So we've been using FreeRADIUS talking to ActiveDirectory to authenticate our WinXP clients (Over 2000) for over a year now. Along comes Vista. Of COURSE it doesn't work. Microsoft changed something, and it broke a working config. Arrg. I'm attaching 2 debug outputs. The first is my working XP client. The second is Vista My (amatuer) analyis, (Aka my gut) is that Vista is Doing something in TLS, not PEAP. (I don't see my mschap module fire). Any thoughts on how to fix this? <------START OF XP CLIENT ---------> [root@radius1 mking]# /usr/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 768000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:Us er-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "NULL" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem" tls: certificate_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.cer" tls: CA_file = "/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer" tls: private_key_password = "d0wnh1ll" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = yes peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Addre ss, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m% d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=35, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202000e014253435c6d6b696e67 Message-Authenticator = 0x18bad9509bea192f1f4d2e6cabe5fbc7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 35 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd27246a212e89aaebc5b72fb9b697b8 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=36, length=295 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0203007019800000006616030100610100005d03014523cca83a934082a3d7aaabd56a 7e60acbcb90646b0dde430726311381c2054201b953ad54d18bb269ea1630db140a3d975 e07b2d8a4884876ca5d83dc847ad57001600040005000a00090064006200030006001300 1200630100 State = 0xdd27246a212e89aaebc5b72fb9b697b8 Message-Authenticator = 0xe441f73fad7c493a0125ae2333e567d7 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 3 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 36 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010403991900160301004a0200004603014523cca87e13d41fd13157d3e656fd7ce400 8b40ad683913b06fe7f886f60ec620445b2c7dd1811d50b1da26e1adbcc22a4fbfcae186 d07b7a989590c3bfc1339b00040016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x22f42e8ec709eb9da8340b9a3a91e77b Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=37, length=375 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020400c01980000000b61603010086100000820080b00826875e5f5223a1a37a281d44 c8e05279730c295ebf4b0421b478f18a76b11d8ad58350d03dc0cf3dfe898eda4db0227c 8a0cb4881ea154676dc1bc2607516596648f5886eb623937b4508f41998b9f9c41d998b5 0919aecb6e286870c069f05f647ae250bc29baa90c549898ecb9adab7cfabb6ff066860a 15483bddb7ff14030100010116030100209f794546ee96366e4bec04efe5d699a99af715 d821757a86547a4960cac7ece4 State = 0x22f42e8ec709eb9da8340b9a3a91e77b Message-Authenticator = 0xbfc4493bee43c8b17c5fcb296074fa5e Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 37 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0105003119001403010001011603010020657f175ee851a17e47b8370a16c83f56e223 7231f9da8b2d742d13dcf5b60412 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe72afea6ae1b1106e28b50b5a234d821 Finished request 2 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=38, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020500061900 State = 0xe72afea6ae1b1106e28b50b5a234d821 Message-Authenticator = 0xa000f76900978cb8e0299c9785c1af4a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 38 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0106002019001703010015668895618d671026da3ce4284abadfb7ba0d622265 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x40842ac5d2185a145a6dded75c395891 Finished request 3 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=39, length=220 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020600251900170301001ab9b9562dab411f3e221fce21b27356b6a81cc3d8dc9f6d05 0af4 State = 0x40842ac5d2185a145a6dded75c395891 Message-Authenticator = 0x233111fbb57c67a85c4506cb651aa292 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 37 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - BSC\mking rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled identity of BSC\mking PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to BSC\mking Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 39 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0107003a1900170301002f53ddb355b62c8a974d27b55d413157c8bc784f6c6a2be021 ec7abf02d3c33cc13c1666dc2a69c2a41f938b9d46f9dd Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6170888e754102b293f0ea1424b17dc5 Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=40, length=274 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207005b1900170301005019ce70863e79cb5dbae09fb721189e4d4ea25b6cbbfdec38 b936130205e6ecb5b91676b602a75ca1d77501a78af60884b7e2f120ae314fbf13975043 85959959cf50df946bb0341b98e42b469f639d72 State = 0x6170888e754102b293f0ea1424b17dc5 Message-Authenticator = 0x71db7dc82070cf0a374c2f05c7588284 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 91 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to BSC\mking PEAP: Adding old state with 18 c2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 7 length 68 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group MS-CHAP for request 5 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for mking