Wow. Unsubscribe... rumors are true
:(
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
freeradius-users-request@lists.freeradius.org
You can reach the person managing the list at
freeradius-users-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: Fwd: FreeRadius Dictionary Attributes (Alan DeKok)
2. Re: Assign VLAN from freeradius to Cisco 3550 switch.
(Wassim Zaarour)
3. Re: Assign VLAN from freeradius to Cisco 3550 switch. (alan buxey)
4. Cisco WLC - Freeradius Vlan assigment problem (Martin Silvero)
----------------------------------------------------------------------
Message: 1
Date: Wed, 25 Apr 2012 18:03:06 +0200
From: Alan DeKok <aland@deployingradius.com>
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Subject: Re: Fwd: FreeRadius Dictionary Attributes
Message-ID: <4F98203A.3080303@deployingradius.com>
Content-Type: text/plain; charset=ISO-8859-1
Corey Jones wrote:
> ---------- Forwarded message ----------
...
That's not nice. Is it really that difficult to post the *original*
message? Why forward a bounce?
> I'm trying to get a freeradius server up and running but I'm having
> trouble with the attributes I've included in the master dictionary file
> showing up in the detail file:
>
> ATTRIBUTE client-mac-address 9001 string
This is wrong.
Read share/dictionary. Use the numbers *it* recommends, rather than
inventing your own.
> The output of the detail-<date> file of the non-functioning server:
Which is... which version? How did you configure it?
> The output of the detail-<date> file for the functioning server:
Which is... which version? How did you configure it?
> If you compare the non-functioning server output file to the functioning
> server output file, there are two fields that are missing that are
> defined in the master dictionary file.
>
> disc-cause-ext = "PPP Receive Term" <---------------HERE
> client-mac-address = "0002.xxxx.xxxx" <---------------HERE
If the two servers are identical, they will behave the same.
If they're different, find out what the differences are, and fix them.
> I am having trouble with a different part of the server setup where that
> file is pulled and those fields are read and needed by another application.
What does that mean?
> Does anyone know why those two fields are not pulled or processed on the
> non-functioning server's output file?
The fields are "pulled" from... where?
> freeradius -X dump of non-functioning server:
In which it doesn't receive any packets. So it's useless.
Good questions get good answers.
These questions are bad. As a result, the only possible answer is
unhelpful. Along with the advice "ask good questions."
Alan DeKok.
------------------------------
Message: 2
Date: Wed, 25 Apr 2012 19:05:26 +0300
From: Wassim Zaarour <wassim.zaarour@navlink.com>
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Subject: Re: Assign VLAN from freeradius to Cisco 3550 switch.
Message-ID: <CBBDFB26.EE39%wassim.zaarour@navlink.com>
Content-Type: text/plain; CHARSET=US-ASCII
Hi Brian,
Thanks for your reply, where do I exactly need to put this configuration?
In the users file?
Do you have any experience with the 2960 switches?
Wassim
On 4/25/12 4:07 PM, "Brian Julin" <BJulin@clarku.edu> wrote:
>
>Wassim Zaarour wrote:
>> Look at this
>>
>>http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg4016
>>2.html
>>
>> The user says that it worked, I tried the attributes he used and still
>>got
>> the same error.
>
>I don't even know how this was ever working for that user. On my wired
>switch plant, which
>includes some 3550s, wherever I have tested VLAN assignment I have had to
>use Cisco's
>cretinous hack:
>
>
> if (Cisco-AVPair) { # Cisco switch.
> # We have to "Accept" it to the Registration VLAN manually
> # (because host-mode multi-auth is currently retarded.)
> update reply {
> Tunnel-Type = VLAN
> Tunnel-Medium-Type = 6
> # CISCO broke the IETF attribute...
> # Tunnel-Private-Group-Id = "Registration"
> # ... so use their proprietary method to get it in there.
> # NOTE: This is CaSe SeNsItIvE!!
> Cisco-AVPair += "tunnel-private-group-id=Registration"
> }
>
>This is of course extremely case-sensitive. It also uses the vlan names,
>not the numbers, though
>you can use the automatically generated names just fine.
>
>Be warned the 3550s are old EOL switches and their latest software
>version (the one that is only
>supposed to be used for the 24 port switch but works on the 48 port one)
>is still not current enough
>to pick up the latest bugfixes to multi-auth mode. Not that multi-auth
>mode works sensibly in the
>newest firmware either, but at least it has workarounds.
