When I try to do MAC auth, it shows No User, though it works
fine when I remove the Calling-Station-Id check item from MySQL. Debug shows
quotes around MAC…I put MAC in database with and without quotes and still
errors.
Any ideas?
Thanks!
Eric
SQL DATABASE:
DEFAULT Fall-Through = Yes
eric1328 Cleartext-Password := PASSWORD
eric1328 Calling-Station-Id == 00-1C-B3-B1-3E-07
DEBUG:
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 164 length 6
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
Received TLS ACK
[peap]
ACK handshake fragment handler
[peap]
eaptls_verify returned 1
[peap]
eaptls_process returned 13
[peap]
EAPTLS_HANDLED
++[eap]
returns handled
Sending
Access-Challenge of id 98 to 192.168.0.1 port 21693
EAP-Message
=
0x01a503fc194000f5762e66fa9d8422300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303131313139303133315a170d3130303131313139303133315a308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504
EAP-Message
=
0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f1cbee04f9676e1c96ebbe8d583605ad2deaf236abc16a11249f38d1677d43ea83dcceace1271e165fa2c7371e02c094dfdd082f17cfee16d6fb6a75e828d4e46437e8850eea413de14cc89d420c8fd641bec5b836f93376071d6fc38250efcc850cfdf79e26a92c3909faa42cc2ef
EAP-Message
= 0x3b6535fd406d7a979ac98783eb6945a286d076aa1408b0c7de16e0ae23c70711049e7727c1ff4a6c8f4854a6a278308de17d3175d2a4ba9d2f96278f84b96e8446bba5947820790093a125a06bcc8f958f75027aa07da3463fadbd8c94b9c005a95a8308fda13544df89c4a00b9c76283716be460a0d2ccf10bbd253047e0517a3be0598567f7828a42a2f49c22d4b8fcb0203010001a381fb3081f8301d0603551d0e04160414f95bfae9eee917ed848faa188aea05423fc10a2d3081c80603551d230481c03081bd8014f95bfae9eee917ed848faa188aea05423fc10a2da18199a48196308193310b3009060355040613024652310f300d06035504
EAP-Message
= 0x0813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900f5762e66fa9d8422300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100514f7f2cb414fdba2fdf77e4f29fe5d7697f933a0b6e5dd85355df5d1979147096260545f3dc2faf8e127292456eca6accb00a2a855ba96b9a31fdd1fec998ac5028ad5bfb02ce0cc69d5a39ce28a8d3ae92
EAP-Message
= 0xd12dca84626e1183
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af390993fea28ebd7065f57cfd5e2
Finished
request 3.
Going
to the next request
Waking
up in 4.9 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=99, length=105
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af390993fea28ebd7065f57cfd5e2
EAP-Message
= 0x02a500061900
Message-Authenticator
= 0x6b08abda82ea369fb42a1c300666c8a9
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 165 length 6
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
Received TLS ACK
[peap]
ACK handshake fragment handler
[peap]
eaptls_verify returned 1
[peap]
eaptls_process returned 13
[peap]
EAPTLS_HANDLED
++[eap]
returns handled
Sending
Access-Challenge of id 99 to 192.168.0.1 port 21693
EAP-Message
=
0x01a600b519003c63087fd1ffa76eaead2ddca3501c2b0ad762482215581804242c0e3fa5239347513a5fecb4860e64aa93af7b78509316c260bee87d3d9c71d5ff981dddbdee561dd35a9d863bbb97ea2bcc7bf5be923833eba09620f3055eb4977d217781f01b5777e4dd4f0a3e8fad4b98ac4f35519c4400deb13a663737e330dcc81852b807c34b8f287727394e8873b08059bebd2526fc9af290c4b50f460db89aeb2ef70709904d86db16030100040e000000
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af3909e3cea28ebd7065f57cfd5e2
Finished
request 4.
