Please! I need help! I don't understando why doesn't work... I want connect FREERADIUS+WPA2 ENTERPRISE+LDAP Ready to process requests. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=147 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02000016017573756172696f31406f726731322e6573 Message-Authenticator = 0xdea69f107d3eb3fa8984ef20369ff923 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to 192.168.12.5:389, authentication 0 [ldap] bind as cn=admin,dc=org12,dc=es/admin to 192.168.12.5:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb57faf487df7eda8ab9aed4e Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=343 Cleaning up request 0 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb57faf487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100c81980000000be16030100b9010000b50301566f4b1c8b95e3029a111e69fe94c1dfd9f4492132092b855b454e08fc37e570000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0x9cecda9b7eba5b5e92030bcb9a129ed9 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 1 length 200 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02c6], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0102040019c00000046216030100390200003503013b05e43751f6ed209948d0a70be8d3187a7aa248a71cdb7e3f581c40920e12b500c01400000dff01000100000b00040300010216030102c60b0002c20002bf0002bc308202b8308201a0a0030201020209008e4322a719659612300d06092a864886f70d01010b0500301431123010060355040313094f312d536572766572301e170d3135313231343232303933385a170d3235313231313232303933385a301431123010060355040313094f312d53657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100aa4952ef410918d271d25e62c24a970e5a48 EAP-Message = 0x3c0d3522dd3fe3ed96edfadb3c2bdc7d7426941ccf7b6274c2516f3bfcb87db4d032d4883d8fbbb2acbbab3dd961c6fb45a100de0da286208d3f358766c1996991c32ef19cae13854c394994f1bd07072f11c21217f57859079ae71b8c1f657996cd02c886866e192b9e37ffffc78a21f946e9d9481b13dac3ee6f47e1057aa7c0c32e802b8f42abb98253c6782de98fce3dc0e5f3736ff177e1d41da6bf14ea990e69d0c58482d2b37a2e0c17afb2042223429b2d44c3e0f6b685ae06e8f2657fa4b0f1915f901c16996d951fcd01e4cde25eafa638e233822cfc4da71a9e0ab41de67cbfc421029b45df58dfb70203010001a30d300b30090603551d EAP-Message = 0x1304023000300d06092a864886f70d01010b050003820101005d5c50cacdf0bb5a076175b04f86d79aa1a19fc1ac4afeae40c90ce3b3f9a0d31b7c1488f9fd2eeb81d824833768aa71a2a1fa1f1d88881b53ed5fc774a028fe5f617a960ed8c301a1e41403949f93197408e77b0a7ddeb6cdcc8ca79e90afa95dd08e92c6cdd48a6b0916a35f6ebcc56cbe8ceda830da6d949ebecf0fa043ecafca348621466c0f59b2edc7603eb0bd710b50eea5f4d90bd33ca0fd49da2255804bbf81a3d31a0934957e7271d2a7b3a903f0c45585832079900db22ef7f99f135cf1119051dc9c4fd40ff16d5bc6ce65dbe14d0fa2aa0ba2c3777e7f24324aa28744cc EAP-Message = 0x174c25e9d2e1b28dd5a3e3b0e423617e2b1aa0127cb1510e491c7d61160301014b0c000147030017410434b5656233950421a6263bc2989ea8f67c50f61d9a0aa890edfc7913263d656cf17c39632e087d67342bd72eda8f2427817160bd752b873c343d8f6ba0af02a501005068ad61fbf5b665809cba4a5a08cbbb3719d57717168f170052a958fb3e6d580695621c6cd057326b71f71a37ba5d9be4e1abb40865523864966b383bff5007fcc3c4d36ed7279cb2bb5c33838f53d86b1145e678c3502a3dbbb76707e6ce41b3cb23c3e1d210539327b877ef9ca98d4bf67b8398b40d31e53ebe9e89445a8b012bbaa66edd765a585c10ff6451fbb0a5 EAP-Message = 0x15179268395ae167b343d4cc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb47caf487df7eda8ab9aed4e Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 1 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb47caf487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0x59caa5e345582e838b1ffcd681e1f5b5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0103007219004cd8cb658aa0e01d5fe54cad5d9d8f453bcb877c1c4ad2435d4ed9bc38d4500bbb1969fb91dcf8d3d360121d4b28689d7b3826b4ba0952cd82d332d35797aa56e9bc124bbe7f52f0d5972c5382d00a621b7db87d6f2fb48607bb5a944d29a654f9767c16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb77daf487df7eda8ab9aed4e Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 2 