rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=126, length=169 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x0200000b0168657275616e Message-Authenticator = 0x10e69b5ef3ecf07fb56f44023213e72b +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldaps://ldap.aldu.net, authentication 0 rlm_ldap: setting TLS CACert File to /export/ssl/AlduNetworkCA.crt rlm_ldap: setting TLS Cert File to /export/ssl/crts/radius.aldu.net.crt rlm_ldap: setting TLS Key File to /export/ssl/keys/radius.aldu.net.key rlm_ldap: bind as cn=radius,dc=aldu,dc=net/RaD-802.1X to ldaps://ldap.aldu.net rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 126 to 192.168.11.6 port 3072 EAP-Message = 0x010100160410fd40decb184fb0fc23a60c70f3a86edc Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974becb5936c21163977cb2ae20c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=127, length=176 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x02010006030d State = 0xecb4974becb5936c21163977cb2ae20c Message-Authenticator = 0x5f7eb55227aaa419cce4154003eb5363 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/tls [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 127 to 192.168.11.6 port 3072 EAP-Message = 0x010200060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974bedb69a6c21163977cb2ae20c Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=128, length=269 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020200630d00160301005801000054030148d23b333d34c55f4b7232757604244c797877c21b50760a577371c2faece6de00002600390038003500160013000a00330032002f0005000400150012000900140011000800060003020100000400230000 State = 0xecb4974bedb69a6c21163977cb2ae20c Message-Authenticator = 0x40c776164bd49641e3c8975bdde06192 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 99 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 0058], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 0030], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 0d58], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 030d], ServerKeyExchange [tls] TLS_accept: SSLv3 write key exchange A [tls] >>> TLS 1.0 Handshake [length 0096], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 128 to 192.168.11.6 port 3072 EAP-Message = 0x010304000dc00000113f16030100300200002c030148d23b33c026068df3b9546697b3067919464d329662fb14b2ec0e705e204624000039010004002300001603010d580b000d54000d510006e6308206e2308204caa003020102020106300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d3038303532353137 EAP-Message = 0x333535395a170d3131303532353137333535395a30819e310b30090603550406130249543110300e06035504081307566963656e7a6131193017060355040713105175696e746f20566963656e74696e6f31153013060355040a130c416c6475204e6574776f726b31123010060355040b130954656c706572696f6e311830160603550403130f7261646975732e616c64752e6e6574311d301b06092a864886f70d010901160e61646d696e40616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100baaf8b7cc35660a1c28f10814fdc742405a6d80aa99536279821be517701110d369ff91ae8e0df EAP-Message = 