Okay...I've been digging at this for quite a while and have found something quite stumping which seems to be what is keeping all of this from working. The short of it is I'm trying to get 802.1x with PEAP to be proxied by freeradius to an ias radius server. It appears I have everything working with one small exception - freeradius seems to be unwilling to send a packet to the ias radius server. I will put more of the logs below, but the gist of it is at this part of the process: Sending Access-Request of id 1 to 172.28.240.114:1812 (where 172.28.240.114 is the ias box) no packet appears to be dropped on the network. What I've done for experimenting is tcpdump -i eth0 host 172.28.240.114 which shows nothing at all being sent I have modified the proxy.conf to change my proxy setup for this realm to various things and found: remote server changed to another IP address which is not local to the machine: same thing - no packet ever tries to go set the loopback address (127.0.0.1) as the remote server - packet is sniffed on the lo interface and received (and rejected) by freeradius set the host ip address (172.28.240.73) as the remote server - packet is not sniffed (logical) but freeradius sees (and rejects) it. set the host ip address again as the remote server, but set it to use a different port, with netcat running on that port - netcat gets the packet - has no idea what to do with it, but gets the packet. setup another interface on the box, set the remote server address to be one that would route to that interface - tcpdump on that interface sees no packet. best deduction is that for some reason in proxying, freeradius does not want to send a packet. I say in proxying, because we have our network switches set to use RADIUS to authenticate the users connecting to the console. Also, running radclient from the freeradius server works just fine against the same server. In fact, if I cut and snip what freeradius is trying to send and send it via radclient, I get a successfull response from ias, which makes me think once I can resolve this, everything will work! For sanity's sake 172.28.240.73 - the freeradius server 172.28.240.114 - the ias radius server 172.25.7.11 - the switch I consoled into, and also the switch I'm trying to authenticate through 1.0.5 - the version of freeradius I'm running, lovingly compiled by hand on Debian 3 - the number of hairs I have left on my head after dealing with this (it was 5 before dealing with this :) Thanks for any help, -Dan ==== A dump of a packet when the "remote server" for the CSUIAS realm was set to 127.0.0.1 ============ nazgul:/etc/freeradius# tcpdump -s 900 -ni lo tcpdump: listening on lo 21:16:47.041823 127.0.0.1.1814 > 127.0.0.1.1812: rad-access-req 202 [id 0] Attr[ User{CCSU\testuser} Called_station{00-11-88-12-6e-70} Calling_station{00-0f-1f-43-c8-38} NAS_id{00-11-88-12-6e-5d} NAS_ipaddr{172.25.7.11} NAS_port{19} Framed_mtu{1500} NAS_port_type{Ethernet} Vendor_specific{} Vendor_specific{} Proxy_state{22} ] (DF) 21:16:52.040815 127.0.0.1.1812 > 127.0.0.1.1814: rad-access-reject 24 [id 0] Attr[ Proxy_state{22} ] (DF) ===== debug log and tcpdump when someone logs into a network switch console =============== 23:26:11.575681 172.28.240.73.1814 > 172.28.240.114.1812: rad-access-req 95 [id 0] Attr[ User{testuser} Pass NAS_id{00-11-88-12-6E-5D} Message_auth{. u5m....|.} NAS_ipaddr{172.25.7.11} Proxy_state{50} ] (DF) 23:26:11.596478 172.28.240.114.1812 > 172.28.240.73.1814: rad-access-accept 115 [id 0] Attr[ Proxy_state{50} Filter_id{Enterasys:version=1:mgmt=su:policy=Administrator} Callback-number{} Service_type{Framed} Class{l[.>} ] rad_recv: Access-Request packet from host 172.25.7.11:1024, id=48, length=85 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "testuser" User-Password = "testpw" NAS-Identifier = "00-11-88-12-6E-5D" Message-Authenticator = 0x9a0b5e2c470c9fcac6a09234573345ff Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "testuser" rlm_realm: Proxying request from user testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 Sending Access-Request of id 0 to 172.28.240.114:1812 User-Name = "testuser" User-Password = "testpw" NAS-Identifier = "00-11-88-12-6E-5D" Message-Authenticator = 0x00000000000000000000000000000000 NAS-IP-Address = 172.25.7.11 Proxy-State = 0x3438 Thread 1 waiting to be assigned a request rad_recv: Access-Accept packet from host 172.28.240.114:1812, id=0, length=115 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 0, (1 handled so far) Proxy-State = 0x3438 Filter-Id = "Enterasys:version=1:mgmt=su:policy=Administrator" Callback-Number = "" Service-Type = Framed-User Class = 0x6c560839000001370001a81cf07101c5dfba78f198dc0000000000000599 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: group post-proxy returns noop for request 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "suffix" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 1 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Sending Access-Accept of id 48 to 172.25.7.11:1024 Filter-Id = "Enterasys:version=1:mgmt=su:policy=Administrator" Callback-Number = "" Service-Type = Framed-User Class = 0x6c560839000001370001a81cf07101c5dfba78f198dc0000000000000599 Finished request 0 Going to the next request Thread 2 waiting to be assigned a request ================== debug log of an attempt to authenticate that goes nowhere ==================== rad_recv: Access-Request packet from host 172.25.7.11:1024, id=1, length=154 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 2 got semaphore Thread 2 handling request 0, (1 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet EAP-Message = 0x0201001201434353555c646e6577636f6d62 Message-Authenticator = 0x538d455841aa6f9e794454ed014c4c34 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall[authorize]: module "files" returns notfound for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 1 to 172.25.7.11:1024 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc86bbdd3696698a7def762dc1963927b Finished request 0 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=2, length=266 Waking up in 31 seconds... Thread 1 got semaphore Thread 1 handling request 1, (1 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xc86bbdd3696698a7def762dc1963927b EAP-Message = 0x0202007019800000006616030100610100005d030143714c6f2181d0b5d0781a5526feb2634ac81878633b1050c8256342b1ff31722012e3b8e757d55a0347cf458a9bcc7563b58fb7c21a1b4fd6554c0357c4e4de5a001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x2710051dea259f64bcde584986c72019 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 modcall[authorize]: module "files" returns notfound for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: group authenticate returns handled for request 1 Sending Access-Challenge of id 2 to 172.25.7.11:1024 EAP-Message = 0x0103040a19c0000006f1160301004a02000046030143714c768c3c914fae39af24593e0fa20df2e73277e0a0ca898fd315d29623cd20a9dcdcad52cee9b9737568a4dd4eb81d8a918f8cd2ada99c554f2c147472615700040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb00d1df8886b0763b59097c29799c48b Finished request 1 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=3, length=160 Waking up in 31 seconds... Thread 3 got semaphore Thread 3 handling request 2, (1 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xb00d1df8886b0763b59097c29799c48b EAP-Message = 0x020300061900 Message-Authenticator = 0xf4cc5aa5c77cf23ec54fe5416cd8ac43 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 modcall[authorize]: module "files" returns notfound for request 2 modcall: group authorize returns updated for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: group authenticate returns handled for request 2 Sending Access-Challenge of id 3 to 172.25.7.11:1024 EAP-Message = 0x010402f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdfe217f6b86aacab3ceb8cd578d30130 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=4, length=346 Waking up in 31 seconds... Thread 4 got semaphore Thread 4 handling request 3, (1 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xdfe217f6b86aacab3ceb8cd578d30130 EAP-Message = 0x020400c01980000000b616030100861000008200801abea01e59447b7487945ce0c6a1939f9024559cdbdf4db367dd2307ccaacda61b35c88bebbace250a035ea874f034cd68db015730aa2275176e1d44f9bc42d3778b92515ee3db74f1cdb934e4a7563c8d3023c1d682432b4b1c54ccf814072029fbf280d7839228e43aa1f5182e2cd41a464074ee5bcb04acd7c91dffe82da81403010001011603010020f979140948ef0d69e6ed37208bd370211ffe8698bc6b224efc2f1a3009d6e1c8 Message-Authenticator = 0x758083c377abf2476fd048ad63817010 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 modcall[authorize]: module "files" returns notfound for request 3 modcall: group authorize returns updated for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 4 to 172.25.7.11:1024 EAP-Message = 0x0105003119001403010001011603010020dfe71da8858751da7b53f8c8255d63be61e489853343260807fd78989dfdbd30 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x688dc6131bc8de96fe4556e270ee6cab Finished request 3 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=5, length=160 Waking up in 31 seconds... Thread 5 got semaphore Thread 5 handling