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb77daf487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300901980000000861603010046100000424104f839145d329a4cbdb161c36cb292c9115131c20957aa46660b909963df2cc05b264e9b89096a3a80293b5cf7bdce8ed7c33f9a723fc6d1ca6fe89ad23e318fc5140301000101160301003097e0dad544d475481b8bf01379064093600c28c20aa0a1ec6b1a1e0f67902b807105d3c3a1658ed58dfa482359afb87f Message-Authenticator = 0xb326ab5d585497bcfd8b60c27f528ac2 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x010400411900140301000101160301003080f8386264c0da11b42e99f326879ed6ff9591987c4d09a9fc7999380fa81edb7c76f0329c032a87ce59420caeba05ac Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb67aaf487df7eda8ab9aed4e Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 3 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb67aaf487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xadfb8deb267aa8261bf95a6699e8088e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0105002b19001703010020631be9e7482f0ed9b52224ffe7f3c371664a3fc24818de5e823ff5121d1fc3fa Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb17baf487df7eda8ab9aed4e Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=239 Cleaning up request 4 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb17baf487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02050060190017030100209d12b50c6122b0994c07faac25a3e0a206cd763e85764fa8d738be533f9bb54e1703010030d418c5c8329283f3658a5dd7c119b73d136374a0ce40e6289869f00bbc4250beff3c0f9d237a6181417058327ea73fb4 Message-Authenticator = 0x2eb254bdcb929ee60a6fc3d5205097cb # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - usuario1@org12.es [peap] Got inner identity 'usuario1@org12.es' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 5 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0106002b1a0106002610ec17c8fae3e31e0ef656be69a75b82547573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdccc9105dcca8bf500670ad62d7e0b7e [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106002b1a0106002610ec17c8fae3e31e0ef656be69a75b82547573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xdccc9105dcca8bf500670ad62d7e0b7e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0106004b1900170301004077abe44705db16fc32db81fc8a7ddcd7c9bcc99de67829786b0e9c34ea29c9d385a5e4176eb259f01303b6c521dbe54d5f15d2e0af08102982db7fef6cc11bde Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb078af487df7eda8ab9aed4e Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 5 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb078af487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02060090190017030100204e4d14db4ab0209c8aab507a1f9db80200f36de7f83c8cf26ac000e8838cc63f1703010060a8e0e7a84d6f48666944c29a71bae900850ea5d516691812d70d17eb10e562b77f3680d5cfa7046997bbb82b9613c59ce0f7c62e17836ac4cf6ef698a54c8607cda951b886d66fb08e01d820061914ac45a053bbeb65082d68ff525eaac82d03 Message-Authenticator = 0xf3847577324b9eab1b2132cdcf4cca6a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206004c1a02060047318850406bfa38eab922be2d6f458091a50000000000000000ded678e6af2d8907bd1218c52e47961713dbe7fe011b3efd007573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x0206004c1a02060047318850406bfa38eab922be2d6f458091a50000000000000000ded678e6af2d8907bd1218c52e47961713dbe7fe011b3efd007573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" State = 0xdccc9105dcca8bf500670ad62d7e0b7e server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 6 length 76 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: usuario1@org12.es [mschap] Told to do MS-CHAPv2 for usuario1@org12.es with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0107002b19001703010020ed35ac44504ffaaca55962e2910db1901367da3cf9ed1077aa91e663276e6fa2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb57eb6afb379af487df7eda8ab9aed4e Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=223 Cleaning up request 6 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb57eb6afb379af487df7eda8ab9aed4e NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700501900170301002084e69a44dc5979e77eab39f4b661b3f9619dc0dff180481602cf51bef484770f170301002045c617c5725aabb81ed2253aa04289e9a3ea4d752a20f47d58929ae7a4fc2e51 