>
>(BTW, even I am starting to pull these 3550s from the net, and I tend to
>try to bleed devices for every
>minute they can manage to hack it. Right now the only ones I have out
>there are essentially
>serving as lightening rods for this summer's thunder storms, and then
>will be replaced by new
>switches after that.)
>
>Typical switch port configuration (this is not from a 3550, sorry):
>
>
>interface FastEthernet0/24
> switchport access vlan XXX
> switchport mode access
> switchport block unicast
> switchport port-security maximum 16
> switchport port-security
> switchport port-security aging time 240
> switchport port-security violation restrict
> switchport port-security aging type inactivity
> ip arp inspection limit rate 100
> authentication control-direction in
> authentication event fail action authorize vlan YYY
> authentication event server dead action authorize vlan XXX
> authentication event no-response action authorize vlan XXX
> authentication event server alive action reinitialize
> authentication host-mode multi-auth
> authentication order mab
> authentication priority mab
> authentication port-control auto
> authentication periodic
> authentication timer reauthenticate 1300
> authentication timer inactivity 1200
> authentication violation restrict
> mab
> no lldp transmit
> no lldp receive
> no cdp enable
> no cdp tlv server-location
> no cdp tlv app
> spanning-tree portfast
> spanning-tree bpduguard enable
> ip verify source port-security
> ip dhcp snooping limit rate 50
>end
>
>
>XXX and YYY above are actually decimals.
>
>Note that the auth-fail VLAN setting is not actually used, because in
>order to get multi-auth to behave
>sensibly (so you can handle VMs) you have to actually succeed every
>authentication and just send
>the quaranteen VLAN from RADIUS when you want the user locked out.
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
------------------------------
Message: 3
Date: Wed, 25 Apr 2012 18:13:22 +0100
From: alan buxey <A.L.M.Buxey@lboro.ac.uk>
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Subject: Re: Assign VLAN from freeradius to Cisco 3550 switch.
Message-ID: <20120425171322.GB9623@lboro.ac.uk>
Content-Type: text/plain; charset=us-ascii
Hi,
> Thanks for your reply, where do I exactly need to put this configuration?
> In the users file?
I can tell you right now that you dont need that hack to assign VLANs on cisco
switches (well, not if you are running reasonably up to date firmware on the
cisco devices anyway - ie something less than 2 years old)
we run an enterprise network of > 1500 cisco switches, most of them using
FreeRADIUS as the AAA server in 802.1X mode (others still have VMPS - with FreeRADIUS
of course). we certainly dont have that kind of configuration for VLAN assignment.
straight simple reply values are all that are needed.
as already said, the issue looks like its your Cisco config - and the cisco
guides tell you exactly how to configure the cisco switches, its not a freeRADIUS
question.
alan
------------------------------
Message: 4
Date: Wed, 25 Apr 2012 16:49:29 -0300
From: Martin Silvero <silvero.martin@gmail.com>
To: freeradius-users@lists.freeradius.org
Subject: Cisco WLC - Freeradius Vlan assigment problem
Message-ID:
<CALmvTSSRrfx9eyOoXxcwYjtxF6oEKHS8MNtewGBONG_wxP9cTQ@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
We are modifying the Wireless acccess to our LAN.
We are trying to use a Cisco WLC and our freeradius. We've been using this
same freeradius for authenticating users against the corporate LDAP. Now
we want WLC to talk to the radius server without losing any functionality
like user authentication or vlan assignment.
Our main problem is that the vlan assingment is not working when we use the
WLC. The scenario with the APs talking to the radius directly works fine,
but when we use lightweight AP and the WLC we can see that the vlan
assignment part is skipped by the authentication process and all the users
are sent to the same vlan.
The following is the output of the two cases. One of them is a user
authenticating without WLC, the AP talks directly to the Radius Server, and
the other is an authentication where WLC talks to the Radius Server (the
one that is not working)
- 10.32.2.81 is the WLC IP address.
- 10.32.2.39 is the AP IP address.
