What freeradius version is this? Why don't you upgrade to current version where PEAP works with default configuration with test certifictes that are made during install? Once you check that's working, replace them with your certificates and you will know if certificates are the problem. Ivan Kalik Kalik informatika ISP Dana 21/4/2008, "David Hláčik" <david@hlacik.eu> piše:
Hi, becouse for a period of time i was not able to add to my working MSCHAPv2 for PPTPD with ldap radius configuration , i have copied a fresh new radius configuration files and tried to configure just a simple eap/peap for my wireless router. I have CentOS 5.1 , but basically i have followed this howto http://ubuntuforums.org/showthread.php?t=478804 I have my own CA , and my own server certificate , with X509 xpextension support configured. I have installed as a trusted root CA certificate in my Windows Vista SP1 Client computer, i am using simple testuser with Secret149 password defined in users file, but it still not works and complains about certificates. My windows vista wirelless connection manager is showing my server certificate as correct. This is log file
Thanks!
D.
[root@sx2 raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib64" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib64 Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "/etc/shadow" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/pki/wireless/server_key.pem" tls: certificate_file = "/etc/pki/wireless/server_cert.pem" tls: CA_file = "/etc/pki/wireless/cacert.pem" tls: private_key_password = "Pln192" tls: dh_file = "/etc/pki/wireless/dh" tls: random_file = "/etc/pki/wireless/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.123.42.11:3076, id=112, length=165 User-Name = "boss" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000901626f7373 Message-Authenticator = 0x79fd10c2a79dd35bc6304d53524675e8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "boss", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 0 length 9 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 112 to 10.123.42.11 port 3076 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x352e94993bcbb8a4249d7264d82f1829 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3076, id=113, length=283 User-Name = "boss" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020100731980000000691603010064010000600301480cdacd6b3c5cf0b29cac484d2b3b6ec171038c6b943dd64181cfcd84fe6899000018002f00350005000ac009c00ac013c01400320038001300040100001f000000090007000004626f7373000a00080006001700180019000b00020100 State = 0x352e94993bcbb8a4249d7264d82f1829 Message-Authenticator = 0xd9e69c4f8fee707fadc9cb90c69bfea5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "boss", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 1 length 115 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0064], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 113 to 10.123.42.11 port 3076 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0102040a19c0000006a8160301004a020000460301480cdad46cd0e36489634b6d7e50a951e4b51c278c2dc04609fe3430936ddfbe20066fab6cce937dafb55c9c32a513910ca741e5ba99623744e649777ac10fc3c5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06 EAP-Message = 0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5 EAP-Message = 0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae EAP-Message = 0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a EAP-Message = 0x308189310b300906035504061302435a311730150603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3076, id=114, length=174 User-Name = "boss" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061900 State = 0xc5438c3f67d8fc170bfdecf1c6cb04cc Message-Authenticator = 0x3e96daba715db87f39916db1695d2563 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "boss", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 114 to 10.123.42.11 port 3076 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da EAP-Message = 0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82 EAP-Message = 0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x76d7c4e6f67f926686a5dc4693c1d6e0 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3076, id=115, length=376 User-Name = "boss" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300d01980000000c61603010086100000820080b21c3e1e4fae427fd09b23b8a18dcd5c9614f95436a1d360e40bc785390f5d907a33d3f5eb72077980d0db736c50e21a4a961e219572131ed6a54f0407d67d563a85e59db3c3bb0b8d9411e437b085d1661178f1ecfbb93606962637078cc486ad801dcef5ba373121299a4baa00c483875dbebdd6519f63c5ec4ab881c4acf61403010001011603010030654cbaf37740de04fdf9e6385b2d7d42ce0d8caf852004f92268eeac440afecfb85fb8a1516079f0ffa1d45494b77685 State = 0x76d7c4e6f67f926686a5dc4693c1d6e0 Message-Authenticator = 0x6421fcec1f1cc5125791a70319a1ea43 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "boss", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 3 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 115 to 10.123.42.11 port 3076 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010400411900140301000101160301003047fdad6e556880c11c7e70fb192ff4cd295124df3aa30eb15b26dcf4c48fc6f8aeac60091e893cd59405eb8d7209f9c1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc6dea48edc410ff186e20cb27acbf71b Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 112 with timestamp 480cdad4 Cleaning up request 1 ID 113 with timestamp 480cdad4 Cleaning up request 2 ID 114 with timestamp 480cdad4 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 115 with timestamp 480cdad5 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.123.42.11:3077, id=112, length=173 User-Name = "testuser" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000d017465737475736572 Message-Authenticator = 0x0ee36160aedc0ad3b60e2fb258039d06 