request 4, (1 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x688dc6131bc8de96fe4556e270ee6cab EAP-Message = 0x020500061900 Message-Authenticator = 0x3159c60ff905f339906fbd99de3b6990 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "chap" returns noop for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 modcall[authorize]: module "files" returns notfound for request 4 modcall: group authorize returns updated for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 4 modcall: group authenticate returns handled for request 4 Sending Access-Challenge of id 5 to 172.25.7.11:1024 EAP-Message = 0x0106002019001703010015c463829b6b4560e641e57ca75b240b3703c4f8d595 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf7773669edf567c57a7d1fe7997e1095 Finished request 4 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=6, length=195 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 5, (2 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xf7773669edf567c57a7d1fe7997e1095 EAP-Message = 0x020600291900170301001ef168d1db99648ba8fe8420eea79dbc9766e48f25c0acd7e7151f2de55156 Message-Authenticator = 0x3a13f0279313eabd4c3a010e21c33c53 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 41 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 modcall[authorize]: module "files" returns notfound for request 5 modcall: group authorize returns updated for request 5 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CCSU\testuser rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x0206001201434353555c646e6577636f6d62 PEAP: Got tunneled identity of CCSU\testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CCSU\testuser PEAP: Sending tunneled request EAP-Message = 0x0206001201434353555c646e6577636f6d62 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module "preprocess" returns ok for request 5 modcall[authorize]: module "chap" returns noop for request 5 modcall[authorize]: module "mschap" returns noop for request 5 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 5 rlm_eap: EAP packet type response id 6 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 5 users: Matched entry DEFAULT at line 3 modcall[authorize]: module "files" returns ok for request 5 modcall: group authorize returns updated for request 5 PEAP: Got tunneled reply RADIUS code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 PEAP: Cancelling proxy to realm CSUIAS until the tunneled EAP session has been established PEAP: Processing from tunneled session code 0x81368a8 11 EAP-Message = 0x010700271a01070022104ef58089f77b5c2e215455a0214797ac434353555c646e6577636f6d62 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bdbbfc9b677e96180952fde499faca5 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 5 modcall: group authenticate returns handled for request 5 Sending Access-Challenge of id 6 to 172.25.7.11:1024 EAP-Message = 0x0107003e190017030100335818057c9e75e2c583397931eb09d053f6ba1a00d28ceb953b16211fd02f602e0f55902e64986399b5a4e95d31c07b989ac055 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xfe97f345bc26792731d4535853ba38f6 Finished request 5 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=7, length=249 Waking up in 31 seconds... Thread 1 got semaphore Thread 1 handling request 6, (2 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xfe97f345bc26792731d4535853ba38f6 EAP-Message = 0x0207005f1900170301005473e7401e75b295d4df0d99b751527b98b6100869ec8f61afcc0dc5671a6993382b0abe9512856589fa7b4577222685ee2cb147fb557c52b0dfb51ef8f8e96d2fa0afd9c663a42131977b526c2196151e0b6c2c31 Message-Authenticator = 0x39167876a62a58fad10952b390e76499 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 95 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 modcall[authorize]: module "files" returns notfound for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020700481a0207004331b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed400434353555c646e6577636f6d62 PEAP: Setting User-Name to CCSU\testuser PEAP: Adding old state with 7b db PEAP: Sending tunneled request EAP-Message = 0x020700481a0207004331b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed400434353555c646e6577636f6d62 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "CCSU\\testuser" State = 0x7bdbbfc9b677e96180952fde499faca5 Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 7 length 72 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 3 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 PEAP: Got tunneled reply RADIUS code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Not-EAP proxy set. Not composing EAP modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 PEAP: Tunneled authentication will be proxied to CSUIAS PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. Tunneled session will be proxied. Not doing EAP. modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Request of id 0 to 172.28.240.114:1812 User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac MS-CHAP2-Response = 0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4 Proxy-State = 0x37 Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=7, length=249 Ignoring duplicate packet from client c2-test:1024 - ID: 7, due to outstanding proxied request 6. --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 43714c76 Cleaning up request 1 ID 2 with timestamp 43714c76 Cleaning up request 2 ID 3 with timestamp 43714c76 Cleaning up request 3 ID 4 with timestamp 43714c76 Cleaning up request 4 ID 5 with timestamp 43714c76 Cleaning up request 5 ID 6 with timestamp 43714c76 Re-sending Access-Request of id 0 to 172.28.240.114:1812 User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Client-IP-Address = 127.0.0.1 Stripped-User-Name = "CCSU\\testuser" Realm = "NULL" EAP-Type = MS-CHAP-V2 MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac MS-CHAP2-Response = 0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4 Proxy-State = 0x37 Waking up in 5 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 0 to 172.28.240.114:1812 User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Client-IP-Address = 127.0.0.1 Stripped-User-Name = "CCSU\\testuser" Realm = "NULL" EAP-Type = MS-CHAP-V2 MS-CHAP-Challenge = 0x4ef58089f77b5c2e215455a0214797ac MS-CHAP2-Response = 0x0743b2d4b6fec992c3c08bd9e0ad844fc1f90000000000000000e0a4fc589662a5c93ee3310d33feaee6edb28488cbc88ed4 Proxy-State = 0x37 Waking up in 5 seconds... rad_recv: Access-Request packet from host 172.25.7.11:1024, id=8, length=154 --- Walking the entire request list --- Waking up in 1 seconds... Thread 3 got semaphore Thread 3 handling request 7, (2 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet EAP-Message = 0x0208001201434353555c646e6577636f6d62 Message-Authenticator = 0x7275c633c8f20f6fdfa4c30d6faf7c47 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 8 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 modcall[authorize]: module "files" returns notfound for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 8 to 172.25.7.11:1024 EAP-Message = 0x010900061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188 Finished request 7 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=9, length=266 Server rejecting request 6. marking authentication server 172.28.240.114:1812 for realm CSUIAS dead marking authentication server 172.28.240.114:1812 for realm ENTERASYS dead Sending Access-Reject of id 7 to 172.25.7.11:1024 Cleaning up request 6 ID 7 with timestamp 43714c76 Thread 4 got semaphore Thread 4 handling request 8, (2 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188 EAP-Message = 0x0209007019800000006616030100610100005d030143714c8dcd705643668282d8ed80212e942c0922cb61f14be2335fc94fc29ed320a9dcdcad52cee9b9737568a4dd4eb81d8a918f8cd2ada99c554f2c1474726157001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x8e737499b971df9cc99f4480c4e15530 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 Waking up in 1 seconds... modcall[authorize]: module "preprocess" returns ok for request 8 modcall[authorize]: module "chap" returns noop for request 8 modcall[authorize]: module "mschap" returns noop for request 8 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 8 rlm_eap: EAP packet type response id 9 length 112 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 8 modcall[authorize]: module "files" returns notfound for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 Threads: total/active/spare threads = 5/1/4 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 8 modcall: group authenticate returns handled for request 8 Sending Access-Challenge of id 9 to 172.25.7.11:1024 EAP-Message = 0x010a040a19c0000006f1160301004a02000046030143714c938d084249e44d6a7c4b15bb082c005da6d19bbb3a080e02d9fe95ee5220e2f1afcfb69fe6292453b7acfde05714d20f7b5956725828155956a8f3df8bd200040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xa8e06c9d7bdc1d4a87729159f7fdb3bd Finished request 8 Going to the next request Thread 4 waiting to be assigned a request --- Walking the entire request list --- Waking up in 5 seconds... Threads: total/active/spare threads = 5/0/5 --- Walking the entire request list --- Cleaning up request 7 ID 8 with timestamp 43714c93 Cleaning up