Hello to all, Here is my dillema: rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select as you can see the tlv failure during peap handshake. I have seen the previous post and I have heeded their warning of making sure the mschap module is configured, but when I have configured these settings I have no luck. I am attaching my eap.conf and radius.conf files as well as the below output for radius -X. ************************************************** Wed Jul 26 06:38:27 2006 : Info: Starting - reading configuration files ... Wed Jul 26 06:38:27 2006 : Debug: reread_config: reading radiusd.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/proxy.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/clients.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/snmp.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/eap.conf Wed Jul 26 06:38:27 2006 : Debug: Config: including file: /usr/local/etc/raddb/sql.conf Wed Jul 26 06:38:27 2006 : Debug: main: prefix = "/usr/local" Wed Jul 26 06:38:27 2006 : Debug: main: localstatedir = "/usr/local/var" Wed Jul 26 06:38:27 2006 : Debug: main: logdir = "/usr/local/var/log/radius" Wed Jul 26 06:38:27 2006 : Debug: main: libdir = "/usr/local/lib" Wed Jul 26 06:38:27 2006 : Debug: main: radacctdir = "/usr/local/var/log/radius/radacct" Wed Jul 26 06:38:27 2006 : Debug: main: hostname_lookups = no Wed Jul 26 06:38:27 2006 : Debug: main: max_request_time = 30 Wed Jul 26 06:38:27 2006 : Debug: main: cleanup_delay = 5 Wed Jul 26 06:38:27 2006 : Debug: main: max_requests = 1024 Wed Jul 26 06:38:27 2006 : Debug: main: delete_blocked_requests = 0 Wed Jul 26 06:38:27 2006 : Debug: main: port = 0 Wed Jul 26 06:38:27 2006 : Debug: main: allow_core_dumps = no Wed Jul 26 06:38:27 2006 : Debug: main: log_stripped_names = no Wed Jul 26 06:38:27 2006 : Debug: main: log_file = "/usr/local/var/log/radius/radius.log" Wed Jul 26 06:38:27 2006 : Debug: main: log_auth = no Wed Jul 26 06:38:27 2006 : Debug: main: log_auth_badpass = no Wed Jul 26 06:38:27 2006 : Debug: main: log_auth_goodpass = no Wed Jul 26 06:38:27 2006 : Debug: main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" Wed Jul 26 06:38:27 2006 : Debug: main: user = "(null)" Wed Jul 26 06:38:27 2006 : Debug: main: group = "(null)" Wed Jul 26 06:38:27 2006 : Debug: main: usercollide = no Wed Jul 26 06:38:27 2006 : Debug: main: lower_user = "no" Wed Jul 26 06:38:27 2006 : Debug: main: lower_pass = "no" Wed Jul 26 06:38:27 2006 : Debug: main: nospace_user = "no" Wed Jul 26 06:38:27 2006 : Debug: main: nospace_pass = "no" Wed Jul 26 06:38:27 2006 : Debug: main: checkrad = "/usr/local/sbin/checkrad" Wed Jul 26 06:38:27 2006 : Debug: main: proxy_requests = yes Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_delay = 5 Wed Jul 26 06:38:27 2006 : Debug: proxy: retry_count = 3 Wed Jul 26 06:38:27 2006 : Debug: proxy: synchronous = no Wed Jul 26 06:38:27 2006 : Debug: proxy: default_fallback = yes Wed Jul 26 06:38:27 2006 : Debug: proxy: dead_time = 120 Wed Jul 26 06:38:27 2006 : Debug: proxy: post_proxy_authorize = no Wed Jul 26 06:38:27 2006 : Debug: proxy: wake_all_if_all_dead = no Wed Jul 26 06:38:27 2006 : Debug: security: max_attributes = 200 Wed Jul 26 06:38:27 2006 : Debug: security: reject_delay = 1 Wed Jul 26 06:38:27 2006 : Debug: security: status_server = no Wed Jul 26 06:38:27 2006 : Debug: main: debug_level = 0 Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading dictionary Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading naslist Wed Jul 26 06:38:27 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading clients Wed Jul 26 06:38:27 2006 : Debug: read_config_files: reading realms Wed Jul 26 06:38:27 2006 : Debug: radiusd: entering modules setup Wed Jul 26 06:38:27 2006 : Debug: Module: Library search path is /usr/local/lib Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded exec Wed Jul 26 06:38:27 2006 : Debug: exec: wait = yes Wed Jul 26 06:38:27 2006 : Debug: exec: program = "(null)" Wed Jul 26 06:38:27 2006 : Debug: exec: input_pairs = "request" Wed Jul 26 06:38:27 2006 : Debug: exec: output_pairs = "(null)" Wed Jul 26 06:38:27 2006 : Debug: exec: packet_type = "(null)" Wed Jul 26 06:38:27 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated exec (exec) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded expr Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated expr (expr) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded PAP Wed Jul 26 06:38:27 2006 : Debug: pap: encryption_scheme = "crypt" Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated pap (pap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded CHAP Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated chap (chap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded MS-CHAP Wed Jul 26 06:38:27 2006 : Debug: mschap: use_mppe = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: require_encryption = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: require_strong = yes Wed Jul 26 06:38:27 2006 : Debug: mschap: with_ntdomain_hack = no Wed Jul 26 06:38:27 2006 : Debug: mschap: