Hi Alan, Also when I tried to uncomment "ok" in sites-available/dhcp -> DHCP-Request portion, got the following error. Am I missing any files ? radiusd: #### Loading Virtual Servers #### server dhcp { modules { Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Linked to module rlm_always Module: Instantiating ok always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Checking dhcp DHCP-Request {...} for more modules to load /usr/local/etc/raddb/sites-available/dhcp[38]: ERROR: No value given for attribute ok /usr/local/etc/raddb/sites-available/dhcp[32]: Failed to parse "update" subsection. } Thanks Raja
------------------------------------------------------------------------------------------------ dhcp configuration from sites-avaialble/dhcp ------------------------------------------------------------------------------------------------ server dhcp { client any { ipaddr = 0.0.0.0 netmask = 0 dhcp = yes } listen { ipaddr = 192.168.176.1 port = 67 type = dhcp # interface = fxp1 }
dhcp DHCP-Discover { update reply { DHCP-Message-Type = DHCP-Offer } update reply { DHCP-Domain-Name-Server = 192.168.176.1 DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = 192.168.176.1 DHCP-IP-Address-Lease-Time = 86400 DHCP-DHCP-Server-Identifier = 192.168.176.1 } ok }
dhcp DHCP-Request { update reply { DHCP-Message-Type = DHCP-Ack } update reply { DHCP-Domain-Name-Server = 192.168.176.1 DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = 192.168.176.1 DHCP-IP-Address-Lease-Time = 86400 DHCP-DHCP-Server-Identifier = 192.168.176.1 ok } }
dhcp { # send a DHCP NAK. # reject } }
-------------------------------------------------- From: "Raja Peer" <peermohd@gmail.com> Sent: Thursday, June 19, 2008 10:58 AM To: <freeradius-users@lists.freeradius.org> Subject: Re: FreeRADIUS + DHCP
Hi Alan,
Here are some information....also highlighted the relevant portions.
Thanks for your helps.
Raja
This message contains the following :
1) radiusd -X debug messages 2) tcpdump -i 3) dhcp configuration from sites-avaialble/dhcp 4) /etc/dhcpd.conf
------------------------------------------------------------------------------------------------ radiusd -X debug messages ------------------------------------------------------------------------------------------------ Script started on Thu Jun 19 10:21:20 2008 # radiusd -X FreeRADIUS Version 2.0.5, for host i386-unknown-openbsd4.1, built on Jun 18 2008 at 07:27:36 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/sites-available/dhcp
including configuration file /usr/local/etc/raddb/clients.conf including configuration file /usr/local/etc/raddb/snmp.conf including configuration file /usr/local/etc/raddb/eap.conf including configuration file /usr/local/etc/raddb/sql.conf including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf including configuration file /usr/local/etc/raddb/policy.conf including files in directory /usr/local/etc/raddb/sites-enabled/ including configuration file /usr/local/etc/raddb/sites-enabled/default including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel including dictionary file /usr/local/etc/raddb/dictionary main { prefix = "/usr/local" localstatedir = "/usr/local/var" logdir = "/usr/local/var/log/radius" libdir = "/usr/local/lib" radacctdir = "/usr/local/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/usr/local/var/run/radiusd/radiusd.pid" checkrad = "/usr/local/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } } client 192.168.176.2 { require_message_authenticator = yes secret = "mypassword" shortname = "myhost" nastype = "cisco" login = "!root" password = "mypassword" } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = yes input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server dhcp { modules { Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Checking dhcp DHCP-Request {...} for more modules to load } } server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "mypassword" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/usr/local/etc/raddb/certs/bootstrap" } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = yes use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" } }
} server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = 192.168.176.1 port = 1645 } listen { type = "acct" ipaddr = 192.168.176.1 port = 1646 }
listen { type = "dhcp" ipaddr = 192.168.176.1 port = 67 client any { ipaddr = 0.0.0.0 netmask = 0 require_message_authenticator = no } }
Listening on authentication address 192.168.176.1 port 1645 Listening on accounting address 192.168.176.1 port 1646
Listening on dhcp address 192.168.176.1 port 67 as server dhcp