0x2587a70c4d1d6f4bbaf2a59401f0b37d713f36dfd6cfa6db0676c65d03364e66525328de388503c50fc1df64987bf9eee87360fbee6244d5e8af6de7d17e4962d88afee99670f2d7404447740a01d86453124935f03242168dea7f0db7eaaf58d74f8b91edec5a7d9253033423009850262fe2fb3aa8fe5e25a9819ce31362d8c10331929076e89952e1140f0b2f60878d6d1e10b864c3c810b55fd7a1d939267c6a925e16c25d8d95cb86260b8ab80dba1f25a3ebbcf52b3c03a8243d15645a51994358cdda3ea68bc6d148607607d281e30f2a3868a7dab59e914f708754b947f0d696c388efd54e8e31a90516854c5f0ecb35b8d461367240490496 EAP-Message = 0x8fe972bfff621bd744f312de283a3aaa344d8471fc0cb39ece52c2ff77984ee407ec0a7b531fca81815ffb39002b359ee77c98e93d4c670aaee60d6e04670f98d157d509ba96be28383bbf503139ba93e75c702e362489f63025dd90e236353b9fa7fe4dcbeb9f948918f05bd87e60972d6504c9b51bdd353ed23c00550afd065d1eaa51c362f2d6fa0967b3d0e753b522379edeccbe2d61dc0eb321111de3792d629c410e2ce284fcbf4e0ed081103ee1bbca94904a4799afa254dc0a092ea61a42a147fa9c901aa9d3c90a99659e375200334cdcb73681ccbd0edf0203010001a38201443082014030090603551d1304023000301106096086480186 EAP-Message = 0xf8420101040403020640302e Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974beeb79a6c21163977cb2ae20c Finished request 2. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=129, length=176 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020300060d00 State = 0xecb4974beeb79a6c21163977cb2ae20c Message-Authenticator = 0xbcfbc7082ea814ea5a391ed008bcca97 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 129 to 192.168.11.6 port 3072 EAP-Message = 0x010404000dc00000113f06096086480186f842010d0421161f416c6475204e6574776f726b20736572766572206365727469666963617465301d0603551d0e0416041427567b3c358088be2a88ae38e964eccc07e499b73081ae0603551d230481a63081a38014fe54771221d91a1005efa50f6f8f886af9cf6447a18187a48184308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140 EAP-Message = 0x616c64752e6e6574820100300b0603551d0f0404030205a030130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000382020100742d55d4b3875961cbeefc0f3ef724521d0ed3ee2fc997a66e2eb059f3e7f69910ef1f6d21c818f5b48e87bff4268ba2355864de725f5462a62149483848e85f77b0e5fb074cb83ecbd02a16f144bdded0a54ac864803302ee054d8eff8110873f810ebcdfa4af88d977b36eb9f183fda25d577d7420b67f0862e98531c237d3f4c845361236824d95afc1f15ae306ba8a9f1796d9f84ebd0d4ca02b13fa51ea0a9c2ef694aedc5bb18d3921ab2683ac352cd5271f1c8f693716c9a8 EAP-Message = 0x834213249900d970259773739d0e8d2eb48f3146764b7f48dfc595a68c14162d03ffad6422776a5ff163ec766bab25556af2af9461028666f4d597ad8de3fa5487a37bd69551603fc2027f76094b79b79fc4c58584a0f2b2e9281cd4374761f471d1b27aa04b32daad7ca99d9a6b61b7b1ac6309ca2a89839208a3ccb22519046702bd2b0e7ee376c60786f22486ce3a33807d4b3ee6f3690bd1d580e838f1779ee92616f2470c7f56cf3558863b384c9b3909adf442310f61bbb4a5bfecc3157b4658ae0c9e84a8fba6e52a170454c18d037f3602cfcf0129526199c3b3ba0f756de771d64c12eeccf058ed1f6094343a0ecf3bc2665e36f4483cbadd EAP-Message = 0xf33afd60ac8f1d0cdd175607eb508f0b9bf869a232d2cb7ac3777d43d2541cdafd77e90c6204ab13ceaf09d872a0c97033f09fdee496058d72270025f17852d41d274ca9ada3500006653082066130820449a003020102020100300d06092a864886f70d0101050500308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574301e170d303830353235313731353233 EAP-Message = 0x5a170d313330353234313731 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974befb09a6c21163977cb2ae20c Finished request 3. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=130, length=176 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020400060d00 State = 0xecb4974befb09a6c21163977cb2ae20c Message-Authenticator = 0x927d969654e29bc36e153b4758156e53 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 130 to 192.168.11.6 port 3072 EAP-Message = 0x010504000dc00000113f3532335a308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e657430820222300d06092a864886f70d01010105000382020f003082020a0282020100e352d800a194047d72504330b65278cf22b0a7211472a77939e369cd5121e27e119f05cb3c660aefda12d90bad75dda2b965f831d5a2e1038bbe7c9f8addb1c5ab1efe5be47d2eac1b39 EAP-Message = 0x72b68bba4c406916c302c35dfd5ef11d36f1a5637ae33661b27f2e9bb8843a5319061eb7167d274bb6942dfc1878b7f638ed9b9ff4ac4b9b5bdf094e275ff5b53a0551f24d1e63f35d7cfa96c2e00a5ca504b62f5f32cfc3d8aa6f589de482bedeb65224d6e425144be81e36eab9844dbb0fc5388a29b55a23f34798a90f534e626e102a0f0df13ae0f72fe99fe9dcf3575bd85a628c06fe8f6cc51f69271b4203ebebfa52b49df5fd0171c36f204bd64c8989d1fa45628140ffa19d8285702462b34ae01721197aefcd87fb79d2417705f8ef205f2b59bafe222a077c91c22e2481dfcc02eb6a0be6fc6317bd52289ef787f1bd9fe34b5b92b7485408 EAP-Message = 0xef15ebe685d408d77dcbd9ba07755e4ecf6574793855e64291199a5a77440faa0101f2b4c85a3a92c62aa075cd4f535b0b0321d7839c7b59c02d61cc77cbf1ec4425b8726d315a3228fba109abe1ede78e13f5cf82fa216cf0193fcc641cf3a4e97b43dd425b7e95cfd5d3c692332ced3bb96d9b6d5a2fbb3777a951e0cbeee0e23cb7b911c728db165f153c1e4e1c68ba690d7fbcb04fb05e78b0363308ca5a67f4a3ba844407f51d3a4796dbdf3bb01739e33a60720418dd0203010001a381e13081de301d0603551d0e04160414fe54771221d91a1005efa50f6f8f886af9cf64473081ae0603551d230481a63081a38014fe54771221d91a1005ef EAP-Message = 0xa50f6f8f886af9cf6447a18187a48184308181310b30090603550406130249543110300e06035504081307566963656e7a6131153013060355040a130c416c6475204e6574776f726b312d302b06035504031324416c6475204e6574776f726b2043657274696669636174696f6e20417574686f72697479311a301806092a864886f70d010901160b636140616c64752e6e6574820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382020100a53bd0a1d836628f9e26a6c7267136549f18ca3cb6d234a5d055d43abdbcbe0e825def229bdc0cbf3c9f38997a15da051b0ce615e8941940dccd43fb24dbea1ee66af094 EAP-Message = 0x2af577240d47b79a20ecf287 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974be8b19a6c21163977cb2ae20c Finished request 4. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.11.6 port 3072, id=131, length=176 User-Name = "heruan" NAS-IP-Address = 0.0.0.0 NAS-Port = 0 Called-Station-Id = "00006c576976" Calling-Station-Id = "002268c0eb93" NAS-Identifier = "Realtek Access Point. 8181" NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = "CONNECT 11Mbps 802.11b" EAP-Message = 0x020500060d00 State = 0xecb4974be8b19a6c21163977cb2ae20c Message-Authenticator = 0xd9c4eb7ccdb43bf7fa7b4c70ae49cf59 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "heruan", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns updated ++[files] returns noop [ldap_telperion] performing user authorization for heruan WARNING: Deprecated conditional expansion ":-". See "man unlang" for details WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (|(uid=%{Stripped-User-Name:-%{User-Name}})(cn=%{Stripped-User-Name:-%{User-Name})) -> (|(uid=heruan)(cn=heruan)) expand: dc=aldu,dc=net -> dc=aldu,dc=net rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=aldu,dc=net, with filter (|(uid=heruan)(cn=heruan)) [ldap_telperion] Added