Hello, I used a FR 1.1.0 under FreeBSD 6.0 I configure it to PEAP auth against a windows 2003 AD through ntlm_auth (samba 3.0.21b). Everything works fine, user auth, machine auth... The problem is that for some obscur reasons, some users ("jpbrunain" in this case) are unable to log in. This problem concerns only 2 users out of 20... and I don't see anything "special" concerning them on the 2003 AD... As I saw in the radius.log, I got: Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. Well, I know that the password typed was good. Moreover, if I run "ntlm_auth --request-nt-key --domain=CHRT --username=jpbrunain" with the good password, I got this message: "NT_STATUS_OK: Success (0x0)"... So I think I have permission to authenticate against AD. I also try : "ntlm_auth --request-nt-key --username=jpbrunain --challenge=d8a9272386722a12" This one succeeded after entering the good password. and: "ntlm_auth --request-nt-key --username=jpbrunain --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2" That one failed, even with the good password... the error code returned was: "Logon failure (0xc000006d)". Where do these parameters (challenge and nt-response) come from ? What does it mean ? How to solve this ? Regards, Jeremy rad_recv: Access-Request packet from host 172.18.251.101:20455, id=13, length=157 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020a001301434852545c6a706272756e61696e Message-Authenticator = 0xc7366f11cef5ff3477a0b52e2bf1b9bf Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 rlm_eap: EAP packet type response id 10 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 13 to 172.18.251.101 port 20455 EAP-Message = 0x010b00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4f6154c4a3c46701a092952d021ef82 Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20456, id=14, length=236 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xe4f6154c4a3c46701a092952d021ef82 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b005019800000004616030100410100003d030144294391e4b90042d8267e308d211edaacb81edba9e9d006c990fbb5688a87ae00001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x81443eb638857b7d502e43b65585e85e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 rlm_eap: EAP packet type response id 11 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 14 to 172.18.251.101 port 20456 EAP-Message = 0x010c03ee19c0000006af160301004a020000460301442943d77f7d9d36b1f871da1349572bb879667447ca41bcd3e731806484a1fd20a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b8800040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6 Finished request 10 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20457, id=15, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x71e011a08cc827f9fb83ce4e2c6c0fa6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020c00061900 Message-Authenticator = 0x414515df20242ea5466fb3e69f60830b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 rlm_eap: EAP packet type response id 12 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 15 to 172.18.251.101 port 20457 EAP-Message = 0x010d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x22e8cc4cb36b4b466039f940c1949a64 Finished request 11 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20458, id=16, length=348 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x22e8cc4cb36b4b466039f940c1949a64 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020d00c01980000000b6160301008610000082008036af7754e77c6abb07461769945991d7fa6ff009390cf14c1ac60c17ab0f99100457696bbf239a6364bce049d00300c5bdcba7a595dbbd44ca238f9a30e8a0ed4cfc9b70902a448ccd37c42ed763a58c6ebac68bf05daaf4274f90f399a66228ff16a1cf341962df328735117ec39b293db78bf154e0d729ae7de799a5257a8b1403010001011603010020acca8cf619a568355f55042b6b63f55bf75e71b8556d22a98128e02b76d6bf33 Message-Authenticator = 0x2f8f571838c46c8e220f8c427bb62d61 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 rlm_eap: EAP packet type response id 13 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 modcall: leaving group authorize (returns updated) for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 12 modcall: leaving group authenticate (returns handled) for request 12 Sending Access-Challenge of id 16 to 172.18.251.101 port 20458 EAP-Message = 0x010e003119001403010001011603010020538b404830b7626241e73023c3481089bcb745935e1a87d70a07306ee4ef5b5f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x922d6bc463165090d03b4ebb3a04c243 Finished request 12 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20459, id=17, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x922d6bc463165090d03b4ebb3a04c243 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020e00061900 Message-Authenticator = 0x0363020fb7079adf3733134cd56780b0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 rlm_eap: EAP packet type response id 14 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 Sending Access-Challenge of id 17 to 172.18.251.101 port 20459 EAP-Message = 0x010f002019001703010015b9c346ac5589ce348dc831b3045da67715f06e116d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80d26d2b5771117f089d50dbd0c186a7 Finished request 13 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20460, id=18, length=198 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x80d26d2b5771117f089d50dbd0c186a7 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020f002a1900170301001f2a0d362ea93bcf666c36de8e81ef412ca4291ac21d909692799fbee14f769d Message-Authenticator = 0xce8f4d77be356287f155846ab659406d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 rlm_eap: EAP packet type response id 15 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CHRT\jpbrunain rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of CHRT\jpbrunain PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CHRT\jpbrunain Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 rlm_eap: EAP packet type response id 15 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 14 modcall: leaving group authenticate (returns handled) for request 14 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 14 modcall: leaving group authenticate (returns handled) for request 14 Sending Access-Challenge of id 18 to 172.18.251.101 port 20460 EAP-Message = 0x0110003f19001703010034f161b5d813faa4725b1c6ec2bd3c43f8c12464b5e04a1006d8867596d879df1ab2967449bc0acd071f366b794c6e7c0791bc46be Message-Authenticator = 0x00000000000000000000000000000000 State = 0x852c958213278c063a659f68a55c7088 Finished request 14 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20461, id=19, length=252 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x852c958213278c063a659f68a55c7088 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02100060190017030100553d1214b66fde907d54fdb5704e84a60f00090bd0ef2890fa62421ca3734188f9ace62392b8ecefa5b39e1987411025b16cd1ab1a24afcc40447dc82ab09744f230c8ed8d7be905d26fcb08d7fb57fccdc4c383f1ec Message-Authenticator = 0x414433b19a8188e7f32a13f5a43fb8b6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 rlm_eap: EAP packet type response id 16 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 modcall: leaving group authorize (returns updated) for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CHRT\jpbrunain PEAP: Adding old state with 3f ca Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 rlm_eap: EAP packet type response id 16 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 modcall: leaving group authorize (returns updated) for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 15 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 03 rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2' Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=d8a9272386722a12 --nt-response=db063bdf850cff582568f32a83da83315bac0a1c2adc19a2 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 15 modcall: leaving group MS-CHAP (returns reject) for request 15 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 15 modcall: leaving group authenticate (returns reject) for request 15 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 15 modcall: leaving group authenticate (returns handled) for request 15 Sending Access-Challenge of id 19 to 172.18.251.101 port 20461 EAP-Message = 0x011100261900170301001bae6c352b3d9c79275a20cddcf2e57dee34c7c51f06104bb90f377c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3aacd993356b12d976db330a090b4527 Finished request 15 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20462, id=20, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x3aacd993356b12d976db330a090b4527 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624 Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 16 rlm_eap: EAP packet type response id 17 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 16 modcall: leaving group authorize (returns updated) for request 16 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 16 modcall: leaving group authenticate (returns invalid) for request 16 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 16 for 1 seconds Finished request 16 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20463, id=20, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x3aacd993356b12d976db330a090b4527 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624 Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 17 rlm_eap: EAP packet type response id 17 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 17 modcall: leaving group authorize (returns updated) for request 17 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 17 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 17 modcall: leaving group authenticate (returns invalid) for request 17 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 17 for 1 seconds Finished request 17 Going to the next request --- Walking the entire request list --- Sending Access-Reject of id 20 to 172.18.251.101 port 20462 EAP-Message = 0x04110004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 20 to 172.18.251.101 port 20463 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20464, id=20, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x3aacd993356b12d976db330a090b4527 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021100261900170301001b808735cc8582e876059ea1ecd775fa0310df9eedc79b92fce15624 Message-Authenticator = 0xa3ce528c6e968f3fc23d4c087dc52c30 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 18 rlm_eap: EAP packet type response id 17 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 18 modcall: leaving group authorize (returns updated) for request 18 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 18 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 18 modcall: leaving group authenticate (returns invalid) for request 18 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 18 for 1 seconds Finished request 18 Going to the next request Cleaning up request 9 ID 13 with timestamp 442943d7 Cleaning up request 10 ID 14 with timestamp 442943d7 Cleaning up request 11 ID 15 with timestamp 442943d7 Cleaning up request 12 ID 16 with timestamp 442943d7 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 13 ID 17 with timestamp 442943d8 