Listening on proxy address 192.168.176.1 port 1647 Ready to process requests. rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646, id=65, length=325 Acct-Session-Id = "000000C9" Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Cisco-AVPair = "ssid=myhost" Cisco-AVPair = "vlan-id=30" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "bob" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 59968 Acct-Input-Octets = 1300807 Acct-Output-Octets = 2044 Acct-Input-Packets = 35609 Acct-Output-Packets = 76 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "429" NAS-Port = 429 Service-Type = Framed-User NAS-IP-Address = 192.168.176.2 Acct-Delay-Time = 0 +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 429,Client-IP-Address = 192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id = "000000C9",User-Name = "bob"' rlm_acct_unique: Acct-Unique-Session-ID = "26b0c52a483a0f91". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619 expand: %t -> Thu Jun 19 10:32:23 2008 ++[detail] returns ok ++[unix] returns ok expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp expand: %{User-Name} -> bob ++[radutmp] returns ok expand: %{User-Name} -> bob attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 65 to 192.168.176.2 port 1646 Finished request 0. Cleaning up request 0 ID 65 with timestamp +22 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=26, length=128 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0xe6dae0096eeac37307545c1db22a2a4f EAP-Message = 0x0202000801626f62 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry bob at line 76 expand: Hello, %{User-Name} -> Hello, bob ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 26 to 192.168.176.2 port 1645 Reply-Message = "Hello, bob" EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc19f2af98dd7fcd525d04823 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=27, length=218 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x068e895f503c72bf8212aa10b5f8a3a4 EAP-Message = 0x0203005019800000004616030100410100003d0301485a98416c13ba422355800db3cb6dc475559e338bfefeb87c2d951f2ce714cd00001600040005000a000900640062000300060013001200630100 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc19f2af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 27 to 192.168.176.2 port 1645 EAP-Message = 0x0104040019c0000008bb160301004a020000460301485a983865559bb984e52189e2c555468968ce38159cb0ead8762ab988066d3420a6326a728ec9c63c52f2b2b2c9ac69ca33404c22ab94171b127553d3a1b0ca71000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333335385a170d3039303631373232333335385a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c3403d2d798fb6f194d86b12ff215e1afe7debef361c4aad17dc70a99632 EAP-Message = 0x704bd32a7a55fe1a655f1e561a34463799a8a52fc34b4244dcdc28f16969496d48f0fc031b68de62c18abf1943a3561f2c192364f7e5fd5e6ecfc56043dc726d65af142c207f92b9b7a0ef4826924fa84e9c57b1ea1136294b419a14a785ef03c50216df5f70759b47e0ae61c60419a81231bc82b26b3b550b13d52e9d02255f24c0dab1069759563dd3d27c86d0d873d6d56ad7b6abb4520edeb7989f7cfd2214ae73e7bb97b227354d7b4c370b90215fe11d397669dd871ab584e97469325d023afd3b1bb7dd7ae2939cb497b211788ec148e4a662247d29fe6b99ba7148e551b70203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101004c9b1df24b63e703347729b65cd37475a85ae1d611be6bcc8117306d2d29a912857f32981baa8186183e47fe58cc4c4b7641dd3a48bcca91060c9bb423b239324202bed2d900ad8cfd393329ecdb9352c6d62124853809e72134e85ebbab0278e738ca3ae871deee8cca525d6945dbb748c0770f75318b50b652ff66dc05ab1f7be4018f915accde010e0e5ef9cfe7c8a6466c45251f73985553c24fba1683c7e80078da9f30c7b83da6f70873130dad5c915b07e24c07390c72dc5661c94e12cafac1c31f8d1ccb8782466d9de7e1064d4bc3d347b4c9057aa892d32bd1d1e69762cf426c67 EAP-Message = 0xc3470ea88d07a75dbb3c844a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc0982af98dd7fcd525d04823 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=28, length=144 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x9c1004875803bae8f1b3744287ebd540 EAP-Message = 0x020400061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc0982af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 28 to 192.168.176.2 port 1645 EAP-Message = 0x010503fc19400f8d1f539991634ee4da9958fc980004ab308204a73082038fa003020102020900b4d3408cb5b742e1300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303631373232333330355a170d3038303731373232333330355a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100adf9731579fccd42f3ae8bb15d05de971825d36965707d986a3dcb580f0df15f6a89c039a0339f42318982153d059414852664c055b13e1564335c016ebc63812d3f446762809629fc250cbf42ccb3 EAP-Message = 