User-Password = {SSHA}...... in check items [ldap_telperion] No default NMAS login sequence [ldap_telperion] looking for check items in directory... rlm_ldap: sambaNtPassword -> NT-Password == 0x...... rlm_ldap: sambaLmPassword -> LM-Password == 0x...... [ldap_telperion] looking for reply items in directory... [ldap_telperion] user heruan authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap_telperion] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing NT-Password from hex encoding [pap] Normalizing LM-Password from hex encoding [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 131 to 192.168.11.6 port 3072 EAP-Message = 0x010604000dc00000113f41253f7caef992816fb6b25244e2b2eac310fef7d7a86f60a2b967aa0d28ae7fe86fbf4a029e4a6e8ebedbef1eb7c7a344d87591be5b8bb28140d1faec4c4753fac13fb77dab34db643e84a0cb961f8947fc1fc6b0861993319ac5b28086aa3f5b0847b15bb97d24cf1690a3aab0ccff85403dd201abcb1b8b279b4b9ecb641d70269ebc603614afd6c56cbc44c8e0e9ba67661e63c195e60738ae589ce857a6a9e7a38ff15cc4c17f5872efdd743641ce8bf543883c98c8d468635d8c8801b6c8825cd26537ca4f7e1789d4c3bde7c9d1314a1ac5bb5d1eeb2e12ef7a5bb1c3ddef303a68284cd5a53d58aa612852d92b8191 EAP-Message = 0x1302468572546831641111a81733a42bbe129cf985b42790a5eb675e742364bc2cb449da2955062efeaa1f1a661933e9ef6a2d4a85c2611e6cf3b5c42511555c4fcab1e5ea237f8017f3f38d5f84e9adae7549f05128f89779b28586d38257a9883f71939263b4dce4945c13b3048e5f8d6ac94e8eab4c2742671ae683451cfff0bf5aa169f15edf30a7cad9f02ef7d004df5db2d4a8001e10730cdf3b140bc1251ea71d8332b2ddebf0117d6f52cefdde1ba9b055795c10c57b3e53c2160301030d0c0003090080b8d46838b3e4f268f2283b876198e2fab4efa6c4ff1a4256bf6a33659ce9369bbb62cbf0074beb662a7ab55ea638e64731dd87d5af EAP-Message = 0xe48ee480b73d0f29cc890ca12058356d38fd2cfe87a9c418f9c6d1463261be3d2e962aa52850c64521e6851bc4f37bcd09790246b13771cd9f777ae8f7b7d75edc8e5eea46d9c76621734b00010200802d8ce25058d41af12cc98f8b2c288b64755488c20098cb8cea3477a4469d48ca4e150ca568cf935966f926aa38e99458f9430bfc2ea6d9aebfdf9d51ed2d814917da0f5e13255df35eb1e3fa3e117ac1cf9b2c6c394fc1f89b69e43e755e24cd113acc158e8af9286c2b1661d2fb21a8dc810007b7d24543f1502426f067eb7302005e9e4b7e48364aea540b72ac1c8f7b6cef698f569c9314aac49d428e1013bf5d464d46d2c9e4347eb5d3f5 EAP-Message = 0xedab802e834292ad461d7431022462a9db0ae3af984318b03d0121e55e8a7fb7c415f5801cccec0063925182cf26795c9eba2f6d83cdbed9556b20751ffa798ff287314472cf96dba4d5120fb05edfe2879bb3fabad5f4420d7cf12a79ddb0716e303527f8860f32d69219a9df7e6ac20b265f6bc5b58ba96bc9d0b23de7306c5cf9933ba0e74838c99bc5457f31e8f7ad509e4174eb99b692da0717bccbd6cb4ff246716ca698c01737ca67a7bb9ebb60422694b32fcd10098351c592aba94bfe659b81257031579e61b97534f73a28b5785cf6f5c204ed9d9d4db30006421f468e14517eff0c1d457799069f901619191189583ddf878254349b15ee EAP-Message = 0x69f29af5c8c7c5f1abeb3498 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xecb4974be9b29a6c21163977cb2ae20c Finished request 5. Going to the next request Waking up in 4.6 seconds. Cleaning up request 0 ID 126 with timestamp +15 Cleaning up request 1 ID 127 with timestamp +16 Waking up in 0.2 seconds. Cleaning up request 2 ID 128 with timestamp +16 Cleaning up request 3 ID 129 with timestamp +17 Cleaning up request 4 ID 130 with timestamp +17 Cleaning up request 5 ID 131 with timestamp +17 Ready to process requests.