WLC Soft Version: 7.0.116.0
These are the outputs:
1) AP - RADIUS (No WLC)
*****************************************************
rad_recv: Access-Request packet from host 10.32.2.39 port 1645, id=205,
length=184
User-Name = "fcanales"
Framed-MTU = 1400
Called-Station-Id = "001d.4551.7da0"
Calling-Station-Id = "5894.6b0d.e86c"
Service-Type = Login-User
Message-Authenticator = 0x46192e9a5e4720bd6c721e03d8e6c3b4
EAP-Message =
0x0208002b19001703010020f7e5545e9d9e05ecff5f8be2d1bc992eeddba82eb4adef509bded9dd6c132712
NAS-Port-Type = Wireless-802.11
NAS-Port = 59460
State = 0xf4160a33f11e13898255a02243c509d6
NAS-IP-Address = 10.32.2.39
NAS-Identifier = "ap-Reco32"
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "fcanales", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - fcanales
[peap] Got tunneled request
EAP-Message = 0x0208000d016663616e616c6573
server {
PEAP: Got tunneled identity of fcanales
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to fcanales
Sending tunneled request
EAP-Message = 0x0208000d016663616e616c6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "fcanales"
Framed-MTU = 1400
Called-Station-Id = "001d.4551.7da0"
Calling-Station-Id = "5894.6b0d.e86c"
Service-Type = Login-User
NAS-Port-Type = Wireless-802.11
NAS-Port = 59460
NAS-IP-Address = 10.32.2.39
NAS-Identifier = "ap-Reco32"
server inner-tunnel {
+- entering group authorize {...}
++[preprocess] returns ok
++? if (!Huntgroup-Name)
? Evaluating !(Huntgroup-Name) -> FALSE
++? if (!Huntgroup-Name) -> FALSE
++? if (Huntgroup-Name == "list")
? Evaluating (Huntgroup-Name == "list") -> TRUE
++? if (Huntgroup-Name == "list") -> TRUE
++- entering if (Huntgroup-Name == "list") {...}
+++? if (Ldap-Group == "WIFI-Direccion")
rlm_ldap: Entering ldap_groupcmp()
expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
expand: (uid=%u) -> (uid=fcanales)
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(uid=fcanales)
rlm_ldap: ldap_release_conn: Release Id: 0
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand:
(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))
-> (&(objectClass=posixGroup)(memberUid=fcanales))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(&(cn=WIFI-Direccion)(&(objectClass=posixGroup)(memberUid=fcanales)))
rlm_ldap: object not found
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group WIFI-Direccion not found or user is not a
member.
+++? if (Ldap-Group == "WIFI-MKTyCC")
rlm_ldap: Entering ldap_groupcmp()
expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand:
(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))
-> (&(objectClass=posixGroup)(memberUid=fcanales))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(&(cn=WIFI-Finanzas)(&(objectClass=posixGroup)(memberUid=fcanales)))
rlm_ldap: object not found
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group WIFI-Finanzas not found or user is not a
member.
+++? if (Ldap-Group == "WIFI-TyO")
rlm_ldap: Entering ldap_groupcmp()
expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand:
(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))
-> (&(objectClass=posixGroup)(memberUid=fcanales))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(&(cn=WIFI-TyO)(&(objectClass=posixGroup)(memberUid=fcanales)))
rlm_ldap::ldap_groupcmp: User found in group WIFI-TyO
rlm_ldap: ldap_release_conn: Release Id: 0
? Evaluating (Ldap-Group == "WIFI-TyO") -> TRUE
+++? if (Ldap-Group == "WIFI-TyO") -> TRUE
+++- entering if (Ldap-Group == "WIFI-TyO") {...}
++++[reply] returns ok
+++- if (Ldap-Group == "WIFI-TyO") returns ok
+++? if (Ldap-Group == "WIFI-ITfuncional")
rlm_ldap: Entering ldap_groupcmp()
expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
expand:
(&(objectClass=posixGroup)(memberUid=%{Stripped-User-Name:-%{User-Name}}))
-> (&(objectClass=posixGroup)(memberUid=fcanales))
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(&(cn=WIFI-Monit)(&(objectClass=posixGroup)(memberUid=fcanales)))
rlm_ldap: object not found
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap::ldap_groupcmp: Group WIFI-Monit not found or user is not a member.
++- if (Huntgroup-Name == "list") returns ok
++[chap] returns noop
++[mschap] returns noop
++[unix] returns updated
[suffix] No '@' in User-Name = "fcanales", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for fcanales
[ldap] expand: (uid=%u) -> (uid=fcanales)
[ldap] expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(uid=fcanales)
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password ==
0x3441313536383141373845384430414446424135364139373343343736374646
rlm_ldap: sambaLmPassword -> LM-Password ==
0x4446323634314431373041414432333739433530313441453437313841374545
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user fcanales authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "212"
EAP-Message =
0x010900221a0109001d108279970f23460b83f1fffcc6e09626c56663616e616c6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x158baf111582b5a1fb3a126781117cd4
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "212"
EAP-Message =
0x010900221a0109001d108279970f23460b83f1fffcc6e09626c56663616e616c6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0x158baf111582b5a1fb3a126781117cd4
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 205 to 10.32.2.39 port 1645
EAP-Message =
0x0109004b19001703010040640c0cb308474b42ecc083db0b3f47c66731a31c01801dde9b162f50d5bde13456412ab71e4d7d0e743b50cc42e91bba22dabeb375116f48b625e9691a3d3932
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xf4160a33f21f13898255a02243c509d6
Finished request 38.