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 0 length 13 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 112 to 10.123.42.11 port 3077 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x66994fc2e8159ac20377da485a287cf7 Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3077, id=113, length=291 User-Name = "testuser" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0201007719800000006d1603010068010000640301480cddb5cfdb7316f78553c8246acb97d94ce30a5f5c236ee8c43c093e36b965000018002f00350005000ac009c00ac013c0140032003800130004010000230000000d000b0000087465737475736572000a00080006001700180019000b00020100 State = 0x66994fc2e8159ac20377da485a287cf7 Message-Authenticator = 0x5b61c6c39482584ade5b59c279202057 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 1 length 119 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0068], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 064b], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 113 to 10.123.42.11 port 3077 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0102040a19c0000006a8160301004a020000460301480cddbc14e814e50421705d1ad4e4deb66d4e643b8a7b9a615c4e2bebe16d7d20e777e9bd16213d489da53ccf50db5598a9e7b10dba376e73c7b32dd6950ccea5002f00160301064b0b0006470006440002b6308202b23082021ba003020102020900e7477704fe0b606c300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06 EAP-Message = 0x092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135313033385a170d3039303432313135313033385a308192310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311e301c060355040313157378322e6c6162732e706f6c6172696f6e2e636f6d3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100c100256ce017aaf9e613e4b6a5 EAP-Message = 0x203ba1912f3d46d2dbda44e425dac84656ee6e44979674b2cdb0d429478baad086f313d3b05e2c6daec28dde064e896b3829dad39e6bd4e84fb4dc70ab11f399e49da302ec5b4bd7de4312f3ade2ce17be200c063c50e96620ed89dac441f472b39f1957b8cb1f47c5bb06885f8e52d94f02a50203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101050500038181008e366b4ecc308504d941c865e39a05ddcbaa2ca8072792ba9eb2959e6cffc75b300b10b52700dd4886e294a35951a7dae1168cb2c0d13976f14a56fd3e571f3c6911f5f4b791244ed6de22ebb3515a957ab95b54ac09efd7ae EAP-Message = 0x6bd956c9ea27c63ed372290be9ceff4d36bac037ee2936cd4b2b5065f50452c398b8e1d17ca15c00038830820384308202eda003020102020900e7477704fe0b606a300d06092a864886f70d0101050500308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d301e170d3038303432313135303434345a170d3039303432313135303434345a EAP-Message = 0x308189310b300906035504061302435a311730150603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb83123181e34c0fa312134305bc70299 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3077, id=114, length=178 User-Name = "testuser" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200061900 State = 0xb83123181e34c0fa312134305bc70299 Message-Authenticator = 0x4608a7974cf83a5f59f6c399014da1e4 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 114 to 10.123.42.11 port 3077 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010302ae1900550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100a235bf64e96b6f1cbb7664a541efa304adf30f47c8576eebd7038286b57d2d7f156f7a86d652d70432f1bd22fe29d68600329a04faa9499ace51a7bf608357a390ca1137d759c440ba2b58a45581243984f624158680f784b498ad57b45f671cf3a4e8da EAP-Message = 0xd1564f915ee767df13bb438be8017ae197b1cb664199b751c6691a7d0203010001a381f13081ee301d0603551d0e041604144ecee11fc70a7694d7af21e5a7819990370028e63081be0603551d230481b63081b380144ecee11fc70a7694d7af21e5a7819990370028e6a1818fa4818c308189310b300906035504061302435a311730150603550408130e437a6563682052657075626c6963311a3018060355040a1311506f6c6172696f6e20536f667477617265310b3009060355040b13024954311530130603550403130c446176696420486c6163696b3121301f06092a864886f70d010901161261646d696e40706f6c6172696f6e2e636f6d82 EAP-Message = 0x0900e7477704fe0b606a300c0603551d13040530030101ff300d06092a864886f70d0101050500038181008a0ac70a399e62294dd9a9a87c297d332e67ecc64ea0dabba66d2a30a0ac26b4c8e09bb9cbb199cdb731e5831bb5d9a5403c5172d261250df6cc9e5041c2e9317086ba14b1d8c6c13d8e0b40d9fec502456b1c48d1d290d25f5fb5849c9da082a706e33c8a7dddc9acc9f81bc53f42cd9cd93a8d31f5603d9761d98e6398c50d16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65 Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.123.42.11:3077, id=115, length=380 User-Name = "testuser" NAS-IP-Address = 10.123.42.11 NAS-Port = 0 Called-Station-Id = "001cf05a2b71" Calling-Station-Id = "001b77392d05" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300d01980000000c616030100861000008200800c1f193b9041cdc894a0f1bb1c57995434db29eb2862297f204aeb0d4ed003609151acd9436778b768a8305c933700db0d37d5dbb4395bf5893623e090dadaed698dad421606482836f5d565a39890993167869ebb8cf4e6cc155537902fb71ccf05fd09f4a358ccafa3ef4f78a961a3ba9708f57a311217f029e1684625d02b140301000101160301003031046c0e381188b46ab76ce8a006992bfbe11256341a662da412c547bcf729ac147cdb430311f54eddebe7d251521b05 State = 0xd87a137b0b4fc5a29f3b2fa93a6f4c65 Message-Authenticator = 0x18750c35a9a5b2233503c793958bce9b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 3 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry testuser at line 216 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 115 to 10.123.42.11 port 3077 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0104004119001403010001011603010030f4691b547edc205a2563214db973a4e1016e38aacb8a27be0b4f266c30452a14431912729a868324cc3447b83f29cd50 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5213d7e8f65f7bf4a42614296bb63a9b Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 112 with timestamp 480cddbc Cleaning up request 5 ID 113 with timestamp 480cddbc Cleaning up request 6 ID 114 with timestamp 480cddbc Cleaning up request 7 ID 115 with timestamp 480cddbc Nothing to do. Sleeping until we see a request.