Hi Alan, this is complete log captured using: s8860ru01:/# radiusd -X -A -y -z > /a.txt ##################################LOG OUTPUT Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc//raddb/proxy.conf Config: including file: /etc//raddb/clients.conf Config: including file: /etc//raddb/snmp.conf Config: including file: /etc//raddb/eap.conf Config: including file: /etc//raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" pap: auto_header = yes Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = no mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc//raddb/certs/cert-srv.pem" tls: certificate_file = "/etc//raddb/certs/cert-srv.pem" tls: CA_file = "/etc//raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/etc//raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = yes rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc//raddb/huntgroups" preprocess: hints = "/etc//raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (auth_log) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc//raddb/users" files: acctusersfile = "/etc//raddb/acct_users" files: preproxy_usersfile = "/etc//raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.134.64.199:1231, id=140, length=114 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020100110152454641505c646164666839 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 Message-Authenticator = 0x64ee87ca05f11e052253303cce5d3bfa Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 0 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 140 to 10.134.64.199 port 1231 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x3ee82f6d2fee661c1d6e3e1125156a45 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1232, id=141, length=195 User-Name = "REFAP\\dadfh9" EAP-Message = 0x0202005019800000004616030100410100003d030146cc7753fbcbfe623b08a80f7f24893612d45b8a726bbd929be16c29591239ae00001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x3ee82f6d2fee661c1d6e3e1125156a45 Message-Authenticator = 0x0da53d7bb6c10baef39a6c73d730f3a5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 1 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 141 to 10.134.64.199 port 1232 EAP-Message = 0x0103040a19c0000006f1160301004a02000046030146cc7712088010763c5bfd59a7b0138caef15e0bd1518f5ab2473360c0bae7652096977cfe243bf7b430cf5c0d3b53369be5a25c1919d0bfc5c59d9d95c9ffcc8600040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2158b4d0bcc2b9833607168102b810e4 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1233, id=142, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020300061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x2158b4d0bcc2b9833607168102b810e4 Message-Authenticator = 0xa4acb09c7aaeeb7dc6885fafa64cbd24 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 2 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 142 to 10.134.64.199 port 1233 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbea918a7aabdf863b0a8993a986bc0e4 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1234, id=143, length=307 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020400c01980000000b616030100861000008200809ee2532b93d4da0634c2e5605ef1cb3590b28aaa22866a7998a8ef6371b3899e388bfd93ee762155dc589e49c24c10bcc4d41b816e64e1c3e986e3d8b49df98d8b1777527f7e0a4aef44f25af41bf0f3144ed63c8c58155ca3e0fa8c76fe923c1817fd90566ee266303c882928d29b9a1e4f89df2b7cae485c142073cd1797ad1403010001011603010020bd72885ee934038184a2c93d2bf4d4d949f78016c057ed4265191cb1e9c98d0a NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xbea918a7aabdf863b0a8993a986bc0e4 Message-Authenticator = 0xe6244a3e7361d383effe5defe1afc2c2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 3 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 143 to 10.134.64.199 port 1234 EAP-Message = 0x0105003119001403010001011603010020f0b8cf98244b41915628735161c48a0be0938ebd00b6460d3c407c61356e814e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4a10edb13b1e99b184ee9d866914014d Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1235, id=144, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020500061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x4a10edb13b1e99b184ee9d866914014d Message-Authenticator = 0x33fe552a2d6f1e71067200905580db49 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 4 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 144 to 10.134.64.199 port 1235 EAP-Message = 0x01060020190017030100151b9bba790bfc7b5a0f7f9fe40c0234b9db22e5ce97 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe8ece2a915c6e5e3ba1070753b175b3d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1236, id=144, length=155 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020600281900170301001de4c747c0136bc59e625986a9cb00d7ef95af7d9eef6e6ae9ea5e87f869 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xe8ece2a915c6e5e3ba1070753b175b3d Message-Authenticator = 0xaf70a7e892f4fc656fab1d44702cb005 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 