passwd = "(null)" Wed Jul 26 06:38:27 2006 : Debug: mschap: ntlm_auth = "(null)" Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated mschap (mschap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded System Wed Jul 26 06:38:27 2006 : Debug: unix: cache = no Wed Jul 26 06:38:27 2006 : Debug: unix: passwd = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: shadow = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: group = "(null)" Wed Jul 26 06:38:27 2006 : Debug: unix: radwtmp = "/usr/local/var/log/radius/radwtmp" Wed Jul 26 06:38:27 2006 : Debug: unix: usegroup = no Wed Jul 26 06:38:27 2006 : Debug: unix: cache_reload = 600 Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated unix (unix) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded LDAP Wed Jul 26 06:38:27 2006 : Debug: ldap: server = "56.207.1.134" Wed Jul 26 06:38:27 2006 : Debug: ldap: port = 389 Wed Jul 26 06:38:27 2006 : Debug: ldap: net_timeout = 1 Wed Jul 26 06:38:27 2006 : Debug: ldap: timeout = 4 Wed Jul 26 06:38:27 2006 : Debug: ldap: timelimit = 3 Wed Jul 26 06:38:27 2006 : Debug: ldap: identity = "CN=SVTest45,OU=Users,OU=Surface Visibility POC,OU=Server Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_mode = no Wed Jul 26 06:38:27 2006 : Debug: ldap: start_tls = no Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_cacertdir = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_certfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_keyfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_randfile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: tls_require_cert = "allow" Wed Jul 26 06:38:27 2006 : Debug: ldap: password = "Ytilibis6" Wed Jul 26 06:38:27 2006 : Debug: ldap: basedn = "OU=Users,OU=Surface Visibility POC,OU=Server Accounts,DC=devsub,DC=dev,DC=dce,DC=usps,DC=gov" Wed Jul 26 06:38:27 2006 : Debug: ldap: filter = "(&(sAMAccountName=%{user-name}))" Wed Jul 26 06:38:27 2006 : Debug: ldap: base_filter = "(objectclass=radiusprofile)" Wed Jul 26 06:38:27 2006 : Debug: ldap: default_profile = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: profile_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: password_header = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: password_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr = "dialupAccess" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupname_attribute = "cn" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" Wed Jul 26 06:38:27 2006 : Debug: ldap: groupmembership_attribute = "(null)" Wed Jul 26 06:38:27 2006 : Debug: ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap" Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_debug = 0 Wed Jul 26 06:38:27 2006 : Debug: ldap: ldap_connections_number = 5 Wed Jul 26 06:38:27 2006 : Debug: ldap: compare_check_items = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: access_attr_used_for_allow = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: do_xlat = yes Wed Jul 26 06:38:27 2006 : Debug: ldap: set_auth_type = yes Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: Registering ldap_groupcmp for Ldap-Group Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: Registering ldap_xlat with xlat_name ldap Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusClass mapped to RADIUS Class Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port Wed Jul 26 06:38:27 2006 : Debug: rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message Wed Jul 26 06:38:27 2006 : Debug: conns: 0x8139828 Wed Jul 26 06:38:27 2006 : Debug: Module: Instantiated ldap (ldap) Wed Jul 26 06:38:27 2006 : Debug: Module: Loaded eap Wed Jul 26 06:38:27 2006 : Debug: eap: default_eap_type = "peap" Wed Jul 26 06:38:27 2006 : Debug: eap: timer_expire = 60 Wed Jul 26 06:38:27 2006 : Debug: eap: ignore_unknown_eap_types = no Wed Jul 26 06:38:27 2006 : Debug: eap: cisco_accounting_username_bug = no Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type md5 Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type leap Wed Jul 26 06:38:27 2006 : Debug: gtc: challenge = "Password: " Wed Jul 26 06:38:27 2006 : Debug: gtc: auth_type = "PAP" Wed Jul 26 06:38:27 2006 : Debug: rlm_eap: Loaded and initialized type gtc Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_exchange = no Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_exchange = yes Wed Jul 26 06:38:27 2006 : Debug: tls: rsa_key_length = 512 Wed Jul 26 06:38:27 2006 : Debug: tls: dh_key_length = 512 Wed Jul 26 06:38:27 2006 : Debug: tls: verify_depth = 0 Wed Jul 26 06:38:27 2006 : Debug: tls: CA_path = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: pem_file_type = yes Wed Jul 26 06:38:27 2006 : Debug: tls: private_key_file = "/usr/local/etc/raddb/certs/server_keycert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: certificate_file = "/usr/local/etc/raddb/certs/server_keycert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: CA_file = "/usr/local/etc/raddb/certs/cacert.pem" Wed Jul 26 06:38:27 2006 : Debug: tls: private_key_password = "" Wed Jul 26 06:38:27 2006 : Debug: tls: dh_file = "/usr/local/etc/raddb/certs/dh" Wed