0xe38f53233d17c50cbd743c99f4ca7e09006df13be64d9a4714e0ddfa4f97aa545735fcd2d29168313dbcde2b3ee22d12b4bddbfbef59ddba4ba2b9e90a1a64570c3bf8b8e7dd434f8a138ad1d564f5b2aa83d87e7368f97f7e307ffcf51c69baa73872c72a56c8d28899c933297923e0b2954909945549f8ae93854ba661aa149cff6cbf3332e6c7de2638676f196213646e818a214adc4f40aba012550feeecf4d11bc2ed4d2f38ab0eada49b6975263d0203010001a381fb3081f8301d0603551d0e04160414a67218b90dacd79a6298636476224c2f8c7e572a3081c80603551d230481c03081bd8014a67218b90dacd79a6298636476224c2f8c7e EAP-Message = 0x572aa18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900b4d3408cb5b742e1300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010055b89baadf905b039ceb8014ff014dc67e8c08cd2242af10244f2693f3b07614d07a35231ba19b69dc5d66a0b04be0c7dc94 EAP-Message = 0xf3377e71e00a3942 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc3992af98dd7fcd525d04823 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=29, length=144 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x2c376a5079d0fa0cb0a43003f30de7fc EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc3992af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 29 to 192.168.176.2 port 1645 EAP-Message = 0x010600d5190005151baedaadd0453f1ed6d2e419265da42097ce6d1e9195f232addfd35f16baa84f086ca843e92ee39ac6c2f1ac78c556fe41196e03d607629bb4ffb59c4470a0deee9a710a2c79145029ef6e563a6e9cac0255ee1be47c0fbe040ebca66fa98355cb384d03453570e9931e27c4758fef55063853a0b5efc3503927685c5b657af09a0bdae8c2aa17bd919dd5c27b57d9954328cd30dbe6d55738a6a6dd8bf41f937a312e419052a760337a0ab15acee3bc29bfd7cc0c43efb73fa0dd46541f1a8e914cc1b316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc29a2af98dd7fcd525d04823 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=30, length=460 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0xa005a382c6e3845b72c8d35008f69e6b EAP-Message = 0x02060140198000000136160301010610000102010001e218993f17883f0774dba82f3954d4ac0c3f8ca3e641c898151a304866b2ed1100e84b32f2693df4c71eda82bf4af6e210cc07dfc4f986c4a7b7004781d1be7373091ff85224fc3f008d8623ae35c9f67d44ba61229e8df8acb86aa03f7836271a1ed9dea73e78c1151f183285214f673a18c19d25c4b5bfa11dd62153ab52cfb445b5f7267494aa9945e2c957e9080a5d5b0b6a4f1cce7f4a20c6bae489f1b7ae888d63547be90dcbbe2407966647b60c102351585e02c98359a708f4ba631d90d440df104de3545d175844b485b630477ba7537dc827b5f10a9aa083d7a22d8c01c2ad3d7c13 EAP-Message = 0x45d4df123f2d1a27dcafd695df60f0120917ce2d552fc04c1403010001011603010020badc11b88ab0e456aae78121b185ab241ca1b65af6946ad2771605508b756cc4 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc29a2af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 310 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 30 to 192.168.176.2 port 1645 EAP-Message = 0x01070031190014030100010116030100203844712871ce4a0bc00a3343b23596cd932deb928589365d2b9058442dc95aa5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc59b2af98dd7fcd525d04823 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=31, length=144 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x887a7ae4489755b88b3f1edd6b4fd34a EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc59b2af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 31 to 192.168.176.2 port 1645 EAP-Message = 0x01080020190017030100159bf9e453956ddc294cb3dc0b7f4fb1d4ac3d4351bb Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc4942af98dd7fcd525d04823 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=32, length=169 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x80e262321c7f4fbfaa731cf2593d711f EAP-Message = 0x0208001f190017030100144823d86b20ffd3c304ef6b7101419fd1994336cd NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc4942af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 31 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - bob PEAP: Got tunneled identity of bob PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to bob +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry bob at line 76 expand: Hello, %{User-Name} -> Hello, bob ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 32 to 192.168.176.2 port 1645 EAP-Message = 0x0109003419001703010029c59e264e73065e8c1daa8997bd6b9848e5c8609396c2ebd479aacdd9d8065701ffea07b0905c375d80 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc7952af98dd7fcd525d04823 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=33, length=223 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x9c7ca73ae9f0e6d50740d8ea73aa9c87 EAP-Message = 0x020900551900170301004a8bb4104e740bf559db2e25fb89f0a7ff16a8a32be27c12a72fb4abbe4a9e743d51aef4ec66a001e241c487cb646103815bc9129dc522cd2f0c60bece92c10cc420032c983cfb1119b5ac NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc7952af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 85 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to bob +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 9 length 62 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry bob at line 76 expand: Hello, %{User-Name} -> Hello, bob ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Told to do MS-CHAPv2 for bob with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 33 to 192.168.176.2 port 1645 EAP-Message = 0x010a004a1900170301003fa7a977c5edba08371219f183d1e00e84350913cbff4afa19a4581dd8b1fe454f94393350571fa7fe4420be0f252cb581f96d8395180b298f603bc30de72321 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc6962af98dd7fcd525d04823 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=34, length=167 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0x7c5100a122f45fbfbfc6f2968045cf11 EAP-Message = 0x020a001d19001703010012006776dfd5ada28ef90304ba8e6ddb22f1fe NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc6962af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 10 length 29 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to bob +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated users: Matched entry bob at line 76 expand: Hello, %{User-Name} -> Hello, bob ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler ++[eap] returns ok Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli 000d.8857.52cc via TLS tunnel) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS Saving tunneled attributes for later ++[eap] returns handled Sending Access-Challenge of id 34 to 192.168.176.2 port 1645 EAP-Message = 0x010b00261900170301001b02870e444c401b5d103121cd701bf6f9df20e27684342d6af607b1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc19c33efc9972af98dd7fcd525d04823 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.176.2 port 1645, id=35, length=176 User-Name = "bob" Framed-MTU = 1400 Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Service-Type = Login-User Message-Authenticator = 0xbc7b47f3ac3d871eee9cccde10f9392f EAP-Message = 0x020b00261900170301001bd764372928319221d6080a71abdf5c68ecd96638ed25b9ad2d41f8 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0xc19c33efc9972af98dd7fcd525d04823 NAS-IP-Address = 192.168.176.2 NAS-Identifier = "myhost" +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 11 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7
rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Success
Using saved attributes from the original Access-Accept rlm_eap: Freeing handler ++[eap] returns ok Login OK: [bob/<via Auth-Type = EAP>] (from client myhost port 430 cli 000d.8857.52cc) Sending Access-Accept of id 35 to 192.168.176.2 port 1645 Reply-Message = "Hello, bob" User-Name = "bob" MS-MPPE-Recv-Key = 0xe525d848ba1e94c6df6fc6d761f50bc438cbed784215665a11022c2eee94b643 MS-MPPE-Send-Key = 0xbdcd963282af82ec05d197137ed96bd0b75079c2adf84e7714f7bed776eeeb42 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 10. Going to the next request Waking up in 4.8 seconds. rad_recv: Accounting-Request packet from host 192.168.176.2 port 1646, id=66, length=226 Acct-Session-Id = "000000CB" Called-Station-Id = "0019.aa76.b8e0" Calling-Station-Id = "000d.8857.52cc" Cisco-AVPair = "ssid=myhost" Cisco-AVPair = "vlan-id=30" Cisco-AVPair = "nas-location=unspecified" User-Name = "bob" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "430" NAS-Port = 430 Service-Type = Framed-User NAS-IP-Address = 192.168.176.2 Acct-Delay-Time = 0 +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 430,Client-IP-Address = 192.168.176.2,NAS-IP-Address = 192.168.176.2,Acct-Session-Id = "000000CB",User-Name = "bob"' rlm_acct_unique: Acct-Unique-Session-ID = "4a1bcbd772dbcc9f". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "bob", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/192.168.176.2/detail-20080619 expand: %t -> Thu Jun 19 10:32:40 2008 ++[detail] returns ok ++[unix] returns ok expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp expand: %{User-Name} -> bob ++[radutmp] returns ok expand: %{User-Name} -> bob attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 66 to 192.168.176.2 port 1646 Finished request 11. Cleaning up request 11 ID 66 with timestamp +39 Going to the next request Waking up in 4.8 seconds. Cleaning up request 1 ID 26 with timestamp +39 Cleaning up request 2 ID 27 with timestamp +39 Cleaning up request 3 ID 28 with timestamp +39 Cleaning up request 4 ID 29 with timestamp +39 Cleaning up request 5 ID 30 with timestamp +39 Cleaning up request 6 ID 31 with timestamp +39 Cleaning up request 7 ID 32 with timestamp +39 Cleaning up request 8 ID 33 with timestamp +39 Cleaning up request 9 ID 34 with timestamp +39 Cleaning up request 10 ID 35 with timestamp +39 Ready to process requests. ^C # ^D
Script done on Thu Jun 19 10:21:29 2008
