA2 between an XP PC and the AP, PEAP and MSCHAPv2 with FreeRadius 1.1.0. The backend is a Novell LDAP server running eDirectory with Universal Passwords enabled. I've set up the ldap module following the instructions from Novell ( www.novell.com/documentation/edir_radius/pdfdoc/radadmin/ radadmin.pdf ) except for the post-auth section as FR complains about the lack of a post-auth method in ldap. Another difference is that the LDAP server is running on 636/tcp only, so I added the port=636 to the ldap config and commented-out the start_tls option.
I've been working on this for weeks and not getting very far - so any insight would be appreciated.
Thank you
Catriona
Debug follows:
[root@auth1 raddb]# /usr/sbin/tcpdump -i eth0 -w /home/cczcso/cap-060726C -s 1500 & [1] 18467 [root@auth1 raddb]# tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
[root@auth1 raddb]# /etc/init.d/radiusd xstart Starting RADIUS server: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 1812 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = "ldapsvr.nottingham.ac.uk" ldap: port = 636 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=RADIUSadmin,o=university" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "/etc/raddb/certs/UONLDAP-CA- SelfSignedCert.b64" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "demand" ldap: password = "whatever" ldap: basedn = "o=university" ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "nspmPassword" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(& (objectClass=Gr oupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called- Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP- Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP- Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT- Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x95bce58 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 128.243.13.34:1645, id=17, length=129 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0xd0706757be777867d17441eca5dd4bf4 EAP-Message = 0x0202000b0163637a63736f NAS-Port-Type = Wireless-802.11 NAS-Port = 260 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldapsvr.nottingham.ac.uk:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: setting TLS CACert File to /etc/raddb/certs/UONLDAP-CA-SelfSignedCert.b64 rlm_ldap: setting TLS Require Cert to demand rlm_ldap: bind as cn=RADIUSadmin,o=university/whatever to ldapsvr.nottingham.ac.uk:636 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 17 to 128.243.13.34 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5339d02618b5ac497127a65bc432c74c Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=18, length=216 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x3e27b9c3e604609dce42e692bf464d05 EAP-Message = 0x0203005019800000004616030100410100003d030144c75f3bb06cf457b7ba71b2f3 b0 bd4697d0d2eaa9dce8139e7abf0458b6beb800001600040005000a0009006400620003 00 060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x5339d02618b5ac497127a65bc432c74c NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 18 to 128.243.13.34 port 1645 EAP-Message = 0x0104040a19c0000006f1160301004a02000046030144c75f2365aa56fbe7b62c4833 a8 5f417734b7267e596c569e9d715092a68c64200c45484fd5036f705cd8766788cecf9d 49 1b5b5272b17fe58e400cb36aab85e400040016030106940b00069000068d0002cd3082 02 c930820232a003020102020102300d06092a864886f70d010104050030819f310b3009 06 03550406130243413111300f0603550408130850726f76696e63653112301006035504 07 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31 12 3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74 20 6365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e744065 78 616d706c652e636f6d301e170d3034303132353133323631305a170d30353031323431 33 323631305a30819b310b30090603550406130243413111300f0603550408130850726f 76 696e63653112301006035504071309536f6d65204369747931153013060355040a130c 4f 7267616e697a6174696f6e31123010060355040b13096c6f63616c686f737431193017 06 035504031310526f6f74206365727469666963617465311f301d06092a864886f70d01 09 011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101 05 0003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8 43 4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae 66 16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc 87 73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f302030100 01 a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d 01 01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06f b6 f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07 e8 0d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911 c5 0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b630 82 031fa003020102020100300d06092a864886f70d010104050030819f310b3009060355 04 06130243413111300f0603550408130850726f76696e63653112301006035504071309 53 6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 06 0355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 72 74696669636174653121301f06092a864886f70d0109011612636c69656e7440657861 6d 706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x16022638546c0923e554e322141c18e6 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=19, length=142 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x0b97ecc096b8bff8904d170c175cb5e2 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x16022638546c0923e554e322141c18e6 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 19 to 128.243.13.34 port 1645 EAP-Message = 0x010502f71900170d3036303132343133323630375a30819f310b3009060355040613 02 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d 65 204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355 04 0b13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469 66 69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c 65 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5 b1 9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb9 9b 41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b1 33 249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b4 32 50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e04 