*****************************************************
2) WLC - RADIUS
*****************************************************
rad_recv: Access-Request packet from host 10.32.2.81 port 32768, id=119,
length=280
User-Name = "fcanales"
Calling-Station-Id = "58-94-6b-0d-e8-6c"
Called-Station-Id = "30-37-a6-4b-9f-90:IReconquista"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=0a2002510000000f4eaaf051"
NAS-IP-Address = 10.32.2.81
NAS-Identifier = "Iplan_wcs"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "60"
EAP-Message =
0x0208002b190017030100200c857843d879e361aad79c8a2dccee6de8b04225d90b753a81b636a8090f0193
State = 0xcb0bb3aace03aab2864a9aacb255d323
Message-Authenticator = 0x62ca91e9e88fbba794e6e51db7aa67ec
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "fcanales", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] EAP packet type response id 8 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Identity - fcanales
[peap] Got tunneled request
EAP-Message = 0x0208000d016663616e616c6573
server {
PEAP: Got tunneled identity of fcanales
PEAP: Setting default EAP type for tunneled EAP session.
PEAP: Setting User-Name to fcanales
Sending tunneled request
EAP-Message = 0x0208000d016663616e616c6573
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = "fcanales"
Calling-Station-Id = "58-94-6b-0d-e8-6c"
Called-Station-Id = "30-37-a6-4b-9f-90:IReconquista"
NAS-Port = 1
Cisco-AVPair = "audit-session-id=0a2002510000000f4eaaf051"
NAS-IP-Address = 10.32.2.81
NAS-Identifier = "Iplan_wcs"
Airespace-Wlan-Id = 1
Service-Type = Framed-User
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "60"
server inner-tunnel {
+- entering group authorize {...}
++[preprocess] returns ok
++? if (!Huntgroup-Name)
? Evaluating !(Huntgroup-Name) -> TRUE
++? if (!Huntgroup-Name) -> TRUE
++- entering if (!Huntgroup-Name) {...}
+++[reply] returns ok
++- if (!Huntgroup-Name) returns ok
++? if (Huntgroup-Name == "list")
(Attribute Huntgroup-Name was not found)
++[chap] returns noop
++[mschap] returns noop
++[unix] returns updated
[suffix] No '@' in User-Name = "fcanales", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 8 length 13
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
[ldap] performing user authorization for fcanales
[ldap] expand: (uid=%u) -> (uid=fcanales)
[ldap] expand: dc=iplan,dc=com,dc=ar -> dc=iplan,dc=com,dc=ar
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=iplan,dc=com,dc=ar, with filter
(uid=fcanales)
[ldap] looking for check items in directory...
rlm_ldap: sambaNtPassword -> NT-Password ==
0x3441313536383141373845384430414446424135364139373343343736374646
rlm_ldap: sambaLmPassword -> LM-Password ==
0x4446323634314431373041414432333739433530313441453437313841374545
[ldap] looking for reply items in directory...
WARNING: No "known good" password was found in LDAP. Are you sure that the
user is configured correctly?
[ldap] user fcanales authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing NT-Password from hex encoding
[pap] Normalizing LM-Password from hex encoding
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type mschapv2
rlm_eap_mschapv2: Issuing Challenge
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "249"
EAP-Message =
0x010900221a0109001d10cc9cc5bb2b5812cf48051342472ad3af6663616e616c6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab42e29bab4bf81ef23bc50dea94c334
[peap] Got tunneled reply RADIUS code 11
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "249"
EAP-Message =
0x010900221a0109001d10cc9cc5bb2b5812cf48051342472ad3af6663616e616c6573
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xab42e29bab4bf81ef23bc50dea94c334
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 119 to 10.32.2.81 port 32768
EAP-Message =
0x0109004b1900170301004075cf3c75c7a8311c01bc5581aac330e49586ce6e0001e8add345d7773aeeacba61b235c462fe0966e565d9e6279f111bf94fa3d8a4bff8a4ce82ab24d65f9c31
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xcb0bb3aacd02aab2864a9aacb255d323
Finished request 48.
Going to the next request
Waking up in 4.9 seconds.
*****************************************************
Thanks for all.
--
--
Silvero Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120425/4200c3a7/attachment.html>
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 84, Issue 96
************************************************