Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=126, length=170 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x7a8fe2b86ba153d644c0e8379ca64f90 EAP-Message = 0x0202002101686f73742f4b50343130312e4841554e492e4b4f45524245522e4445 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 33 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=admin,o=hauni,c=de/nor3dep9 to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 0: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 126 to 149.242.64.104 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077bc4fd17091dc141e92ec8f9 Finished request 0. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=127, length=161 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x3341ae1b7ee021b778926308ee94aae0 EAP-Message = 0x02030006030d NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077bc4fd17091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 1: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP NAK [eap] EAP-NAK asked for EAP-Type/tls [eap] processing type tls [tls] Requiring client certificate [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 127 to 149.242.64.104 port 1645 EAP-Message = 0x010400060d20 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077ac3e917091dc141e92ec8f9 Finished request 1. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=128, length=273 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x1c2f602eb432d6205e1db5c6a85be809 EAP-Message = 0x020400760d800000006c1603010067010000630301527caac663052b07fe1011d67810ede3c2ac630c1807f5058553505d2827857e000018002f00350005000ac013c014c009c00a003200380013000401000022ff01000100000500050100000000000a0006000400170018000b0002010000230000 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077ac3e917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 118 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 2: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 108 [tls] Length Included [tls] eaptls_verify returned 11 [tls] (other): before/accept initialization [tls] TLS_accept: before/accept initialization [tls] <<< TLS 1.0 Handshake [length 0067], ClientHello [tls] TLS_accept: SSLv3 read client hello A [tls] >>> TLS 1.0 Handshake [length 0035], ServerHello [tls] TLS_accept: SSLv3 write server hello A [tls] >>> TLS 1.0 Handshake [length 0c30], Certificate [tls] TLS_accept: SSLv3 write certificate A [tls] >>> TLS 1.0 Handshake [length 000e], CertificateRequest [tls] TLS_accept: SSLv3 write certificate request A [tls] TLS_accept: SSLv3 flush data [tls] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 128 to 149.242.64.104 port 1645 EAP-Message = 0x010504000dc000000c821603010035020000310301527caac2a3561bcee06ca42df217168160497051e0532c10b3747341c37814d100002f000009ff01000100002300001603010c300b000c2c000c290005dc308205d8308203c0a003020102020121300d06092a864886f70d0101050500307a310b30090603550406130244453110300e060355040813074765726d616e79311e301c060355040a13154861756e69204d61736368696e656e626175204147311830160603550403130f4861756e6920526f6f742043412033311f301d06092a864886f70d01090116106e65746d616e406861756e692e636f6d301e170d3133303730343038303533 EAP-Message = 