Going
to the next request
Waking
up in 4.9 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=100, length=437
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af3909e3cea28ebd7065f57cfd5e2
EAP-Message
=
0x02a60150198000000146160301010610000102010015e07115bcb9fbbc93abce7a91dd7369ef22d52495326fa65147364304dbd31e06605bb2bf682c0d3504ec792f6eab09a924a2435e7aae281d151de03c5fcc0e1d99cdcaa52e7fcc6e99228f299f974c0f3d769177a06d742493c06d310bdf90212c49fedf90bd4d32156b5e1a64810144509c3cf29348dbe46888e4f349b486c6cc545d8772004ef7299fb826e344364df4af4c06310581e58a96593935c8f3f13ef760497af2d6a6467772f3eb116034298138b99bfd2cac344f5b70f094cf8c29c0c4d53e4d233be0688a20c44063f32857a137435819cb143926bf536a649fee46875dc8e428
EAP-Message
=
0x1a91222d5ca7bf781c16628bf635acfbf1f5846c199745b61403010001011603010030be3cf7249124fb25b03a11b76b5fc07a589275055940a5d801209c599ae0de7b7e6bd7e15fb5d2451ac2cd632ac23179
Message-Authenticator
= 0xee555d72422495de2fbb5c975552cc09
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 166 length 253
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
TLS Length 326
[peap]
Length Included
[peap]
eaptls_verify returned 11
[peap]
<<< TLS 1.0 Handshake [length 0106], ClientKeyExchange
[peap]
TLS_accept: SSLv3 read client key exchange A
[peap]
<<< TLS 1.0 ChangeCipherSpec [length 0001]
[peap]
<<< TLS 1.0 Handshake [length 0010], Finished
[peap]
TLS_accept: SSLv3 read finished A
[peap]
>>> TLS 1.0 ChangeCipherSpec [length 0001]
[peap]
TLS_accept: SSLv3 write change cipher spec A
[peap]
>>> TLS 1.0 Handshake [length 0010], Finished
[peap]
TLS_accept: SSLv3 write finished A
[peap]
TLS_accept: SSLv3 flush data
[peap]
(other): SSL negotiation finished successfully
SSL
Connection Established
[peap]
eaptls_process returned 13
[peap]
EAPTLS_HANDLED
++[eap]
returns handled
Sending
Access-Challenge of id 100 to 192.168.0.1 port 21693
EAP-Message
= 0x01a7004119001403010001011603010030c9a77ba3f2ef8689c1c1f357506c8ed32a474d4736624bf52da7ad3e4d1025c601676fba45daafde076e8baf1ecbbb8a
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af3909f3dea28ebd7065f57cfd5e2
Finished
request 5.
Going
to the next request
Waking
up in 4.7 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=101, length=105
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af3909f3dea28ebd7065f57cfd5e2
EAP-Message
= 0x02a700061900
Message-Authenticator
= 0x65fe256227f65fdf404f4543848b95af
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 167 length 6
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
Received TLS ACK
[peap]
ACK handshake is finished
[peap]
eaptls_verify returned 3
[peap]
eaptls_process returned 3
[peap]
EAPTLS_SUCCESS
++[eap]
returns handled
Sending
Access-Challenge of id 101 to 192.168.0.1 port 21693
EAP-Message
= 0x01a8002b19001703010020bf063ab4620738f9eedd92219d0bece9fbeb543f33752c0e7f448525350354f0
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af3909c32ea28ebd7065f57cfd5e2
Finished
request 6.
Going
to the next request
Waking
up in 4.7 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=102, length=142
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af3909c32ea28ebd7065f57cfd5e2
EAP-Message
= 0x02a8002b19001703010020eccc437b43dd6a7c42d2de8276631dc72127ab1f9e42ff311be2f1374d595f2a
Message-Authenticator
= 0xb1dd21f5d4c56f8e9deeea2a74b188c2
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
-> /var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 168 length 43
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
eaptls_verify returned 7
[peap]
Done initial handshake
[peap]
eaptls_process returned 7
[peap]
EAPTLS_OK
[peap]
Session established. Decoding tunneled attributes.
