node Name: Auth-Type Value: Accept node Name: Session-Timeout Value: 100 node Name: Termination-Action Value: 1 node Name: Idle-Timeout Value: 180 node Name: WISPr-Bandwidth-Max-Up Value: 100000 node Name: WISPr-Bandwidth-Max-Down Value: 250000 node Name: Framed-Protocol Value: PPP node Name: Reply-Message Value: OK [test_mod] INFO: Cleartext-Password set based on Mobif ++[test_mod] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: user1@home.com [mschap] Told to do MS-CHAPv2 for user1@home.com with NT-Password [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 Auth-Type := Accept Session-Timeout := 100 Termination-Action := RADIUS-Request Idle-Timeout := 180 WISPr-Bandwidth-Max-Up := 100000 WISPr-Bandwidth-Max-Down := 250000 Framed-Protocol := PPP Reply-Message := "OK" MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 Auth-Type := Accept Session-Timeout := 100 Termination-Action := RADIUS-Request Idle-Timeout := 180 WISPr-Bandwidth-Max-Up := 100000 WISPr-Bandwidth-Max-Down := 250000 Framed-Protocol := PPP Reply-Message := "OK" MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 60 to 192.168.2.145 port 1337 User-Name = "user1@home.com" EAP-Message = 0x010a002b19001703010020ad227ff42051a2119a3fdfcc0999ebcd51f07b78079146e092f0f85f8604137f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x23f93a462bf32393cc91e8892c409246 Finished request 18. Going to the next request Waking up in 3.8 seconds. rad_recv: Access-Request packet from host 192.168.2.145 port 1337, id=61, length=269 User-Name = "user1@home.com" NAS-IP-Address = 192.168.2.2 NAS-Identifier = "hello" NAS-Port = 0 Called-Station-Id = "00-11-22-33-44-55:SSID-1" Calling-Station-Id = "00-11-22-33-44-55" Framed-MTU = 1400 NAS-Port-Type = Wireless Connect-Info = "0Mbps 802.11b" EAP-Message = 0x020a0050190017030100205d777644a41a5fee4c658652b55fcd128b1fa7fe21dd1edcabeea1ca001c076117030100205719da5b2d9845746ebf187441a4b8724d074b043fd7e36a297dd45fc55a0c95 State = 0x23f93a462bf32393cc91e8892c409246 Message-Authenticator = 0x44e5ac78c039e29bc4798902f9c5b10f # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} expand: %{request:User-Name} -> user1@home.com ++[reply] returns notfound ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "home.com" for User-Name = "user1@home.com" [suffix] No such realm "home.com" ++[suffix] returns noop [eap] EAP packet type response id 10 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. SSL: Removing session 34ae8bf5fcb9242ca155baa7eb42097a96d72f29008c63185bb75a719e0fde41 from the cache [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> user1@home.com attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 Sending Access-Reject of id 61 to 192.168.2.145 port 1337 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 rad_recv: Access-Request packet from host 192.168.2.145 port 1337, id=61, length=269 Sending duplicate reply to client 192.168.0.0/16 port 1337 - ID: 61 Sending Access-Reject of id 61 to 192.168.2.145 port 1337 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000