Cleaning up request 14 ID 18 with timestamp 442943d8 Cleaning up request 15 ID 19 with timestamp 442943d8 Cleaning up request 16 ID 20 with timestamp 442943d8 Sending Access-Reject of id 20 to 172.18.251.101 port 20464 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 17 ID 20 with timestamp 442943da Waking up in 2 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20465, id=21, length=157 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0212001301434852545c6a706272756e61696e Message-Authenticator = 0x103c1d9b52a3f14e61de997e0575d2bb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 19 rlm_eap: EAP packet type response id 18 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 19 modcall: leaving group authorize (returns updated) for request 19 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 19 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 19 modcall: leaving group authenticate (returns handled) for request 19 Sending Access-Challenge of id 21 to 172.18.251.101 port 20465 EAP-Message = 0x011300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f Finished request 19 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20466, id=22, length=268 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x7cb6dc3577c9b15dff7c266ae6cbb50f NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0213007019800000006616030100610100005d03014429439badcc7ddf0ce12e4247b275210ae294c4733a77b6bfc2fcecb9aaef5420a5d96179c38951d782b81b82a4462fa81dc7f78b268f221d83fa68c54a687b88001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x9515f46c42517aeeb8150569aac6d49f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 20 rlm_eap: EAP packet type response id 19 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 20 modcall: leaving group authorize (returns updated) for request 20 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 20 modcall: leaving group authenticate (returns handled) for request 20 Sending Access-Challenge of id 22 to 172.18.251.101 port 20466 EAP-Message = 0x011403ee19c0000006af160301004a020000460301442943e117b292931eccbd9bd3ff55e39319b003f5a6b17ae4443a29bd726d9320aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae600040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfbea7da3a4587e91b468a709f3f2007c Finished request 20 Going to the next request Cleaning up request 18 ID 20 with timestamp 442943dc Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20467, id=23, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xfbea7da3a4587e91b468a709f3f2007c NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021400061900 Message-Authenticator = 0xd5a7d0d0c5e010ad6c4cfc4dabcb6da6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 21 rlm_eap: EAP packet type response id 20 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 21 modcall: leaving group authorize (returns updated) for request 21 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 21 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 21 modcall: leaving group authenticate (returns handled) for request 21 Sending Access-Challenge of id 23 to 172.18.251.101 port 20467 EAP-Message = 0x011502d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd9f07414fa772228cad6a9d7d2bc2de5 Finished request 21 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20468, id=24, length=348 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xd9f07414fa772228cad6a9d7d2bc2de5 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021500c01980000000b61603010086100000820080308b48c8a794eed1bd11cc5f94f0b68937d1138dc95c7cbac72fece10a246cf464c67c3ffa363e267bc31b5ff117b9db169b7690c663e7b9fe7c2fcab67c221b444cecd19bafaa57928bd581be61d84d28d520b2a0926912e82854005e5e089baeccff7b8ff193df9fee5ec779cfa2e37aab68b291a38473958fcbb9550bb06e14030100010116030100203408da38252b9d8396b8962b7cafee82e7f92c02f5bc6ca3fb04c2974381a7dc Message-Authenticator = 0x31ac3dcc6cd07a2059b19089f1d7a619 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 22 rlm_eap: EAP packet type response id 21 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 22 modcall: leaving group authorize (returns updated) for request 22 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 22 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 22 modcall: leaving group authenticate (returns handled) for request 22 Sending Access-Challenge of id 24 to 172.18.251.101 port 20468 EAP-Message = 0x0116003119001403010001011603010020216a2fa917c56880e9d8bfb3ae50ff7a19c40bbed89bf78631000c061356b06a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe23dfb3b27929274e85f3a7e6d9cfe28 Finished request 22 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20469, id=25, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xe23dfb3b27929274e85f3a7e6d9cfe28 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021600061900 Message-Authenticator = 0xd855b1a4ed2987ead99e79efd43279bc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 23 rlm_eap: EAP packet type response id 22 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 23 modcall: leaving group authorize (returns updated) for request 23 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 23 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 23 modcall: leaving group authenticate (returns handled) for request 23 Sending Access-Challenge of id 25 to 172.18.251.101 port 20469 EAP-Message = 0x011700201900170301001541948caebfdb7bce995e12515e333e57835c6eb971 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3c43164879792e9ed60aa36fafed4e9d Finished request 23 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20470, id=26, length=198 