with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 36 radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --username=mking --challenge=4b7e7c1327afd20a --nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --username=mking --challenge=4b7e7c1327afd20a --nt-response=e8040c080b7aa291f9ef0cfc52c741ea00b916b84ca45703 Exec-Program output: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1 Exec-Program-Wait: plaintext: NT_KEY: 432E7C7653E43A57B7502B878B41AAD1 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok for request 5 modcall: leaving group MS-CHAP (returns ok) for request 5 MSCHAP Success modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 40 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0108004a1900170301003fa4cb48586e6559c4b9225d510d62d2daf87c17e6a18d50b7 2f94fcdbbf242f8939a41b04487f058d4cece2ebaf221df6ea6d78b4592e841e98ac1e75 b2b44d Message-Authenticator = 0x00000000000000000000000000000000 State = 0xbdb4287d4fcfed4285d67494311d9ec1 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=41, length=212 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208001d19001703010012c7f11eb2ab25ff1c379f33f2d3ab9c525429 State = 0xbdb4287d4fcfed4285d67494311d9ec1 Message-Authenticator = 0xc6730f2e83c68e118bd46a61da66edee Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 29 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to BSC\mking PEAP: Adding old state with 38 c5 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 6 modcall: leaving group authenticate (returns ok) for request 6 Login OK: [BSC\\mking] (from client localhost port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS Saving tunneled attributes for later modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 41 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010900261900170301001bcd47d72fba75f3a316d1f9e72d4695596bab33629c6e4be0 6afddb Message-Authenticator = 0x00000000000000000000000000000000 State = 0x566a370221ef6b6aaefb3168e88b9acf Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=42, length=221 User-Name = "BSC\\mking" Calling-Station-Id = "00-90-96-F4-2A-BB" Called-Station-Id = "00-0B-85-5B-55-A0:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900261900170301001be7382138771e3eaacab08a10eef0c5dc919259a0defd75e6 19fd7d State = 0x566a370221ef6b6aaefb3168e88b9acf Message-Authenticator = 0xecd5358b3160401c2dabaae043286b09 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 9 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Success Using saved attributes from the original Access-Accept rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns ok for request 7 modcall: leaving group authenticate (returns ok) for request 7 Login OK: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli 00-90-96-F4-2A-BB) Sending Access-Accept of id 42 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User User-Name = "BSC\\mking" MS-MPPE-Recv-Key = 0xc591ba3b08ad50131cfea98b977435acf2f1a67b8fa24bdc0f714f14a206dd4d MS-MPPE-Send-Key = 0x634a3e2ae5d2af29bb76b02f332a2ea216f4ee26a99beecf7d7de7e0d50fbbef EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 35 with timestamp 4523cca8 Cleaning up request 1 ID 36 with timestamp 4523cca8 Cleaning up request 2 ID 37 with timestamp 4523cca8 Cleaning up request 3 ID 38 with timestamp 4523cca8 Cleaning up request 4 ID 39 with timestamp 4523cca8 Cleaning up request 5 ID 40 with timestamp 4523cca8 Cleaning up request 6 ID 41 with timestamp 4523cca8 Cleaning up request 7 ID 42 with timestamp 4523cca8 Nothing to do. Sleeping until we see a request. <-------END OF XP CLIENT -----------> <-------Start of VISTA RC1----------> reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 768000 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radiusd" main: group = "radiusd" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = "(null)" mschap: ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name} --challenge=%{mschap:Challenge} --nt-response=%{mschap:NT-Response}" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "NULL" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.key.pem" tls: certificate_file = "/etc/raddb/certs/radius1.campus.bridgew.edu.cer" tls: CA_file = "/etc/raddb/certs/Equifax_Secure_Certificate_Authority.cer" tls: private_key_password = "d0wnh1ll" tls: dh_file = "/etc/raddb/certs/dh" tls: random_file = "/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = yes rlm_eap: Loaded and initialized type ttls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = yes peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 10.0.1.21:32769, id=19, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0206000e014253435c6d6b696e67 Message-Authenticator = 0x5335b5f1f1ea4714697ae8dab52086b6 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 6 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 19 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010700061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x685d4c4ca48a8233080cf58401d7f9f1 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=20, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207007819800000006e16030100690100006503014523c425e392cdb6ab121e80093b 9f9e81b904340ed9459e4a41a2e2c44f4131000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0x685d4c4ca48a8233080cf58401d7f9f1 Message-Authenticator = 0xf51ef72168597a5bb9c45304b987a595 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 7 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 20 