Hi, I've setup two different Linux machines with FR and still can't get MAC authentication working with Calling-Station-Id in the radchk table. I've checked FAQ and have googled for hours. I've tried a hosted and local mySQL server. Right now I'm using FR 2.1.1 on openSUSE. I didn't install freeradius-mysql on this new Linux machine, because I can't find it. However, I can still do 802.1X/PEAP authentication against my MySQL DB if I don't have the Calling-Station-Id entry in the radchk table. I can't get SQL xlat to work in the Clients file either. I appreciate your help! Thanks! Associated entries in the radchk table: DEFAULT Fall-Through = yes egeier@skynets Cleartext-Password := XXXX egeier@skynets Calling-Station-Id == 00-1C-B3-B1-3E-07 (if I remove this entry, I can get authenticated) Here's most of the debug: [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} -> egeier@skynets [sql] sql_set_user escaped user --> 'egeier@skynets' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'egeier@skynets' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'egeier@skynets' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'egeier@skynets' ORDER BY priority rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 190 to 192.168.0.1 port 41576 EAP-Message = 0x016600061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b0881019123d77eed9ad3cef65 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=191, length=230 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b0881019123d77eed9ad3cef65 EAP-Message = 0x0266007d198000000073160301006e0100006a030149d245f8cc2cbd4fe33cdb07dc35b6c8 7acfcc21da980a70fa466c6e819bf491000018002f00350005000ac009c00ac013c014003200 38001300040100002900000013001101000e65676569657240736b796e657473000a00080006 001700180019000b00020100 Message-Authenticator = 0x15b99d469f497dd1de41e19b04d463d9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 102 length 125 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 115 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 006e], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 191 to 192.168.0.1 port 41576 EAP-Message = 0x0167040019c00000089b160301002a02000026030149d245fcb6267b990aa260afc7ea5b36 69e5ee697512f85665761dad0e9b077600002f00160301085e0b00085a0008570003a6308203 a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355 040613024652310f300d060355040813065261646975733112301006035504071309536f6d65 776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886 f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d457861 6d706c6520436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3039303332393034333235325a170d3130303332393034333235325a307c310b30 09060355040613024652310f300d0603550408130652616469757331153013060355040a130c 4578616d706c6520496e632e312330210603550403131a4578616d706c652053657276657220 43657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d 706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a028201 0100afd25d67da8ccffe4763fb564786b51a38065630484af7bdfabce1d2c494a9178693a0d3 7c5d8bb0f184839f8700e87e464a3fd3664d6c82da999d3a6fd4 EAP-Message = 0x03feced789fe0bc58ac735ea394fff75c1e3723d9badf8045fea760ba15017ca23cd28c633 e2ff2c55f19fe853ccee89390c60abe5c8b5be7cce9fd2e1efe34086fc578e9cd3dca650e261 2444f21a4f7c80eb794132fad70261a3da7c63ccf56dcd931ffc1e0912c82313121e4197edad 3ed70eef62995f2b051615c0a6de7e1168c58814bdff90876a6bbe2f55a41646fed7b11f207f ee2afc6978da691d65c8b11a4cfef4d7e0e095aba4a8a1262c4021bc738930d2fae12d48353e f49abbe6a30203010001a317301530130603551d25040c300a06082b06010505070301300d06 092a864886f70d010104050003820101006f3167466476eee8e8 EAP-Message = 0x1d9bc9ff6179df282ac7c7ae44de229478cd5ff080afc57bae410b221f2f63cb5d55a2132e 76ba5e5ec0e020a0cb789746cf6af20a26bfca7f4c46dfeedb0db3800fdf3daae1ac08590294 64cb8bea159c1a7803a6a1f048eb694a038d7185a020b995a4c41034221925550e1b59ab8426 4f300de6287dabe959c111739cb6c0857b9229a2556880b70ff453d6eb68e17fdee42c7daa43 d531d49796ee7c824bad36e71a56a23e697f734db8f5196d53cade8e8c58f086e37c343efa9f 544bd5182c285c2eb1f14316c3a0c7ecce1440131b7345dbb21c5b50fbdf1f7fbb919a8c5ebb c7b8306ed89ddf179b89734df0983f59ab3078370004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b0891119123d77eed9ad3cef65 Finished request 1. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=192, length=111 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b0891119123d77eed9ad3cef65 EAP-Message = 0x026700061900 Message-Authenticator = 0x8eba19bccc5e69b9f216eb1aa5d622ec +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 103 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 192 to 192.168.0.1 port 41576 EAP-Message = 0x016803fc194000a663d4bcfa59435a300d06092a864886f70d0101050500308193310b3009 060355040613024652310f300d06035504081306526164697573311230100603550407130953 6f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a 864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d 4578616d706c6520436572746966696361746520417574686f72697479301e170d3039303332 393034333235325a170d3039303432383034333235325a308193310b30090603550406130246 52310f300d060355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120 301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603 550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122 300d06092a864886f70d01010105000382010f003082010a0282010100a07b3f7d03db9d9063 8bb2fe00a7bee1499ce3357164fcca2ae55636c68b591031c54a32b71db07a0fc4648f64ac0f 3e42fb6e1eb213d1a857ecc05855716d79e27df2253e3200d2edae7859d688ed4ee1bf9b187f 0eafa0f9f938caea97793b222d0f48fb61d261bc7c0d951d958b EAP-Message = 0x919afcca2e94aa848668316e70519c9a02150d8108761a132572fb411b6a9ee027b60f528e 8225c76eb4a961a27207042995695d6fe7c4f46357ca7157ca753aa662a643fc56bb211be0c5 913cdc4db159a4ed1cde0c57bbdbf36a6fe4c41cf2049e652697dc5e7c25cbee83191c8498fd bdc7c920750dff86943ffbaa91391b3aa2cf4a7d9b47bcd5a3d66f64f26c02bf0203010001a3 81fb3081f8301d0603551d0e04160414190087aa851c8abf07d58793670b07dc0f281afb3081 c80603551d230481c03081bd8014190087aa851c8abf07d58793670b07dc0f281afba18199a4 8196308193310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d6577686572653115301306035504 0a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e40 6578616d706c652e636f6d312630240603550403131d4578616d706c65204365727469666963 61746520417574686f72697479820900a663d4bcfa59435a300c0603551d13040530030101ff 300d06092a864886f70d01010505000382010100873e551255bc752b4c131e4a95863d8b6a80 cb2d7586d71fb4e2e6c5495e054570666e6ac56c1c696bd6b836fc9f091472be94cc2eb4d0f7 e5361541d47e0f6cef294c6c371b3cba08216b3b23d4eecd1a43 EAP-Message = 0xbf0e3675fb3f585c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08a1e19123d77eed9ad3cef65 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=193, length=111 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08a1e19123d77eed9ad3cef65 EAP-Message = 0x026800061900 Message-Authenticator = 0x4a18ffde3fd54458709082acc41f3d7f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 104 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 193 to 192.168.0.1 port 41576 EAP-Message = 0x016900b519000ac1781ba6b83678764615af96a16b9e8de4d9b113c26bb2c31ade4edb2b68 22bbb18d7f91bc56bb4488583f3d505689b6679adc328619eb21a7daf1af07872aac89e203b2 7a66d85397274bc951dc0046c7fb8c7c295405b50ddf9a215e56983d429c6b3880a926b90bd7 068106ee1acc4bb6338265a98d87358fe9150ee5c23194a513e978793898b6e635d3fd5e055d 7af2cde4f8e0eedf75aa077bcb6f304894f85b4c2f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08b1f19123d77eed9ad3cef65 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=194, length=443 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08b1f19123d77eed9ad3cef65 EAP-Message = 0x02690150198000000146160301010610000102010023b2893885fd70080592f9f1436edd78 1ef99c8de7e15d281fc9e0cb48e5bc031012f493c8c0ec5db3f86b6d30af49d9802cabd8b2c6 bfc33aacf0bdbc772d6ec72fa854774550353bd846ffb9c343e6cabb3ddb76f9ee01b9a7521c 