I am testing the new version of FreeRadius (v2.1.10) on a CentOS 5 server with Samba 3.4.3 installed.  The ultimate goal is to do 802.1x port authentication (Vista machines) for Wired connections  and authenticate the users against Windows 2008 R2 AD.  I configured Samba and join it to the Domain, and configured FreeRadius per the instructions on the Wiki.  Testing against AD was successful, so I configured FreeRadius to use EAP-PEAP, generated my own certificates and ran into problems when testing it out.

When I generated the certificates, I created the server key and server csr with openssl.  I signed the csr with a Windows CA (adding the XPextensions) and then converted the DER format to PEM using openssl.  I verified that the certificate did have the Extended Key Attributes:

[root@radius mycerts]# openssl x509 -text -noout -in radius2.pem shows:

            X509v3 Extended Key Usage:

                TLS Web Server Authentication


When I try to authenticate, I did not see any errors, but at the end of the debug output shows: 

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING: !! EAP session for state 0x17d5444b10dc5de2 did not finish!

WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Ready to process requests.

I regenerated the certificates with the same results.  Does anyone have a clue on what is happening?  Here is the Debug output:

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=177, length=112

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        EAP-Message = 0x02010010014d454d5c7267726168616d

        Message-Authenticator = 0xe1910a3453bca0c7c905bfc2e5cd5aec

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 1 length 16

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

[files] users: Matched entry DEFAULT at line 53

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

[pap] WARNING! No "known good" password found for the user.  Authentication may fail because of this.

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1

++[eap] returns handled

Sending Access-Challenge of id 177 to 172.16.1.2 port 1645

        Service-Type = Framed-User

        Framed-Protocol = PPP

        EAP-Message = 0x010200061920

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b17d75de2f7dce27aee56b663

Finished request 0.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=178, length=236

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b17d75de2f7dce27aee56b663

        EAP-Message = 0x0202007a198000000070160301006b0100006703014d2f6a09730b74f908bd8b719705896b0b5eb2fe01f3fa3e0c26d38bcffa7361000018002f00350005000ac009c00ac013c01400320038001300040100002600000010000e00000b6d656d5c7267726168616d000a00080006001700180019000b00020100

        Message-Authenticator = 0x63e3265e98a3bb083f39d950ae2ade9f

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 2 length 122

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 112

[peap] Length Included

[peap] eaptls_verify returned 11

[peap]     (other): before/accept initialization

[peap]     TLS_accept: before/accept initialization

[peap] <<< TLS 1.0 Handshake [length 006b], ClientHello

[peap]     TLS_accept: SSLv3 read client hello A

[peap] >>> TLS 1.0 Handshake [length 002a], ServerHello

[peap]     TLS_accept: SSLv3 write server hello A

[peap] >>> TLS 1.0 Handshake [length 084e], Certificate

[peap]     TLS_accept: SSLv3 write certificate A

[peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone

[peap]     TLS_accept: SSLv3 write server done A

[peap]     TLS_accept: SSLv3 flush data

[peap]     TLS_accept: Need to read more data: SSLv3 read client certificate A

In SSL Handshake Phase

In SSL Accept mode

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 178 to 172.16.1.2 port 1645

        EAP-Message = 0x0103040019c00000088b160301002a0200002603014d2f698b6d3788f388aa9228162c3f76d3fe9a63fe494c39669259b60b9de8ad00002f00160301084e0b00084a0008470004af308204ab30820393a003020102020a23987bed000000000009300d06092a864886f70d0101050500304f31133011060a0992268993f22c6401191603636f6d31173015060a0992268993f22c64011916076d656d2d696e73311f301d060355040313166d656d2d696e732d4d454d2d4c41422d4443332d4341301e170d3131303131333138313134385a170d3132303131333138323134385a308190310b30090603550406130255533111300f060355040813084d