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010803991900160301004a0200004603014523c42a153a389c33027a20676704673a54 28622b7c411ef7ef6d8f5f6744c820883f844c82333b95bbe6fb4eb98efeed7eed2c38c2 b3746ab33ba56acb4c5d69002f0016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x12327d378a2b18e3dd3ed523aa62dd08 Finished request 1 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=21, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020800d01980000000c61603010086100000820080a87da54999f079929063349f032a 8a5a70b5fe0a1808e34eaba4fff373fbe1cdda56af08f2f68aa10b5eb3690c4515f91660 b8320cd4d230e81b92515f4382569ada6bc8c077edff05fa72ef5fe36ad5025be16c510d 0d2c006f2423caa75d09b656c43edbdb1e035db2df2ef6367dc57c19605ecde7ac426ec8 10bc6179e61714030100010116030100303ae0192650047990238171481911ea4e9feddd 9623823978c81932b8991093f215abe8cc995678ca1cd047067014bfde State = 0x12327d378a2b18e3dd3ed523aa62dd08 Message-Authenticator = 0xe1f28c4f2db04be118f2f239a24d1a60 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 8 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 21 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x01090041190014030100010116030100309270ea6a0446f0123968db15e799d133de68 74d37fc4e465b2b158a0af023355f67c1bcfdfd3b55d4f41d9c315d2d4df Message-Authenticator = 0x00000000000000000000000000000000 State = 0x164cccd238c56b132a51201da9f606d2 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 19 with timestamp 4523c42a Cleaning up request 1 ID 20 with timestamp 4523c42a Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 21 with timestamp 4523c42c Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.21:32769, id=22, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0207000e014253435c6d6b696e67 Message-Authenticator = 0xa45c092bec3fa1f4a01ddd4a480353b2 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 7 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 22 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb7512e981ebfc531f0453b252179fb4a Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=23, length=303 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0208007819800000006e16030100690100006503014523c43a3bc16251e53783fce1a3 50bd27fc7b398f058ab700263b38fc84f224000018002f00350005000ac009c00ac013c0 140032003800130004010000240000000e000c0000096273635c6d6b696e67000a000800 06001700180019000b00020100 State = 0xb7512e981ebfc531f0453b252179fb4a Message-Authenticator = 0x4037dd061564388d985a7b15ecc94b3d Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 8 length 120 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0069], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0336], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 23 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010903991900160301004a0200004603014523c43eff68a98755cb6584a2b320e55922 67754654e2e6b77e03123132255f200e707d292a2df0d266a16ff167e9388a81e1e000e6 b47e75fc69d66565e0b3b9002f0016030103360b00033200032f00032c30820328308202 91a0030201020203048bde300d06092a864886f70d0101040500305a310b300906035504 0613025553311c301a060355040a1313457175696661782053656375726520496e632e31 2d302b06035504031324457175696661782053656375726520476c6f62616c2065427573 696e6573732043412d31301e170d3036303833313135343130365a170d30373039303131 3534 EAP-Message = 0x3130365a308197310b3009060355040613025553311630140603550408130d4d617373 616368757365747473311430120603550407130b42726964676577617465723122302006 0355040a1319427269646765776174657220537461746520436f6c6c6567653111300f06 0355040b130854656c65636f6d6d312330210603550403131a726164697573312e63616d 7075732e627269646765772e65647530819f300d06092a864886f70d010101050003818d 0030818902818100d7e9fd6781d424160dd8ce4b43b4ef908f2bed199ef2232e0c842c74 36e598eefb1656f6d213fdc1473187ca9be8d73c609d55a54e73fc1995be16068b52ff6d a8f1 EAP-Message = 0x918f639a1a6cb9f15213b324025e558284acb3af8bb42a32901eb615edac07fb0bc32d f63543c4734ad191564d900b8383bc2595d3a1ced2c7924348e89b0203010001a381bd30 81ba300e0603551d0f0101ff0404030204f0301d0603551d0e04160414ba0847bd1adc78 8777ab84aa8dba8d8dd35bd4e1303b0603551d1f043430323030a02ea02c862a68747470 3a2f2f63726c2e67656f74727573742e636f6d2f63726c732f676c6f62616c6361312e63 726c301f0603551d23041830168014bea8a07472506b44b7c923d8fba8ffb3576b686c30 1d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d 1301 EAP-Message = 0x01ff04023000300d06092a864886f70d01010405000381810023b5b7b280544b61651d 093978ea43bbefff18afc835dd9ee5d103716d11bd1202395001cb69e94a1fc0cdcb0a28 fddba47c36a846ec4e5a31ec76c324486832882a4d12904fdef2d5a515554b3a7231d64f d8c9ff010115a8d8bcad71b1d9d1781cbf506f5c15e4406c0199e2336e4425ab839199ad 70695ee86ba8969fc9dc16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x226dfc6025ceb41b405771a775872a0d Finished request 4 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=24, length=391 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020900d01980000000c61603010086100000820080788fe72ca8e92cf7aa5e1e9f6f4b a60be146ea01584bd65bde54340dfa90fc4103649b79a7af29527cd8e184a8ce2a5573d8 fe3a5d43ba54e2f595395c346262ca361c32cb98c372150af150fe43513e3796caddc08d 4d0dcad0f565a1c97077d49d493f68e838fa2253619e48eb520b29203b52b3a193576fce d8fbc9f6b202140301000101160301003059c9797e6fb369c06f076d0590caaa9cb8fdb1 6c4b0265ae88ea00b72cb1bf7fa5c24092b4b99fb81359264d323f895c State = 0x226dfc6025ceb41b405771a775872a0d Message-Authenticator = 0x4824add87ee247a89d31119669853a91 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 9 length 208 