Hi, I'm using wired 802.1x to authenticate user using eap md5 and eap peap. the problem rise when using peap, the radius attribute (tunnel private group id) didn't pass to the switch. but if we use md5, the server will pass the attribute. I suspect something missing on inner tunnel config (I only change 1 line at authorization section that's adding ldap module ), btw i'm using 2.0.5 debug for peap : Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" EAP-Message = 0x0201000c0174657374696e67 Message-Authenticator = 0x24f65e66f58f3fbc5672fd7460764248 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.11.17:389, authentication 0 rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to 192.168.11.17:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x3139373530313942423345344631324146413133423832443930424146414137 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x3244353534353037374437423744324136443341363237433832344630323946 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 ++[checkval] returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 24660 ++[logintime] returns ok rlm_pap: Normalizing NT-Password from hex encoding rlm_pap: Normalizing LM-Password from hex encoding rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 24660 EAP-Message = 0x010200160410e96bf812655451b6768f118f21ef9029 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e4a91db94bbd886b68148382 Finished request 0. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e4a91db94bbd886b68148382 EAP-Message = 0x020200060319 Message-Authenticator = 0x806329359874bbd8dcb131e84b38b7d6 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x3139373530313942423345344631324146413133423832443930424146414137 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x3244353534353037374437423744324136443341363237433832344630323946 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 ++[checkval] returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 24660 ++[logintime] returns ok rlm_pap: Normalizing NT-Password from hex encoding rlm_pap: Normalizing LM-Password from hex encoding rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 24660 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e5a800b94bbd886b68148382 Finished request 1. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e5a800b94bbd886b68148382 EAP-Message = 0x0203007019800000006616030100610100005d030148d9c58504ef46c7c0ea8846dbf430d896a57cc815c53b96972e059ee0c25651207b55a441f92d8ea3558445e855084f1d372c56698115bd5dc74e785ad9871477001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0xf5e446a5e8c75debe89851f5ef2843b4 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 112 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 102 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0061], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0104040019c0000008bb160301004a02000046030148d9bdb7cf42fd2747c4221c297d920e53beed1bdd169094cf9b1cbee333d9292098c607b7822074809468e5468b37f41ce631f3049febb4bdd736f6562e551c34000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303932333032323830315a170d3039303932333032323830315a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100bb4d71d2658b0d25a73ab5088d756295694af641f6c21023e605d3a966c5 EAP-Message = 0xfd9ba8cd33a5994667e4487dbe9655de4e40fa64bdb675f581a468551ecdf20006c65e3887eeb5b97285986f51ab1a417eb3d105d8f58187c744ecf01e872954e5ffe3fe000d360f992720fb05ea0e7613e85488f7a6d845004d5215854da36b921de03da9af87ac7127ec6c9b8296b715389e9f91afe299b7dba0cb8bef4ebbcaa5b2ed5642cee44221047b8df41299abfa3f6ba76bceb1a76df83b0c92339eb8a53b871958f3d8c14247bca091e1d5082d804c0ebaf4dcf0abdf16d4b46a41313774cca8fce707f87ec5ed8043e448b7ca14901982cb2728490911e838fad49f110203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d01010405000382010100599dabd0359906c50973d89c69acebab69a08a1d31dc126991fcf1f2f20f48c2c670ccf5ef0c25b7f68bba8de65b2032b271bcd4c84b96393f70f09d39842aaa0a63297afe7eac38a5c5fd272e8bbb3595ebc16cb0f65376367b121be971bb42ce5b02861cf4fa150c7cd0df33221b07bcb8c0e8ffdc464c9295d680f41b37f749b5c6922aef7754db8b9807a2a2cbc700adec17d1a678e9823063eefc4995d1bf5952026f33087d26bb18a5bea5ad1032daef61d0180c118638ee79c9589805c5955bafb8a44aefa0e183d7ca5e328ac440de0f59d2c44c0968f24e70a024f6cb5d1e8e8960 EAP-Message = 0x68dd5b148e29b68483206f80 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e6af00b94bbd886b68148382 Finished request 2. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e6af00b94bbd886b68148382 EAP-Message = 0x020400061900 Message-Authenticator = 0x7b0da6b9fc76c244a8c8d1a70016cbc9 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010503fc1940300baf24e5c4eba6f96513588ade0004ab308204a73082038fa003020102020900e3c36cfa4ccb18d0300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303932333032323830305a170d3038313032333032323830305a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100bd6abfc98d9a939b42be54807ddc6eead85f3b5f9bbe698a0ded98853b45e912e2ac64378b77265d5fe25925b634ec730249067c267b3a9347fb823275ae8b2e05ec872d1514bb08b9fc680a0febd0 EAP-Message = 0xfe871aad33a314866a9509b4f712a96b02157e81644b73eb3264dc63325536c0e3bfc113839e1215b7b0429660eb123c79ed36575d2c011565c88317c47bd946240eefacff19d8a9e6fcf7e003850a54ab7772c238641ca3a22f52f0714e143ab2d935a3a75fff7c8bdfee0aea01c3c6207c8bde420ff23405faee8ecb2a775b3498a2c5959342bc2538f8cf74f937db78d19f54382528f108587a900c283ea25fcfd9f1ee41e9aeea9a98a6ed3619d1ff0203010001a381fb3081f8301d0603551d0e0416041457dd187fddf75d3491c7be2688ee9ca295afa52d3081c80603551d230481c03081bd801457dd187fddf75d3491c7be2688ee9ca295af EAP-Message = 0xa52da18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479820900e3c36cfa4ccb18d0300c0603551d13040530030101ff300d06092a864886f70d010105050003820101008d5ed930ef6f2a603fe7f664336f49f4ca3136e834029838931a78679090789ab7b63a851ac342db30a2c4d4ed0fc81d19e3 EAP-Message = 0xc7c419213d898c9b Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e7ae00b94bbd886b68148382 Finished request 3. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e7ae00b94bbd886b68148382 EAP-Message = 0x020500061900 Message-Authenticator = 0xd08f6c9e4be935a3256057fc4ef60caa server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010600d519003930329a01d4ea1bb98d1698ec01cbfd0cb4d0b225ca864f310db36878d08936a7175459bebffe7d19bba5b6784fcdbad5e8f7be8cb72f7b04cb39fb2c98161d840dfcb1db80bcef3648d30816e1cd61cbe155d7ee13f86a0c8b3c4cfc10b74628959be11d7391ca123475672d8a8dc4b890de0dc23c30edef8894eb5b1c8651763dd19c64d23101fb1f14b07860da6cb64c556145eaa5ca4bea3e95dc9ec711b75c0ea334a403d8a5ae7cde859b3e257bf1fa26e0ef5d51a276aeb258570f3c365b57ff06ac16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e0ad00b94bbd886b68148382 Finished request 4. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e0ad00b94bbd886b68148382 EAP-Message = 0x0206014019800000013616030101061000010201000e12fe66799110767d0706638cbff823c3613182b00e038c1419dfca6b06a97f8d1d919c55a3ef35e25faa63784b8f609c769191ff156ac2c772a31aa466c3869e3b86201830900a2c5ca2c448248570896538712e0047efbfcd5e0fd6b6a272911af3c41876eb0e4ec45ab9eab77d275b5d48039cc32d95c403c313d9eb82fb1e51bebd656c3d5c8c31009d28107daaa0b7d8941a315c83b6adbc293852094c20575b90cdf4508b388247c7f1cd72139a2cd32f80ce58dec6680251ef3e38f3ab971f54b9600db8d2f12efa5cbef83308906ef502248f08dd9ba4c6c4736cf8b08c7717cb2ae20b EAP-Message = 0x8e60e7f72586dbc0ab65eb9847eb0b513e890d2d3eb6a036140301000101160301002091558d454a3096437983262407edce4036714ee7172ef541256764302876cbf2 Message-Authenticator = 0x21ed51932410124f3ccd9ede9aa9e4de server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 310 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010700311900140301000101160301002029d09c92b37f6a05e9d96326f6d04c3a6a019993838f751e28191b864a43169c Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e1ac00b94bbd886b68148382 Finished request 5. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e1ac00b94bbd886b68148382 EAP-Message = 0x020700061900 Message-Authenticator = 0xbbdec6ac12226eded3a5cadad499e474 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010800201900170301001591d77f88e7cf0c3523624f183268286d93d237ecf1 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e2a300b94bbd886b68148382 Finished request 6. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e2a300b94bbd886b68148382 EAP-Message = 0x0208002319001703010018950530e097ad90ba88c2bca19d4f2061d112d2b531b8b108 Message-Authenticator = 0x72e2e8c518ea0a5415ef3f12d2671f67 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 35 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testing PEAP: Got tunneled identity of testing PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 192.168.11.7:389, authentication 0 rlm_ldap: bind as memberUid=radius,ou=admin,dc=zzz,dc=com/radiusjuga to 192.168.11.7:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x3139373530313942423345344631324146413133423832443930424146414137 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x3244353534353037374437423744324136443341363237433832344630323946 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance100] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 24660 ++[logintime] returns ok ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010900381900170301002d8bfccd9c700d8c5f7f689a2276a39d7df69e62fe75e37e8ed378a4ee305b1cbca2a50e591f80e7ee735de373a0 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4e3a200b94bbd886b68148382 Finished request 7. Going to the next request Waking up in 4.7 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4e3a200b94bbd886b68148382 EAP-Message = 0x020900591900170301004e7de02f3479cc10cadb25ca8c44ff6dddf456ec29960248228f3c61741ae3565958ad66c8479aea997e3442b7673a3308468cb31cf7966bcc18ac80061cd8d3fc6ab9e2750dca327193e854d86043 Message-Authenticator = 0x9f808479ce5a1c866c96fabc4b2d256e server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 