Jul 26 06:38:27 2006 : Debug: tls: random_file = "/usr/local/etc/raddb/certs/random" Wed Jul 26 06:38:27 2006 : Debug: tls: fragment_size = 1024 Wed Jul 26 06:38:27 2006 : Debug: tls: include_length = yes Wed Jul 26 06:38:27 2006 : Debug: tls: check_crl = no Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_cn = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: cipher_list = "(null)" Wed Jul 26 06:38:27 2006 : Debug: tls: check_cert_issuer = "(null)" Wed Jul 26 06:38:27 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type tls Wed Jul 26 06:38:28 2006 : Debug: peap: default_eap_type = "mschapv2" Wed Jul 26 06:38:28 2006 : Debug: peap: copy_request_to_tunnel = yes Wed Jul 26 06:38:28 2006 : Debug: peap: use_tunneled_reply = yes Wed Jul 26 06:38:28 2006 : Debug: peap: proxy_tunneled_request_as_eap = yes Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type peap Wed Jul 26 06:38:28 2006 : Debug: mschapv2: with_ntdomain_hack = no Wed Jul 26 06:38:28 2006 : Debug: rlm_eap: Loaded and initialized type mschapv2 Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated eap (eap) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded preprocess Wed Jul 26 06:38:28 2006 : Debug: preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" Wed Jul 26 06:38:28 2006 : Debug: preprocess: hints = "/usr/local/etc/raddb/hints" Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_ascend_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: ascend_channels_per_line = 23 Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_ntdomain_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_specialix_jetstream_hack = no Wed Jul 26 06:38:28 2006 : Debug: preprocess: with_cisco_vsa_hack = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated preprocess (preprocess) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded realm Wed Jul 26 06:38:28 2006 : Debug: realm: format = "suffix" Wed Jul 26 06:38:28 2006 : Debug: realm: delimiter = "@" Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_default = no Wed Jul 26 06:38:28 2006 : Debug: realm: ignore_null = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated realm (suffix) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded files Wed Jul 26 06:38:28 2006 : Debug: files: usersfile = "/usr/local/etc/raddb/users" Wed Jul 26 06:38:28 2006 : Debug: files: acctusersfile = "/usr/local/etc/raddb/acct_users" Wed Jul 26 06:38:28 2006 : Debug: files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" Wed Jul 26 06:38:28 2006 : Debug: files: compat = "no" Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated files (files) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded Acct-Unique-Session-Id Wed Jul 26 06:38:28 2006 : Debug: acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated acct_unique (acct_unique) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded detail Wed Jul 26 06:38:28 2006 : Debug: detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" Wed Jul 26 06:38:28 2006 : Debug: detail: detailperm = 384 Wed Jul 26 06:38:28 2006 : Debug: detail: dirperm = 493 Wed Jul 26 06:38:28 2006 : Debug: detail: locking = no Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated detail (detail) Wed Jul 26 06:38:28 2006 : Debug: Module: Loaded radutmp Wed Jul 26 06:38:28 2006 : Debug: radutmp: filename = "/usr/local/var/log/radius/radutmp" Wed Jul 26 06:38:28 2006 : Debug: radutmp: username = "%{User-Name}" Wed Jul 26 06:38:28 2006 : Debug: radutmp: case_sensitive = yes Wed Jul 26 06:38:28 2006 : Debug: radutmp: check_with_nas = yes Wed Jul 26 06:38:28 2006 : Debug: radutmp: perm = 384 Wed Jul 26 06:38:28 2006 : Debug: radutmp: callerid = yes Wed Jul 26 06:38:28 2006 : Debug: Module: Instantiated radutmp (radutmp) Wed Jul 26 06:38:28 2006 : Debug: Listening on authentication *:1812 Wed Jul 26 06:38:28 2006 : Debug: Listening on accounting *:1813 Wed Jul 26 06:38:28 2006 : Info: Ready to process requests. rad_recv: Access-Request packet from host 170.248.233.102:21645, id=96, length=142 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x9f1c51bffb5629597ad2b909fd38c9b4 EAP-Message = 0x0203000d017376746573743231 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 3 length 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 0 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP Identity Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type tls Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Initiate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Start returned 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 0 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 96 to 170.248.233.102 port 21645 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x29ca0021777c690970b4a5471a00217b Wed Jul 26 06:38:57 2006 : Debug: Finished request 0 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=97, length=253 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x88d642315545479df646345555800e93 EAP-Message = 