0x395a170d3233303730323038303533395a308187310b30090603550406130244453110300e060355040813074765726d616e793110300e0603550407130748616d62757267311e301c060355040a13154861756e69204d61736368696e656e62617520414731123010060355040b13094e65747a7765726b653120301e060355040313176b6c733032322e6861756e692e6b6f65726265722e646530820122300d06092a864886f70d01010105000382010f003082010a0282010100dcbcd2c9cbfb2984aea1e7b25af9344e0239ebcf8ee4c08ee2c731aa78a970339eeb8c63cd04c5a942862ac343ea69b524bf3dc95be0d25fd95a412ff66fdf025e EAP-Message = 0x7f35ece604760cb4c5ba7639821c176ed1f63ab69d66807727e55966d7612a7ad4cc4428599b62204ab0a88471c8681246357acac6c9f4a69e9f6c7d308b5ac657cc97e7dafe45206d50abc1065abdf92d105e527c31d3f2ccb7967d4471906d47da94c1a7df0e7e1f13b420d3dd2a810e109ad25b4978518203fe703383b11e9db877a4de42284cbf9030f00dcc9cb43465825cd5b5903274f33ff95228a1ca51074df59825f92989806e317b94da3ea1f6817dd0ec67c37b9754eaf42c5f0203010001a382015930820155301d0603551d0e0416041443497935d37e00aa56e1fc8741a6565d3c1b59be3081960603551d2304818e30818ba17ea47c EAP-Message = 0x307a310b30090603550406130244453110300e060355040813074765726d616e79311e301c060355040a13154861756e69204d61736368696e656e626175204147311830160603550403130f4861756e6920526f6f742043412033311f301d06092a864886f70d01090116106e65746d616e406861756e692e636f6d820900ab5e6b64f8413b2030090603551d120402300030390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e6861756e692e636f6d2f6861756e695f726f6f745f63615f332e63726c30090603551d1304023000301106096086480186f8420101040403020640300b0603551d0f0404030205a0302a060355 EAP-Message = 0x1d250423302106082b060105 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e40779c2e917091dc141e92ec8f9 Finished request 2. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=129, length=161 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x519d6fd35420aa6f7781958aa823a50d EAP-Message = 0x020500060d00 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e40779c2e917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 5 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 3: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 129 to 149.242.64.104 port 1645 EAP-Message = 0x010604000dc000000c820507030106096086480186f8420401060a2b0601040182370a0303300d06092a864886f70d010105050003820201002ae3e14b97b98982dc22a287ef94109d6fe141da4d26a4cad552c1c41088d4ecd053cf34c7bbcb417cf01fe7ccd7fe6e83dc0adbb6aef66c8ee5549bbf61241fb036fb830be8c0e66ef7b6a1b72b0bf63ee2fc33cbf2aa693472f54760ba4ec6ed37d910e586f0aca1ecfdf06872318bd0177d6e5d4dd8f53f4d20f14bf1d7e2bce213ee95bbfb35145d07ab619e8b10cac4cca227b3af371138b01fe8cc99d537aaba31e92884ef3da25a2fbde0969d568357e6c79e6c4691caa6797684415bdd4e7bb8 EAP-Message = 0x52814840ddd7316968e54a42c8d6e0ae5abe598e1fcc1a4fd6734b36f12a5dab048c078498dc8c6bc0e07e996583a3cc061474b002a1c40fad8d4e2c7681b6c93513a06cc0a5213de8718deb40bad12c578afd6e6b025e3c1384b34e1b467385d2d87ba7d834446052a1e1bf52d29ff202af34aa5566fb98daecd7d975d4682ab2fb1af88c93ad6f563dc743aa69546bb1450597215acfc7b8c045e7cd8c011b67a863147fc5f8a9fd5a0fea15ae8899566bf5fe0527b38ad27e38f93c2368a2891da330b1d8eebad814700f0e8c6a1fdc0fa9c6860581ec2c28a1686aac32dc153f10cf9312ba2dfedd739bef25dfdf41798db5ba7778a4dcd4ded2c3 EAP-Message = 0x0e5f362cfa99a5e003303aab747dabb20df619c022e89cf2045f7ea99348f582ac3a6bb04b39ec3d158e24b2c6ba42a91120777b72a49285db21622200ee84000647308206433082042ba003020102020900ab5e6b64f8413b20300d06092a864886f70d0101050500307a310b30090603550406130244453110300e060355040813074765726d616e79311e301c060355040a13154861756e69204d61736368696e656e626175204147311830160603550403130f4861756e6920526f6f742043412033311f301d06092a864886f70d01090116106e65746d616e406861756e692e636f6d301e170d3133303330343037343032315a170d3333303330 