        EAP-Message = 0x6973736f7572693111300f06035504071308436f6c756d626961310c300a060355040a13034d454d310b3009060355040b13024953311b3019060355040313127261646975732e6d656d2d696e732e636f6d3123302106092a864886f70d01090116147365637572697479406d656d2d696e732e636f6d305c300d06092a864886f70d0101010500034b003048024100f36a27a2cafae70e6ba4a457802e352b6cb99976513c47cad6ec7585eedc5a565e736dbbc5377935dc2143414ee3620b1657503df4f5658c6d4549b322db5a090203010001a382020d30820209301d0603551d0e04160414787066c86e7a89d1c0bc0df2d001a9de5a7590a630

        EAP-Message = 0x1f0603551d2304183016801477292debc77ac57e073627dba3229e6faf5b76103081d80603551d1f0481d03081cd3081caa081c7a081c48681c16c6461703a2f2f2f434e3d6d656d2d696e732d4d454d2d4c41422d4443332d43412c434e3d6d656d2d6c61622d6463332c434e3d4344502c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d6d656d2d696e732c44433d636f6d3f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374436c6173733d63524c446973747269627574696f6e506f696e743081

        EAP-Message = 0xc806082b060105050701010481bb3081b83081b506082b060105050730028681a86c6461703a2f2f2f434e3d6d656d2d696e732d4d454d2d4c41422d4443332d43412c434e3d4149412c434e3d5075626c69632532304b657925323053657276696365732c434e3d53657276696365732c434e3d436f6e66696775726174696f6e2c44433d6d656d2d696e732c44433d636f6d3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f72697479300c0603551d130101ff0402300030130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000382

        EAP-Message = 0x0101003a8b2d68ea968ca3eb

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b16d65de2f7dce27aee56b663

Finished request 1.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=179, length=120

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b16d65de2f7dce27aee56b663

        EAP-Message = 0x020300061900

        Message-Authenticator = 0x1a2ddd0cffc8a6eeb4bd5af56a73316f

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 3 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 179 to 172.16.1.2 port 1645

        EAP-Message = 0x010403fc19407aa413407a16a4e2e344994d020646636e4b03b012a0a7011631e0a917fd491b2ad6795c8e210fbeb759e66ace486020b3c2da8778d05bf6b04431547da91e04bc304cc957f8782b5a6a903608da92903dc7bef79579d77e65b65ab8984156d8a6997219b90bbd75db4b432c48d3c97430916cc47a76bc095daedc0f0749f05f51bce08543a2192b787f15a208d6a2db4009df5079cf20e7986548032df3b55d36428bceae20295f7b7db4b74518a92058f72016204e226e158f3b1150dcfca79b3f831954b7917f3b52f22e831506b0f03d8970e4be34e73ce4edbfe2b52917939b0a1b3026467291a722f3fafa13ec7ad395d76c7ee0

        EAP-Message = 0x0003923082038e30820276a00302010202101d65a3c4272ba9ae4000af16adf133e8300d06092a864886f70d0101050500304f31133011060a0992268993f22c6401191603636f6d31173015060a0992268993f22c64011916076d656d2d696e73311f301d060355040313166d656d2d696e732d4d454d2d4c41422d4443332d4341301e170d3130313031343030353434315a170d3335313031343031303433395a304f31133011060a0992268993f22c6401191603636f6d31173015060a0992268993f22c64011916076d656d2d696e73311f301d060355040313166d656d2d696e732d4d454d2d4c41422d4443332d434130820122300d06092a86

        EAP-Message = 0x4886f70d01010105000382010f003082010a0282010100dec78b70f45103e5f3d835b4d757320e0442c0ce223a37d5148087d0d9cac90f1244fab1b4d6e57bf0f04a9df770d973d1a35379bd1448159880adb6c059d7bc48c19790b784e0cb0519f73605687435a943a99f063e36eb4584535c35a7f3d6f4900c54712280080bb229245b8a7f9ec39047ed0e1a906f632f97d4b75c6369817f85479e6cb009bb5be487ecd7b2186c818efd595b13faafbe03855adf655cdf70f23fbc7ddb63c8ea3466ae027252fccb877bc9adebfc4d637faf3f55366c4fa53cab5dde9edfc1dead59b4b56479ec52fdb91cc8a282ebc2529d41f3088c3858e80b1628

