Hello, I'm having some trouble with my setup and I am not sure where things have gone wrong. I don't think there is anything from with the freeradius server or the switch setup. My goal is to get computer authentication working, and from what I understand from this post it should just work with the default setup with only two modifications: See the post from Phil Mayers http://freeradius.1045715.n5.nabble.com/PEAP-with-Machine-auth-td4939666.htm... Here is my debug log: rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=236, length=158 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x0201000f01686f73742f44414e3031 Message-Authenticator = 0xd542a2a3a3407e6908953cd7dca08817 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 236 to 10.11.200.73 port 1645 EAP-Message = 0x010200160410dda0857597b1b9c5d2114f6c83f2606d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096017b44e4c1b393ed153b7774 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=237, length=167 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x020200060319 Message-Authenticator = 0x36c72a6e152d0376c4c2e898ed25103b NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096017b44e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 237 to 10.11.200.73 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096007a59e4c1b393ed153b7774 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=238, length=266 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x0203006919800000005f160301005a01000056030150c2020ad42f8473aaa4763bfe5559b68809e4731258d02a19bd5a83025e02fc000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 Message-Authenticator = 0x0a4d04f9f52dbc7c000f26f2b9046e3d NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096007a59e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 105 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 238 to 10.11.200.73 port 1645 EAP-Message = 0x0104040019c0000008a216030100310200002d030150c1ad7788786b10acec0131f1a69bc414f87718bb71685367e6e6a53ec0a1e600002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3132313230363138333330375a170d3133303230343138333330375a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100badff6cb7179506abce81b22c0c12ce92f128d1fc2ffd51b159010f8bd9aa0352e9eb68fa01ede9d61214a39d78d2972b5406699eae304 EAP-Message = 0xb40a74524471ec05582582a7aa9710aabd4a895773a02042e67db8e42572635efda35a45df5c9518a02c6a7e75a64051d60d436bfa62bfd6e5f88a8ebf3ba48c19e48a25c8662e19a29d92cb6317e067b7c6cb4f24976519a55c2681eb97f8d5974f8244dc50f641b03615ee14d5c8085664bff3c1be7247c1e4d98c9120319edfb4c167d0888140cbc768a81e8d1d016a0d093490a913578946ea9b21706066f1428370666364ed5f80919a0ca2d368daf1c85311c8375a27adb09e7d5bb7800c1bf66af0a86690470203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010105050003820101004857 EAP-Message = 0xf861c78b2469007a3a0faeca30c4dd0c107a661f63e949e4ddfb4ffd28045199bd58e642837569ffa14e8521d161b0940802b3ad216b021a30c322814659bc1d6224205d65000c39c6edcea942e8c06965e1b9f6fb7f1654191940a392c2ef81a11d25fb73ce358bd6eadca1ef0e15f8572c232a04ec1629f0e727021ced7bd079d72cdb2d86bcc8ffdf334842f089ab15936eb7ba0cffcc0e9b37a37a216f0ed402d7200f210a7352cb339affdae7e5b6ba90f4108b22a3b1b713057809817b46cc6733fe03884dfb9f895552203bf1e1e403cf1f663a831936d41c25b9514f360416020b0fdb33a3b573396f3ae552c08799d85a40efb32cda9d1e60 EAP-Message = 0xa00004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096037d59e4c1b393ed153b7774 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=239, length=167 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x020400061900 Message-Authenticator = 0x57fa2f2fa8a12654c84ef47f24b9300c NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096037d59e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 239 to 10.11.200.73 port 1645 EAP-Message = 0x010503fc1940a003020102020900a33fb10c1664a44e300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132313230363138333330375a170d3133303230343138333330375a308193310b3009060355040613024652310f300d0603550408130652616469757331 EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100ba09abda0f9f2632773b404162045d145d1961f5d44cf7feafb38e5d352d7b7a47091b9156ef81be2c8d1ed9994cc2d88b530cdaa51bdc2d4f3132329fd958ffb5fe7f8a2a2d0c699ce8d434041d80898eb0a0ff623813aeb5d0f8e82dc094db92237c3b17987a19 EAP-Message = 0x5711bd563ba0d6f947104787918866aa0c6fdc717bef128d0038637d4fa15a0a8428f3ff47235404c78e050425cd6ea33ad80dc5fc7dda16a76d4f49d679ac0cdac557620d3c7fb5dd508889d75c014f2bab7281a6514e9ef8801b49b2b62d7346e381ef28280ba2654505b85c1cc63ecb7664dfd46e3e1561d87c24ee7bd2ffea5e3282b2c722ccafb1ffe460fa8612ae82267c3e1df60d0203010001a381fb3081f8301d0603551d0e041604149a8d8e6f296e96fcc7d303cccfeeae2052615f093081c80603551d230481c03081bd80149a8d8e6f296e96fcc7d303cccfeeae2052615f09a18199a48196308193310b300906035504061302465231 EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900a33fb10c1664a44e300c0603551d13040530030101ff300d06092a864886f70d010105050003820101002a98ee33183e9c46aafd4385195180fff00f029253c1c1818934722dc09e3722378f93ecf6a21a98cf44c848e524a051bfa6c0d5b22b26088b06313e84de17bc22e7d9a3a87d466abd8ffc EAP-Message = 0x1e707bf177e925d2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096027c59e4c1b393ed153b7774 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=240, length=167 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x020500061900 Message-Authenticator = 0xbb0a37ac80ac127d37623ac19d8cb7d7 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096027c59e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 240 to 10.11.200.73 port 1645 EAP-Message = 0x010600bc1900c35695b88d735375e6daf6e9fd7517c11036a05a4e769075fda1f4931e91e5a98d20c5f13886c0502b7e5fadd8851996d4cf5f418695e9e485411c391758f37c7ee4a00cf3f5eeebec0deb2bbfdfbdcc9a7df103311f69d7e81dba31d00cc887f1c93b24bc2bd77affe2451277fb4df09d82bbe43269c1b591503e03c5f678db04a77d6a42e55816b412aedf69c2b379d07157c74d5efe0b1ff411a138624d54324d91438a42c0d71567a80f1316030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096057f59e4c1b393ed153b7774 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=241, length=499 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x02060150198000000146160301010610000102010052d9ea3856c176e5673da4cbe02a911e8f5fb543684e6ae8649d79c8e15d3a4fb6c1ed37d45ed785d3891bbdf1c3868cde05e75d91280f2c026c15f4e968ef6cdd4094a8a59e2ad1ceac5c53ce8af6084b98de2668567a254913920f266e0a7bca00f50db7c7c26552fe2b171b0287003ffea4ba84143cc567a4cb7748f46312957f4997aed1b64f62c21d03bb7139f79e44534c0158175a629a98f4b585f87330442382e4e51b6de60635494d4e66a3aabd88b4c8874f268cd5ec3e5f334b84b75e06fd0fbc3afaa27a6af9303ed65e2af56d02a8aeaceadcd48679055748fa722d14f6c4961534 EAP-Message = 0x5a1cade40955c92b534083c6292fd0bac23cb7bb5bb1d90f14030100010116030100307e72a5c4189bf36cac8747ffabc198bd4f5d400baf2bb5cb001a022908448a37cf7ddea27654ff7fc282934932a55ffa Message-Authenticator = 0x11d9f6622d3f3949df452fd64e4e7a03 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096057f59e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 241 to 10.11.200.73 port 1645 EAP-Message = 0x010700411900140301000101160301003088525279f0a666be9158b77193e0cb5d44491d1d577a8862254f5ef9f6dba07116b5e566e39572ba0e981cbd85b7bbc5 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096047e59e4c1b393ed153b7774 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=242, length=167 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x020700061900 Message-Authenticator = 0x211323fa12841ee03e548aa79f457385 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096047e59e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 242 to 10.11.200.73 port 1645 EAP-Message = 0x0108002b19001703010020ac4efbfa7535f97705d24f884cbcff69c35d3995a8cf49f9f54b5839d5fbbc70 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096077159e4c1b393ed153b7774 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=243, length=204 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x0208002b190017030100207a18e0fc66bc4e107ff7c3add2fd502f7c9de5a24918f020cd08237c80606225 Message-Authenticator = 0x58eb948731c85961f83971425c7f49d0 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096077159e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - host/DAN01 [peap] Got inner identity 'host/DAN01' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0208000f01686f73742f44414e3031 server { [peap] Setting User-Name to host/DAN01 Sending tunneled request EAP-Message = 0x0208000f01686f73742f44414e3031 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/DAN01" server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 8 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010900241a0109001f1030afe7e31b9243b22b1edc4da600654f686f73742f44414e3031 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf36f0859f36612161ae524fe7d89d60e [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010900241a0109001f1030afe7e31b9243b22b1edc4da600654f686f73742f44414e3031 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xf36f0859f36612161ae524fe7d89d60e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 243 to 10.11.200.73 port 1645 EAP-Message = 0x0109004b190017030100406378cb7289eb8c26ab103a27d7ddd562178502ee511763eb4dcdd2148b2e2828f04def0d118c5f79480070084a5d6d20db5e2d378185c951aefa1db0ed8373f8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096067059e4c1b393ed153b7774 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=244, length=268 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x0209006b190017030100602ba93efbbefd59197061b3c1cfe8a8c3ed52c8c3bb04d8407d3a8a194ff63d304de6151122e5f2ee830478996fd21f1b386795640464bd68df45b537168ea55a5733946cd255eab36e80551b6b1e1e77b43b075925fd7722f626a31be711402d Message-Authenticator = 0xcc8e1ecd017ffb90d560f6c53e4646e3 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096067059e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020900451a0209004031efe81adb9299be4739da1763d1702e44000000000000000000000000000000000000000000000000000000000000000000686f73742f44414e3031 server { [peap] Setting User-Name to host/DAN01 Sending tunneled request EAP-Message = 0x020900451a0209004031efe81adb9299be4739da1763d1702e44000000000000000000000000000000000000000000000000000000000000000000686f73742f44414e3031 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "host/DAN01" State = 0xf36f0859f36612161ae524fe7d89d60e server inner-tunnel { # Executing section authorize from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 9 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: host/DAN01 [mschap] Told to do MS-CHAPv2 for host/DAN01 with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\tE=691 R=1" EAP-Message = 0x04090004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 244 to 10.11.200.73 port 1645 EAP-Message = 0x010a002b19001703010020b18b2f6ba2a15eb8ccf6796e5f1978974c30c0ab7e60faef3aab29c75ebfa183 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x01794096097359e4c1b393ed153b7774 Finished request 8. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.11.200.73 port 1645, id=245, length=204 User-Name = "host/DAN01" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "9C-AF-CA-F4-40-10" Calling-Station-Id = "64-31-50-7D-72-DE" EAP-Message = 0x020a002b19001703010020da286d0d7cd1b91d931d0059695ecf9ed2f5640c0975ae5ec20d8b34d2cc599a Message-Authenticator = 0xc4e84370ab6a69e7ccecf9b8f70ec4e0 NAS-Port-Type = Ethernet NAS-Port = 50016 NAS-Port-Id = "GigabitEthernet0/16" State = 0x01794096097359e4c1b393ed153b7774 NAS-IP-Address = 10.11.200.73 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "host/DAN01", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> host/DAN01 attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 245 to 10.11.200.73 port 1645 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 0 ID 236 with timestamp +39 Cleaning up request 1 ID 237 with timestamp +39 Cleaning up request 2 ID 238 with timestamp +39 Cleaning up request 3 ID 239 with timestamp +39 Cleaning up request 4 ID 240 with timestamp +39 Cleaning up request 5 ID 241 with timestamp +39 Cleaning up request 6 ID 242 with timestamp +39 Cleaning up request 7 ID 243 with timestamp +39 Cleaning up request 8 ID 244 with timestamp +39 Waking up in 1.0 seconds. Cleaning up request 9 ID 245 with timestamp +39 Ready to process requests.