EAP-Message = 0x343037343032315a307a310b30090603550406130244453110300e060355040813074765726d616e79311e301c060355040a13154861756e69204d61736368696e656e626175204147311830160603550403130f4861756e6920526f6f742043412033311f301d06092a864886f70d01090116106e65746d616e406861756e692e636f6d30820222300d06092a864886f70d01010105000382020f003082020a0282020100bab453bdc588be3cf19272be14c6a0e6e493bc13929727ecd95e375f35335264f369c002dfc56b9cfd4629a8858a84f618b1a44e5a81b664c303c3e62addab8dcfbea93f5bac8ade8b4177aef3ef5719fa69aaff765e3164 EAP-Message = 0xa7a25d11f39503afe10f2a1f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e40778c1e917091dc141e92ec8f9 Finished request 3. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=130, length=161 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x05e24a3c3b37ee54788a2c2b2434dbb3 EAP-Message = 0x020600060d00 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e40778c1e917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 4: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 130 to 149.242.64.104 port 1645 EAP-Message = 0x010704000dc000000c82a839cd36da3b98220b365ee172565f6a69b756516bf3f24b01a2870542c2cdc5182004017dbb560cde01927d9dfa6cd3310ed5776e025e232cee7132c8e778bf97826fb99ec049d8060e694ca947780018372d710b35ecbd5852a6a25de7192488c2d1aee02fe12cb35fcba5f0e55258703d8d1e6f2f757fa9388e0927fe4f7e589148ebcf2405c02c34b5ad9ab842e5c0b971f3ccf731971dd75b3e2156428cb8f0f72858c4ea6d8c4a2a55530b6a16e06e0b222cd91fd019a87b299eb3c10c125e56054832fb721dad5014c78ea1942268a852c44cd3ef45b5111c5592c3d1c8653092eb38b89011fa8a0bf9847e7dc42ad8 EAP-Message = 0x14aff955015e8a74e4e2daf09a373d6d40bc4877e7996d88eff23805ca14eaafe029d42f3c937ea5ba172cbfef089bab95ba43978646ce2d844e45f57786842c54b0a6a97cc09ad8b2b88c98702c0f702ab41001fadb64dcc6d3b135cbcdf89299cf40df9864c4e697df9fb8fe5a9b8cef7ca0cf8819cf2d58b6e7ada4f1d4e6f2a368ea70c073169817010bbeeb7f771414439f760eaa1570e979dfd5d19766979f02c19e287267a70203010001a381cb3081c830120603551d130101ff040830060101ff020102300b0603551d0f04040302018630390603551d1f04323030302ea02ca02a8628687474703a2f2f63726c2e6861756e692e636f6d2f EAP-Message = 0x6861756e695f726f6f745f63615f332e63726c301106096086480186f8420101040403020007303706096086480186f8420104042a1628687474703a2f2f63726c2e6861756e692e636f6d2f6861756e695f726f6f745f63615f332e63726c301e06096086480186f842010d0411160f4861756e6920526f6f742043412033300d06092a864886f70d010105050003820201003e46862d44335f84a1093656a0202188cf7d36e15b6abf56d3af2311a7cb22d7da7dec114fa6ce1a4f6173b1df795d9f178f3d40d19bf7bd21004bdd5d51ed565593dc87c6a93e61c7df6780890fd52945331ae83354eb0445803a271c0d25429283ecda3815b3902c92 EAP-Message = 0x6ad6e63a553712476230d72a13ab8fc80528fa2587b4dac8ece61272df4c0f3654df9730d3c150d078e14899d4dcc74b50d19027fe4d0f68b0b2c770a1887187d007f0a2c2bcff2b00ed90c081ae691fd6cac21f98f4d1eec67b10afea6200eb607b46995163fdb626a7ec344ae0f0939e788c658a903c302144ea02373d1d1ac50179803beb715e0f2ea7071408370b2f86b25c8724397f2664d1ed0a0eca56357c332681c129b9c631afc5bcc6e943d7c9df81aa65fa26aa310454f0023caac1ac5e1c26beac758a996ab1d4565aabdd301c819f80d0dfb92f7fdd9441563f71bc75f8f28e18b30af932f95a125004d0441ecf37a4a49a6bd8d98cae EAP-Message = 0xb5c8fd4f33cbf761ec62775e Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077fc0e917091dc141e92ec8f9 Finished request 4. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=131, length=161 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0xf8c0e5829dba03b9fe90c15d3584574c EAP-Message = 0x020700060d00 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077fc0e917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 5: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake fragment handler [tls] eaptls_verify returned 1 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 131 to 149.242.64.104 port 1645 EAP-Message = 0x010800aa0d8000000c825c0c53e94486138bd3aec72ad57f9f1bd31549070a791bfd0ebf1fb95dcaae26be9f623f6b0fbe46ae4aa3176cc542c8aaff3aec2ebc83c7a6f30b64408133beb0ab55ea0b85ad5c823d6fc9a8bc6e49bf86acab05ce7144e0e40bcc353ebc795e53f0e002f512e30c753ed9f0ea3e07fbd0771093878bb6024f33eb7e461d5b0e5e6db4dcc1b7a635df2a69f3160301000e0d0000060301024000000e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077ecfe917091dc141e92ec8f9 Finished request 5. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=132, length=1657 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0xceab2eafbb3b27fcacfd6395a32897a9 EAP-Message = 0x020805d40dc000000df21603010db20b000ba2000b9f0005743082057030820358a003020102020a1a7382aa00000000443b300d06092a864886f70d01010505003041311e301c060355040a13154861756e69204d61736368696e656e626175204147311f301d060355040313164b6f657262657220436f6d7075746572204341204931301e170d3133313130353038303833385a170d3134313130353038303833385a300030820122300d06092a864886f70d01010105000382010f003082010a0282010100cc43bd60ccc95d9af100a1fa5ac9c5cec1d7d359373a31a068e47a4d3faf4a83c6d9cdb58056d714931ca79a0bc2f2bc15d9591406e0 EAP-Message = 0x9618ed51eb38210be954005b25be60e7f4ab4cb0e800a2474b8340963a7d4fdb660989a7ae2d47b1afeb35867b515873fae956bed4435f7f9b0a860e8d59dbcf3d5979d8112d5fd7265f3f5fca3d751421e76fb1f4d82855b0dc30a235df5af97bff0f0f2f72966dbec005fe455a7467f585dc78c76fc709bb8a9e6b20f5ce0366a728bd0ed84133ca2c2f776a3411b16ca7995461351685c7164c66c5f6846553846d892a4bffdd167ed238dfaa3587da7cf81f421203ab61aaa60985ac51c2ea2183088642919e88cf0203010001a38201a9308201a5303e06092b06010401823715070431302f06272b0601040182371508849aaf1c84ffe26c87e9 EAP-Message = 0x9b2d8592c37c87f7e66a81748382b00983fbe738020164020104301d0603551d250416301406082b0601050507030106082b06010505070302300b0603551d0f0404030205a0302706092b060104018237150a041a3018300a06082b06010505070301300a06082b06010505070302301d0603551d0e04160414183bcbf7736d6fe0fbdf51f3b31079fdff041a15301f0603551d23041830168014257ff963f87a736aa59358b5c653364ea14289ec304d0603551d1f044630443042a040a03e863c687474703a2f2f77696e63612e6b6f65726265722e64652f706b692f4b6f6572626572253230436f6d7075746572253230434125323049312e6372 EAP-Message = 0x6c305806082b06010505070101044c304a304806082b06010505073002863c687474703a2f2f77696e63612e6b6f65726265722e64652f706b692f4b6f6572626572253230436f6d7075746572253230434125323049312e63727430250603551d110101ff041b301982174b50343130312e4841554e492e4b4f45524245522e4445300d06092a864886f70d01010505000382020100397e8da0bc788c35c92deccb4930958651f6d7e1d3b4e6d20ce1a2e318748971ac147ac054a122d98e86c30567c37486eddbce6684fa11a07c89d4da1dd5a1f896a9f3de5e0bcbbf1c54ca59fdca6f3340a35841becd28af675151820aeaaac5acf023c4dbcabb EAP-Message = 