        EAP-Message = 0x708eda94966f51a236d785f13193e252ea7279b5bd6c2ee4553b0203010001a3663064301306092b060104018237140204061e0400430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041477292debc77ac57e073627dba3229e6faf5b7610301006092b06010401823715010403020100300d06092a864886f70d010105050003820101004ed045d54a6ec8362174cc3b70e9617f31fcec9951c61f8cf8e850fed2b86207295690201a1cbb174870927fa6c847289688da1a0b33ee935c9d2b5783547de88e1b42e1f04aa001fe2af230e35da26b6cfe17ae58b5e4a875c53d724938077782df

        EAP-Message = 0x6c3bec718651f019

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b15d15de2f7dce27aee56b663

Finished request 2.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=180, length=120

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b15d15de2f7dce27aee56b663

        EAP-Message = 0x020400061900

        Message-Authenticator = 0x952d481043dda4da8eca2b39ffd30fcb

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 4 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake fragment handler

[peap] eaptls_verify returned 1

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 180 to 172.16.1.2 port 1645

        EAP-Message = 0x010500a519002b3a66c8e8526d8ca3c9e036f7c21295735cffc7cca62e8d1da2526a65a9f79a69c80e259b2ac75781bf6c6f80ec149a46dd773307ecdfc2346ecd140ae08475e2bbf8d4cc45677d0c0821e9f3b3001899691830b151c99665a689a177a97682fb1a740da6bf92d05b83f293bc3d3ce00dea49df7eb6d39032dc5e4ad50419e189e57751e10cb9939b43a4c39b945fa0fd57f05dc01c16030100040e000000

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b14d05de2f7dce27aee56b663

Finished request 3.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=181, length=258

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b14d05de2f7dce27aee56b663

        EAP-Message = 0x02050090198000000086160301004610000042004019a92f516c2ed12eed5c4b4f4de63dbd4200f5c6293ff30e2565451f3775ffcbb01d71c341ac94d80926258517db6c5e751205e76bdc724f025dc43e441288b51403010001011603010030b7b8c1cc4e21a2c6fd1e52308e75c347510b2336a38c4ace61bde40495ac3bc86b53995adf75e9c428d63028edb0754b

        Message-Authenticator = 0x502b16df4abdeec82fb8a4031b883444

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 5 length 144

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

  TLS Length 134

[peap] Length Included

[peap] eaptls_verify returned 11

[peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange

[peap]     TLS_accept: SSLv3 read client key exchange A

[peap] <<< TLS 1.0 ChangeCipherSpec [length 0001]

[peap] <<< TLS 1.0 Handshake [length 0010], Finished

[peap]     TLS_accept: SSLv3 read finished A

[peap] >>> TLS 1.0 ChangeCipherSpec [length 0001]

[peap]     TLS_accept: SSLv3 write change cipher spec A

[peap] >>> TLS 1.0 Handshake [length 0010], Finished

[peap]     TLS_accept: SSLv3 write finished A

[peap]     TLS_accept: SSLv3 flush data

[peap]     (other): SSL negotiation finished successfully

SSL Connection Established

[peap] eaptls_process returned 13

[peap] EAPTLS_HANDLED

++[eap] returns handled

Sending Access-Challenge of id 181 to 172.16.1.2 port 1645

        EAP-Message = 0x0106004119001403010001011603010030740816e4b8e4c191780d546c1443a25171c62261bb4bbd7fa91dd713403f86418f33de753f3af5259f8ad46ed0d64abf

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b13d35de2f7dce27aee56b663

Finished request 4.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=182, length=120

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b13d35de2f7dce27aee56b663

        EAP-Message = 0x020600061900

        Message-Authenticator = 0x01334a4b91706f8128e35f10f6c74e0d

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 6 length 6

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] Received TLS ACK

[peap] ACK handshake is finished

[peap] eaptls_verify returned 3

[peap] eaptls_process returned 3

[peap] EAPTLS_SUCCESS

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state TUNNEL ESTABLISHED

++[eap] returns handled

Sending Access-Challenge of id 182 to 172.16.1.2 port 1645

        EAP-Message = 0x0107002b190017030100201437bd7da4e0d7dccb3f7880d51fa1881eae5c67aad132294e712cd80416cfbb