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x3c43164879792e9ed60aa36fafed4e9d NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0217002a1900170301001f1065287fee5eb7343cb84c8dad2d4959249e5520f45fdb0c24de2d2e2dd21e Message-Authenticator = 0xcdd242f83636fb700f907a9e4dda2a14 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 24 rlm_eap: EAP packet type response id 23 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 24 modcall: leaving group authorize (returns updated) for request 24 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 24 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CHRT\jpbrunain rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of CHRT\jpbrunain PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CHRT\jpbrunain Processing the authorize section of radiusd.conf modcall: entering group authorize for request 24 rlm_eap: EAP packet type response id 23 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 24 modcall: leaving group authorize (returns updated) for request 24 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 24 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 24 modcall: leaving group authenticate (returns handled) for request 24 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 24 modcall: leaving group authenticate (returns handled) for request 24 Sending Access-Challenge of id 26 to 172.18.251.101 port 20470 EAP-Message = 0x0118003f1900170301003428f7e2f09ec64fefc7ccb1336e1e10440c21e04eacb8b716c2b3bc48dd8216df9ee97a081e3423b31653c6696cbc62601faaef94 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80997b6e9e8cb85758ca6d5fd1b74563 Finished request 24 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20471, id=27, length=252 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x80997b6e9e8cb85758ca6d5fd1b74563 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021800601900170301005550c4dd66b9b564842e95761b9f4a245fa8a7947974227fe090706e808e20f713d618b981a7123922835cf19c71371fe81af763c48d78366ba468bf9037820e7092cc06fb34c38253ff5135621c6f026ebee91a8b32 Message-Authenticator = 0xbfc073342d6935e06d672999f45885f2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 25 rlm_eap: EAP packet type response id 24 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 25 modcall: leaving group authorize (returns updated) for request 25 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 25 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CHRT\jpbrunain PEAP: Adding old state with 2f 78 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 25 rlm_eap: EAP packet type response id 24 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 25 modcall: leaving group authorize (returns updated) for request 25 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 25 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 25 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 13 rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7' Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c16a651e486770b1 --nt-response=743385f1790d9cfa13046f8771b488e7132022e9f61a3fc7 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 25 modcall: leaving group MS-CHAP (returns reject) for request 25 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 25 modcall: leaving group authenticate (returns reject) for request 25 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 25 modcall: leaving group authenticate (returns handled) for request 25 Sending Access-Challenge of id 27 to 172.18.251.101 port 20471 EAP-Message = 0x011900261900170301001b07fdaf03cc726ee647e6193f16f212aff7689a48545fdc3d15e590 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8d4d81c226bd7a23a7e7db1f5755e578 Finished request 25 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20472, id=28, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x8d4d81c226bd7a23a7e7db1f5755e578 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63 Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 26 rlm_eap: EAP packet type response id 25 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 26 modcall: leaving group authorize (returns updated) for request 26 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 26 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 26 modcall: leaving group authenticate (returns invalid) for request 26 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 26 for 1 seconds Finished request 26 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20473, id=28, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x8d4d81c226bd7a23a7e7db1f5755e578 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63 Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 27 rlm_eap: EAP packet type response id 25 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 27 modcall: leaving group authorize (returns updated) for request 27 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 27 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 27 modcall: leaving group authenticate (returns invalid) for request 27 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 27 for 1 seconds Finished request 27 Going to the next request --- Walking the entire request list --- Sending Access-Reject of id 28 to 172.18.251.101 port 20472 EAP-Message = 0x04190004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 28 to 172.18.251.101 port 20473 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20474, id=28, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x8d4d81c226bd7a23a7e7db1f5755e578 