0x187d59d2136826e148126810680bc6006f691195cbcd26c95d475d37cc903558cf3f6657d5f2dc003f915fb58f5eeafb5df896e55db549fd7be01777b0519cae3e40a8637daf587224afb6dbe196e4dcf95325a5f4f87ab7f9e7d36ae6e63f3dee59319d30208f9f0d2e3da7a2570415c5e73980d6e890efe1a93ff00003312da4e918fe4a0f69414922421ce28254c5aabf30862f984df3d0d39b3d571d8e005b5b956d876ba7b49ccc2003842bb8e4b7265f5abf92586680c92b36c3f4697b79c068cdb56fa1ca5c0c23a07de0d268ffb41b526b86981c226f613f51567041295d6f5491761d09302f61adecefde00029c185df7a9f43bf36f84bb0e EAP-Message = 0x4e9a14948bb25d3b5239f1c67cf7a4d194da37b37f300e84b79721faad79bf8a01a682ca934640d709aa6382f0f7bab164c492b67cd4d9dc43676e158d01b06a246dd09c0f42000396477c3c5e3c0394df0165af325d1ae70a10e2975c899d1fee36bbd08ccbba8662710e74ca042f333c0e9761da0094eb7acf8736321b0902f3161ead10d2124627763dd4d664ec51029c1fedbe5f40f6121f75bf0006253082062130820409a003020102020a611d4161000000000002300d06092a864886f70d01010505003038311e301c060355040a13154861756e69204d61736368696e656e NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077ecfe917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 253 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 6: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS TLS Length 3570 [tls] Received EAP-TLS First Fragment of the message [tls] eaptls_verify returned 9 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 132 to 149.242.64.104 port 1645 EAP-Message = 0x010900060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077dcee917091dc141e92ec8f9 Finished request 6. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=133, length=1657 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x277e0f69606096f237a084982727bb74 EAP-Message = 0x020905d40d40626175204147311630140603550403130d4b6f6572626572204341205232301e170d3132313132333130303435335a170d3332313132333130303635355a3041311e301c060355040a13154861756e69204d61736368696e656e626175204147311f301d060355040313164b6f657262657220436f6d707574657220434120493130820222300d06092a864886f70d01010105000382020f003082020a0282020100e91f7b6aa87c5208e1d55181ee0bcee8a95b19e2a16465027cdc1d55cbd774c61dc5502ee4dabdc302a86f3d61d712fc33f68f7c6bbaa478c3334fde54b89872cfca95224785bfefab50559207c43b3516b57b8e55 EAP-Message = 0xabc4d2d99b8f8eeaf3188776ec667865c578457a5b21dcc808e9b3c64340466bb752e33e694546c8d3707d08b0d7e2172b975fb3415255778711034ca840286a840cc9bb28178e67a56238269a96653114e54532f61cbc98e12a8138451d910131b24193780ae632e46552b5e13425cc1824aa6a05ca9da0caa1e321959e63b46fb4dddbe76c24453b08890b6741fe1ab724ac5a9167d3beafe8864bd6618cf5d4f19e3df830c62e9b057ade3a176f145fe70cc72b5011ada1f2d343c818f2b1d3b74b6b21da2ac70164a3e61cd0d4d04432e27b0fce6d972ad46bb12d4f9c61bb06eea9e47a72ffba4ee5dd70e46b4b96ba1a14b9457dd1d9742767d5 EAP-Message = 0xbe2d8dc998a83c4a2504ec732e60a7b0a0bddc74aedf222c9f7a831f66bb21a0c92f28521798fb291d306a668beb14c3161f3bda4aa737ed1bd31f1fa9a28160896b5562f11189f27c0dca0019d6140853366f7d92eb603906d51b6b3a3f99e04421d0542ea738f84c379713ab09319a23b9d0a3e63220a9cfe6919ebac17675a8ac9c49683c82d9d262e68ac38bb53c0c5fa6867f840d6c4b4e05b81c794391d2f6b73efd259782f8287d90a44b0203010001a38201223082011e301006092b06010401823715010403020100301d0603551d0e04160414257ff963f87a736aa59358b5c653364ea14289ec301906092b0601040182371402040c1e0a EAP-Message = 0x00530075006200430041300b0603551d0f040403020186300f0603551d130101ff040530030101ff301f0603551d23041830168014670dad7e4f57839e8706f639b6f594536598931e30420603551d1f043b30393037a035a0338631687474703a2f2f77696e63612e6b6f65726265722e64652f706b692f4b6f6572626572253230434125323052322e63726c304d06082b060105050701010441303f303d06082b060105050730028631687474703a2f2f77696e63612e6b6f65726265722e64652f706b692f4b6f6572626572253230434125323052322e637274300d06092a864886f70d010105050003820201001afeabb0441cef1192a7950638 