16 041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081 c1 801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b3009 06 03550406130243413111300f0603550408130850726f76696e63653112301006035504 07 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31 12 3010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420 63 657274696669636174653121301f06092a864886f70d0109011612636c69656e744065 78 616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f7 0d 01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d1 2f 834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f7722 9b a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff65 8c e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e 00 0000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x003c807d75b594d1d3a3764f50db43ee Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=20, length=328 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x386e9fe0b194cff5133667db11769877 EAP-Message = 0x020500c01980000000b61603010086100000820080ce17e21fa5ccc64be10321a18d df e63c313ac2f0fac6319ae17ba1f0892ae98044e434ceb3e2a01e6f1df50d132c9fced2 84 9f5a940057f566e9cfd5243977f65622eafffe1286b523ccb2d680d40bfb67fadd54cb b8 ea8f9a524c171cda0e7342db3ce1f43621bebf7b02f64a237c7cc8b23be172a1059d16 0d bf95228a33a31403010001011603010020cd956a90839d44b1128f0801654f9e12fc3b 09 5a13c11f773e96ad83fa6aa41a NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x003c807d75b594d1d3a3764f50db43ee NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 20 to 128.243.13.34 port 1645 EAP-Message = 0x01060031190014030100010116030100205132f431789957801f761cb082af90ea11 7e e618d6758c089f3c676bd11bc6ab Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3551305d8ad2486511fb677041e42e4f Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=21, length=142 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x12bfd77ad4cc09a26e11efbe17ae8386 EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0x3551305d8ad2486511fb677041e42e4f NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 21 to 128.243.13.34 port 1645 EAP-Message = 0x0107002019001703010015a41d21eff28d2b8ea55f15286a0485105e6db05cc1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf974be77c72057cac6c9bcf66345781b Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=22, length=170 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x8cc82c03422303bc20988737f61faea4 EAP-Message = 0x02070022190017030100171f16bf5f905bfc5a54363ffe6ce1edadaae940f63ef6d3 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0xf974be77c72057cac6c9bcf66345781b NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - cczcso rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of cczcso PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to cczcso Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 5 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 22 to 128.243.13.34 port 1645 EAP-Message = 0x010800371900170301002c425f072e04a68daf256cd58d8f78c61a98c231ea9be68a 8c 0cbe76d9e607a02bbbe49a87e659e9488a03e65c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xae01d72cb0cea1c7bed6cdea14272854 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=23, length=224 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0xa9321ffd596a6d141423b960921d1ebb EAP-Message = 0x020800581900170301004dd973feec5317e088d2254f0464a2110e785d4a6cf778cd ff 15b78e5dd5e6390188de26cc3f85eb6234321fef4fad4f458c16a903ce9e00b5d59642 0d d3441ede8a37dadc12ee5f89f6783afbd5 NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0xae01d72cb0cea1c7bed6cdea14272854 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to cczcso PEAP: Adding old state with 1d b5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 6 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. Login incorrect: [cczcso/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 23 to 128.243.13.34 port 1645 EAP-Message = 0x010900261900170301001b5ada41d28aca4a6d445ce8eaa7cffbf59279004b730026 3d d1b9e4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa79166509f9ba349827c1a4ae8dde2ff Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=24, length=174 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x129315f3cf5436eb5c4b7df7c0accd58 EAP-Message = 0x020900261900170301001bb7ac1518a6af85f83b33e44c264e1e37ef2ecb78c90968 33 e5044c NAS-Port-Type = Wireless-802.11 NAS-Port = 260 State = 0xa79166509f9ba349827c1a4ae8dde2ff NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 7 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Login incorrect: [cczcso/<no User-Password attribute>] (from client test-ap port 260 cli 000e.35db.4af2) Delaying request 7 for 1 seconds Finished request 7 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 24 to 128.243.13.34 port 1645 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 17 with timestamp 44c75f23 Cleaning up request 1 ID 18 with timestamp 44c75f23 Cleaning up request 2 ID 19 with timestamp 44c75f23 Cleaning up request 3 ID 20 with timestamp 44c75f23 Cleaning up request 4 ID 21 with timestamp 44c75f23 Cleaning up request 5 ID 22 with timestamp 44c75f23 Cleaning up request 6 ID 23 with timestamp 44c75f23 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 24 with timestamp 44c75f24 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 128.243.13.34:1645, id=25, length=129 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x2a953d446c13615ce39859363d22e5f3 EAP-Message = 0x0202000b0163637a63736f NAS-Port-Type = Wireless-802.11 NAS-Port = 261 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 2 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 8 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 25 to 128.243.13.34 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6be438890312338382f240a3328c1142 Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=26, length=216 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x3ac5f06a25dadfb787bc6ca98f32ad4a EAP-Message = 0x0203005019800000004616030100410100003d030144c75f4677da152e555b5327d8 