0x0204006a198000000060160301005b0100005703011c65d617c07403a366a2f3b6de705e884da5fd14fbdb9cf0d0df33bfc72f8eca20a34c239b5b06e80ed486fd8dadac40a1485d19d957e58d20b52c8859b8180b71001000040005000a000900640062000300060100 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x29ca0021777c690970b4a5471a00217b NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 4 length 106 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 1 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length Included Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 11 Wed Jul 26 06:38:57 2006 : Debug: (other): before/accept initialization Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: before/accept initialization Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 005b], ClientHello Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read client hello A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write server hello A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 04b3], Certificate Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write certificate A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write server done A Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 flush data Wed Jul 26 06:38:57 2006 : Error: TLS_accept:error in SSLv3 read client certificate A Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Wed Jul 26 06:38:57 2006 : Debug: In SSL Handshake Phase Wed Jul 26 06:38:57 2006 : Debug: In SSL Accept mode Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 1 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 97 to 170.248.233.102 port 21645 EAP-Message = 0x0105040a19c000000510160301004a02000046030144c75451b02d92afcc20f4bfec1431803916822f1e67ae67bb168cd36ae3781420ff042ce2de3d04fef6469395e00f0b4645de855ae3345e0dca33873b5e1da24000040016030104b30b0004af0004ac000216308202123082017ba003020102020101300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313630335a170d3037303732353230313630335a304c310b3009060355040613025553310b30090603550408130244 EAP-Message = 0x43311d301b060355040a1314535631412061746c20656e7669726f6e6d656e743111300f06035504031308737631612e61746c30819f300d06092a864886f70d010101050003818d0030818902818100d026b1347e5fca59da1a427f07370f05445287b8f01a6d12f4577cb529b4dffe3dae2daeabfd2df7312eb97bc10cf73404c337e26bf70b9b13927c9862bcad706325f743685725808b823dc84967582da67ce2bec405ea60a35bdada7926c4a0b2fe3f9a0e1ffa0a56426199381aaf4e15a39b951aab58d368a579563018678b0203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500 EAP-Message = 0x03818100d6ce9ff21b40746b76f18af5a0e80bc090171bee7d777371035b02f7b2b8ef1fab3da34c0021e5f8b414c7b5e55ba7c8780d6c7dfdca776da44cd927bd6616fdeade53adcf5b7716f2ed067184489262c99b26b699d901c241db457aad494f780e33787f63f3d95757f5a15b8c16ccbd09ec653e24c82e8fec0ce602a0be019f0002903082028c308201f5a003020102020900c9abfb98ff97b24c300d06092a864886f70d01010405003039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74301e170d3036303732353230313233395a170d30 EAP-Message = 0x37303732353230313233395a3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e7430819f300d06092a864886f70d010101050003818d0030818902818100d8cdddeec55c7306f917a047380659df940a0b96f3f2f576c91b6b6d7747eb0bc2d1bef222dfaa423a8c18f202e92ccef8f6d72b3526432cd4aee488d7d8c9b431f73429468b22cccf63aceb530f4e3b5262a35e5e22e51046594d6c91aca5f056982de1acc5a26480c4eac144cb4be74185df3ce999d574a30f28acfd1f9d750203010001a3819b308198301d0603551d0e04160414682319 EAP-Message = 0x51745c11e5fd6f7155d54baba5f067ea053069060355 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x498b302c3c413c59d2b3adf67bbc1530 Wed Jul 26 06:38:57 2006 : Debug: Finished request 1 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=98, length=153 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x8fdcb1d1de429fbc882c9013f501fdcd EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x498b302c3c413c59d2b3adf67bbc1530 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 5 length 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 2 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 2 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack handshake fragment handler Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 1 Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 2 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 98 to 170.248.233.102 port 21645 EAP-Message = 0x0106011619001d2304623060801468231951745c11e5fd6f7155d54baba5f067ea05a13da43b3039310b3009060355040613025553310b3009060355040813024443311d301b060355040a1314535631412061746c20656e7669726f6e6d656e74820900c9abfb98ff97b24c300c0603551d13040530030101ff300d06092a864886f70d0101040500038181008a788b3b91705246ab003c122a42a3fb149874df853c1f93a2795fdc5b1aa5cddecd2186ffe71fcb52fb5d743ead84a7e048e208c7ad094c9fa2399316be0f28eb493779a06158dc9ac392d222e1aed63a5dd8e777ff732889080dd2fe018edd6125d4c3305aa7684b64676530258eb4 EAP-Message = 0xb7281afd5b9d99013d400bf868323f7716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2d8cf9192d110361c694d24de7cdbdcb Wed Jul 26 06:38:57 2006 : Debug: Finished request 2 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=99, length=339 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x577ebfac24aca5a457822e75d9c31c9a