40 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - REFAP\dadfh9 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of REFAP\dadfh9 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to REFAP\dadfh9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 5 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 144 to 10.134.64.199 port 1236 EAP-Message = 0x0107003d19001703010032c915aa440c2e2a3127c590e7fddd30ad922e0f337d203f8695235332cfef983f94b3d44731e8e3806795f729676a6d09e040 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe7aa2703e6e5c01128cb6c5fd950f698 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1237, id=148, length=209 User-Name = "REFAP\\dadfh9" EAP-Message = 0x0207005e19001703010053e374d07dc1833544683a655c1259cbcd80f7596615b8464ce3855b496d435f781253b7f262c9f72e61ed10c31d4e20cd4040c79ae5e4f4594004ea45dca2a827d98c062895d3fa64aacbcd38fb7578fbcd99f0 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xe7aa2703e6e5c01128cb6c5fd950f698 Message-Authenticator = 0xd77264e71400d5b0c2c35efa96350132 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 94 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to REFAP\dadfh9 PEAP: Adding old state with d6 06 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 6 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=REFAP' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=dadfh9' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 64 radius_xlat: '--challenge=15e8193f70a261c9' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=b5064e14567ab057f0757ee512947c1a900138564585ef02' Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 6 modcall: leaving group MS-CHAP (returns reject) for request 6 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 6 modcall: leaving group authenticate (returns reject) for request 6 auth: Failed to validate the user. Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [REFAP\\dadfh9/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 148 to 10.134.64.199 port 1237 EAP-Message = 0x010800261900170301001bcf8d0672eb86e1390bc935e52c899b3e0cbd1b49c5ba9bca909ef9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2f3bcebbb17b2644f32476024092b306 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020800261900170301001b9cb6b011625874f25a5fdcac815e8d2c7d78bdd9da37463a84b443 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x2f3bcebbb17b2644f32476024092b306 Message-Authenticator = 0x932f129f85d86526c0a18904abfa5700 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 7 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 7 modcall: leaving group authenticate (returns invalid) for request 7 auth: Failed to validate the user. Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51) Delaying request 7 for 1 seconds Finished request 7 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1238, id=154, length=153 Sending Access-Reject of id 154 to 10.134.64.199 port 1238 EAP-Message = 0x04080004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 140 with timestamp 46cc7712 Cleaning up request 1 ID 141 with timestamp 46cc7712 Cleaning up request 2 ID 142 with timestamp 46cc7712 Cleaning up request 3 ID 143 with timestamp 46cc7712 Cleaning up request 4 ID 144 with timestamp 46cc7712 Cleaning up request 5 ID 144 with timestamp 46cc7712 Cleaning up request 6 ID 148 with timestamp 46cc7712 Cleaning up request 7 ID 154 with timestamp 46cc7712 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.134.64.199:1239, id=28, length=114 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020900110152454641505c646164666839 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 Message-Authenticator = 0x42ef55b0cada8e2df184805730ad3d21 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 8 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 28 to 10.134.64.199 port 1239 EAP-Message = 0x010a00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe945fb09221bc1b56c94cc9e4e61fe2c Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1240, id=29, length=195 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020a005019800000004616030100410100003d030146cc779232905d520a55772234cc390b5f45501c504e1972b0a83d6c54dddc7c00001600040005000a000900640062000300060013001200630100 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xe945fb09221bc1b56c94cc9e4e61fe2c Message-Authenticator = 0x1d38884f1ead6144e8d25f9598efc415 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 10 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 9 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 9 modcall: leaving group authenticate (returns handled) for request 9 Sending Access-Challenge of id 29 to 10.134.64.199 port 1240 EAP-Message = 0x010b040a19c0000006f1160301004a02000046030146cc7751fa7cf1895d52c458aee1a930b97ed6c240c8df092af6c0a65c4ca6de208d16fcaab5ecfdd66838f59215ea84da9e541cbc8e052afb2ac6bf9f941c925a00040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9 