89 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 9 length 66 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x3139373530313942423345344631324146413133423832443930424146414137 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x3244353534353037374437423744324136443341363237433832344630323946 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance100] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 24660 ++[logintime] returns ok ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Found LM-Password rlm_mschap: Found NT-Password rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010a004a1900170301003fe2edcf9c431f5b9f455e40ac276f04c64ae6ef42f14198fcc92589e54655a4de788331275beedd23e7d1cd6ed110eaaab6dc8f6cceae33ac5b907674491a73 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4eca100b94bbd886b68148382 Finished request 8. Going to the next request Waking up in 4.7 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4eca100b94bbd886b68148382 EAP-Message = 0x020a001d19001703010012d7763477ae6558c7f305070412a2df50d75a Message-Authenticator = 0x92a3213a7c4e39f6015aeff93fb6a177 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 10 length 29 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 10 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x3139373530313942423345344631324146413133423832443930424146414137 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x3244353534353037374437423744324136443341363237433832344630323946 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance100] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 24660 ++[logintime] returns ok ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 rlm_eap: Freeing handler ++[eap] returns ok Login OK: [testing/<via Auth-Type = EAP>] (from client dotix port 0) PEAP: Tunneled authentication was successful. rlm_eap_peap: SUCCESS ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010b00261900170301001b2047b07fe1372dc5996fc764424ef372360a52a14c5f2b40a656f8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xe4ab19e4eda000b94bbd886b68148382 Finished request 9. Going to the next request Waking up in 4.6 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "100" State = 0xe4ab19e4eda000b94bbd886b68148382 EAP-Message = 0x020b00261900170301001b1cdb638dc4720a0a9d44268ad8b573e02916ba4ea3f39fad3022f7 Message-Authenticator = 0x5c37edb602afabf04e729664be222ed7 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 11 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Success rlm_eap: Freeing handler ++[eap] returns ok Login OK: [testing/<via Auth-Type = EAP>] (from client dotix port 1 cli 00-16-36-5a-f1-e4) } # server nispdot1x MS-MPPE-Recv-Key = 0x8690f9087827a079d861e1afb895a72d9ea45343cb6910c50c0927583dd428c9 MS-MPPE-Send-Key = 0x45e05accddfbdfe3da040cac0ffc0e52265dcc433c31c93a6d90753822e83ca3 EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "testing" Finished request 10. Going to the next request Waking up in 4.6 seconds. Acct-Session-Id = "00A900000020" Acct-Status-Type = Start Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-Port = 1 Calling-Station-Id = "00-16-36-5A-F1-E4" Service-Type = Framed-User NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" server nispdot1x { +- entering group preacct ++[preprocess] returns ok rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 192.168.12.130,NAS-IP-Address = 192.168.12.130,Acct-Session-Id = "00A900000020",User-Name = "testing"' rlm_acct_unique: Acct-Unique-Session-ID = "2daecbe921fc1679". ++[acct_unique] returns ok rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[files] returns noop +- entering group accounting expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/192.168.12.130/detail-20080924 rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/192.168.12.130/detail-20080924 expand: %t -> Wed Sep 24 11:10:31 2008 ++[detail] returns ok ++[unix] returns ok expand: /var/log/radutmp -> /var/log/radutmp expand: %{User-Name} -> testing ++[radutmp] returns ok expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated } # server nispdot1x Finished request 11. Cleaning up request 11 ID 126 with timestamp +10 Going to the next request Waking up in 4.6 seconds. Cleaning up request 0 ID 115 with timestamp +10 Cleaning up request 1 ID 116 with timestamp +10 Cleaning up request 2 ID 117 with timestamp +10 Cleaning up request 3 ID 118 with timestamp +10 Cleaning up request 4 ID 119 with timestamp +10 Cleaning up request 5 ID 120 with timestamp +10 Cleaning up request 6 ID 121 with timestamp +10 Cleaning up request 7 ID 122 with timestamp +10 Cleaning up request 8 ID 123 with timestamp +10 Cleaning up request 9 ID 124 with timestamp +10 Cleaning up request 10 ID 125 with timestamp +10 Ready to process requests. any suggestion what should I do? Thank You -- DISCLAIMER: The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.