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021900261900170301001b5249447e06e4143f0c9b285f3d080ccbef9d2e58e3962386a55f63 Message-Authenticator = 0x91b167eca904ddf3f0e56225e98ee8ed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 28 rlm_eap: EAP packet type response id 25 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 28 modcall: leaving group authorize (returns updated) for request 28 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 28 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 28 modcall: leaving group authenticate (returns invalid) for request 28 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 28 for 1 seconds Finished request 28 Going to the next request Cleaning up request 19 ID 21 with timestamp 442943e1 Cleaning up request 20 ID 22 with timestamp 442943e1 Cleaning up request 21 ID 23 with timestamp 442943e1 Cleaning up request 22 ID 24 with timestamp 442943e1 Cleaning up request 23 ID 25 with timestamp 442943e1 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 24 ID 26 with timestamp 442943e2 Cleaning up request 25 ID 27 with timestamp 442943e2 Cleaning up request 26 ID 28 with timestamp 442943e2 Sending Access-Reject of id 28 to 172.18.251.101 port 20474 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 27 ID 28 with timestamp 442943e4 Waking up in 2 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20475, id=29, length=157 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021a001301434852545c6a706272756e61696e Message-Authenticator = 0x359cf0de67c0f2de228577278dc9a9ac Processing the authorize section of radiusd.conf modcall: entering group authorize for request 29 rlm_eap: EAP packet type response id 26 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 29 modcall: leaving group authorize (returns updated) for request 29 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 29 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 29 modcall: leaving group authenticate (returns handled) for request 29 Sending Access-Challenge of id 29 to 172.18.251.101 port 20475 EAP-Message = 0x011b00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x322a73669ca0f3ce4d6a252806e977cf Finished request 29 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20476, id=30, length=268 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x322a73669ca0f3ce4d6a252806e977cf NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021b007019800000006616030100610100005d0301442943a47bc0408ebf662e1ce92ace90b224ab5d85761ef3faee62e66845066920aba92a6f5549560e59df6a7a0d6873ba23769407c5344bf909b580c764e1bae6001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x3fd57f6dbcdb9276d10cb29cbb9b9263 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 30 rlm_eap: EAP packet type response id 27 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 30 modcall: leaving group authorize (returns updated) for request 30 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 30 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0652], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 30 modcall: leaving group authenticate (returns handled) for request 30 Sending Access-Challenge of id 30 to 172.18.251.101 port 20476 EAP-Message = 0x011c03ee19c0000006af160301004a020000460301442943ebdaeed985a32af2b02d303a5d06abb4a1c17be7afe36d180edb1aaa6420aad5ac3d9732b6835975855c46600869cc5aedbdf3a281341efedf3294f5a54200040016030106520b00064e00064b0002b1308202ad30820216a003020102020900c48e87806e83ce9c300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303034315a170d3036313232323134303034315a308189310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f726361733110300e06035504031307746f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d00308189028181009a396fa1967f63a50b0c85235ce738cd4a5e EAP-Message = 0xacf680596bb9b949bb1f210faefd22257423235475c4ede408584c502b20293709aaf874d082cdc03d10c70228f3608a1937d7941caa84b9526d9621fe17b147aa2b5ca2fc2a4dcb6f03ddb1a73667ad753c373272a7baa58f7f8cbb6f2e1de78919f848fa645c68c027bfb1ca1b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181009cdd20fc50cfa23977089483aa462feb509d124981ffe344d374d229e6f5062121ad0e0a26fbad12819783a9c3e159c6c5536386abd4a781394d15bc4c83b16d3b65b28354e54bc4146cadd9e243f3093122f8fbed381ca5adc4e987cd55 EAP-Message = 0xcc771630f5f44753a1827cb79f8e08e0ba60db7e4fac21e3cef376de8dbdeccdcdb600039430820390308202f9a003020102020900c48e87806e83ce9b300d06092a864886f70d010104050030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265301e170d3035313232323134303031375a170d3135313232313134 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1dce43f93c3fe1a1312dfd06a97f59d4 Finished request 30 Going to the next request Cleaning up request 28 ID 28 with timestamp 442943e6 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20477, id=31, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x1dce43f93c3fe1a1312dfd06a97f59d4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021c00061900 Message-Authenticator = 0xfd07ee2ad5595e1e4187ef653fefd0c6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 31 rlm_eap: EAP packet type response id 28 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 31 modcall: leaving group authorize (returns updated) for request 31 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 31 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 31 modcall: leaving group authenticate (returns handled) for request 31 Sending Access-Challenge of id 31 to 172.18.251.101 port 20477 EAP-Message = 