8d 4686dd4b5ffded75b3529e02a8b3b340899000001600040005000a0009006400620003 00 060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0x6be438890312338382f240a3328c1142 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 3 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 9 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 26 to 128.243.13.34 port 1645 EAP-Message = 0x0104040a19c0000006f1160301004a02000046030144c75f2e762037af43414d118e 83 4b1dc2c8a5e91277c2a72aead80361777efa20ba5e1d6ea2e037b4bc992876256f67e2 66 beb843b38364cde39f20d9f40f70e300040016030106940b00069000068d0002cd3082 02 c930820232a003020102020102300d06092a864886f70d010104050030819f310b3009 06 03550406130243413111300f0603550408130850726f76696e63653112301006035504 07 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31 12 3010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74 20 6365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e744065 78 616d706c652e636f6d301e170d3034303132353133323631305a170d30353031323431 33 323631305a30819b310b30090603550406130243413111300f0603550408130850726f 76 696e63653112301006035504071309536f6d65204369747931153013060355040a130c 4f 7267616e697a6174696f6e31123010060355040b13096c6f63616c686f737431193017 06 035504031310526f6f74206365727469666963617465311f301d06092a864886f70d01 09 011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101 05 0003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8 43 4a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae 66 16aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc 87 73999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f302030100 01 a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d 01 01040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06f b6 f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07 e8 0d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911 c5 0e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b630 82 031fa003020102020100300d06092a864886f70d010104050030819f310b3009060355 04 06130243413111300f0603550408130850726f76696e63653112301006035504071309 53 6f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 06 0355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 72 74696669636174653121301f06092a864886f70d0109011612636c69656e7440657861 6d 706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3a965ec092c72beff1469ffd09d88e68 Finished request 9 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=27, length=142 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x4c609b88a50310f9d020cde848c00788 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0x3a965ec092c72beff1469ffd09d88e68 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: EAP packet type response id 4 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 10 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 27 to 128.243.13.34 port 1645 EAP-Message = 0x010502f71900170d3036303132343133323630375a30819f310b3009060355040613 02 43413111300f0603550408130850726f76696e63653112301006035504071309536f6d 65 204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355 04 0b13096c6f63616c686f7374311b301906035504031312436c69656e74206365727469 66 69636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c 65 2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5 b1 9724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb9 9b 41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b1 33 249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b4 32 50ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e04 16 041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081 c1 801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b3009 06 03550406130243413111300f0603550408130850726f76696e63653112301006035504 07 1309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31 12 3010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e7420 63 657274696669636174653121301f06092a864886f70d0109011612636c69656e744065 78 616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f7 0d 01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d1 2f 834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f7722 9b a2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff65 8c e1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e 00 0000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x96427b04732b210a418a7d7805daa0a8 Finished request 10 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=28, length=328 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0xbfc4cb26790fa85bab4681d5c15681b5 EAP-Message = 0x020500c01980000000b6160301008610000082008011666663181aa5f8f026f47f80 4b 10bbb93c3988c6d8945257c6cd638aaba3c15effecf95f9c88b593f3fabdac47b43327 43 c4ed758b1822e06b7e890fd0d12f31de058bebff3be45515696ed8ff6580f527b33c34 6b a50f81207901a6609ff32cf3aff18fb36a78aab2977a9edee743e9a8cbdfb7e076c97a b4 fe9a44f6fd951403010001011603010020b248849d3af197ac90007d1271dcea41e8b2 e7 b94f9688763b3504decd0149da NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0x96427b04732b210a418a7d7805daa0a8 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 modcall[authorize]: module "chap" returns noop for request 11 modcall[authorize]: module "mschap" returns noop for request 11 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: EAP packet type response id 5 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 11 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 28 to 128.243.13.34 port 1645 EAP-Message = 0x010600311900140301000101160301002062b94b2b608b9cfb729e0c11cc95b437a0 ff 224a09b728c2869a49b3306976f3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe62eae39a8cb1c18e047e8c800b367e4 Finished request 11 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=29, length=142 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x017a1b8bcfb94b9b2efb603960809fa1 EAP-Message = 0x020600061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0xe62eae39a8cb1c18e047e8c800b367e4 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 