[peap]
Identity - eric1328
[peap]
Got tunneled request
EAP-Message
= 0x02a8000d016572696331333238
server
{
PEAP: Got tunneled identity of eric1328
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to eric1328
Sending
tunneled request
EAP-Message
= 0x02a8000d016572696331333238
FreeRADIUS-Proxied-To
= 127.0.0.1
User-Name
= "eric1328"
server
inner-tunnel {
+-
entering group authorize {...}
++[chap]
returns noop
++[mschap]
returns noop
++[unix]
returns notfound
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
++[control]
returns noop
[eap]
EAP packet type response id 168 length 13
[eap]
No EAP Start, assuming it's an on-going EAP conversation
++[eap]
returns updated
++[files]
returns noop
[sql]
expand: %{User-Name} -> eric1328
[sql]
sql_set_user escaped user --> 'eric1328'
rlm_sql
(sql): Reserving sql socket id: 4
[sql]
expand: SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = 'eric1328'
ORDER BY id
[sql]
expand: SELECT
groupname FROM
radusergroup WHERE
username =
'%{SQL-User-Name}'
ORDER BY priority -> SELECT
groupname FROM
radusergroup WHERE
username = 'eric1328'
ORDER BY priority
rlm_sql
(sql): Released sql socket id: 4
[sql]
User eric1328 not found
++[sql]
returns notfound
++[expiration]
returns noop
++[logintime]
returns noop
++[pap]
returns noop
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
EAP Identity
[eap]
processing type mschapv2
rlm_eap_mschapv2:
Issuing Challenge
++[eap]
returns handled
} #
server inner-tunnel
[peap]
Got tunneled reply code 11
EAP-Message
= 0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0xbae8d73eba41cd116372880e81164985
[peap]
Got tunneled reply RADIUS code 11
EAP-Message
= 0x01a900221a01a9001d10505da5e75208728e4183ed570f1f71476572696331333238
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0xbae8d73eba41cd116372880e81164985
[peap]
Got tunneled Access-Challenge
++[eap]
returns handled
Sending
Access-Challenge of id 102 to 192.168.0.1 port 21693
EAP-Message
=
0x01a9004b19001703010040d087142a3fe21435656348569a3b0e0c5ea4bff508b77bec644a0d94edc3c0e0e70e5000b9d27d965b670cd1894dd78f8b0609441c64bb5804bc092ee9b5cda5
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af3909d33ea28ebd7065f57cfd5e2
Finished
request 7.
Going
to the next request
Waking
up in 4.6 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=103, length=206
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af3909d33ea28ebd7065f57cfd5e2
EAP-Message
=
0x02a9006b190017030100603aee6bf19ded97d3b37a40a5de93b752ddc952a08cd203826107234fe48d6c3f06259ab839dc022c651d85faeba18ea1a372f7beb5b7e0879ab851a19a3494182cc1af62c02a209d4c5fd21be0f2631b5aa8197cf039805b8660b038a1366dd6
Message-Authenticator
= 0x892144a42db4aad9a9a8376fcf99ee31
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 169 length 107
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
eaptls_verify returned 7
[peap]
Done initial handshake
[peap]
eaptls_process returned 7
[peap]
EAPTLS_OK
[peap]
Session established. Decoding tunneled attributes.
[peap]
EAP type mschapv2
[peap]
Got tunneled request
EAP-Message
=
0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238
server
{
PEAP: Setting User-Name to eric1328
Sending
tunneled request
EAP-Message
=
0x02a900431a02a9003e31af02a5a673cf93e8cf0f0180c90d630e0000000000000000922331ae61edd2595c25e9db4613992ef9e8124dc11ed2eb006572696331333238
FreeRADIUS-Proxied-To
= 127.0.0.1
User-Name
= "eric1328"
State
= 0xbae8d73eba41cd116372880e81164985
server
inner-tunnel {
+-
entering group authorize {...}
++[chap]
returns noop
++[mschap]
returns noop
++[unix]
returns notfound
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
++[control]
returns noop
[eap]
EAP packet type response id 169 length 67
[eap]
No EAP Start, assuming it's an on-going EAP conversation
++[eap]
returns updated
++[files]
returns noop
[sql]
expand: %{User-Name} -> eric1328
[sql]
sql_set_user escaped user --> 'eric1328'
rlm_sql
(sql): Reserving sql socket id: 3
[sql]
expand: SELECT id, username, attribute, value,
op FROM
radcheck WHERE
username = '%{SQL-User-Name}'
ORDER BY id -> SELECT id, username, attribute, value,
op FROM radcheck
WHERE username =
'eric1328' ORDER BY
id
[sql]
expand: SELECT
groupname FROM
radusergroup WHERE
username =
'%{SQL-User-Name}'
ORDER BY priority -> SELECT
groupname FROM
radusergroup WHERE
username =
'eric1328' ORDER BY
priority
rlm_sql
(sql): Released sql socket id: 3
[sql]
User eric1328 not found
++[sql]
returns notfound
++[expiration]
returns noop
++[logintime]
returns noop
++[pap]
returns noop
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/mschapv2
[eap]
processing type mschapv2
[mschapv2]
+- entering group MS-CHAP {...}
[mschap]
No Cleartext-Password configured. Cannot create LM-Password.
