I'm new to freeradius. I have a simple setup on ubuntu 14.04. I don't have SQL and simply have a user configured in the users file. The user is me - dougberman. I also have a ubiquiti access point which I've configured as a client to the radius server. What's frustrating is sometimes I'm able to use 802.1x EAP/PEAP just fine on my MAC and other times, it fails. I've looked through the radius debug and I can't find anything that stands out that calls my attention. Snipits for the file "users" and "clients.conf" and the debug is below. Any help would be greatly appreciated. users: dougberman Cleartext-Password := "foo123" clients.conf client 192.168.1.29 { secret = network shortname = routergw nastype = other } Please let me know if you have any additional questions. doug@db-dell:~$ sudo freeradius -X [sudo] password for doug: FreeRADIUS Version 2.1.12, for host x86_64-pc-linux-gnu, built on Aug 26 2015 at 14:47:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/rediswho including configuration file /etc/freeradius/modules/replicate including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/redis including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/soh including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = yes auth_badpass = yes auth_goodpass = yes } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } client 192.168.1.29 { require_message_authenticator = no secret = "network" shortname = "routergw" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/modules/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/modules/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/modules/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/modules/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/modules/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/modules/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/modules/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/modules/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/modules/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/modules/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/modules/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/modules/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server server inner-tunnel { # from file /etc/freeradius/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 51461 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=93, length=182 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x0286000f01646f75676265726d616e Message-Authenticator = 0x1b7db57089969456fcff7f264214ac71 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 134 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry dougberman at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 93 to 192.168.1.29 port 56313 EAP-Message = 0x018700160410a6e7f7cc1f9ae919f16aac7710972bd9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b925ac86dd5e2158f0b41dda7 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=94, length=193 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028700080319152b State = 0x92ddcc5b925ac86dd5e2158f0b41dda7 Message-Authenticator = 0x3d6957c95c9c9ba03aa0574e37d2019c # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 135 length 8 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry dougberman at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/peap [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 94 to 192.168.1.29 port 56313 EAP-Message = 0x018800061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9355d56dd5e2158f0b41dda7 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=95, length=316 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x02880083198000000079160301007401000070030156ba68815990fdf76fe5ebc053ed7757fbde10eeeedd069c792855e3fc6abc2f00002800ffc024c023c00ac009c008c028c027c014c013c012003d003c0035002f000ac007c011000500040100001f000a00080006001700180019000b0002010000050005010000000000120000 State = 0x92ddcc5b9355d56dd5e2158f0b41dda7 Message-Authenticator = 0x40f21a53503b308c46cb0d395acff087 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 136 length 131 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 121 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0074], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0039], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 02c2], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 014b], ServerKeyExchange [peap] TLS_accept: SSLv3 write key exchange A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 95 to 192.168.1.29 port 56313 EAP-Message = 0x0189040019c00000045e16030100390200003503013ebf7047410d7a1859b5bbbf2a9d9888ce6e37c03ba9f1614c3bb95e24f1484d00c01400000dff01000100000b00040300010216030102c20b0002be0002bb0002b8308202b43082019ca003020102020900b793aee3ac33bc49300d06092a864886f70d01010b050030123110300e0603550403130764622d64656c6c301e170d3136303230323136353033355a170d3236303133303136353033355a30123110300e0603550403130764622d64656c6c30820122300d06092a864886f70d01010105000382010f003082010a0282010100a3869b5f162e1e131968dc8d564b1d234e592c42f841 EAP-Message = 0xa1241e96afe0db33d6d261b72bc407b2644f64812dba426bbbb6b3231f94a6cddbd263def9ce4e1a43f2a6c264cb9d1b3b4d9f2eace7afc4c2cf1e4c55e307e888b87e55003c404005a0c1a8b58fb034a59d7588206f9b280f5b0174dd53b9d5b8f8227936f640d73af94d8bf255316ba21199b9a01a45b33639cfa1c1f5145fc139819c84376523c6959ae1d6eccad8aa74a7fef8550fca94758e9f6e1a822b93439edcc4655baef7d39725f7378a4d8456581a45628523a8310467e66fb7cde362cabb555c9ef8807421e87adf51b3fb850ee59e23dc0d15fa956ed25af53b6bd8a3b703c431601aad0203010001a30d300b30090603551d13040230 