0x011d02d11900303031375a30818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e61693123302106092a864886f70d0109011614737570706f7274406368746f75726e61692e626530819f300d06092a864886f70d010101050003818d0030818902818100dd5bbb8d451dbb17d946039e0792153c19edf69214a4ad473e1c09c4b176931a90f1d1c6798c27950cad44f7953c6d49e141d8a99c72813c7ddf60c93a4185ea83edcfea35 EAP-Message = 0xef529c12a9aa8508780229ccbd7d86654b95346025a311d9637874366ca3aed4d92be2561a9e0d90b0a717754f733eacba7956503f6dc8d08ee4b90203010001a381f53081f2301d0603551d0e04160414266badc1732c2db07788e4b0db0d53b99280e9b53081c20603551d230481ba3081b78014266badc1732c2db07788e4b0db0d53b99280e9b5a18193a4819030818d310b30090603550406130242453111300f060355040813084861696e61756c743110300e06035504071307546f75726e6169310d300b060355040a130443485254310f300d060355040b1306446f72636173311430120603550403130b43485220546f75726e6169312330 EAP-Message = 0x2106092a864886f70d0109011614737570706f7274406368746f75726e61692e6265820900c48e87806e83ce9b300c0603551d13040530030101ff300d06092a864886f70d01010405000381810052dbf6414ff0dacce9487549cf0f933d67601b7404ad0568f2112d7548a998b96fdf3c4c8b0e8764a5dca69f23e87b2b41101d2a0e103b2f92ee3158bb0c0db62f97b29dc11ddab0b7eba1d026022ff7be35bd0c64aa2d487a0aef3e6c39d3e837cb8214f0b254fd085ec89faad6b66ad5e41eeefa04ca2256947c2ad4e4654116030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x69176e87a3e323e5cd7165fa76a14333 Finished request 31 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20478, id=32, length=348 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x69176e87a3e323e5cd7165fa76a14333 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021d00c01980000000b616030100861000008200807ab61726a8f7e95c6b192e9fe405e146fad8bf30e4a54b3b2705dc9b6baf84ec6627698647c430466def3fab192865ac5a8e5187e9f945e5ef8c0596b04f02475f7b4b7267c3be0f10c2df4d3fb8e559cff58fe3dcbe78b0ba5f52f02ae92c300a3cd3b04363caaf16da2b2304f36976914b7a0177d59120faa03836cb14480e14030100010116030100205928d3fc004fb057ef1e1dfd3a4b1b305ca9e246abac357799c9a36ef8ded3bc Message-Authenticator = 0x383f85d64c9aec75a69bf89c323f6e53 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 32 rlm_eap: EAP packet type response id 29 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 32 modcall: leaving group authorize (returns updated) for request 32 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 32 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 32 modcall: leaving group authenticate (returns handled) for request 32 Sending Access-Challenge of id 32 to 172.18.251.101 port 20478 EAP-Message = 0x011e003119001403010001011603010020dd76265ab54e8b6ce1962314a32241d9f5275ad5eb4612be85237d0a9a036a36 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3fa40ecd9420b456866dc141b7cb427b Finished request 32 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20479, id=33, length=162 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x3fa40ecd9420b456866dc141b7cb427b NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021e00061900 Message-Authenticator = 0x467019c438198219aae15ecfc44eddee Processing the authorize section of radiusd.conf modcall: entering group authorize for request 33 rlm_eap: EAP packet type response id 30 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 33 modcall: leaving group authorize (returns updated) for request 33 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 33 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 33 modcall: leaving group authenticate (returns handled) for request 33 Sending Access-Challenge of id 33 to 172.18.251.101 port 20479 EAP-Message = 0x011f002019001703010015e09f6c2c955acf6b83998832c94f879a67d16479d8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6 Finished request 33 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20480, id=34, length=198 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0xc78b1c26eb8e049a1ba6fca65ad5fbd6 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x021f002a1900170301001f8ca91d215ea2959c27a4f7d471e20b24dd243c1feef109ece18b8bccfba33d Message-Authenticator = 0xbac1a462b2a82798eb178b317fe72db0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 34 rlm_eap: EAP packet type response id 31 length 42 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 34 modcall: leaving group authorize (returns updated) for request 34 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 34 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CHRT\jpbrunain rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of CHRT\jpbrunain PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CHRT\jpbrunain Processing the authorize section of radiusd.conf modcall: entering group authorize for request 34 rlm_eap: EAP packet type response id 31 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 34 modcall: leaving group authorize (returns updated) for request 34 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 34 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 34 modcall: leaving group authenticate (returns handled) for request 34 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 34 modcall: leaving group authenticate (returns handled) for request 34 Sending Access-Challenge of id 34 to 172.18.251.101 port 20480 EAP-Message = 0x0120003f1900170301003459a241cac39875b281b420941ede68b48bae3f2f6494d1771830412f9ee6f6a309c8ea2c4a49d9b85bda83e3dfa8c48d44f846bd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5ee3922d6bc46316c899f122df145e63 Finished request 34 Going to the next request Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20481, id=35, length=252 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x5ee3922d6bc46316c899f122df145e63 