------------------------------------------------------------------------------------------------ tcpdump -i ------------------------------------------------------------------------------------------------ 10:32:55.433969 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:05.430685 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:10.244893 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x45438e43 secs:7168 [|bootp] 10:33:10.636101 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp] 10:33:15.427665 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: PuTTY 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:25.424383 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ^R 10:33:35.421362 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:41.248885 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell 169.254.220.241 10:33:42.152283 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell 169.254.220.241 10:33:43.152178 802.1Q vid 30 pri 0 arp who-has 169.254.220.241 tell 169.254.220.241 10:33:44.177611 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2 [v2] [ttl 1] 10:33:44.179342 802.1Q vid 30 pri 0 169.254.220.241.3767 > 239.255.255.250.ssdp: udp 133 [ttl 1] 10:33:44.230829 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:44.981587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:45.152296 802.1Q vid 30 pri 0 169.254.220.241 > 224.0.0.22: igmp-2 [v2] [ttl 1] 10:33:45.418072 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:45.730587 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:46.153350 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x8b980ba7 flags:0x8000 [|bootp] 10:33:46.480634 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:47.183894 802.1Q vid 30 pri 0 169.254.220.241.3767 > 239.255.255.250.ssdp: udp 133 [ttl 1] 10:33:47.230757 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:47.980923 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:48.731746 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:49.480571 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:50.153121 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x8b980ba7 secs:1024 flags:0x8000 [|bootp] 10:33:50.199398 802.1Q vid 30 pri 0 169.254.220.241.3767 > 239.255.255.250.ssdp: udp 133 [ttl 1] 10:33:50.230996 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:50.241650 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:50.980832 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:50.981245 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:51.730782 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:51.731878 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:52.480919 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:52.482054 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:33:53.231506 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 201 10:33:53.232865 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:33:54.731247 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:33:55.414930 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:33:56.231913 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:33:57.731233 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:33:58.153514 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x8b980ba7 secs:3072 flags:0x8000 [|bootp] 10:33:59.231359 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 188 10:34:00.231536 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 188 10:34:01.232096 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 188 10:34:02.234690 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 188 10:34:03.231419 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:03.981500 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:04.732762 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:05.411907 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:05.481329 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:06.231569 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:06.981411 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:07.731679 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:08.481573 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 68 10:34:09.231822 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:34:09.233034 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 176 10:34:09.233642 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 206 10:34:09.346612 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 50 10:34:10.091058 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 50 10:34:10.617194 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp] 10:34:10.841094 802.1Q vid 30 pri 0 169.254.220.241.netbios-ns > 169.254.255.255.netbios-ns: udp 50 10:34:14.154005 802.1Q vid 30 pri 0 0.0.0.0.bootpc > 