Hi, Could someone please shed some light on the where we are going wrong. We have followed the documentation provided however it is unclear where to reference our internal ad servers. I have attached the output from our radiusd -X:- Ready to process requests. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=134, length=256 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x0202001a017261646c64617075736572406763752e61632e756b Message-Authenticator = 0x5499ecdd3317903a396087c244b3242f # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 2 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 134 to 10.1.5.4 port 32768 EAP-Message = 0x0103001604101c5f6a48076abb9c734e38981c7217e2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7ac260d5c80b69f521e95f1c Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=135, length=254 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020300060319 State = 0x7ac164ba7ac260d5c80b69f521e95f1c Message-Authenticator = 0xa525aaece160f6dbfacf7cdb4b93c3a5 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 135 to 10.1.5.4 port 32768 EAP-Message = 0x010400061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7bc57dd5c80b69f521e95f1c Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=136, length=353 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x0204006919800000005f160301005a0100005603014f0edd9d5db5b4c865a2f751dfae8b6187fcb5cbfc5719ebf587861508615770000018002f00350005000ac013c014c009c00a003200380013000401000015ff01000100000a0006000400170018000b00020100 State = 0x7ac164ba7bc57dd5c80b69f521e95f1c Message-Authenticator = 0x03b789c11ed6d11218b952f2e5f5758e # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 4 length 105 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 95 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 005a], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 136 to 10.1.5.4 port 32768 EAP-Message = 0x0105040019c0000008a216030100310200002d03014f0edd9d03560cec979059501c8cb223202dcbe9f787e3323f05325b9821b97c00002f000005ff01000100160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963617465204175 EAP-Message = 0x74686f72697479301e170d3132303131303133343330395a170d3133303130393133343330395a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100c117ba859c40ab6c9df33856b7985dc37a8b1895739aeaab7157d5ea2e9351258e3c0d9c0c3efe2c4b0033f03974114c216727611cc0f5 EAP-Message = 0xf881e7b997bc7fa59faa23ddf197215fefca1c31fe9d7c5b910313f578cbd74a6a5e3725977373fa7d52d49e9e5bb230fd8884c70fa161daa1aa41d3f2f3f2772373c6ff597f3b875ac653726f1cd9c5fbcbe15e3edf868382a06faf9b1e2a6047a07bbc44cc6cf936c0eac3b8e02598a425acb8497dd0671f28f5c1c3d34b3ef96d3cdacfd9e67943886fdbd11a1f5e9ccb7782ea91590fcdf102206af05203318829e68284c56cf60c6b4c41dd8542c0ffd6fb4cb079e33d7a333823706fa8e08c312b02470207990203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d010104050003820101009a8e EAP-Message = 0x0d156b951e3e1c68fde3e69734c9dc4c59e4c6893458c4d7f3d7c620d73016d610fb769485229a62c864b8d131f09a8ea41497de055dc2a23f8b2543c2d3df122c157c0de2b92ef98c7c4daceb55ec911af59c0cb6f6dfdfa6a51a0949b12497cd4468de4acfe75e18b1bf0529f8e6d1d280039bc7db3cfcfd92711264d06ab670639a90241e869fb80a0b169525739fd89956a23f0892f1160f18e61dd19ccde9d13a07181fc8c49d245f8e18d0e0377d74d9a825706eb72a07de786844b4583e3fa436142ef00d7455b0b5abccbacbf5472f01acbb90f31a62cbc6fac632c10b2207320714cba517085a86fff56fa65942146ec3e3cdb4ebc7b4e873 EAP-Message = 0x920004ab308204a73082038f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba78c47dd5c80b69f521e95f1c Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=137, length=254 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020500061900 State = 0x7ac164ba78c47dd5c80b69f521e95f1c Message-Authenticator = 0x7892f991b7fd777154282e08a9b81237 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 5 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 137 to 10.1.5.4 port 32768 EAP-Message = 0x010603fc1940a003020102020900ef2b35f9535b384c300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3132303131303133343330395a170d3133303130393133343330395a308193310b3009060355040613024652310f300d0603550408130652616469757331 EAP-Message = 0x12301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100f4164566b7242c5321d0372720b25fa2508bb0e0e69fa4200d5a45bb8321f3fc3d589eb314e096337df2d466fbccdc53468a9f64b6c3875cea83aeedeec1a2dc982ac3e28c76a006800bc899e4e74ba3c30ae3edb6838f74899c0879436d75cdb43dbff784cc9faa EAP-Message = 0x04fa999054d652fcc983323e947facaa0995377e18f4346c7f18aeb4e668c8efa63fd90711ee0d562dd92ed9f41243589b24157e3c27ba4a10f3721b091375ff5a9665ed876e97f3a2f682bb1ec64d6e760b7a7013b82c55eaec4f1bccd7fce7fef196042328993f84cb6c8c9e5dbafca5e67d5eb30cc9bdda8944148674e17b30d20c17701ce8edf0e72cff4d44d88291093bdb753e79130203010001a381fb3081f8301d0603551d0e0416041429a311aa3d3d8cd2c10255f7397c9b0d2fda2b1b3081c80603551d230481c03081bd801429a311aa3d3d8cd2c10255f7397c9b0d2fda2b1ba18199a48196308193310b300906035504061302465231 