EAP-Message = 0xa8906ce1c1023759f168b0619ca573fe37b78211ec48a82a64901ea721605cb4ca945edd5471d2586b2c23df7f430ee5a2d5b1ac59cf2cb5db1d0eaf6ac3f5492dc10ec913637a87c79956de72836539294acfb6fcb76ac77127e294981213fdef713a19657731aad743f49cb7df70eac81e45343bfabc4b6850be3045df50515112b40d19b6af5f08d1b3a917115d99acda6ef5d57d393e26f84dbf33baf28e9f05f37bad23dde09bb6e27b92b3518fcee3c3511e87d29f1e82854a276cec0a4a535602a7221e8e6c9ef27f7d04af7fe84786327147f7a0285f8fecca980ef37731985e2a08019b913ed83a6f2cab3b35688bce285cf19bac6f2eded4 EAP-Message = 0x26c842b104d64f56a6876cb8b1739de60f9579a2ceb2979d08c7b0654379d22ad5cd29958b7cca2e23f599f5b24deeee8a13b888785646a910db391d699f04ac1bb6c9d0733f46d475184268465c24d2faeab28794af7078c44cb5c49831f31fb104d967d8b03d27cfdc7e1f2890f4a76e85f75a2c7bc00605b1c96558c945aec2843264a6ec5987b87a333d824bfa22f015782ef40b8888ad78a7723b3737389b26230e84c24287f33d57cdee8ca40bc15f8d011d52a278530129229d9a0eddcbfee676edb75850324219c206737023890fb0cf134123eeb885eb5dd78ece8a75760e NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077dcee917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 253 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 7: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] More fragments to follow [tls] eaptls_verify returned 10 [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 133 to 149.242.64.104 port 1645 EAP-Message = 0x010a00060d00 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e4077ccde917091dc141e92ec8f9 Finished request 7. Going to the next request Waking up in 0.3 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=134, length=767 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0xaf448f91c97c5e142a6f101e660cc405 EAP-Message = 0x020a02600d00d83201112cf75216ed19dd84f0407da5b16bcc100001020100d193910c38e79a6795f4fbb2022699f5b6e57645b1be69d89abb963f0f0b4e275286621f955b8f26a915fac0e3a044759fa4f016466666a93f9c0098abbccc3f956a9c5d7236e55c87cade67ae80aafb7ed39554a3d65521a2d9d7e99b073bdc921a31fe5d735ff63867cacda12c539e84f32ff4a2e35473808fd79bc3bfd6a3f9327352595174857010e54cd7dbd86ca948e5a97bb85296cbc2ad03001dfd419d58989f4574b9b482dff565b671b0618b843e0f17e128cbe07ad99d405236915978d4e2d2cc372cfe9eb4b8d6d30374af68d111e2a2b5cabc6799e3b2f5 EAP-Message = 0xc7de9696db9fee2983a505272cff1f96a86e6dcb9d633c2fe9cee412bb35d20927a50f00010201005ee5b40a610c5a73cb982461d85d7547833175bf4f6b1c172de849845e20fd9d21aa58424a110d84cc8f131bd17c37e182bb9bf137ddb7e26254ab439a30f7782f7a8d5032fb3e36d10f1237db55ec65e3efdfdbe49dddb25a082f540935a9fe405f5f0c6a48b536d2d15e2ce0f0aa51b1c06693adc9da931f125016658e8c61f2ab38b4820fd7c1c32ea6a099d937f1b399baf75d30c7a2bd4b8a7889f374ebf0913f95fb7ee71366c365496966b00378f99ec818f734b2797e7d75a9e7b0348835a29a15ee38decab162f78b38f339c034d591de EAP-Message = 0x6cdd4cbd2e015d91ba1dc2f2f22e3ff6417287add9d7b0c3d2cd5f99b54fdbc71278c340bd8b8d55f27abf140301000101160301003007d8e6a9e3b820acfd31ce57108450926a3bd9207142b9e29dc941d813b3fad116aa1a3213e127a6e8bb1b5eeae3a2bf NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e4077ccde917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 10 length 253 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 8: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] eaptls_verify