request 8 ID 9 with timestamp 43714c93 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 172.25.7.11:1024, id=10, length=172 --- Walking the entire request list --- Waking up in 31 seconds... Thread 5 got semaphore Thread 5 handling request 9, (2 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x29d8d0d5b9d8a5cd3fbabb0a80e28188 EAP-Message = 0x020a001201434353555c646e6577636f6d62 Message-Authenticator = 0xd52c402a2bef7759250278d558729c97 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module "preprocess" returns ok for request 9 modcall[authorize]: module "chap" returns noop for request 9 modcall[authorize]: module "mschap" returns noop for request 9 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 9 rlm_eap: EAP packet type response id 10 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 9 modcall[authorize]: module "files" returns notfound for request 9 modcall: group authorize returns updated for request 9 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 9 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 9 modcall: group authenticate returns handled for request 9 Sending Access-Challenge of id 10 to 172.25.7.11:1024 EAP-Message = 0x010b00061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb554fb398ed4bc54d95a7b037b10b40b Finished request 9 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=11, length=234 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 10, (3 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xb554fb398ed4bc54d95a7b037b10b40b EAP-Message = 0x020b005019800000004616030100410100003d030143714cab8d13dc2ced8bfb3041266671ed7e36fe1fd639cbe3c3e5fe8297eb2000001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x52726700cba4c943a7ecd06bfbf63439 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 10 modcall[authorize]: module "preprocess" returns ok for request 10 modcall[authorize]: module "chap" returns noop for request 10 modcall[authorize]: module "mschap" returns noop for request 10 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 10 rlm_eap: EAP packet type response id 11 length 80 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 10 modcall[authorize]: module "files" returns notfound for request 10 modcall: group authorize returns updated for request 10 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 10 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0694], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 10 modcall: group authenticate returns handled for request 10 Sending Access-Challenge of id 11 to 172.25.7.11:1024 EAP-Message = 0x010c040a19c0000006f1160301004a02000046030143714cb18054b420dee6b33795f0c55116b04cbddddca2f09cacfa1f82a3af1c202c3ec96233a50aba2d7027af50961b3b1f4367b3d37b73e42f32f082c5ee9fb800040016030106940b00069000068d0002cd308202c930820232a003020102020102300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e74206365 EAP-Message = 0x7274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d301e170d3034303132353133323631305a170d3035303132343133323631305a30819b310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f73743119301706035504031310526f6f74206365727469666963617465311f301d06092a864886f70d0109011610726f6f74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003 EAP-Message = 0x818d0030818902818100dac525422bfedb082629a2cba44b3449c90d0ab462fb72c8434a782098863d7eb7d7e70028c2b7ad555a51cc756cf4fa1d7091615ab450d5289553ae6616aff014a55085d6b8fb4aee98638e426175cdd36c665c63cda177d34920eb30585edc8773999c2980f81ad4638bbbea1c82d054023db7ef24a3ec1c3f6241a903d7f30203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d0101040500038181007a2d921b1cf13bf2982a9178ec9ede6d88edc178a2e8bd40a0a06fb6f0769957884cd7084537083496fd184165293f583c8e8240eb68e042c94b15752e4c07e80d09 EAP-Message = 0x779afa3dd55c24fa54ac292d77205d1c2477ed30d59f57caf9bd21ff2a8d16cc0911c50e4f295763fcb60efa3c3d2d0e43850f6e6fbe284902f6e83503650003ba308203b63082031fa003020102020100300d06092a864886f70d010104050030819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c EAP-Message = 0x652e636f6d301e170d3034303132353133323630375a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x72ff7284b054639a39021cbf746c0c34 Finished request 10 Going to the next request Thread 2 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=12, length=160 Waking up in 31 seconds... Thread 1 got semaphore Thread 1 handling request 11, (3 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x72ff7284b054639a39021cbf746c0c34 EAP-Message = 0x020c00061900 Message-Authenticator = 0x508100e93d05291f51ac7efeedc8248b Processing the authorize section of radiusd.conf