EAP-Message = 0x020600c01980000000b616030100861000008200802bce54d10c0c817b71cdbd91c896ebad0cdc051937e0da1262ac04109f34cb9a96cccf31d124ebfaf28f76a8fc1439f6d99c32df59ea9978238a8b772bd8911804ee7ec9395d0113cf158f355433885581aa136a7f4f93ddf11cd77e91e45da81f9892c5f9c71b955604d3f9692d2747b674d08f488486c16835b67dd1a483cb14030100010116030100207feb620c9d4e1bd873ba0e6a5ee8e501066967ac10d6e7d0696263466cf12ab4 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x2d8cf9192d110361c694d24de7cdbdcb NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 6 length 192 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 3 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 3 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Length Included Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 11 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read client key exchange A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 read finished A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write change cipher spec A Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 write finished A Wed Jul 26 06:38:57 2006 : Debug: TLS_accept: SSLv3 flush data Wed Jul 26 06:38:57 2006 : Debug: (other): SSL negotiation finished successfully Wed Jul 26 06:38:57 2006 : Error: rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) Wed Jul 26 06:38:57 2006 : Debug: SSL Connection Established Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_HANDLED Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 3 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 99 to 170.248.233.102 port 21645 EAP-Message = 0x0107003119001403010001011603010020d8095d07b6faed0612c8cc397d7585f0435501e4a1d7e201ff89e8f9cbf87a46 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x33722640f43f50eda977125b0e4f529e Wed Jul 26 06:38:57 2006 : Debug: Finished request 3 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=100, length=153 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0xdedb196149d987712093702f74fd8fc4 EAP-Message = 0x020700061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x33722640f43f50eda977125b0e4f529e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 7 length 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 4 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 4 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Received EAP-TLS ACK message Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: ack handshake is finished Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 3 Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 3 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_SUCCESS Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 4 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 100 to 170.248.233.102 port 21645 EAP-Message = 0x010800201900170301001584f67b6b13ffeffe18862f7659b9a66c4a8e4b996a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdd383d12bf43f94234041e3c55ca3ad2 Wed Jul 26 06:38:57 2006 : Debug: Finished request 4 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=101, length=183 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x6f47dd19e1bd452975489d9ec5395fb9 EAP-Message = 0x02080024190017030100195e17a3dd5ae16018a9127bd42ab172908103052ca1cb861bd6 NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0xdd383d12bf43f94234041e3c55ca3ad2 NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 8 length 36 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Identity - svtest21 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled identity of svtest21 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting default EAP type for tunneled EAP session. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting User-Name to svtest21 Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 8 length 13 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 5 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP Identity Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type mschapv2 Wed Jul 26 06:38:57 2006 : Info: rlm_eap_mschapv2: Issuing Challenge Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Got tunneled Access-Challenge Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 5 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 5 Sending Access-Challenge of id 101 to 170.248.233.102 port 21645 EAP-Message = 0x010900391900170301002e31ec119dd45b49159e2e527731844ab3c0e71c00ac7fe0b3dbd8013265ccbd9c45669b8a7f8f93b2abe77640bce3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x04f10b8ab1550375bf94e3b173867c1e Wed Jul 26 06:38:57 2006 : Debug: Finished request 5 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=102, length=237 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x6cddd56e038eeeeb62b8d2b97207575d EAP-Message = 0x0209005a1900170301004f7ebe8c95ba80a65659e251d4be48f417110e8259b3bd8da9941229cd56c49dc70cec66fe0744d7386212187e0fa66b5324340dbb71fcde3c038d9440eb2b9c732c9aea2ef4a4d94639d6d05eab8d9b NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x04f10b8ab1550375bf94e3b173867c1e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 9 length 90 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAP type mschapv2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Setting User-Name to svtest21 Wed Jul 26 06:38:57 2006 : Debug: PEAP: Adding old state with 1a 55 Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 9 length 67 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/mschapv2 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type mschapv2 Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group MS-CHAP for request 6 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create LM-Password. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: No User-Password configured. Cannot create NT-Password. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: Told to do MS-CHAPv2 for svtest21 with NT-Password Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. Wed Jul 26 06:38:57 2006 : Debug: rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from mschap (rlm_mschap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "mschap" returns reject for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group MS-CHAP (returns reject) for request 6 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Freeing handler Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns reject for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns reject) for request 6 Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to validate the user. Wed Jul 26 06:38:57 2006 : Debug: PEAP: Tunneled authentication was rejected. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: FAILURE Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns handled for request 6 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns handled) for request 6 Sending Access-Challenge of id 102 to 170.248.233.102 port 21645 EAP-Message = 0x010a00261900170301001b233d655aa5fa5426d55aef5a34e07a87d731e1bbe2f875598be5af Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5dc9719865b138594344825c77fe148e Wed Jul 26 06:38:57 2006 : Debug: Finished request 6 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=103, length=185 User-Name = "svtest21" Framed-MTU = 1400 Called-Station-Id = "0014.f213.f740" Calling-Station-Id = "0002.7848.9017" Service-Type = Login-User Message-Authenticator = 0x57ad285f9dcb4ce9f76d13fc72ae4152 EAP-Message = 0x020a00261900170301001b0c3225d3742832f0f869716ddf76a1852229df75c229af8417b16a NAS-Port-Type = Wireless-802.11 NAS-Port = 549 State = 0x5dc9719865b138594344825c77fe148e NAS-IP-Address = 170.248.233.102 NAS-Identifier = "SV1ATESTENVIRON" Wed Jul 26 06:38:57 2006 : Debug: Processing the authorize section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authorize for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "preprocess" returns ok for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "chap" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "mschap" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No '@' in User-Name = "svtest21", looking up realm NULL Wed Jul 26 06:38:57 2006 : Debug: rlm_realm: No such realm "NULL" Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "suffix" returns noop for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP packet type response id 10 length 38 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "eap" returns updated for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: calling files (rlm_files) for request 7 Wed Jul 26 06:38:57 2006 : Debug: users: Matched entry DEFAULT at line 215 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authorize]: module "files" returns ok for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authorize (returns updated) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rad_check_password: Found Auth-Type EAP Wed Jul 26 06:38:57 2006 : Debug: auth: type "EAP" Wed Jul 26 06:38:57 2006 : Debug: Processing the authenticate section of radiusd.conf Wed Jul 26 06:38:57 2006 : Debug: modcall: entering group authenticate for request 7 Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: calling eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Request found, released from the list Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: processing type peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Authenticate Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: processing TLS Wed Jul 26 06:38:57 2006 : Debug: eaptls_verify returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_tls: Done initial handshake Wed Jul 26 06:38:57 2006 : Debug: eaptls_process returned 7 Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: EAPTLS_OK Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Session established. Decoding tunneled attributes. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Received EAP-TLV response. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Tunneled data is valid. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap_peap: Had sent TLV failure. User was rejcted rejected earlier in this session. Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Handler failed in EAP/peap Wed Jul 26 06:38:57 2006 : Debug: rlm_eap: Failed in EAP select Wed Jul 26 06:38:57 2006 : Debug: modsingle[authenticate]: returned from eap (rlm_eap) for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall[authenticate]: module "eap" returns invalid for request 7 Wed Jul 26 06:38:57 2006 : Debug: modcall: leaving group authenticate (returns invalid) for request 7 Wed Jul 26 06:38:57 2006 : Debug: auth: Failed to validate the user. Wed Jul 26 06:38:57 2006 : Debug: Delaying request 7 for 1 seconds Wed Jul 26 06:38:57 2006 : Debug: Finished request 7 Wed Jul 26 06:38:57 2006 : Debug: Going to the next request Wed Jul 26 06:38:57 2006 : Debug: Waking up in 6 seconds... rad_recv: Access-Request packet from host 170.248.233.102:21645, id=103, length=185 Sending Access-Reject of id 103 to 170.248.233.102 port 21645 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Wed Jul 26 06:39:02 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:39:02 2006 : Debug: Waking up in 1 seconds... Wed Jul 26 06:39:03 2006 : Debug: --- Walking the entire request list --- Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 0 ID 96 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 1 ID 97 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 2 ID 98 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 3 ID 99 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 4 ID 100 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 5 ID 101 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 6 ID 102 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Cleaning up request 7 ID 103 with timestamp 44c75451 Wed Jul 26 06:39:03 2006 : Debug: Nothing to do. Sleeping until we see a request. ****************************************************** eap.conf ****************************************************** # -*- text -*- # # Whatever you do, do NOT set 'Auth-Type := EAP'. The server # is smart enough to figure this out on its own. The most # common side effect of setting 'Auth-Type := EAP' is that the # users then cannot use ANY other authentication method. # # $Id: eap.conf,v 1.4.4.3 2006/04/28 18:25:03 aland Exp $ # eap { # Invoke the default supported EAP type when # EAP-Identity response is received. # # The incoming EAP messages DO NOT specify which EAP # type they will be using, so it MUST be set here. # # For now, only one default EAP type may be used at a time. # # If the EAP-Type attribute is set by another module, # then that EAP type takes precedence over the # default type configured here. # default_eap_type = peap # A list is maintained to correlate EAP-Response # packets with EAP-Request packets. After a # configurable length of time, entries in the list # expire, and are deleted. # timer_expire = 60 # There are many EAP types, but the server has support # for only a limited subset. If the server receives # a request for an EAP type it does not support, then # it normally rejects the request. By setting this # configuration to "yes", you can tell the server to # instead keep processing the request. Another module # MUST then be configured to proxy the request to # another RADIUS server which supports that EAP type. # # If another module is NOT configured to handle the # request, then the request will still end up being # rejected. ignore_unknown_eap_types = no # Cisco AP1230B firmware 12.2(13)JA1 has a bug. When given # a User-Name attribute in an Access-Accept, it copies one # more byte than it should. # # We can work around it by configurably adding an extra # zero byte. cisco_accounting_username_bug = no # Supported EAP-types # # We do NOT recommend using EAP-MD5 authentication # for wireless connections. It is insecure, and does # not provide for dynamic WEP keys. # md5 { } # Cisco LEAP # # We do not recommend using LEAP in new deployments. See: # http://www.securiteam.com/tools/5TP012ACKE.html # # Cisco LEAP uses the MS-CHAP algorithm (but not # the MS-CHAP attributes) to perform it's authentication. # # As a result, LEAP *requires* access to the plain-text # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # leap { } # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, # or EAP-PEAP. The module "challenges" the user with # text, and the response from the user is taken to be # the User-Password. # # Proxying the tunneled EAP-GTC session is a bad idea, # the users password will go over the wire in plain-text, # for anyone to see. # gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " # The plain-text response which comes back # is put into a User-Password attribute, # and passed to another module for # authentication. This allows the EAP-GTC # response to be checked against plain-text, # or crypt'd passwords. # # If you say "Local" instead of "PAP", then # the module will look for a User-Password # configured for the request, and do the # authentication itself. # auth_type = PAP } ## EAP-TLS # # To generate ctest certificates, run the script # # ../scripts/certs.sh # # The documents on http://www.freeradius.org/doc # are old, but may be helpful. # # See also: # # http://www.dslreports.com/forum/remark,9286052~mode=flat # tls { private_key_password = private_key_file = ${raddbdir}/certs/server_keycert.