Hello Gurus. Apologies if this mail arrives twice, the first time i did send it (05/Jul/08), nothing showed on the list nor the archive. I'm new to freeradius 2.0.5, compiled it from sources and installed on CentOS v5.0, xp sp2 clients authenticate without problems with PEAP, but xp sp3 don't. I've searched the entire list, but none reference to xp sp3. Has anybody achieved to authenticate xp sp3 with default 802.1x client to freeradius ? Haven't yet tried Vista, but suspect will have the same problem..... This is the log: Best regards. Oxiel [root@radius ~]# radiusd -X FreeRADIUS Version 2.0.5, for host x86_64-redhat-linux-gnu, built on Jul 5 2008 at 10:14:20 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including configuration file /etc/raddb/snmp.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/ldap including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/krb5 including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/sql/mysql/counter.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/inner-tunnel group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib64" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } } client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.100.245 { require_message_authenticator = no secret = "secreto" shortname = "192.168.100.245" } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = yes ntlm_auth = "/usr/bin/ntlm_auth --username=%{mschap:User-Name} --request-nt-key --domain=%{mschap:NT-Domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "peap" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/etc/raddb/certs/cert-srv.pem" certificate_file = "/etc/raddb/certs/cert-srv.pem" CA_file = "/etc/raddb/certs/demoCA/cacert.pem" private_key_password = "*l4Pr0.14" dh_file = "/etc/raddb/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work! WARNING: Fix this by running the OpenSSL command listed in eap.conf Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = yes proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/etc/raddb/users" acctusersfile = "/etc/raddb/acct_users" preproxy_usersfile = "/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } } server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/etc/raddb/huntgroups" hints = "/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=218, length=286 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "2" User-Name = "COSMART\\jat" NAS-Identifier = "001cc5363882" NAS-Port = 268439554 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=2" NAS-Port-Type = Ethernet Calling-Station-Id = "0050-bac5-dfa5" Acct-Status-Type = Stop Acct-Authentic = RADIUS Acct-Session-Id = "110500010555d" NAS-IP-Address = 192.168.100.245 Event-Timestamp = "Jan 1 2005 01:57:37 BOT" Acct-Session-Time = 119 Acct-Delay-Time = 39 Acct-Input-Octets = 3232 Acct-Input-Packets = 43 Acct-Output-Octets = 8326 Acct-Output-Packets = 71 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Terminate-Cause = Lost-Carrier 3Com-Connect_Id = 81 3com-Attr-29 = 0x00000000 3Com-VLAN-Name = "\000\000\000\000" 3Com-Encryption-Type = "\000\000\000\000" 3Com-Time-Of-Day = "\000\000\000\000" 3com-Attr-22 = 0x00000000 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 268439554,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010555d",User-Name = "COSMART\\jat"' rlm_acct_unique: Acct-Unique-Session-ID = "ea36fd6add7d8838". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "COSMART\jat", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705 expand: %t -> Sat Jul 5 14:30:23 2008 ++[detail] returns ok ++[unix] returns ok expand: /var/log/radius/radutmp -> /var/log/radius/radutmp expand: %{User-Name} -> COSMART\jat ++[radutmp] returns ok expand: %{User-Name} -> COSMART\jat attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 218 to 192.168.100.245 port 5001 Finished request 0. Cleaning up request 0 ID 218 with timestamp +2 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=0, length=240 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x0201001b01686f73742f63616a6130322e636f736d6172742e626f Message-Authenticator = 0xf1acdc9cf04cb956900a1812f75fc8e0 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 27 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 172 