modcall: entering group authorize for request 11 modcall[authorize]: module "preprocess" returns ok for request 11 modcall[authorize]: module "chap" returns noop for request 11 modcall[authorize]: module "mschap" returns noop for request 11 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 11 rlm_eap: EAP packet type response id 12 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 11 modcall[authorize]: module "files" returns notfound for request 11 modcall: group authorize returns updated for request 11 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 11 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 11 modcall: group authenticate returns handled for request 11 Sending Access-Challenge of id 12 to 172.25.7.11:1024 EAP-Message = 0x010d02f71900170d3036303132343133323630375a30819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100d4c5b19724f164acf1ffb189db1c8fbff4f14396ea7cb1e90f78d69451725377895dfe52ccb99b41e8 EAP-Message = 0x0ddeb58b127a943f4f58cbc562878192fbdc6fece9f871e7c130d35cf5188817e9b133249edd2a1c75d31043ae87553cec7a77ef26aa7d74281db9b77e17c6446c5dd9b188b43250ca0229963722a123a726b00b4027fd0203010001a381ff3081fc301d0603551d0e0416041468d36d3e1ee7bc9d5a057021c363da1365d1ade33081cc0603551d230481c43081c1801468d36d3e1ee7bc9d5a057021c363da1365d1ade3a181a5a481a230819f310b30090603550406130243413111300f0603550408130850726f76696e63653112301006035504071309536f6d65204369747931153013060355040a130c4f7267616e697a6174696f6e31123010 EAP-Message = 0x060355040b13096c6f63616c686f7374311b301906035504031312436c69656e742063657274696669636174653121301f06092a864886f70d0109011612636c69656e74406578616d706c652e636f6d820100300c0603551d13040530030101ff300d06092a864886f70d01010405000381810033c00b66b1e579ef73a06798252dab8d5e5511fc00fd276d80d12f834777c6743fdc2743fca1507704e4bc0979e4f60ac3ad9ee83e6f347369229d1f77229ba2e982359da563024a00163dba6d6c986c0bad28af85132ff8f0d76501bf1b7c2dff658ce1e62c01997b6e64e3e8d4373354ce9912847651539063b85bbc5485c516030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf75bc99fb3760ef5328bf217cdfa3f8f Finished request 11 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=13, length=346 Waking up in 31 seconds... Thread 3 got semaphore Thread 3 handling request 12, (3 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xf75bc99fb3760ef5328bf217cdfa3f8f EAP-Message = 0x020d00c01980000000b61603010086100000820080a6ecadf8ef8b6ac564a27b58f6445c84cc77802d308bf729f1c5a7be5382b62f425ac1e92180f8cd97e790ef445df949b131229fee34b7508620e98b9fe5dea6f58be3cd6fa24ab4fec5d36fa4500cae5ed2080b2f33bbada936246b346e0893fd2b979c735f5be6c74de6bb3ca7321c81fae2b7e75d34ee18f26d63e7478b191403010001011603010020f8460c7964c23451cd12be32412d967d8575db782c62654d6674bcb90e7b8c9b Message-Authenticator = 0x34d9e04aa9c02f053cc2c0848b4ab10f Processing the authorize section of radiusd.conf modcall: entering group authorize for request 12 modcall[authorize]: module "preprocess" returns ok for request 12 modcall[authorize]: module "chap" returns noop for request 12 modcall[authorize]: module "mschap" returns noop for request 12 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 12 rlm_eap: EAP packet type response id 13 length 192 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 12 modcall[authorize]: module "files" returns notfound for request 12 modcall: group authorize returns updated for request 12 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 12 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 12 modcall: group authenticate returns handled for request 12 Sending Access-Challenge of id 13 to 172.25.7.11:1024 EAP-Message = 0x010e00311900140301000101160301002007ed2f01861fd6060dc9194df759dc74d68b4f9031eb1415b77526975406609d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7374ecc4a25e36807cbff1cb600466e5 Finished request 12 Going to the next request Thread 3 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=14, length=160 Waking up in 31 seconds... Thread 4 got semaphore Thread 4 handling request 13, (3 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x7374ecc4a25e36807cbff1cb600466e5 EAP-Message = 0x020e00061900 Message-Authenticator = 0x3af6ccade7a12834464a0839480dc48a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 13 modcall[authorize]: module "preprocess" returns ok for request 13 modcall[authorize]: module "chap" returns noop for request 13 modcall[authorize]: module "mschap" returns noop for request 13 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 13 rlm_eap: EAP packet type response id 14 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 