Message-Authenticator = 0x04fb5185a048b1586c11c7058705c3e5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> usuario1@org12.es attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 7 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 7 Sending Access-Reject of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=147 Cleaning up request 7 ID 0 with timestamp +30 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02000016017573756172696f31406f726731322e6573 Message-Authenticator = 0xaf83406fc6aba82b2c722587da18454a # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92b9eba6785099d584534e4628 Finished request 8. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=343 Cleaning up request 8 ID 0 with timestamp +34 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92b9eba6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100c81980000000be16030100b9010000b50301566f4b21e10e7a1099dc7159e4c332878a8debec60ea8868b19b9adb07ae65f8000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0xb997acfc08d2b27b7f645409f3187cec # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 1 length 200 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02c6], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0102040019c0000004621603010039020000350301bb01e6ce658173bf181d931bcfc10c9f7752087fa6eb4891847331286705599900c01400000dff01000100000b00040300010216030102c60b0002c20002bf0002bc308202b8308201a0a0030201020209008e4322a719659612300d06092a864886f70d01010b0500301431123010060355040313094f312d536572766572301e170d3135313231343232303933385a170d3235313231313232303933385a301431123010060355040313094f312d53657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100aa4952ef410918d271d25e62c24a970e5a48 EAP-Message = 0x3c0d3522dd3fe3ed96edfadb3c2bdc7d7426941ccf7b6274c2516f3bfcb87db4d032d4883d8fbbb2acbbab3dd961c6fb45a100de0da286208d3f358766c1996991c32ef19cae13854c394994f1bd07072f11c21217f57859079ae71b8c1f657996cd02c886866e192b9e37ffffc78a21f946e9d9481b13dac3ee6f47e1057aa7c0c32e802b8f42abb98253c6782de98fce3dc0e5f3736ff177e1d41da6bf14ea990e69d0c58482d2b37a2e0c17afb2042223429b2d44c3e0f6b685ae06e8f2657fa4b0f1915f901c16996d951fcd01e4cde25eafa638e233822cfc4da71a9e0ab41de67cbfc421029b45df58dfb70203010001a30d300b30090603551d EAP-Message = 0x1304023000300d06092a864886f70d01010b050003820101005d5c50cacdf0bb5a076175b04f86d79aa1a19fc1ac4afeae40c90ce3b3f9a0d31b7c1488f9fd2eeb81d824833768aa71a2a1fa1f1d88881b53ed5fc774a028fe5f617a960ed8c301a1e41403949f93197408e77b0a7ddeb6cdcc8ca79e90afa95dd08e92c6cdd48a6b0916a35f6ebcc56cbe8ceda830da6d949ebecf0fa043ecafca348621466c0f59b2edc7603eb0bd710b50eea5f4d90bd33ca0fd49da2255804bbf81a3d31a0934957e7271d2a7b3a903f0c45585832079900db22ef7f99f135cf1119051dc9c4fd40ff16d5bc6ce65dbe14d0fa2aa0ba2c3777e7f24324aa28744cc EAP-Message = 0x174c25e9d2e1b28dd5a3e3b0e423617e2b1aa0127cb1510e491c7d61160301014b0c0001470300174104ea6db294242bc663673d95b316bf7dd2c5c4a720210983b7665204a7a90f1b244c4941a48b3648ffbbadf110f718faf0d289d73b645953e59a0df5fb010a803e01005023ae769a73db4bf8e1c951451bc9eafd69a822d4ccfd8543736353c4044b94cbecec3f223d5b4e63390dc6dade7ae712808ac134bf51f82b86b2ae2da14103856ad4041ae7e27da38adc8a11e0798e5a5fee944ea5a399d9a794d64b50c09c3f6ca4f531a3c5c5a7dbf90936bf53cf8ab55e0b4a2db95699170e807e153ca10fe12f8b344f67b0c3740565af84231bd7 EAP-Message = 0x932357a80717e435be1e449a Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92b8e8a6785099d584534e4628 Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 9 ID 0 with timestamp +34 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92b8e8a6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0xfe1e2747ea8a8039782c6468ea137d03 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0103007219006ba1f3617af17faa839bb107f4669a1b544cad39f8a72179d3112d2363107a1091e0c800604227adb4b3a4b481cf46b4d7a418293759003a90b1168135be9d2dcdd5d6bc256009e09ea3a6ad0cc7484c093ab07ab1bc4f59ca78b71db2f29be2abd40016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92bbe9a6785099d584534e4628 Finished request 10. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 10 ID 0 with timestamp +34 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92bbe9a6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0203009019800000008616030100461000004241046dac51c702fd73d3a2a9a31f53602d1d861a63434d691ed70342ddf9a52dc2d0b17d55857dce5e26f9ccbe4a5343328f12e6e4c8c81cb2c9986b05a3652d03f71403010001011603010030ab82bc66dfed6090d832610f1a23b6ad6cb8a8150446e7c9a48b9521778064c8c3a52a041abd42ef884e3aadd6912686 Message-Authenticator = 0x9494378e4e1dae045be5ffbdf3bfcc26 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x01040041190014030100010116030100307f0ca0e41a1e806136660d99e2947b3c396ed0835f0fdba2723d3736753d02b586ed3bd278527268cb646501c31e6d4f Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92baeea6785099d584534e4628 Finished request 11. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 11 ID 0 with timestamp +35 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92baeea6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0xee9d5d92b3eb1fc4def4ed5522511b08 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0105002b19001703010020cde6414def356c1e04ac07efc233ea75001725e19a36cdcc017f968df772d7a6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92bdefa6785099d584534e4628 Finished request 12. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=239 Cleaning up request 12 ID 0 with timestamp +35 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92bdefa6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0205006019001703010020f3d69103ab3df25c3bce44119edb139ed89d1dbe09c97c74f8170e00fde3d5aa17030100300684e62c1e7a0624af3dd81f5ce45b1ad365c7d2ebfd63f936ae09c0cd1d46a53996023f74a8edd74f2c1069eb0041c0 Message-Authenticator = 0x87963a4e5eb4279bf467d8050e663011 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - usuario1@org12.es [peap] Got inner identity 'usuario1@org12.es' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 5 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0106002b1a0106002610480fa33ca145b34833f1e226adb9e5f77573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf3a28b53f3a49133d9c4f4610c3da827 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106002b1a0106002610480fa33ca145b34833f1e226adb9e5f77573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf3a28b53f3a49133d9c4f4610c3da827 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0106004b19001703010040e1aec1d4ebbdf5675b055149b10cd1f010ab26b71363438e15084553f9d06f31df842f0521892d0c188e83be485d2cdac1366dc8508052a4b8d852735d5de459 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92bceca6785099d584534e4628 Finished request 13. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 13 ID 0 with timestamp +35 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92bceca6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020600901900170301002057c2712347441259f45d148212223c1bfc171cddcd49d048ef2f1f9b4dd2a7231703010060d34616045b2144ccb6270f9c016227a956d65eaea91ddd6e2668b4339fe1546cd84b868402de263dcafd182dd2995339b3b491732fd05ccdb35be74c25d81f4bec0f97eddabb99542026a58c74dc2637bad14f4fa0e4624b0a2d035260e03b56 Message-Authenticator = 0x390889dce3b3521b723776a7db8ce0e1 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206004c1a0206004731ffd6fac8a92ab31862d1e3590213398f000000000000000003f92e584210e311f3f7a429da02df958548c85fff171ce7007573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x0206004c1a0206004731ffd6fac8a92ab31862d1e3590213398f000000000000000003f92e584210e311f3f7a429da02df958548c85fff171ce7007573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" State = 0xf3a28b53f3a49133d9c4f4610c3da827 server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 6 length 76 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: usuario1@org12.es [mschap] Told to do MS-CHAPv2 for usuario1@org12.es with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0107002b19001703010020d625e2fb685cecb5fb07455b4685c4e83bbb060ed8269d8147c388b7226036f3 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb9eabf92bfeda6785099d584534e4628 Finished request 14. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=223 Cleaning up request 14 ID 0 with timestamp +35 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0xb9eabf92bfeda6785099d584534e4628 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020700501900170301002038674637d67e0d8c2f772399a45d09144ab9d2c0f492da200bbd1f8dd26ea6eb1703010020381903cd618291a22cdd1202f3a6479e2c3e797f14c136d3dc7718f05c5d57d0 Message-Authenticator = 0x29828d9d8999ff818c0fc368bcd717ec # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> usuario1@org12.es attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 15 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 15 Sending Access-Reject of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=147 Cleaning up request 15 ID 0 with timestamp +35 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02000016017573756172696f31406f726731322e6573 Message-Authenticator = 0x89d8318a057220f20ce843dc4d0be514 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b0a314ef77ca98eba675d1087 Finished request 16. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=343 Cleaning up request 16 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b0a314ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100c81980000000be16030100b9010000b50301566f4b26968c7b96fb3d165e7162dce3f107b441f194a954beca668947dd7f4d000048c014c00a00390038c00fc0050035c012c00800160013c00dc003000ac013c00900330032c00ec004002fc011c007c00cc002000500040015001200090014001100080006000300ff01000044000b000403000102000a00340032000100020003000400050006000700080009000a000b000c000d000e000f001000110012001300140015001600170018001900230000 Message-Authenticator = 0xc585ca4bd4e11f4acd4fb117ed609eda # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 1 length 200 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 190 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 00b9], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02c6], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0102040019c0000004621603010039020000350301403dd384a38efbfcf6c7055dc4a1002ea30ef90e44b2cd5347a2e8f71125ae0500c01400000dff01000100000b00040300010216030102c60b0002c20002bf0002bc308202b8308201a0a0030201020209008e4322a719659612300d06092a864886f70d01010b0500301431123010060355040313094f312d536572766572301e170d3135313231343232303933385a170d3235313231313232303933385a301431123010060355040313094f312d53657276657230820122300d06092a864886f70d01010105000382010f003082010a0282010100aa4952ef410918d271d25e62c24a970e5a48 EAP-Message = 0x3c0d3522dd3fe3ed96edfadb3c2bdc7d7426941ccf7b6274c2516f3bfcb87db4d032d4883d8fbbb2acbbab3dd961c6fb45a100de0da286208d3f358766c1996991c32ef19cae13854c394994f1bd07072f11c21217f57859079ae71b8c1f657996cd02c886866e192b9e37ffffc78a21f946e9d9481b13dac3ee6f47e1057aa7c0c32e802b8f42abb98253c6782de98fce3dc0e5f3736ff177e1d41da6bf14ea990e69d0c58482d2b37a2e0c17afb2042223429b2d44c3e0f6b685ae06e8f2657fa4b0f1915f901c16996d951fcd01e4cde25eafa638e233822cfc4da71a9e0ab41de67cbfc421029b45df58dfb70203010001a30d300b30090603551d EAP-Message = 0x1304023000300d06092a864886f70d01010b050003820101005d5c50cacdf0bb5a076175b04f86d79aa1a19fc1ac4afeae40c90ce3b3f9a0d31b7c1488f9fd2eeb81d824833768aa71a2a1fa1f1d88881b53ed5fc774a028fe5f617a960ed8c301a1e41403949f93197408e77b0a7ddeb6cdcc8ca79e90afa95dd08e92c6cdd48a6b0916a35f6ebcc56cbe8ceda830da6d949ebecf0fa043ecafca348621466c0f59b2edc7603eb0bd710b50eea5f4d90bd33ca0fd49da2255804bbf81a3d31a0934957e7271d2a7b3a903f0c45585832079900db22ef7f99f135cf1119051dc9c4fd40ff16d5bc6ce65dbe14d0fa2aa0ba2c3777e7f24324aa28744cc EAP-Message = 0x174c25e9d2e1b28dd5a3e3b0e423617e2b1aa0127cb1510e491c7d61160301014b0c00014703001741042bb91302961cc175d99d2d0f86ea4d6bafbebba61e76e998437d8c44b5ae4b2f86f097be4d74e7a61fa4600f7e1ab6a5f162f5a13555bdfbbe1f2dde7448d34b01002a0af7171c0cc43a02872b24679f349306ab4fd43a73900eb6c9f591ceecccee9da5cc13830c1c510bee60a8270b3a7c5cf2b243ab0853f6d097e4cce1055613a3c1480e2515006ae78a1067d3101c3e297829eb7b743e4a31b3015c6f4329800f53a63315174c1baa7c4093f9797053e808e3a967a7c0bbe5429e1ce6038e80789ac90ccbd571cb44f432ea88ea63f985 EAP-Message = 0xe2b8ad336614097d8bf8c9b4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b0b324ef77ca98eba675d1087 Finished request 17. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 17 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b0b324ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020200061900 Message-Authenticator = 0x5307a2707651a633280db989583f6957 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0103007219005be69beb94112150fde344c1f01ef5d0228a30e6a69d4e2642b8e20275714620286b0dfc6ab44ad4927cc6742e333fb4f48e0e7d7a341a6df57e0472e7b44bd04f88a7f253f931d44ac0566accf716c032990f691caf6705e7b0b32d9b1b74016d4c6016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b08334ef77ca98eba675d1087 Finished request 18. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 18 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b08334ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020300901980000000861603010046100000424104ef751666c20169b40a28850ad8ff8a105af583269140533847dcdf8edb88a3114b55fa3f661080452e2fe78852fd7bf5435a6f9742e7663a5706521941169bab140301000101160301003011dbb46b82e8bf5783e4a7ab46d89b38a212554505399728e21d709eaf2937b7ab22c236d78d4f195a149f1a05a7e3c4 Message-Authenticator = 0xbb140038c1f82140f31417ad57fc300f # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0104004119001403010001011603010030588da872c692a358359d8fd0f4fb3758b50f64175e5de43736efedc7f47e1dfd831ad3e405bf32d9118d50b6b201c539 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b09344ef77ca98eba675d1087 Finished request 19. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=149 Cleaning up request 19 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b09344ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020400061900 Message-Authenticator = 0x91b81060d20b865489f5ae64692d7d67 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0105002b19001703010020c60ce8afa449fe0b5b5f53b0d2a3920d397e8a83e4fa12fe09cf85e7051bf1c8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b0e354ef77ca98eba675d1087 Finished request 20. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=239 Cleaning up request 20 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b0e354ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020500601900170301002042c364230c03ac7525b392d04282114bc68c1911b9d37ca4f57cc6c07350bf4217030100300e28c0029551e3e58e28c1de10121d60451a4a0ddcfc42519ff76dc35d9316383296e14832befa8b4bfed5fec3f20ba5 Message-Authenticator = 0xec3ff31b59c371099bd0ea66a030ce29 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 96 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - usuario1@org12.es [peap] Got inner identity 'usuario1@org12.es' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x02050016017573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 5 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x0106002b1a01060026107d1f79522e66c33923d1e2c3a75ba2ba7573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3fa35c1b3fc2f2801cccb1af11b0eff [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x0106002b1a01060026107d1f79522e66c33923d1e2c3a75ba2ba7573756172696f31406f726731322e6573 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xb3fa35c1b3fc2f2801cccb1af11b0eff [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0106004b19001703010040ab6ac1b529d43c7097e4a669eac3aef098049e010116857f4748afec75335e8fb3ac6979c85cfc654872c00f90ff9195fb48c148d183cc4aff1c4f66e6d305b4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b0f364ef77ca98eba675d1087 Finished request 21. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=287 Cleaning up request 21 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b0f364ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0206009019001703010020595da414692d74a1eb2b803a26baa62330ed09ce2757ddebcc7ef187f4da7b2617030100608e0dd5591ca9df9fb9ac6bd71bbb3db1825530919167a0f414df2f147f29b37e616b117eb246ae4cd9b6215fb11861f68660ce18aed6d287804d97b8b59071edb3b570c2d568c642883f14482c899adfde65b5a42b0259ae8f8ac8e749ebedd8 Message-Authenticator = 0x2e34f875787f955b6fe4e24b516697af # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x0206004c1a0206004731aa9c531ef9109cc18c1bf016441558950000000000000000d8ac264da19e978ae8ddb7299bff1cf87858b84d53eebf3e007573756172696f31406f726731322e6573 server { [peap] Setting User-Name to usuario1@org12.es Sending tunneled request EAP-Message = 0x0206004c1a0206004731aa9c531ef9109cc18c1bf016441558950000000000000000d8ac264da19e978ae8ddb7299bff1cf87858b84d53eebf3e007573756172696f31406f726731322e6573 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "usuario1@org12.es" State = 0xb3fa35c1b3fc2f2801cccb1af11b0eff server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 6 length 76 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: usuario1@org12.es [mschap] Told to do MS-CHAPv2 for usuario1@org12.es with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\006E=691 R=1" EAP-Message = 0x04060004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x0107002b1900170301002081b02fd0c5fe8561d5b8b3bba0281a2263863f2593b482dd79c5d9d20d1bff13 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x0a30575b0c374ef77ca98eba675d1087 Finished request 22. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=223 Cleaning up request 22 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 State = 0x0a30575b0c374ef77ca98eba675d1087 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x0207005019001703010020c6605c184c417a712dd563647207fd2364661cea07c83f18372fe46a232e3aee17030100209555831077081970d21cd47dbfb67396e25c95f088be53f2be0d64446c48b94a Message-Authenticator = 0x63d5e273bad764fb0769d03662a86a5e # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 80 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/freeradius/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> usuario1@org12.es attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 23 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 23 Sending Access-Reject of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x04070004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.12.254 port 2060, id=0, length=147 Cleaning up request 23 ID 0 with timestamp +39 User-Name = "usuario1@org12.es" NAS-IP-Address = 192.168.12.254 Called-Station-Id = "001217dd4db7" Calling-Station-Id = "04fe31a20d46" NAS-Identifier = "001217dd4db7" NAS-Port = 41 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02000016017573756172696f31406f726731322e6573 Message-Authenticator = 0x30574f38f01c55998fe3d3a710aa82ac # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "org12.es" for User-Name = "usuario1@org12.es" [suffix] Found realm "org12.es" [suffix] Adding Stripped-User-Name = "usuario1" [suffix] Adding Realm = "org12.es" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 0 length 22 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [ldap] performing user authorization for usuario1 [ldap] expand: %{Stripped-User-Name} -> usuario1 [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=usuario1) [ldap] expand: dc=org12,dc=es -> dc=org12,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=org12,dc=es, with filter (uid=usuario1) [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{MD5}EitzhgCg9098MxwO9ZvDTA==" [ldap] userPassword -> Password-With-Header == "usuario11" [ldap] looking for reply items in directory... [ldap] user usuario1 authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Failed to decode Password-With-Header = "usuario11" [pap] Normalizing MD5-Password from base64 encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.12.254 port 2060 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1acccdae1acdd4099df112bd40fc8d8e Finished request 24. Going to the next request Waking up in 4.9 seconds. Cleaning up request 24 ID 0 with timestamp +45 WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! WARNING: !! EAP session for state 0x1acccdae1acdd409 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Ready to process requests.