[mschap]
No Cleartext-Password configured. Cannot create NT-Password.
[mschap]
Told to do MS-CHAPv2 for eric1328 with NT-Password
[mschap]
FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap]
FAILED: MS-CHAP2-Response is incorrect
++[mschap]
returns reject
[eap]
Freeing handler
++[eap]
returns reject
Failed
to authenticate the user.
Login
incorrect: [eric1328] (from client private-network-1 port 0 via TLS tunnel)
} #
server inner-tunnel
[peap]
Got tunneled reply code 3
MS-CHAP-Error
= "\251E=691 R=1"
EAP-Message
= 0x04a90004
Message-Authenticator
= 0x00000000000000000000000000000000
[peap]
Got tunneled reply RADIUS code 3
MS-CHAP-Error
= "\251E=691 R=1"
EAP-Message
= 0x04a90004
Message-Authenticator
= 0x00000000000000000000000000000000
[peap]
Tunneled authentication was rejected.
[peap]
FAILURE
++[eap]
returns handled
Sending
Access-Challenge of id 103 to 192.168.0.1 port 21693
EAP-Message
=
0x01aa002b1900170301002048fa64ef04156959ee63b45c4fcc4e12accaaab2a60a2394ca2a760f2e507884
Message-Authenticator
= 0x00000000000000000000000000000000
State
= 0x9a9af3909230ea28ebd7065f57cfd5e2
Finished
request 8.
Going
to the next request
Waking
up in 4.5 seconds.
rad_recv:
Access-Request packet from host 192.168.0.1 port 21693, id=104, length=142
User-Name
= "eric1328"
NAS-IP-Address
= 192.168.0.1
NAS-Port-Type
= Wireless-802.11
Calling-Station-Id
= "00-1C-B3-B1-3E-07"
State
= 0x9a9af3909230ea28ebd7065f57cfd5e2
EAP-Message
= 0x02aa002b190017030100202916f6564d6d9ba431acbff58f2f080c7400122e76e082424a7ee58e8e031db5
Message-Authenticator
= 0xa714f18d12ee34c613cf1ca4610a715a
+-
entering group authorize {...}
++[preprocess]
returns ok
[auth_log]
expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.1/auth-detail-20090128
[auth_log]
expand: %t -> Wed Jan 28 10:08:48 2009
++[auth_log]
returns ok
++[chap]
returns noop
++[mschap]
returns noop
[suffix]
No '@' in User-Name = "eric1328", looking up realm NULL
[suffix]
No such realm "NULL"
++[suffix]
returns noop
[eap]
EAP packet type response id 170 length 43
[eap]
Continuing tunnel setup.
++[eap]
returns ok
Found
Auth-Type = EAP
+-
entering group authenticate {...}
[eap]
Request found, released from the list
[eap]
EAP/peap
[eap]
processing type peap
[peap]
processing EAP-TLS
[peap]
eaptls_verify returned 7
[peap]
Done initial handshake
[peap]
eaptls_process returned 7
[peap]
EAPTLS_OK
[peap]
Session established. Decoding tunneled attributes.
[peap]
Received EAP-TLV response.
[peap]
Had sent TLV failure. User was rejected earlier in this session.
[eap]
Handler failed in EAP/peap
[eap]
Failed in EAP select
++[eap]
returns invalid
Failed
to authenticate the user.
Login
incorrect: [eric1328] (from client private-network-1 port 0 cli
00-1C-B3-B1-3E-07)
Using
Post-Auth-Type Reject
+-
entering group REJECT {...}
[attr_filter.access_reject]
expand: %{User-Name} -> eric1328
attr_filter:
Matched entry DEFAULT at line 11
++[attr_filter.access_reject]
returns updated
Delaying
reject of request 9 for 1 seconds
Going
to the next request
Waking
up in 0.9 seconds.
Sending
delayed reject for request 9
Sending
Access-Reject of id 104 to 192.168.0.1 port 21693
EAP-Message
= 0x04aa0004
Message-Authenticator
= 0x00000000000000000000000000000000