13 modcall[authorize]: module "files" returns notfound for request 13 modcall: group authorize returns updated for request 13 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 13 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS modcall[authenticate]: module "eap" returns handled for request 13 modcall: group authenticate returns handled for request 13 Sending Access-Challenge of id 14 to 172.25.7.11:1024 EAP-Message = 0x010f002019001703010015dee804f79e02f544702f9429da4834aa06d242c56f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdb4c47ab7a22e4eff1430f19483e02e1 Finished request 13 Going to the next request Thread 4 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=15, length=195 Waking up in 31 seconds... Thread 5 got semaphore Thread 5 handling request 14, (3 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0xdb4c47ab7a22e4eff1430f19483e02e1 EAP-Message = 0x020f00291900170301001ef98d6be68461c6fa36a3f5e7a06af1bf76272bf0dd6da34aa952753e442c Message-Authenticator = 0x34e4fe3e00872195f599c727f9d47edc Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 15 length 41 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 modcall[authorize]: module "files" returns notfound for request 14 modcall: group authorize returns updated for request 14 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - CCSU\testuser rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x020f001201434353555c646e6577636f6d62 PEAP: Got tunneled identity of CCSU\testuser PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to CCSU\testuser PEAP: Sending tunneled request EAP-Message = 0x020f001201434353555c646e6577636f6d62 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Processing the authorize section of radiusd.conf modcall: entering group authorize for request 14 modcall[authorize]: module "preprocess" returns ok for request 14 modcall[authorize]: module "chap" returns noop for request 14 modcall[authorize]: module "mschap" returns noop for request 14 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 14 rlm_eap: EAP packet type response id 15 length 18 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 14 users: Matched entry DEFAULT at line 3 modcall[authorize]: module "files" returns ok for request 14 modcall: group authorize returns updated for request 14 PEAP: Got tunneled reply RADIUS code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 14 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge modcall[authenticate]: module "eap" returns handled for request 14 modcall: group authenticate returns handled for request 14 PEAP: Cancelling proxy to realm CSUIAS until the tunneled EAP session has been established PEAP: Processing from tunneled session code 0x81364a8 11 EAP-Message = 0x011000271a0110002210bd65e21cc40b0c0fdc3aa51d142aa75c434353555c646e6577636f6d62 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7b678c5b5dea5fd306109e4075d33313 PEAP: Got tunneled Access-Challenge modcall[authenticate]: module "eap" returns handled for request 14 modcall: group authenticate returns handled for request 14 Sending Access-Challenge of id 15 to 172.25.7.11:1024 EAP-Message = 0x0110003e190017030100331019916a1e8d44d01c39e713848a50414430c30c501b9eb338aab3000546bdb4037ff9cbdafe94b2e2eeb9f57eac5b3c9d1d63 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x225a27645d5b540886f99013fec42790 Finished request 14 Going to the next request Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 172.25.7.11:1024, id=16, length=249 Waking up in 31 seconds... Thread 2 got semaphore Thread 2 handling request 15, (4 handled so far) User-Name = "CCSU\\testuser" Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet State = 0x225a27645d5b540886f99013fec42790 EAP-Message = 0x0210005f19001703010054a24d2bc6a22bd39c868802c6f180c0d4a93c9535414de111489a80cc840ad2510ed807eeb1b50f2e483c29ecd55ead0ba47ec871319d7ecbe7ab3293318441a0bf394ae16bc83024c72141e77611d0c8a5f247d8 Message-Authenticator = 0xdeb694ff4f0424445070812af1b8b97c Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: EAP packet type response id 16 length 95 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 modcall[authorize]: module "files" returns notfound for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Got tunneled EAP-Message EAP-Message = 0x021000481a02100043319cd5b8af1bac308c329ad74aff1593420000000000000000737c0c0335036db6dc57eaad1865d5eacc034b8596c0d51500434353555c646e6577636f6d62 PEAP: Setting User-Name to CCSU\testuser PEAP: Adding old state with 7b 67 PEAP: Sending tunneled request EAP-Message = 