modcall[authorize]: module "chap" returns noop for request 12 modcall[authorize]: module "mschap" returns noop for request 12 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: EAP packet type response id 6 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 12 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 12 modcall: leaving group authorize (returns updated) for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 12 modcall: leaving group authenticate (returns handled) for request 12 Sending Access-Challenge of id 29 to 128.243.13.34 port 1645 EAP-Message = 0x01070020190017030100154c54223ffd2f906a49347b28a7591ff425eecf2cc1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd5b96209e22a855ea27b52d6b089c1c5 Finished request 12 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=30, length=170 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0xc685fe88f7e03a2d48e0d2e91bba2b09 EAP-Message = 0x0207002219001703010017067de3143498c00b85aac542de549ba3bc1bf4d4c43292 NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0xd5b96209e22a855ea27b52d6b089c1c5 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 7 length 34 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 13 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - cczcso rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of cczcso PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to cczcso Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 7 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 13 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 Sending Access-Challenge of id 30 to 128.243.13.34 port 1645 EAP-Message = 0x010800371900170301002cb7e8f0985faf7283b7a6dd0103c5353ffbf4173e90216c c0 294f5ae33eaa66fb2bb5d132fc6d7a84e39b0a94 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff9e8c0d2d0b71350dd1cfb728fbc396 Finished request 13 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=31, length=224 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x1358a7490c3e86a7df72b072df117bf6 EAP-Message = 0x020800581900170301004d86b0e046e14db36638b52e8ecb6ba3a04cf2b6d1b549d1 e8 33754da4a44e97d2bd022fd87a45d504058b41d8402ffd1fdf36c38ab27708fc8a8f95 45 faa72a1121414c31d8f654d31f7ec7a27b NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0xff9e8c0d2d0b71350dd1cfb728fbc396 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 8 length 88 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 14 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to cczcso PEAP: Adding old state with b0 75 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 8 length 65 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 14 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 14 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for cczcso with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 14 modcall: leaving group MS-CHAP (returns reject) for request 14 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 14 modcall: leaving group authenticate (returns reject) for request 14 auth: Failed to validate the user. Login incorrect: [cczcso/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 14 modcall: leaving group authenticate (returns handled) for request 14 Sending Access-Challenge of id 31 to 128.243.13.34 port 1645 EAP-Message = 0x010900261900170301001b713226eed13f53fc1ca06e097ca77ce773dd3cb6b59c7c aa bcb553 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xde94aaf9d23667a65f8dec50d6365580 Finished request 14 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 128.243.13.34:1645, id=32, length=174 User-Name = "cczcso" Framed-MTU = 1400 Called-Station-Id = "0011.9335.1210" Calling-Station-Id = "000e.35db.4af2" Service-Type = Login-User Message-Authenticator = 0x179a4da59d173a630bebe38ac5a08d1c EAP-Message = 0x020900261900170301001b73248026aad62299e34b48cae67e6146cf758f688ea6a9 e5 b54add NAS-Port-Type = Wireless-802.11 NAS-Port = 261 State = 0xde94aaf9d23667a65f8dec50d6365580 NAS-IP-Address = 128.243.13.34 NAS-Identifier = "tmp-ap" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_realm: No '@' in User-Name = "cczcso", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 users: Matched entry DEFAULT at line 215 modcall[authorize]: module "files" returns ok for request 15 rlm_ldap: - authorize rlm_ldap: performing user authorization for cczcso radius_xlat: '(cn=cczcso)' radius_xlat: 'o=university' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=university, with filter (cn=cczcso) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user cczcso authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 15 modcall: leaving group authorize (returns updated) for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 15 modcall: leaving group authenticate (returns invalid) for request 15 auth: Failed to validate the user. Login incorrect: [cczcso/<no User-Password attribute>] (from client test-ap port 261 cli 000e.35db.4af2) Delaying request 15 for 1 seconds Finished request 15 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 32 to 128.243.13.34 port 1645 EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 25 with timestamp 44c75f2e Cleaning up request 9 ID 26 with timestamp 44c75f2e Cleaning up request 10 ID 27 with timestamp 44c75f2e Cleaning up request 11 ID 28 with timestamp 44c75f2e Cleaning up request 12 ID 29 with timestamp 44c75f2e Cleaning up request 13 ID 30 with timestamp 44c75f2e Cleaning up request 14 ID 31 with timestamp 44c75f2e Waking up in 1 seconds...
Catriona O'Connell Network Security Analyst Network Team, Information Services, The University of Nottingham, Cripps Computing Centre, University Park, Nottingham, NG7 2RD
Tel: 0115 8467710
This message has been checked for viruses but the contents of an attachment may still contain software viruses, which could damage your computer system: you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Josh Howlett, Networking Specialist, University of Bristol. email: josh.howlett@bristol.ac.uk | phone: +44 (0)7867 907076 | internal: 7850