255.255.255.255.bootps: xid:0x8b980ba7 secs:7168 flags:0x8000 [|bootp] 10:34:15.408759 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:25.405471 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:35.402456 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:38.625459 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 201 10:34:45.399304 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:55.396016 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:34:57.531165 00:19:aa:ab:65:7a > 01:40:96:ff:ff:ff sap aa ui/C len=47 10:34:57.531171 802.1Q vid 30 pri 0 01:40:96:ff:ff:ff > 00:19:aa:ab:65:7a sap aa ui/C len=47 10:35:05.393001 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:35:09.235143 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 206 10:35:10.598427 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp] 10:35:15.389722 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:35:25.386699 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:35:35.383412 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:35:45.380398 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:35:55.377109 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:05.374102 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:09.238281 802.1Q vid 30 pri 0 169.254.220.241.netbios-dgm > 169.254.255.255.netbios-dgm: udp 206 10:36:10.579519 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp] 10:36:15.370816 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:25.367792 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:35.364522 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:45.361492 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:36:55.358211 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:05.355189 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:10.560476 CDP v2, ttl=180s DevID 'vehicle76ap.futurec'[!cdp] 10:37:15.352039 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:25.348748 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:35.345736 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:45.342447 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 10:37:55.339442 00:19:aa:ab:65:7a 00:19:aa:ab:65:7a loopback 60: 0000 0100 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 ------------------------------------------------------------------------------------------------ dhcp configuration from sites-avaialble/dhcp ------------------------------------------------------------------------------------------------ server dhcp { client any { ipaddr = 0.0.0.0 netmask = 0 dhcp = yes } listen { ipaddr = 192.168.176.1 port = 67 type = dhcp # interface = fxp1 }
dhcp DHCP-Discover { update reply { DHCP-Message-Type = DHCP-Offer } update reply { DHCP-Domain-Name-Server = 192.168.176.1 DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = 192.168.176.1 DHCP-IP-Address-Lease-Time = 86400 DHCP-DHCP-Server-Identifier = 192.168.176.1 } # ok }
dhcp DHCP-Request { update reply { DHCP-Message-Type = DHCP-Ack } update reply { DHCP-Domain-Name-Server = 192.168.176.1 DHCP-Subnet-Mask = 255.255.255.0 DHCP-Router-Address = 192.168.176.1 DHCP-IP-Address-Lease-Time = 86400 DHCP-DHCP-Server-Identifier = 192.168.176.1 # ok } }
#dhcp { # send a DHCP NAK. # reject #} }
------------------------------------------------------------------------------------------------ /etc/dhcpd.conf ------------------------------------------------------------------------------------------------ # DHCP server options. # See dhcpd.conf(5) and dhcpd(8) for more information.
authoritative;
option domain-name "myhost.mydomain.net";
# Interface 0 - LAN Network subnet 192.168.76.0 netmask 255.255.255.0 { default-lease-time 86400; max-lease-time 86400; option routers 192.168.76.1; option domain-name-servers 192.168.76.1; range 192.168.76.50 192.168.76.249; }
# Interface 1 - 802.11 Network subnet 192.168.176.0 netmask 255.255.255.0 { default-lease-time 86400; max-lease-time 86400; option routers 192.168.176.1; option domain-name-servers 192.168.176.1; range 192.168.176.50 192.168.176.249; }
Alan DeKok-4 wrote:
Raja wrote:
Can someone point me in the right direction to configure FreeRADIUS with DHCP ?
Tried editing sites-available/dhcp but still dhcp module does not get to load.
Perhaps you could post the error message you see. Or is it a secret?
Is there something need to be added to radiusd.conf ?
No. But you have to ensure that dictionary.dhcp is loaded.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- View this message in context: http://www.nabble.com/FreeRADIUS-%2B-DHCP-tp17991791p18014631.html Sent from the FreeRadius - User mailing list archive at Nabble.com.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html