0x021000481a02100043319cd5b8af1bac308c329ad74aff1593420000000000000000737c0c0335036db6dc57eaad1865d5eacc034b8596c0d51500434353555c646e6577636f6d62 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "CCSU\\testuser" State = 0x7b678c5b5dea5fd306109e4075d33313 Called-Station-Id = "00-11-88-12-6e-70" Calling-Station-Id = "00-0f-1f-43-c8-38" NAS-Identifier = "00-11-88-12-6e-5d" NAS-IP-Address = 172.25.7.11 NAS-Port = 19 Framed-MTU = 1500 NAS-Port-Type = Ethernet Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module "preprocess" returns ok for request 15 modcall[authorize]: module "chap" returns noop for request 15 modcall[authorize]: module "mschap" returns noop for request 15 rlm_realm: No '@' in User-Name = "CCSU\testuser", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "CCSU\testuser" rlm_realm: Proxying request from user CCSU\testuser to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 15 rlm_eap: EAP packet type response id 16 length 72 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 15 users: Matched entry DEFAULT at line 3 modcall[authorize]: module "files" returns ok for request 15 modcall: group authorize returns updated for request 15 PEAP: Got tunneled reply RADIUS code 0 PEAP: Calling authenticate in order to initiate tunneled EAP session. Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Not-EAP proxy set. Not composing EAP modcall[authenticate]: module "eap" returns handled for request 15 modcall: group authenticate returns handled for request 15 PEAP: Tunneled authentication will be proxied to CSUIAS PEAP: Remembering to do EAP-MS-CHAP-V2 post-proxy. Tunneled session will be proxied. Not doing EAP. modcall[authenticate]: module "eap" returns handled for request 15 modcall: group authenticate returns handled for request 15 ERROR: Failed to find live home server for realm CSUIAS Error trying to proxy request 15: Rejecting it Server rejecting request 15. Finished request 15 Going to the next request Thread 2 waiting to be assigned a request And the config files: users =======>>>> DEFAULT NAS-Identifier == "00-11-88-12-6E-5D", Proxy-To-Realm := "ENTERASYS" DEFAULT FreeRADIUS-Proxied-To != 127.0.0.1, Proxy-To-Realm := "LOCAL" DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1, Proxy-To-Realm := "CSUIAS" proxy.conf ======>>>> proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 120 default_fallback = yes post_proxy_authorize = yes } realm LOCAL { type = radius authhost = LOCAL accthost = LOCAL } realm NULL { type = radius authhost = LOCAL accthost = LOCAL } realm CSUIAS { type = radius authhost = 172.28.240.114:1812 accthost = 172.28.240.114:1813 secret = itsasecret } realm ENTERASYS { type = radius authhost = 172.28.240.114:1812 accthost = 172.28.240.114:1813 secret = itsasecret } eap.conf ====>> eap { default_eap_type = peap timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no md5 { } leap { } gtc { auth_type = PAP } tls { private_key_password = whatever private_key_file = ${raddbdir}/certs/cert-srv.pem certificate_file = ${raddbdir}/certs/cert-srv.pem CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random fragment_size = 1024 include_length = yes check_crl = no proxy_tunneled_request_as_eap = no } peap { default_eap_type = mschapv2 proxy_tunneled_request_as_eap = no copy_request_to_tunnel = yes } mschapv2 { } } radius.conf ======>>>>> prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/freeradius log_file = ${logdir}/radius.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/freeradius.pid user = root group = root max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { pap { encryption_scheme = crypt } chap { authtype = CHAP } pam { pam_auth = radiusd } unix { cache = no cache_reload = 600 shadow = /etc/shadow radwtmp = ${logdir}/radwtmp } $INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP use_mppe = yes require_encryption = yes require_strong = yes with_ntdomain_hack = no } realm IPASS { format = prefix delimiter = "/" ignore_default = no ignore_null = no } realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = no } realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = no } realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } checkval { item-name = Calling-Station-Id check-name = Calling-Station-Id data-type = string } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr } authorize { preprocess chap mschap suffix eap files } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } eap } preacct { preprocess acct_unique suffix files } accounting { detail unix radutmp sql } session { radutmp } post-auth { } pre-proxy { } post-proxy { eap }