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 5 modcall: leaving group authorize (returns updated) for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 5 modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 24 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010a004119001403010001011603010030e17abef72a1ea429834c869af1cfdacc591d c30a1dcaf3191eb11fcec9903709f065ecbb06360629c2a5da0e6c960790 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5ee10f39ff5d320a1966aeecffc1aef0 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.21:32769, id=25, length=189 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-04-50:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.21 NAS-Identifier = "BUWISM2-1" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x020a00061900 State = 0x5ee10f39ff5d320a1966aeecffc1aef0 Message-Authenticator = 0xffd54fd01e3da0ecca0dc8c5e1ace252 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: leaving group authorize (returns updated) for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 6 modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 25 to 10.0.1.21 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010b0050190017030100205a5b803b9936c9d7bc7bc1084668793262e8d92d5e9ab457 15a83905f499096d1703010020e1587586b0b2b020e4db4fe2e8ddc9f358dd65c45b41dc 3a4cb34437dadbffb6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6c277512990ce2e77f1b6a6f7b139385 Finished request 6 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 22 with timestamp 4523c43e Cleaning up request 4 ID 23 with timestamp 4523c43e Cleaning up request 5 ID 24 with timestamp 4523c43e Cleaning up request 6 ID 25 with timestamp 4523c43e Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.1.12:32769, id=9, length=179 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0202000e014253435c6d6b696e67 Message-Authenticator = 0xaf30e5052f2b362edac7d70e0ddabc3b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 2 length 14 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 7 modcall: leaving group authorize (returns updated) for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: leaving group authenticate (returns handled) for request 7 Sending Access-Challenge of id 9 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x71a759e20d229ec649d03cb02a88c9bc Finished request 7 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=10, length=335 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0203009819800000008e16030100890100008503014523c445c234dcb17883e1aa617a 83e3ed34a8f7d49fab119022f6ca86585db4200e707d292a2df0d266a16ff167e9388a81 e1e000e6b47e75fc69d66565e0b3b90018002f00350005000ac009c00ac013c014003200 3800130004010000240000000e000c0000096273635c6d6b696e67000a00080006001700 180019000b00020100 State = 0x71a759e20d229ec649d03cb02a88c9bc Message-Authenticator = 0x5a506d41bed77e362ea926f83b6db987 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 3 length 152 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 8 modcall: leaving group authorize (returns updated) for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0089], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read finished A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 8 modcall: leaving group authenticate (returns handled) for request 8 Sending Access-Challenge of id 10 to 10.0.1.12 port 32769 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x010400901900160301004a0200004603014523c44a7fd79f4548d9e376cd1a840f6239 08f7197de10c620c61dd470dce50200e707d292a2df0d266a16ff167e9388a81e1e000e6 b47e75fc69d66565e0b3b9002f0014030100010116030100304a718eb2b0428f0e39c83f 6c57c2a7ef44bffa928150bea6b0ad7c357740929d572fc96e7436ba17e9606093fe9a17 94 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x72bf131469256926f84c3cee3835349d Finished request 8 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 7 ID 9 with timestamp 4523c446 Waking up in 4 seconds... rad_recv: Access-Request packet from host 10.0.1.12:32769, id=11, length=252 User-Name = "BSC\\mking" Calling-Station-Id = "00-13-02-1B-4F-01" Called-Station-Id = "00-0B-85-24-03-30:test" NAS-Port = 29 NAS-IP-Address = 10.0.1.12 NAS-Identifier = "BUWISM1-2" Airespace-Wlan-Id = 7 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "4000" EAP-Message = 0x0204004519800000003b14030100010116030100308888f68e6cf6de9c3653fdf6eed3 f2f0f341a6353fb6afb9fd6561fb1229bb07e79157e621d848fd988869da8bb98d41 State = 0x72bf131469256926f84c3cee3835349d Message-Authenticator = 0x1b607d95cc089995e6f435db18f0b317 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "BSC\mking", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 4 length 69 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 9 modcall: leaving group authorize (returns updated) for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED rlm_eap: Freeing handler modcall[authenticate]: module "eap" returns reject for request 9 modcall: leaving group authenticate (returns reject) for request 9 auth: Failed to validate the user. Login incorrect: [BSC\\mking] (from client BUWiSM-1-2 port 29 cli 00-13-02-1B-4F-01) Delaying request 9 for 1 seconds Finished request 9 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 8 ID 10 with timestamp 4523c44a Sending Access-Reject of id 11 to 10.0.1.12 port 32769 EAP-Message = 0x04040004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 9 ID 11 with timestamp 4523c44e Nothing to do. Sleeping until we see a request. <---END OF VISTA RC1 --->