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop rlm_pap: WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 0 to 192.168.100.245 port 5001 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5073b7a3e2254835034dd3ceef Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=1, length=311 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x0202005019800000004616030100410100003d0301486fbdd4eecfde254716f92a39b631a3684a00787d5d6b063ba9c81cd22e195300001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xbec7d6563e28ca88de7723c45425b6a4 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5073b7a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0666], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 1 to 192.168.100.245 port 5001 EAP-Message = 0x0103040019c0000006c3160301004a020000460301486fbdc4c5c76a2564aa4f526c944a51a1302a3c659a0b0961427630875f60f92028b6d005458c6b196869a0d631f1ce41013c4514747eeebbdd80e7b4bc5969af00040016030106660b00066200065f0002b9308202b53082021ea003020102020104300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f EAP-Message = 0x72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333833325a170d3138303633303231333833325a308195310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311a3018060355040313117261646975732e636f736d6172742e626f311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100cbeb8d00c58afe573130 EAP-Message = 0x546535d403e375d6bd47f46e40c177715d4ecab36ec81bd674cf9e85001a18c8dff1f6a3c36157c4ae0b1081b6a09d177dd4e43da1feab1ad3611da0b973cc5e69d4ed7ddd58147c6ea6666c86d074dce2b4819153f104b1ce41c4c549231e386a04f5123ae40191488aaf93362f09b31eef336682470203010001a317301530130603551d25040c300a06082b06010505070301300d06092a864886f70d01010505000381810035fdfe43e521364d5c730005b1307d1ed1fb9bbeb88cec2be4e362fe3779c4dd1196f0e5b0bb41cde48da1e7392549e989d1ea0e3af59191d05be8991ced0b557b2ea643c160b150e7c83ab667414bb8b670c1193c53 EAP-Message = 0xae386773f3124b7803f6ada10aa517a81bfa0cfe66d5a557da43773eafabe10cbd705a52e5303e0282c90003a03082039c30820305a003020102020900e224351ea6a8c75e300d06092a864886f70d0101050500308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d301e170d3038303730323231333435365a170d3138 EAP-Message = 0x303633303231333435365a30 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5072b6a3e2254835034dd3ceef Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=2, length=237 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x020300061900 Message-Authenticator = 0x2690776a323a61b010a03df037aec344 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5072b6a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 2 to 192.168.100.245 port 5001 EAP-Message = 0x010402d319008191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e6973747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d30819f300d06092a864886f70d010101050003818d0030818902818100a646305a573ba9462e50379658300d0d0d8af89c4c30d84d160cde108867f5008c5d5476b473d60cc52067227194c9d8cb838e251fad331103a0ef6b82d2fc1c775065420d91f1 EAP-Message = 0x69d61d23088d5d2fcaca82b78d432ae2e5a7bc2128ab1489512d0d5df2dc8057bcf5ecf9e5c1be94088977ffa69885442de5967c302cbb3a750203010001a381f93081f6301d0603551d0e0416041473a2a24959f00db826a07cf8489b046784765ead3081c60603551d230481be3081bb801473a2a24959f00db826a07cf8489b046784765eada18197a48194308191310b300906035504061302424f311330110603550408130a53616e7461204372757a311330110603550407130a53616e7461204372757a3110300e060355040a1307436f736d6172743111300f060355040b130853697374656d6173311630140603550403130d61646d696e69 EAP-Message = 0x73747261746f72311b301906092a864886f70d010901160c6a6174406d61696c2e63736d820900e224351ea6a8c75e300c0603551d13040530030101ff300d06092a864886f70d010105050003818100012eb34d9f4d44275d7141f817f9754d61b51a1205fe9326b51df1985a69c664e5a572a408ac098247e82621c48c097c72230ef3d4d4607636e721213b3a6bcae16cb65033eb9793e4bad604c5f8a4bd25638163cd556f283862542654cbcae9b86573ac3668cfad36b8b643abedbeb7a1ffb440c3af91d1a3a76d67ac84a2f016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5071b1a3e2254835034dd3ceef Finished request 3. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=3, length=423 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x020400c01980000000b616030100861000008200800d05f33fc8ee7d6b891fd473b79cbd08c00029c400a4a8b4f66a043855312f1ae4c9ebc4d5935b3dd33a2f8c43a91f5268b8c6feeb2045eb683a038e92faad3c109b80d461449c916764451ae0ad1d9cc5adc79124b328a9e1240a83ffa8cef0833a8f218ce6cffe3c92e4a3a2e421e5d3e31c47deeafb370be2c2ae35840013140301000101160301002071ab2c4c5ef80026ece917f82faa9c4bf68ea263927572bcf2eff9dbc1b51e93 Message-Authenticator = 0x9d34a0ceab1dba8f46192d60879ce9e6 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5071b1a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 192 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 182 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 3 to 192.168.100.245 port 5001 EAP-Message = 0x01050031190014030100010116030100208af84b95006d4b91fba9d7169d916eb6809c68b34efddd8d7bb978243d04922e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5070b0a3e2254835034dd3ceef Finished request 4. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=4, length=237 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x020500061900 Message-Authenticator = 0xfb42b30cdfd2f35fc4e94d6b7b571349 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5070b0a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 4 to 192.168.100.245 port 5001 EAP-Message = 0x0106002019001703010015bc754e60e537bc8fb1c7d29c5758b542685f2a6b11 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5077b3a3e2254835034dd3ceef Finished request 5. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=5, length=281 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x02060032190017030100272290fc8604f7a51d1b40db4729ff215118019fc7cab898e7f7d59299b9ba138f63ad3698ff0d0d Message-Authenticator = 0xdc1ac64c77e6220711e5b9da5a1483c7 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5077b3a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 50 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - host/caja02.cosmart.bo PEAP: Got tunneled identity of host/caja02.cosmart.bo PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to host/caja02.cosmart.bo +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 6 length 27 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 5 to 192.168.100.245 port 5001 EAP-Message = 0x010700471900170301003c1e6805da43586305dd52fac9e77e5c0f59cf439f63276da038654693c461d78f2dff4238725874cbf4b94708899dcd5c661d56d09d4ef789e6c8d8ad Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5076b2a3e2254835034dd3ceef Finished request 6. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=6, length=335 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x020700681900170301005dd9e8df11c1c77181e304f5804625cc6d44f9ab95418534bff216737d94c26604aad2c35ddf65bccfedc9ee52b023fda66d370b6767fd533860ea5b75eb2cdaf251db63feb3991bc812f10e8b41a96942b928746d8e124cd3ff02208321 Message-Authenticator = 0x189158927107c3cc4dbfb70ddcec6879 NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5076b2a3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 104 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to host/caja02.cosmart.bo +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 7 length 81 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: No Cleartext-Password configured. Cannot create LM-Password. rlm_mschap: No Cleartext-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for host/caja02.cosmart.bo with NT-Password expand: --username=%{mschap:User-Name} -> --username=caja02$ expand: --domain=%{mschap:NT-Domain} -> --domain=cosmart mschap2: ca expand: --challenge=%{mschap:Challenge:-00} -> --challenge=2ee635f36876e135 expand: --nt-response=%{mschap:NT-Response:-00} -> --nt-response=3e2799722d4ae64a874fca7144dc868ba821b45ab8d3e5c9 Exec-Program output: NT_KEY: 2C5558B32AB95B9348365F364D596970 Exec-Program-Wait: plaintext: NT_KEY: 2C5558B32AB95B9348365F364D596970 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 6 to 192.168.100.245 port 5001 EAP-Message = 0x0108004a1900170301003f5b72a242149b0c849225ef274c8f16078a490d8b7017a19218015a39d51e11d4e4b5ec95727149d5d2d108ca87be5ac4572a1326c0be8912899588ed1dc79d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5075bda3e2254835034dd3ceef Finished request 7. Going to the next request Waking up in 4.4 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=7, length=260 