returned 7 [tls] Done initial handshake [tls] <<< TLS 1.0 Handshake [length 0ba6], Certificate [tls] chain-depth=2, [tls] error=0 [tls] --> User-Name = host/KP4101.HAUNI.KOERBER.DE [tls] --> BUF-Name = Koerber CA R2 [tls] --> subject = /O=Hauni Maschinenbau AG/CN=Koerber CA R2 [tls] --> issuer = /O=Hauni Maschinenbau AG/CN=Koerber CA R2 [tls] --> verify return:1 [tls] chain-depth=1, [tls] error=0 [tls] --> User-Name = host/KP4101.HAUNI.KOERBER.DE [tls] --> BUF-Name = Koerber Computer CA I1 [tls] --> subject = /O=Hauni Maschinenbau AG/CN=Koerber Computer CA I1 [tls] --> issuer = /O=Hauni Maschinenbau AG/CN=Koerber CA R2 [tls] --> verify return:1 [tls] chain-depth=0, [tls] error=0 [tls] --> User-Name = host/KP4101.HAUNI.KOERBER.DE [tls] --> BUF-Name = Koerber Computer CA I1 [tls] --> subject = [tls] --> issuer = /O=Hauni Maschinenbau AG/CN=Koerber Computer CA I1 [tls] --> verify return:1 [tls] TLS_accept: SSLv3 read client certificate A [tls] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [tls] TLS_accept: SSLv3 read client key exchange A [tls] <<< TLS 1.0 Handshake [length 0106], CertificateVerify [tls] TLS_accept: SSLv3 read certificate verify A [tls] <<< TLS 1.0 ChangeCipherSpec [length 0001] [tls] <<< TLS 1.0 Handshake [length 0010], Finished [tls] TLS_accept: SSLv3 read finished A [tls] >>> TLS 1.0 Handshake [length 061a]??? [tls] TLS_accept: SSLv3 write session ticket A [tls] >>> TLS 1.0 ChangeCipherSpec [length 0001] [tls] TLS_accept: SSLv3 write change cipher spec A [tls] >>> TLS 1.0 Handshake [length 0010], Finished [tls] TLS_accept: SSLv3 write finished A [tls] TLS_accept: SSLv3 flush data [tls] (other): SSL negotiation finished successfully SSL Connection Established [tls] eaptls_process returned 13 ++[eap] returns handled Sending Access-Challenge of id 134 to 149.242.64.104 port 1645 EAP-Message = 0x010b04000dc00000065a160301061a04000616000000000610781c5e02c34e40a43c122097ed0af33ff885058ed587e3c35d0391ca5bab1ffc3ff93495fa4a3688f5511868bc55d6c82425ae4a2235bf05bc66a4a4607c87aac1d978a825f8c5ab2d664756b91d8a60d6e6f8d6f9dfe96e8ef937ecd229c79e787261aab6f82823e29ade5d1d9c68264a885a20aab7ee2fed46add00fc2b247dd61eb7e5f778427d850e61dab29b2957fe4a5026fe7517698fffcae5175e8cb2a3928dff6c66162ff15881b2c3491a6a3fa1a49ef6c490bb775930aaa60a1d0e131133a973cdb2343873bc1c112c2fc80422f828697fd96c48d093c995cb06996db7cf3 EAP-Message = 0xf05cd528f34559e197495159100fbae6a54f601b725893a721fd62444b8b1b38c67b3cbd6acec460050da69ee91c13f82766f06c19981c417559c53fd782d32f331b6ba6ba820c3afed3d92ca52c5e70b7525371cbcd35409aef909d12d83e7d2b01f97a6b80d9ff5efe18d1bfc36ca963ab260097a7a127318b514b5a887b2425abd9cc7572779d4a7e20c4eb76e2b854ccdc6b1b0e83182e8bfcb85c49c836b37a6fa375b7c7d39c8c8c24fab849bbcaf4be30f55725b7a03d6cb698b995928af67f9ac9927849908f1f8fdf241e0f9bd2f4346a58f4e93999aafcaf816f8ba3184c390a864c24470306acb0aa7338fa9262e44d275d2006c6806664 EAP-Message = 0x14b8ead002315a10871bda48fa1e6007f80128ef3e825f1737450ed96b300b8e62cc90ae0ef11a2cc7322fd28ac798e30a67855391fa1e76cb56d6741730116de707d5194d52be76882177d60c0e9bbe00bfe98f24a4d169d2e5561d39fa795b40e711260070b620c0e54a60918863e61174b2b484b0754f22f22c1ebe8d2ac12a0993bc7a2a8cdf0b55f16eae81bc8338087aee1921b5cbeca60068760e8741e33e7701676f9b9a7f595f8073b62d2cee48209211149f9714fa55d8f16e6de8fa0cfcaf5dc6e08df3785664e5aeb0e4f8fd6daa318c1e8a2af6d39e9acba6f735441937e74447131301b4cd4d7f0bffbc617cf341145b6810366f7c20 