EAP-Message = 0x0f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900ef2b35f9535b384c300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004a8f28098c96a3b0fd243f8dbcc988d21bcea65a3cd7a25e942c7098eb87fdc988638a1cda11ceb07c697cae9bb0f7418e68cb203c7b74c83b206fba51f94f1248b134cd0800c7bcbc9757 EAP-Message = 0x710a4c17dd921848 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba79c77dd5c80b69f521e95f1c Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=138, length=254 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020600061900 State = 0x7ac164ba79c77dd5c80b69f521e95f1c Message-Authenticator = 0x73ed972e163dc4c11fa01ec993089b67 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 6 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 138 to 10.1.5.4 port 32768 EAP-Message = 0x010700bc1900a9b1e8772b2c313f49e39433ff8946473b1c7735aeee9122316edd5eaeee17df8e2e28d2b24eb023fec1dda7fb5a827ce37c90bc0a8c65e430ad395c05233bcbcddc48e210be210608d35d8c52c0a3e9a083cbc3800521b24478c9eb9c5d30242a6acd250d94aaf05b1e9b5576cd738e4c15b33eac2dc3debb676dd14f93e053fcabf4eb05ee243f18d59fa89cbd8a34831f9bcb7095ad1839c70ecd9f99fb28a7c2d269ac6635398ad8df96c716030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7ec67dd5c80b69f521e95f1c Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=139, length=586 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020701501980000001461603010106100001020100a7152cd57ec079fae3650588277422a1016560e87f6575a85b94d333aaf270504d1c07b01660f5ad8f883be6885704ce1ad4410218a114c8cae3b968d0e374e37d2c0e50ef0cc0149e432f7f0b100dad12c87c44e7e5fc587367d2a7c2fa76dc68bb3ff8bbfcd897ea92383c2e6852ed0b69149a1423a8e599f87d754764eb20e016a8b58cf558fad666fac3f584a6f7aa1dc1214f791005d5582e716cece4b8badf01a9cc0ea32d64a8110b4f54b409028c97bb4eb8ade9639e04f3ecce83175f5c1703362587f4308adfe7f6ae5c54777631a032c0597ee8e9faff8c4219a480bbe430cece324b EAP-Message = 0xe865b8252b9e5557e6bc3d46bf66bbf3c8b7cbbf2dc42f641403010001011603010030e0b46052ab8a4da1b135f6f5e578f82d2e6f4b048e266b69ba54e05ae42356d0cc519a6955905703427428e7532cc6cc State = 0x7ac164ba7ec67dd5c80b69f521e95f1c Message-Authenticator = 0xc7fc61b4c3a2bbe4457d446834e40761 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 7 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 139 to 10.1.5.4 port 32768 EAP-Message = 0x0108004119001403010001011603010030fbedfd1da06a9cdcb52184ddf667e4b93afc8e272607ecd4871ea47424226641e0202a8a0d7f26466f25af01993c68d6 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7fc97dd5c80b69f521e95f1c Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=140, length=254 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020800061900 State = 0x7ac164ba7fc97dd5c80b69f521e95f1c Message-Authenticator = 0x85455c0b6137e3ebac0d29171c9d12ed # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 140 to 10.1.5.4 port 32768 EAP-Message = 0x0109002b19001703010020923f894cbac0014e859657b96e37111fe7cae95914b3150e3ed33da67a5ac794 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7cc87dd5c80b69f521e95f1c Finished request 6. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=141, length=307 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x0209003b1900170301003037487b34fb7a37ea8a6fea8a7261897f8b237f51856360d5060faf8162fe68e53d4ccbfcb7ed9ae34099fa05f8147aee State = 0x7ac164ba7cc87dd5c80b69f521e95f1c Message-Authenticator = 0x9c731ef70cc9623d9805ac8f901da10b # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 9 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - radldapuser@gcu.ac.uk [peap] Got inner identity 'radldapuser@gcu.ac.uk' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x0209001a017261646c64617075736572406763752e61632e756b server { [peap] Setting User-Name to radldapuser@gcu.ac.uk Sending tunneled request EAP-Message = 0x0209001a017261646c64617075736572406763752e61632e756b FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "radldapuser@gcu.ac.uk" server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 9 length 26 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010a002f1a010a002a10bd3c8890bc23da511e37ca5fec98739e7261646c64617075736572406763752e61632e756b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff362c18ff3c36b5f2b64db14083f710 [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010a002f1a010a002a10bd3c8890bc23da511e37ca5fec98739e7261646c64617075736572406763752e61632e756b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xff362c18ff3c36b5f2b64db14083f710 [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 141 to 10.1.5.4 port 32768 EAP-Message = 0x010a004b1900170301004061ed8cb4cf38f7cf13ef4ad3aa9cf3c5935cb84d24c96cca8e584bdddfdff337ddd120844d64379a5dc6d33586a31439389764f3e2c438be5025a26111634334 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba7dcb7dd5c80b69f521e95f1c Finished request 7. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=142, length=371 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020a007b190017030100704c2199bf1d81341c6096220d061bf1b5cd1da35100eb4beeaa39b81708be66ef899509483141d7d1929d28ab1b76d772dcea676dbccb0b849fb838c1d6e8adb0be3951ef6d4a0869738c62f47a47efab30beab42bf9e3db812221c44ed60a1b6a747193f65b8dfbc811e9844a69a259d State = 0x7ac164ba7dcb7dd5c80b69f521e95f1c Message-Authenticator = 0x44ad26aeac4f41bf70316f3663d0c9a0 # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 10 length 123 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a00501a020a004b317c3f214b10b27f29753acc6d42f57139000000000000000076c36f51916f66cde9fcb4e85c89c21d89710096cb80ad54007261646c64617075736572406763752e61632e756b server { [peap] Setting User-Name to radldapuser@gcu.ac.uk Sending tunneled request EAP-Message = 0x020a00501a020a004b317c3f214b10b27f29753acc6d42f57139000000000000000076c36f51916f66cde9fcb4e85c89c21d89710096cb80ad54007261646c64617075736572406763752e61632e756b FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "radldapuser@gcu.ac.uk" State = 0xff362c18ff3c36b5f2b64db14083f710 server inner-tunnel { # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok ++[control] returns ok [eap] EAP packet type response id 10 length 80 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /usr/local/etc/raddb/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Creating challenge hash with username: radldapuser@gcu.ac.uk [mschap] Told to do MS-CHAPv2 for radldapuser@gcu.ac.uk with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "\nE=691 R=1" EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "\nE=691 R=1" EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 142 to 10.1.5.4 port 32768 EAP-Message = 0x010b002b190017030100203f674d96b6c9b1c4d556badd2e95018be8b7d76ef19096513bb0fcc442edcb2a Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7ac164ba72ca7dd5c80b69f521e95f1c Finished request 8. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 10.1.5.4 port 32768, id=143, length=291 User-Name = "radldapuser@gcu.ac.uk" Calling-Station-Id = "00:24:2c:7a:d8:7d" Called-Station-Id = "00:26:cb:80:33:20:eduroam" NAS-Port = 29 Cisco-AVPair = "audit-session-id=0a0105040000025f4f0edac4" NAS-IP-Address = 10.1.5.4 NAS-Identifier = "CLIC_WiSM_A" Airespace-Wlan-Id = 9 Service-Type = Framed-User Framed-MTU = 1300 NAS-Port-Type = Wireless-802.11 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "914" EAP-Message = 0x020b002b190017030100202f0f420fda76a7ad73b12963caead406e813362b7a25b49616b772582cca7083 State = 0x7ac164ba72ca7dd5c80b69f521e95f1c Message-Authenticator = 0x15128e7f4d056ad5a975f35d8851cfbc # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] Looking up realm "gcu.ac.uk" for User-Name = "radldapuser@gcu.ac.uk" [suffix] Found realm "GCU.AC.UK" [suffix] Adding Stripped-User-Name = "radldapuser" [suffix] Adding Realm = "GCU.AC.UK" [suffix] Authentication realm is LOCAL. ++[suffix] returns ok [eap] EAP packet type response id 11 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv failure [peap] Received EAP-TLV response. [peap] The users session was previously rejected: returning reject (again.) [peap] *** This means you need to read the PREVIOUS messages in the debug output [peap] *** to find out the reason why the user was rejected. [peap] *** Look for "reject" or "fail". Those earlier messages will tell you. [peap] *** what went wrong, and how to fix the problem. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> radldapuser@gcu.ac.uk attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 143 to 10.1.5.4 port 32768 EAP-Message = 0x040b0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 0 ID 134 with timestamp +16 Cleaning up request 1 ID 135 with timestamp +16 Cleaning up request 2 ID 136 with timestamp +16 Cleaning up request 3 ID 137 with timestamp +16 Cleaning up request 4 ID 138 with timestamp +17 Cleaning up request 5 ID 139 with timestamp +17 Cleaning up request 6 ID 140 with timestamp +17 Cleaning up request 7 ID 141 with timestamp +17 Cleaning up request 8 ID 142 with timestamp +17 Waking up in 1.0 seconds. Cleaning up request 9 ID 143 with timestamp +17 Ready to process requests. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-with-proxy-settings-please-tp51... Sent from the FreeRadius - User mailing list archive at Nabble.com.