860bef148d1d4eb1b8b899333c0969bdda4a9696b3ba755e681a8605ece35cb2f45c79206a48 10c1e9ace4a13174888ead4afc6072c4bb7dc181b8901660fe2b7a1efe22976f5002e38c86a8 add81006330cfd3f2cbdd5c2e76bb81c4846ea52f4aef3af45cce2a86b849237500eb9d1c6d6 7bdbfc9836e26fbda7ae864fde76b74984d59aedb730cba46565 EAP-Message = 0xa20dc51aeb625c90ed25b9e40eba2e117eb2997a2d04bbec1403010001011603010030b651 eef1062359b260318bb1dd249762365351efbf979e7ef0c70337855c0be3525be8a1d9f2de75 96e29aeb12db9ea0 Message-Authenticator = 0x23d1e19846a4ea99d34d9f1a1bf02ad3 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 105 length 253 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 194 to 192.168.0.1 port 41576 EAP-Message = 0x016a004119001403010001011603010030265d5beb57a7f13839215fa229455a84bed0bfc5 f273c5c0535713ccf5aa89e1df349a61abbbfe8f1b76f83d2644755d Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08c1c19123d77eed9ad3cef65 Finished request 4. Going to the next request Waking up in 4.8 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=195, length=111 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08c1c19123d77eed9ad3cef65 EAP-Message = 0x026a00061900 Message-Authenticator = 0xf532a3f5a4dcdd4ed4cd71b5cce532e4 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 106 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake is finished [peap] eaptls_verify returned 3 [peap] eaptls_process returned 3 [peap] EAPTLS_SUCCESS ++[eap] returns handled Sending Access-Challenge of id 195 to 192.168.0.1 port 41576 EAP-Message = 0x016b002b19001703010020b112cf49ce3a72e40dc7e9d2e94fef07b74cfac248dd3f4e6e30 9db3b1b05606 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08d1d19123d77eed9ad3cef65 Finished request 5. Going to the next request Waking up in 4.7 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=196, length=164 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08d1d19123d77eed9ad3cef65 EAP-Message = 0x026b003b19001703010030aee967824d4e7846b6a3c5c2c6b17ab847f7b1fbcdb0fef31637 10a16b7bc351909a7bfbce7b8d60894766b4b01ab6d2 Message-Authenticator = 0xfa8e5924d5d9b80b3b1eb528d3513560 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 107 length 59 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Identity - egeier@skynets [peap] Got tunnled request EAP-Message = 0x026b00130165676569657240736b796e657473 server (null) { PEAP: Got tunneled identity of egeier@skynets PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to egeier@skynets Sending tunneled request EAP-Message = 0x026b00130165676569657240736b796e657473 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "egeier@skynets" server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 107 length 19 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> egeier@skynets [sql] sql_set_user escaped user --> 'egeier@skynets' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'egeier@skynets' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'egeier@skynets' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User egeier@skynets not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x016c00281a016c0023106185c5d30b26df47aaac5835af87854b65676569657240736b796e 657473 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8433f2b7845fe8463016d60fe5b8c67e [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x016c00281a016c0023106185c5d30b26df47aaac5835af87854b65676569657240736b796e 657473 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8433f2b7845fe8463016d60fe5b8c67e [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 196 to 192.168.0.1 port 41576 EAP-Message = 0x016c004b1900170301004067569516e09b50992249a0bac4306d551611bcdb09de427286d5 1a142ec500855f624a955aca6ce7ae6c5a4c306e7b00579d350b7066fc9b799899f54327558c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08e1a19123d77eed9ad3cef65 Finished request 6. Going to the next request Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=197, length=212 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08e1a19123d77eed9ad3cef65 EAP-Message = 0x026c006b19001703010060d41722535ff45cf717b4f40c141ecfcdad9962074ea118036098 59c2ea68c930bce1856c23eb1bc5c0625068f4ebcaba06ff1b3558ec28f435bcec2cdb75d736 3a9a77334da514d01e43e12bf757ff038bb0f37084a82213a93a6303c2ac4539 Message-Authenticator = 0x620d57d70597d1e4d0364a17ab00182f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 108 length 107 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] EAP type mschapv2 [peap] Got tunnled request EAP-Message = 0x026c00491a026c00443177f318d460fc36f9cc77a41c0a4b3656000000000000000010538d 55c2badfcc4a85b41f875a5521f978d255be29a7d20065676569657240736b796e657473 server (null) { PEAP: Setting User-Name to egeier@skynets Sending tunneled request EAP-Message = 0x026c00491a026c00443177f318d460fc36f9cc77a41c0a4b3656000000000000000010538d 55c2badfcc4a85b41f875a5521f978d255be29a7d20065676569657240736b796e657473 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = "egeier@skynets" State = 0x8433f2b7845fe8463016d60fe5b8c67e server inner-tunnel { +- entering group authorize {...} ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop ++[control] returns noop [eap] EAP packet type response id 108 length 73 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop [sql] expand: %{User-Name} -> egeier@skynets [sql] sql_set_user escaped user --> 'egeier@skynets' rlm_sql (sql): Reserving sql socket id: 2 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'egeier@skynets' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'egeier@skynets' ORDER BY priority rlm_sql (sql): Released sql socket id: 2 [sql] User egeier@skynets not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/mschapv2 [eap] processing type mschapv2 [mschapv2] +- entering group MS-CHAP {...} [mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for egeier@skynets with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject [eap] Freeing handler ++[eap] returns reject Failed to authenticate the user. } # server inner-tunnel [peap] Got tunneled reply code 3 MS-CHAP-Error = "lE=691 R=1" EAP-Message = 0x046c0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Got tunneled reply RADIUS code 3 MS-CHAP-Error = "lE=691 R=1" EAP-Message = 0x046c0004 Message-Authenticator = 0x00000000000000000000000000000000 [peap] Tunneled authentication was rejected. [peap] FAILURE ++[eap] returns handled Sending Access-Challenge of id 197 to 192.168.0.1 port 41576 EAP-Message = 0x016d002b1900170301002050851be7730cf2433442d5288ae299103964d96aca2e00a9a20a 8172328618ee Message-Authenticator = 0x00000000000000000000000000000000 State = 0x887600b08f1b19123d77eed9ad3cef65 Finished request 7. Going to the next request Waking up in 4.5 seconds. rad_recv: Access-Request packet from host 192.168.0.1 port 41576, id=198, length=148 User-Name = "egeier@skynets" NAS-IP-Address = 192.168.0.1 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "00-1C-B3-B1-3E-07" State = 0x887600b08f1b19123d77eed9ad3cef65 EAP-Message = 0x026d002b190017030100202fe95f0a379156a0d8b5c8e2ce3aac1e190037397df3a685ea59 cb4fd6e0e6f2 Message-Authenticator = 0xf374de61a4af8301e8ca7954dd356a7f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] Looking up realm "skynets" for User-Name = "egeier@skynets" [suffix] No such realm "skynets" ++[suffix] returns noop [eap] EAP packet type response id 109 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Had sent TLV failure. User was rejected earlier in this session. [eap] Handler failed in EAP/peap [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> egeier@skynets attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 8 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 8 Sending Access-Reject of id 198 to 192.168.0.1 port 41576 EAP-Message = 0x046d0004 Message-Authenticator = 0x00000000000000000000000000000000