EAP-Message = 0xf0338b7812999c48ec468af0ee884b7d2b9a1e4dd9099ba029345cda2cdc58b8f30a56462e84207a82a3654e0082aada35532a3d2cd250323f0f57f5c0b126cdb3d70e02f07933b987670a3665c3ef82404f16e85bafca46ce2a59979828af6d1fd0aaba255823b5952c83af292a0fc70392c008837576e8fbae2351ae65e3eef224bf6d498e5645916f1c7aaaf44faf7327d69d066648606d15acb16c800a6950e80421c52dc370958a7f1fb7c0841409bc08b9052fa9283c2d638739bebb0fbd0e0c51415a9b6d4833d4badb38b6b4fb28283575be6e326daacad249497910e27707018b1c254eb231648a3c7b5678d2ed3bbd16b3f3f7fecd958fd7 EAP-Message = 0xb11213314d0b3fe82a21d759 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7bc7e40773cce917091dc141e92ec8f9 Finished request 8. Going to the next request Waking up in 0.2 seconds. rad_recv: Access-Request packet from host 149.242.64.104 port 1645, id=135, length=161 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Framed-MTU = 1400 Called-Station-Id = "ccd5.394a.3941" Calling-Station-Id = "0c8b.fd9a.c0ae" Service-Type = Login-User Message-Authenticator = 0x64867eac10afb8609f0ff18e9f03b556 EAP-Message = 0x020b00060d00 NAS-Port-Type = Wireless-802.11 NAS-Port = 270 NAS-Port-Id = "270" State = 0x7bc7e40773cce917091dc141e92ec8f9 NAS-IP-Address = 149.242.64.104 +- entering group authorize {...} ++[preprocess] returns ok ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "host/KP4101.HAUNI.KOERBER.DE", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 11 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++? if (NAS-Port-Type == Wireless-802.11) ? Evaluating (NAS-Port-Type == Wireless-802.11) -> TRUE ++? if (NAS-Port-Type == Wireless-802.11) -> TRUE ++- entering if (NAS-Port-Type == Wireless-802.11) {...} [ldap_wireless] performing user authorization for host/KP4101.HAUNI.KOERBER.DE [ldap_wireless] expand: (&(hauniUid=%u)(hauniStatus=enabled)) -> (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) [ldap_wireless] expand: o=hauni,c=de -> o=hauni,c=de rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in o=hauni,c=de, with filter (&(hauniUid=host/KP4101.HAUNI.KOERBER.DE)(hauniStatus=enabled)) rlm_ldap: object not found or got ambiguous search result [ldap_wireless] search failed rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_wireless] returns notfound ++- if (NAS-Port-Type == Wireless-802.11) returns notfound ++ ... skipping else for request 9: Preceding "if" was taken ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/tls [eap] processing type tls [tls] Authenticate [tls] processing EAP-TLS [tls] Received TLS ACK [tls] ACK handshake is finished [tls] eaptls_verify returned 3 [tls] eaptls_process returned 3 [tls] Adding user data to cached session [eap] Freeing handler ++[eap] returns ok Login OK: [host/KP4101.HAUNI.KOERBER.DE] (from client kc1029 port 270 cli 0c8b.fd9a.c0ae) +- entering group post-auth {...} ++? if (NAS-Port-Type == Ethernet) ? Evaluating (NAS-Port-Type == Ethernet) -> FALSE ++? if (NAS-Port-Type == Ethernet) -> FALSE ++[exec] returns noop Sending Access-Accept of id 135 to 149.242.64.104 port 1645 MS-MPPE-Recv-Key = 0xcad2df297c4764fba9832cf929fcaeba9a0d0c1275f520fad8abf68e3a2b1f1f MS-MPPE-Send-Key = 0xd81ea68c17e942643a06bcf55ffba2772253d3f8e27d7cf7a29b2bd24425c75f EAP-Message = 0x030b0004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "host/KP4101.HAUNI.KOERBER.DE" Finished request 9. Going to the next request Waking up in 0.2 seconds.