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x0208001d19001703010012729a793115410148fb3e1894728ed9dd43a2 Message-Authenticator = 0xc0038ec1fb0e803e1447e0c672705c8c NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5075bda3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 29 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to host/caja02.cosmart.bo +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler ++[eap] returns ok PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS Saving tunneled attributes for later ++[eap] returns handled Sending Access-Challenge of id 7 to 192.168.100.245 port 5001 EAP-Message = 0x010900261900170301001be69227ae08e478000a3caae737a96433d8bb3a4ff3a53f1fbb7c0c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x73b5ba5074bca3e2254835034dd3ceef Finished request 8. Going to the next request Waking up in 4.3 seconds. rad_recv: Access-Request packet from host 192.168.100.245 port 5001, id=8, length=269 User-Name = "host/caja02.cosmart.bo" EAP-Message = 0x020900261900170301001b3916275431b7332459f3aaa1643e31720bc6ac34c224b51e2693c3 Message-Authenticator = 0x7093c15fac997292a12f6fc80059160c NAS-IP-Address = 192.168.100.245 NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "0050-bac5-dfa5" State = 0x73b5ba5074bca3e2254835034dd3ceef 3Com-Connect_Id = 83 3Com-Product-ID = "5500G-EI" 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" 3Com-NAS-Startup-Timestamp = 1104537612 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Success Using saved attributes from the original Access-Accept rlm_eap: Freeing handler ++[eap] returns ok +- entering group post-auth ++[exec] returns noop Sending Access-Accept of id 8 to 192.168.100.245 port 5001 User-Name = "host/caja02.cosmart.bo" MS-MPPE-Recv-Key = 0xbc92e431af5c7ffb4d5b7995391751603d37b0f0ff4b90fbfecd1785d2d987b9 MS-MPPE-Send-Key = 0x298436d731ecef7178d901f10b1654124cb4b52e1e1ed23fd33b1ec32476b480 EAP-Message = 0x03090004 Message-Authenticator = 0x00000000000000000000000000000000 Finished request 9. Going to the next request Waking up in 4.3 seconds. rad_recv: Accounting-Request packet from host 192.168.100.245 port 5001, id=219, length=228 User-Name = "host/caja02.cosmart.bo" NAS-Identifier = "001cc5363882" NAS-Port = 268439553 NAS-Port-Id = "unit=1;subslot=0;port=1;vlanid=1" NAS-Port-Type = Ethernet Calling-Station-Id = "0050-bac5-dfa5" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Session-Id = "110500010558e" NAS-IP-Address = 192.168.100.245 Event-Timestamp = "Jan 1 2005 01:58:37 BOT" 3Com-Connect_Id = 83 3com-Attr-29 = 0x00000000 3Com-VLAN-Name = "\000\000\000\000" 3Com-Encryption-Type = "\000\000\000\000" 3Com-Time-Of-Day = "\000\000\000\000" 3com-Attr-22 = 0x00000000 3Com-Ip-Host-Addr = "0.0.0.0 00:50:ba:c5:df:a5" +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address = 192.168.100.245,NAS-IP-Address = 192.168.100.245,Acct-Session-Id = "110500010558e",User-Name = "host/caja02.cosmart.bo"' rlm_acct_unique: Acct-Unique-Session-ID = "b9beac104c297af0". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "host/caja02.cosmart.bo", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/192.168.100.245/detail-20080705 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.100.245/detail-20080705 expand: %t -> Sat Jul 5 14:30:28 2008 ++[detail] returns ok ++[unix] returns ok expand: /var/log/radius/radutmp -> /var/log/radius/radutmp expand: %{User-Name} -> host/caja02.cosmart.bo ++[radutmp] returns ok expand: %{User-Name} -> host/caja02.cosmart.bo attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 219 to 192.168.100.245 port 5001 Finished request 10. Cleaning up request 10 ID 219 with timestamp +7 Going to the next request Waking up in 4.2 seconds. Cleaning up request 1 ID 0 with timestamp +6 Cleaning up request 2 ID 1 with timestamp +7 Cleaning up request 3 ID 2 with timestamp +7 Cleaning up request 4 ID 3 with timestamp +7 Cleaning up request 5 ID 4 with timestamp +7 Cleaning up request 6 ID 5 with timestamp +7 Waking up in 0.1 seconds. Cleaning up request 7 ID 6 with timestamp +7 Cleaning up request 8 ID 7 with timestamp +7 Cleaning up request 9 ID 8 with timestamp +7 Ready to process requests. ______________________________________________ Enviado desde Correo Yahoo! La bandeja de entrada más inteligente.