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022000601900170301005541c6c18fcff5d5bec63f9a4d02fc99cef8c88746cb5c581e4b8b33cd3a79fa574dcfdce7c6d2304e7e4b83e638803f2081e21164cbd4a9aab51e126fd6d4e6b91f0cf8875e9628f4c8c7e0a23ad4722455b97fbb17 Message-Authenticator = 0x5d4a41e23f2d28e2b1faa27af7fc79bb Processing the authorize section of radiusd.conf modcall: entering group authorize for request 35 rlm_eap: EAP packet type response id 32 length 96 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 35 modcall: leaving group authorize (returns updated) for request 35 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 35 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CHRT\jpbrunain PEAP: Adding old state with 22 e8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 35 rlm_eap: EAP packet type response id 32 length 73 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 35 modcall: leaving group authorize (returns updated) for request 35 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 35 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 35 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? rlm_mschap: Told to do MS-CHAPv2 for CHRT\jpbrunain with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 4a rlm_mschap: NT Domain delimeter found, should we have enabled with_ntdomain_hack? radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9' Exec-Program: /usr/local/bin/ntlm_auth --request-nt-key --username=jpbrunain --domain=CHRT --challenge=c287b8317efc5b94 --nt-response=3059749bcd8c5d3ccdf15aefc7d11627784ba0f0bbe580e9 Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 35 modcall: leaving group MS-CHAP (returns reject) for request 35 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 35 modcall: leaving group authenticate (returns reject) for request 35 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 35 modcall: leaving group authenticate (returns handled) for request 35 Sending Access-Challenge of id 35 to 172.18.251.101 port 20481 EAP-Message = 0x012100261900170301001b8d7866547bb9857c550a9a8324a37bc33f3d10274012c2e0d6800c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x80d26d2b5771117f704883beae4915d8 Finished request 35 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20482, id=36, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x80d26d2b5771117f704883beae4915d8 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 36 rlm_eap: EAP packet type response id 33 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 36 modcall: leaving group authorize (returns updated) for request 36 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 36 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 36 modcall: leaving group authenticate (returns invalid) for request 36 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 36 for 1 seconds Finished request 36 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20483, id=36, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x80d26d2b5771117f704883beae4915d8 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 37 rlm_eap: EAP packet type response id 33 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 37 modcall: leaving group authorize (returns updated) for request 37 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 37 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 37 modcall: leaving group authenticate (returns invalid) for request 37 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 37 for 1 seconds Finished request 37 Going to the next request --- Walking the entire request list --- Sending Access-Reject of id 36 to 172.18.251.101 port 20482 EAP-Message = 0x04210004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 36 to 172.18.251.101 port 20483 Waking up in 1 seconds... rad_recv: Access-Request packet from host 172.18.251.101:20484, id=36, length=194 User-Name = "CHRT\\jpbrunain" NAS-IP-Address = 172.18.251.101 Called-Station-Id = "00:A0:F8:E6:63:0C" Calling-Station-Id = "00:14:A5:2E:AF:B8" NAS-Identifier = "WS5000" Vendor-388-Attr-2 = 0x43485254 NAS-Port = 29 Framed-MTU = 1000 State = 0x80d26d2b5771117f704883beae4915d8 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x022100261900170301001be0469cf8f213f1db334c60e9c01a144dbac67e86744c4c424ac83a Message-Authenticator = 0x3a127848b540c2f16fd2ef073aba6517 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 38 rlm_eap: EAP packet type response id 33 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 38 modcall: leaving group authorize (returns updated) for request 38 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 38 rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 38 modcall: leaving group authenticate (returns invalid) for request 38 auth: Failed to validate the user. Login incorrect: [CHRT\\jpbrunain/<no User-Password attribute>] (from client WS5100 port 29 cli 00:14:A5:2E:AF:B8) Delaying request 38 for 1 seconds Finished request 38 Going to the next request Cleaning up request 29 ID 29 with timestamp 442943eb Cleaning up request 30 ID 30 with timestamp 442943eb Cleaning up request 31 ID 31 with timestamp 442943eb Cleaning up request 32 ID 32 with timestamp 442943eb Cleaning up request 33 ID 33 with timestamp 442943eb Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 34 ID 34 with timestamp 442943eb Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 35 ID 35 with timestamp 442943ec Cleaning up request 36 ID 36 with timestamp 442943ec Sending Access-Reject of id 36 to 172.18.251.101 port 20484 Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 37 ID 36 with timestamp 442943ee Waking up in 2 seconds...