EAP-Message = 0x00300d06092a864886f70d01010b050003820101006dbcd92c80fb31226b1e11ba78acdbfe58ef27a40611e499d4e6bbe5b1bda08cadd47e713fa241ca04627c7b7e4d47704f57af194b910b99d72202d070e26e1cb36107b6d92615758f8c0202fb8a77c92e3654299280c99f26c4dc0216849ffce1062fe9a346d91a04489642f9172d6fcb10bae6f2616bccebb43a00e72d3dbbd519cd0c0a4028eb7a316be8a2777459784bdc6085c3ca16aa635c04e0af7f73060016ce702081b5633f2d3204f0c3ddc35afb0159d6658ac5446a970fa89a090983e361df96e61d39550455483d1514b861ec58e826e508944aea60afb69463aabcce9787295042 EAP-Message = 0xd8b7e3f8a0d0318c55eee88732d1368ef2e6bc69c6ce6351160301014b0c00014703001741040884dfbcda7aeb9916409f3bec34b77584692af6d8d300907b4b79520e0bc4f8c97ad01ceea451d317bc57f48c22cb559c9aa94ddb890830c7355b5dd52dcb9b01002e7f7507025b5ab68f95c1f13cb6a007148404af7c5b9ead6cf1ef3548ebc99f69cd53b61590fbfd42f89369a909680c394c5a40bf756975d1f6d653190435dc34dee4b29704293006d600fb7c67015129e05deab4796a06100aea38c739152b9b8c5dabf734ce8f474cdeabfe63e42032f0ac74fbe2d8a09c17ad55b14b7cd2d9ed043ee42f26ae7e5b28fb5869e6d576ddb54d94 EAP-Message = 0x2260d3c985a4fbc2debb2686 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9054d56dd5e2158f0b41dda7 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=96, length=191 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028900061900 State = 0x92ddcc5b9054d56dd5e2158f0b41dda7 Message-Authenticator = 0x27b924da3c4bc62298b84cf45ee60d4d # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 137 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 96 to 192.168.1.29 port 56313 EAP-Message = 0x018a006e1900d0186aabc9c735e04049ca34da2fa6662cc526354aced54cb41bf031aad5d36a846a299ab806fd96afabaa98d38cb74d2e6a91d979835114259e01d9ec687b5baec3220193694db1cdab30bf92501b4d349ad8a1310d81abf63b3b4b1857c016030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9157d56dd5e2158f0b41dda7 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=97, length=329 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028a00901980000000861603010046100000424104ed317958262830a28c7e9283edbaf1f7c7439d456d2c06cb00a5e5301e69df241e3fa5282eec3182f7e1c1e962b2f0ac489e5828674581cedf4c07ed5ac68995140301000101160301003076d6347b1cbf07357530ccbb54e9b4c471868ff69a5139386b13eb2eb9dcb07eea053e1cfb0b7fbb62bfcebf33a9a72d State = 0x92ddcc5b9157d56dd5e2158f0b41dda7 Message-Authenticator = 0xccec4c85154a5cfbc7b753f7d4f6f5c4 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 138 length 144 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 134 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0046], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 97 to 192.168.1.29 port 56313 EAP-Message = 0x018b00411900140301000101160301003051771428cfdf26c2c47df977b644bbc43c768bfd7c7edeea3e42b9c3befb5e8ad128a499452858b8052b39a413b6e959 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9656d56dd5e2158f0b41dda7 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=98, length=191 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028b00061900 State = 0x92ddcc5b9656d56dd5e2158f0b41dda7 Message-Authenticator = 0x11d4a4db9060a2cdfc52cb51bd1d7a9c # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 139 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS [peap] Session established. Decoding tunneled attributes. [peap] Peap state TUNNEL ESTABLISHED ++[eap] returns handled Sending Access-Challenge of id 98 to 192.168.1.29 port 56313 EAP-Message = 0x018c002b19001703010020a923eee39f2cc0b51d1cf16ffa14f000d5698841775ce1d5c2bc8a4f9fbc2885 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9751d56dd5e2158f0b41dda7 Finished request 5. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=99, length=228 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028c002b19001703010020cb258867342bee4a0d40637b5f7b1ecb8816b573d24a41522e0a1cfd83d6d36b State = 0x92ddcc5b9751d56dd5e2158f0b41dda7 Message-Authenticator = 0xa819497f034aff31cd5bc5f7a2c4dba5 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 140 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state WAITING FOR INNER IDENTITY [peap] Identity - dougberman [peap] Got inner identity 'dougberman' [peap] Setting default EAP type for tunneled EAP session. [peap] Got tunneled request EAP-Message = 0x028c000f01646f75676265726d616e server { [peap] Setting User-Name to dougberman Sending tunneled request EAP-Message = 0x028c000f01646f75676265726d616e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "dougberman" server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 140 length 15 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry dougberman at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d67d9ca5deac34260158bcb9468438e [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x018d00241a018d001f10cf006efe556c46c968d25f3f74e42c4c646f75676265726d616e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d67d9ca5deac34260158bcb9468438e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 99 to 192.168.1.29 port 56313 EAP-Message = 0x018d004b190017030100403e35c354c1073da27a14fa74c477928588301022d6aa6729b79c2c51db2b89c586ccf0c9150c592bfb9baf3193a83b1ffcb36c7c5ba5cc229517777d3f55aaea Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9450d56dd5e2158f0b41dda7 Finished request 6. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=100, length=292 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028d006b19001703010060b70fa486d6bf4f875fa9d7a8eff48b27b87641cb505b84508bee2669019dbbd0922ac4bc2d51e1328401f694e79d98cdf6281c38477138810e2746ab8b4329ded060d04b7629f3cb6f6e9457e4b58aac2428f9bccd602dd3530269fd6b03f42a State = 0x92ddcc5b9450d56dd5e2158f0b41dda7 Message-Authenticator = 0xdc449b545b1129a38bfcb7608bae4c17 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 141 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e server { [peap] Setting User-Name to dougberman Sending tunneled request EAP-Message = 0x028d00451a028d00403146434a04998e36ab37fc7799f66fb3bd000000000000000066b96f66e2fd852a854bdf7c7f3b83c5d01a4429eded44eb00646f75676265726d616e FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "dougberman" State = 0x5d67d9ca5deac34260158bcb9468438e server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 141 length 69 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry dougberman at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel [mschapv2] +- entering group MS-CHAP {...} [mschap] Creating challenge hash with username: dougberman [mschap] Told to do MS-CHAPv2 for dougberman with NT-Password [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d67d9ca5ce9c34260158bcb9468438e [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x018e00331a038d002e533d45333641323545464241433739303646333430343941463330393332363636384445374332443933 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x5d67d9ca5ce9c34260158bcb9468438e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 100 to 192.168.1.29 port 56313 EAP-Message = 0x018e005b1900170301005030ee1789504ddef9c1333bbbc515a4784b2406050e883f87944bfd86e9914bc042b515b70f6cffecc16ae6e5fa393b8aeafc75a806b671e879445bf989d593d173e0fdb136426e1b31adc231b40ddb5d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9553d56dd5e2158f0b41dda7 Finished request 7. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=101, length=228 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028e002b190017030100201be8fd3e17dc6f89b2d40e30b05f30f1f77d27a450388d2c1198ef568e1d8505 State = 0x92ddcc5b9553d56dd5e2158f0b41dda7 Message-Authenticator = 0x46a8247ff6dca44292a4bd7086ebef15 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 142 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x028e00061a03 server { [peap] Setting User-Name to dougberman Sending tunneled request EAP-Message = 0x028e00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "dougberman" State = 0x5d67d9ca5ce9c34260158bcb9468438e server inner-tunnel { # Executing section authorize from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 142 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry dougberman at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [eap] Freeing handler ++[eap] returns ok Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw port 0 via TLS tunnel) WARNING: Empty post-auth section. Using default return values. # Executing section post-auth from file /etc/freeradius/sites-enabled/inner-tunnel } # server inner-tunnel [peap] Got tunneled reply code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5 MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b EAP-Message = 0x038e0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dougberman" [peap] Got tunneled reply RADIUS code 2 MS-MPPE-Encryption-Policy = 0x00000001 MS-MPPE-Encryption-Types = 0x00000006 MS-MPPE-Send-Key = 0xab8f333e7b1793f215315676d210a3f5 MS-MPPE-Recv-Key = 0xacc1ef31ff24cb71cf9aaf469356983b EAP-Message = 0x038e0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dougberman" [peap] Tunneled authentication was successful. [peap] SUCCESS ++[eap] returns handled Sending Access-Challenge of id 101 to 192.168.1.29 port 56313 EAP-Message = 0x018f002b19001703010020ab867b4420a3e8381d1fb52ab0437b2b5e0d6ecafe8b94ff523ab58c67518e61 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7 Finished request 8. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.1.29 port 56313, id=102, length=228 User-Name = "dougberman" NAS-IP-Address = 192.168.1.29 NAS-Identifier = "0418d69afea9" NAS-Port = 0 Called-Station-Id = "0E-18-D6-9B-FE-A9:labouche-secure" Calling-Station-Id = "AC-BC-32-86-B0-73" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 0Mbps 802.11b" EAP-Message = 0x028f002b1900170301002098ec17e74b4b916aacfd9f48e67e31dbc65f7338ad6075a4925b3a6f08651023 State = 0x92ddcc5b9a52d56dd5e2158f0b41dda7 Message-Authenticator = 0xd8837e97e73a64990b77c80afc0e216b # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "dougberman", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 143 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state send tlv success [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [dougberman/<via Auth-Type = EAP>] (from client routergw port 0 cli AC-BC-32-86-B0-73) # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 102 to 192.168.1.29 port 56313 MS-MPPE-Recv-Key = 0xda5ed9ef3092b9a8fb76b36b44aa72c53d6b80932c372a17f6019f83ceb9119e MS-MPPE-Send-Key = 0x67917a24c63ab8ed67f9308f77f21b44fff8686a1ccb03f22baf8b29acb9b2cc EAP-Message = 0x038f0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "dougberman" Finished request 9. Going to the next request Waking up in 4.7 seconds. Cleaning up request 0 ID 93 with timestamp +9 Cleaning up request 1 ID 94 with timestamp +9 Cleaning up request 2 ID 95 with timestamp +9 Cleaning up request 3 ID 96 with timestamp +9 Waking up in 0.1 seconds. Cleaning up request 4 ID 97 with timestamp +9 Cleaning up request 5 ID 98 with timestamp +9 Cleaning up request 6 ID 99 with timestamp +9 Cleaning up request 7 ID 100 with timestamp +9 Cleaning up request 8 ID 101 with timestamp +9 Cleaning up request 9 ID 102 with timestamp +9 Ready to process requests.