Finished request 9 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1241, id=30, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020b00061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xcfff382af11a4eb4cd0bbb0b22f7b0f9 Message-Authenticator = 0x736ad43a6b7dfd5b67c91b812d56407f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: EAP packet type response id 11 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 10 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 10 modcall: leaving group authorize (returns updated) for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: leaving group authenticate (returns handled) for request 10 Sending Access-Challenge of id 30 to 10.134.64.199 port 1241 EAP-Message = 0x010c02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf5f1c97139e76c166e21dc751f687f0f Finished request 10 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1242, id=31, length=307 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020c00c01980000000b6160301008610000082008041558fe660bc2c671521e47a8154f66dfa3fc01171b954247f3326929ef9900d9281461b022bb0423abb4e6860b6a5bd36d15106e33f8f2a0a10970f97060feba5825d97cc7e95b1dc60b1cc5a8d5db6adc40007108a6e7ce0e2e6be1e5b7509d22a867e8e35c42958d93340902f81bfdaeb9012b5b7edd717a8bb4ab02b7672140301000101160301002077663a2d7fda9ad37ecb1eaf8bdfc6e6df8ded51a2c1321df23bcf4b0486ff01 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xf5f1c97139e76c166e21dc751f687f0f Message-Authenticator = 0xc04b7361c1950cfd4213d9ed16787720 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 11 modcall[authorize]: module "chap" returns noop for request 11 modcall[authorize]: module "mschap" returns noop for request 11 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: EAP packet type response id 12 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 11 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 11 modcall: leaving group authorize (returns updated) for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 11 modcall: leaving group authenticate (returns handled) for request 11 Sending Access-Challenge of id 31 to 10.134.64.199 port 1242 EAP-Message = 0x010d0031190014030100010116030100201c8d9b8ad5818a4c6a49d4f43f98f9d926aeda09d631c176346cd3bf2cc2d2d3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa616bdeb300012fec81b590d8e9c156c Finished request 11 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1243, id=32, length=121 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020d00061900 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xa616bdeb300012fec81b590d8e9c156c Message-Authenticator = 0x0fc823d3dfcfaeed8d649191c26ab9ed Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 12 modcall[authorize]: module "chap" returns noop for request 12 modcall[authorize]: module "mschap" returns noop for request 12 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: EAP packet type response id 13 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 12 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 12 modcall: leaving group authorize (returns updated) for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 12 modcall: leaving group authenticate (returns handled) for request 12 Sending Access-Challenge of id 32 to 10.134.64.199 port 1243 EAP-Message = 0x010e002019001703010015a7a70786afd4df2fa7add3e8d9b41ae224d8a8ea2d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xaea351ba290828f9c75a7ae236deb40f Finished request 12 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1244, id=32, length=155 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020e00281900170301001d41f9fbd7579322722231d0314b1b43136a5e79063d7e4a9fa29933e02f NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0xaea351ba290828f9c75a7ae236deb40f Message-Authenticator = 0x5e9bf8656a4e1d80d941bd7bc4fb03da Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 14 length 40 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 13 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - REFAP\dadfh9 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of REFAP\dadfh9 PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to REFAP\dadfh9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 14 length 17 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 13 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 13 modcall: leaving group authorize (returns updated) for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 13 modcall: leaving group authenticate (returns handled) for request 13 Sending Access-Challenge of id 32 to 10.134.64.199 port 1244 EAP-Message = 0x010f003d19001703010032d88462194552c8140367279b03f82b35860abd3f9d3726dcfb4b95dc0c8c0964dbace7a64958ec014c16179769192a414471 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x727e8ea1a49d7e5724e9253092b7cd0f Finished request 13 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1245, id=34, length=209 User-Name = "REFAP\\dadfh9" EAP-Message = 0x020f005e190017030100536f0a05d9545bda21e58c148072ddb40474a6b9f5fadb7dc1c6647ee4e28c6e7aa6fd2f03ba79f2c6a3e98fe72dd4e318e3fdb2e224c66ed7b375088527088c3ef9dc8e1870cc8bd463af305aa9e98ce4c5ed52 NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x727e8ea1a49d7e5724e9253092b7cd0f Message-Authenticator = 0x478879902f7819c3e711f04915dd4ff5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 15 length 94 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 14 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to REFAP\dadfh9 PEAP: Adding old state with f3 a0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 15 length 71 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 14 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 14 modcall: leaving group authorize (returns updated) for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 14 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for dadfh9 with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: '--domain=REFAP' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: '--username=dadfh9' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: f6 radius_xlat: '--challenge=4f8b745b654820d4' radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '--nt-response=95d375f0bae9b0ae4089d5561975162f8be08a90138e6c46' Exec-Program output: Logon failure (0xc000006d) Exec-Program-Wait: plaintext: Logon failure (0xc000006d) Exec-Program: returned: 1 rlm_mschap: External script failed. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect modcall[authenticate]: module "mschap" returns reject for request 14 modcall: leaving group MS-CHAP (returns reject) for request 14 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 14 modcall: leaving group authenticate (returns reject) for request 14 auth: Failed to validate the user. Login incorrect (rlm_mschap: Logon failure (0xc000006d)): [REFAP\\dadfh9/<no User-Password attribute>] (from client localhost port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE modcall[authenticate]: module "eap" returns handled for request 14 modcall: leaving group authenticate (returns handled) for request 14 Sending Access-Challenge of id 34 to 10.134.64.199 port 1245 EAP-Message = 0x011000261900170301001ba8de1ddcb8721c35a977e24b46480db3ddf09233dc88a1db9165fe Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6603b9e60c00ae9c6e5e7c74b3752c55 Finished request 14 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153 User-Name = "REFAP\\dadfh9" EAP-Message = 0x021000261900170301001bfd56ee2848408240c537d973f4254806d8af9eefd4937c652bfd2b NAS-IP-Address = 10.134.64.199 Service-Type = Login-User Calling-Station-Id = "00-0f-ea-21-ee-51" NAS-Port-Type = Ethernet NAS-Port = 16 State = 0x6603b9e60c00ae9c6e5e7c74b3752c55 Message-Authenticator = 0x85a7dee1fb2004dabcb8f13021ce71b5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 radius_xlat: '/usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/10.134.64.199/auth-detail-20070822 modcall[authorize]: module "auth_log" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_realm: No '@' in User-Name = "REFAP\dadfh9", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: EAP packet type response id 16 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 users: Matched entry DEFAULT at line 153 modcall[authorize]: module "files" returns ok for request 15 rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. modcall[authorize]: module "pap" returns noop for request 15 modcall: leaving group authorize (returns updated) for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 15 modcall: leaving group authenticate (returns invalid) for request 15 auth: Failed to validate the user. Login incorrect: [REFAP\\dadfh9/<no User-Password attribute>] (from client 10.134.64.199 port 16 cli 00-0f-ea-21-ee-51) Delaying request 15 for 1 seconds Finished request 15 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.134.64.199:1246, id=52, length=153 Sending Access-Reject of id 52 to 10.134.64.199 port 1246 EAP-Message = 0x04100004 Message-Authenticator = 0x00000000000000000000000000000000 --- Walking the entire request list --- Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 28 with timestamp 46cc7751 Cleaning up request 9 ID 29 with timestamp 46cc7751 Cleaning up request 10 ID 30 with timestamp 46cc7751 Cleaning up request 11 ID 31 with timestamp 46cc7751 Cleaning up request 12 ID 32 with timestamp 46cc7751 Cleaning up request 13 ID 32 with timestamp 46cc7751 Cleaning up request 14 ID 34 with timestamp 46cc7751 Cleaning up request 15 ID 52 with timestamp 46cc7751 Nothing to do. Sleeping until we see a request. -- Alexsander A. Rodrigues Se você tivesse que identificar, em uma palavra, a razão pela qual a raça humana ainda não atingiu (e nunca atingirá) todo o seu potencial, essa palavra seria "REUNIÕES". L.F.V. http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=413267