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b12d25de2f7dce27aee56b663

Finished request 5.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=183, length=173

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b12d25de2f7dce27aee56b663

        EAP-Message = 0x0207003b1900170301003076edeff553f5cb4d13a2ed7029ba397c77cf9d64c3d4712d1fc345d3d0dfdd1cec8ba1521e7800fab983b4b9c28068bb

        Message-Authenticator = 0xea354eec0fbb47ee4a142b0d6920754e

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 7 length 59

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state WAITING FOR INNER IDENTITY

[peap] Identity - MEM\test1

[peap] Got inner identity 'MEM\test1'

[peap] Setting default EAP type for tunneled EAP session.

[peap] Got tunneled request

        EAP-Message = 0x02070010014d454d5c7267726168616d

server  {

  PEAP: Setting User-Name to MEM\test1

Sending tunneled request

        EAP-Message = 0x02070010014d454d5c7267726168616d

        FreeRADIUS-Proxied-To = 127.0.0.1

        User-Name = "MEM\\test1"

server inner-tunnel {

# Executing section authorize from file /usr//etc/raddb/sites-enabled/inner-tunnel

+- entering group authorize {...}

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[control] returns noop

[eap] EAP packet type response id 7 length 16

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/inner-tunnel

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type mschapv2

rlm_eap_mschapv2: Issuing Challenge

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

        EAP-Message = 0x010800251a0108002010a088cefe33e2d8f8c4b799ed59c5fb0d4d454d5c7267726168616d

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xc0c1c1a1c0c9db106b079f71f54582b1

[peap] Got tunneled reply RADIUS code 11

        EAP-Message = 0x010800251a0108002010a088cefe33e2d8f8c4b799ed59c5fb0d4d454d5c7267726168616d

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xc0c1c1a1c0c9db106b079f71f54582b1

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 183 to 172.16.1.2 port 1645

        EAP-Message = 0x0108004b190017030100402047ac117f1fb44413571911d8cc5218a52dcd31033604e24e1884e44ef4d3a56b0540d56451fbbcaa3dc0ba6856c560b31b06642fa27235651d88698617735b

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b11dd5de2f7dce27aee56b663

Finished request 6.

Going to the next request

Waking up in 4.9 seconds.

rad_recv: Access-Request packet from host 172.16.1.2 port 1645, id=184, length=221

        User-Name = "MEM\\test1"

        Service-Type = Framed-User

        Framed-MTU = 1500

        NAS-IP-Address = 172.16.1.2

        NAS-Port = 2

        Calling-Station-Id = "00-1B-78-4E-00-12"

        State = 0x17d5444b11dd5de2f7dce27aee56b663

        EAP-Message = 0x0208006b19001703010060ed7d3f594ba21455ac85cb59be5680cbec08cd20c7e2ac705c3d5289aadb43318fded2bc16e793b1fe21206e81054dece94dc95f6a5402014a10a21c4f09d86a069d624832465c2ed89040cda57f84cb0298184274cec6eeb88a17f0198a0594

        Message-Authenticator = 0x4c97f3f00ebaf2a9bd5a748646064d04

# Executing section authorize from file /usr//etc/raddb/sites-enabled/default

+- entering group authorize {...}

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

++[digest] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

[eap] EAP packet type response id 8 length 107

[eap] Continuing tunnel setup.

++[eap] returns ok

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/default

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/peap

[eap] processing type peap

[peap] processing EAP-TLS

[peap] eaptls_verify returned 7

[peap] Done initial handshake

[peap] eaptls_process returned 7

[peap] EAPTLS_OK

[peap] Session established.  Decoding tunneled attributes.