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. certificate_file = ${raddbdir}/certs/server_keycert.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random # # This can never exceed the size of a RADIUS # packet (4096 bytes), and is preferably half # that, to accomodate other attributes in # RADIUS packet. On most APs the MAX packet # length is configured between 1500 - 1600 # In these cases, fragment size should be # 1024 or less. # fragment_size = 1024 # include_length is a flag which is # by default set to yes If set to # yes, Total Length of the message is # included in EVERY packet we send. # If set to no, Total Length of the # message is included ONLY in the # First packet of a fragment series. # include_length = yes # Check the Certificate Revocation List # # 1) Copy CA certificates and CRLs to same directory. # 2) Execute 'c_rehash <CA certs&CRLs Directory>'. # 'c_rehash' is OpenSSL's command. # 3) Add 'CA_path=<CA certs&CRLs directory>' # to radiusd.conf's tls section. # 4) uncomment the line below. # 5) Restart radiusd # check_crl = yes # # If check_cert_issuer is set, the value will # be checked against the DN of the issuer in # the client certificate. If the values do not # match, the cerficate verification will fail, # rejecting the user. # # check_cert_issuer = "/C=GB/ST=Berkshire/L=Newbury/O=My Company Ltd" # # If check_cert_cn is set, the value will # be xlat'ed and checked against the CN # in the client certificate. If the values # do not match, the certificate verification # will fail rejecting the user. # # This check is done only if the previous # "check_cert_issuer" is not set, or if # the check succeeds. # # check_cert_cn = %{User-Name} # # Set this option to specify the allowed # TLS cipher suites. The format is listed # in "man 1 ciphers". # cipher_list = "DEFAULT" } # The TTLS module implements the EAP-TTLS protocol, # which can be described as EAP inside of Diameter, # inside of TLS, inside of EAP, inside of RADIUS... # # Surprisingly, it works quite well. # # The TTLS module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-TTLS does not # require a client certificate. # #ttls { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # TTLS tunnel, we recommend using EAP-MD5. # If the request does not contain an EAP # conversation, then this configuration entry # is ignored. # default_eap_type = md5 # The tunneled authentication request does # not usually contain useful attributes # like 'Calling-Station-Id', etc. These # attributes are outside of the tunnel, # and normally unavailable to the tunneled # authentication request. # # By setting this configuration entry to # 'yes', any attribute which NOT in the # tunneled authentication request, but # which IS available outside of the tunnel, # is copied to the tunneled request. # # allowed values: {no, yes} # copy_request_to_tunnel = no # The reply attributes sent to the NAS are # usually based on the name of the user # 'outside' of the tunnel (usually # 'anonymous'). If you want to send the # reply attributes based on the user name # inside of the tunnel, then set this # configuration entry to 'yes', and the reply # to the NAS will be taken from the reply to # the tunneled request. # # allowed values: {no, yes} # use_tunneled_reply = no #} # # The tunneled EAP session needs a default EAP type # which is separate from the one for the non-tunneled # EAP module. Inside of the TLS/PEAP tunnel, we # recommend using EAP-MS-CHAPv2. # # The PEAP module needs the TLS module to be installed # and configured, in order to use the TLS tunnel # inside of the EAP packet. You will still need to # configure the TLS module, even if you do not want # to deploy EAP-TLS in your network. Users will not # be able to request EAP-TLS, as it requires them to # have a client certificate. EAP-PEAP does not # require a client certificate. # peap { # The tunneled EAP session needs a default # EAP type which is separate from the one for # the non-tunneled EAP module. Inside of the # PEAP tunnel, we recommend using MS-CHAPv2, # as that is the default type supported by # Windows clients. default_eap_type = mschapv2 # the PEAP module also has these configuration # items, which are the same as for TTLS. copy_request_to_tunnel = yes use_tunneled_reply = yes # When the tunneled session is proxied, the # home server may not understand EAP-MSCHAP-V2. # Set this entry to "no" to proxy the tunneled # EAP-MSCHAP-V2 as normal MSCHAPv2. # proxy_tunneled_request_as_eap = yes } # # This takes no configuration. # # Note that it is the EAP MS-CHAPv2 sub-module, not # the main 'mschap' module. # # Note also that in order for this sub-module to work, # the main 'mschap' module MUST ALSO be configured. # # This module is the *Microsoft* implementation of MS-CHAPv2 # in EAP. There is another (incompatible) implementation # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # mschapv2 { } } ***************************************************** Thanks, Damon __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com