[peap] Peap state phase2

[peap] EAP type mschapv2

[peap] Got tunneled request

        EAP-Message = 0x020800461a020800413139db069aec3a1482eaf5437cc12dc36200000000000000002ff233ba94c6cc0ff8b204e09e8217c1f93dd23f6a175caa004d454d5c7267726168616d

server  {

  PEAP: Setting User-Name to MEM\test1

Sending tunneled request

        EAP-Message = 0x020800461a020800413139db069aec3a1482eaf5437cc12dc36200000000000000002ff233ba94c6cc0ff8b204e09e8217c1f93dd23f6a175caa004d454d5c7267726168616d

        FreeRADIUS-Proxied-To = 127.0.0.1

        User-Name = "MEM\\test1"

        State = 0xc0c1c1a1c0c9db106b079f71f54582b1

server inner-tunnel {

# Executing section authorize from file /usr//etc/raddb/sites-enabled/inner-tunnel

+- entering group authorize {...}

++[chap] returns noop

++[mschap] returns noop

[suffix] No '@' in User-Name = "MEM\test1", looking up realm NULL

[suffix] No such realm "NULL"

++[suffix] returns noop

++[control] returns noop

[eap] EAP packet type response id 8 length 70

[eap] No EAP Start, assuming it's an on-going EAP conversation

++[eap] returns updated

++[files] returns noop

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns noop

Found Auth-Type = EAP

# Executing group from file /usr//etc/raddb/sites-enabled/inner-tunnel

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/mschapv2

[eap] processing type mschapv2

[mschapv2] # Executing group from file /usr//etc/raddb/sites-enabled/inner-tunnel

[mschapv2] +- entering group MS-CHAP {...}

[mschap] Creating challenge hash with username: test1

[mschap] Told to do MS-CHAPv2 for test1 with NT-Password

[mschap]        expand: --username=%{mschap:User-Name:-None} -> --username=test1

[mschap]        expand: %{mschap:NT-Domain} -> MEM

[mschap]        expand: --domain=%{%{mschap:NT-Domain}:-MEM} -> --domain=MEM

[mschap]  mschap2: a0

[mschap] Creating challenge hash with username: test1

[mschap]        expand: --challenge=%{mschap:Challenge:-00} -> --challenge=101d5affa80deb2a

[mschap]        expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=2ff233ba94c6cc0ff8b204e09e8217c1f93dd23f6a175caa

Exec-Program output: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D

Exec-Program-Wait: plaintext: NT_KEY: D17434B7303CD6FA2ABE17CDB536D69D

Exec-Program: returned: 0

[mschap] adding MS-CHAPv2 MPPE keys

++[mschap] returns ok

MSCHAP Success

++[eap] returns handled

} # server inner-tunnel

[peap] Got tunneled reply code 11

        EAP-Message = 0x010900331a0308002e533d36383632464443433541363636343133304138313535463643454332414535354530433031354133

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xc0c1c1a1c1c8db106b079f71f54582b1

[peap] Got tunneled reply RADIUS code 11

        EAP-Message = 0x010900331a0308002e533d36383632464443433541363636343133304138313535463643454332414535354530433031354133

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xc0c1c1a1c1c8db106b079f71f54582b1

[peap] Got tunneled Access-Challenge

++[eap] returns handled

Sending Access-Challenge of id 184 to 172.16.1.2 port 1645

        EAP-Message = 0x0109005b190017030100503ab95bfb4fc74f8bdbc39c6a332f01e8238c1548c1d905edc81dc513033f398190f455a6a164b10035f08c1b0eef983b1174dc9136c66507a8209a06f26adf1ed27f08e7c1f157ae925b63dc1d3452f0

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0x17d5444b10dc5de2f7dce27aee56b663

Finished request 7.

Going to the next request

Waking up in 4.9 seconds.

Cleaning up request 0 ID 177 with timestamp +72

Cleaning up request 1 ID 178 with timestamp +72

Cleaning up request 2 ID 179 with timestamp +72

Cleaning up request 3 ID 180 with timestamp +72

Cleaning up request 4 ID 181 with timestamp +72

Cleaning up request 5 ID 182 with timestamp +72

Cleaning up request 6 ID 183 with timestamp +72

Cleaning up request 7 ID 184 with timestamp +72

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

WARNING: !! EAP session for state 0x17d5444b10dc5de2 did not finish!

WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility

WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!