The passwords you've added are invalid. The debug message is telling you that.
Perhaps you could try posting WHAT you entered as LM-Password and NT-Password. Odds are you entered invalid ones. Because the debug message is telling you that they're invalid.
Here the attribute at LDAP server for user testing dn: uid=testing,ou=dialup,dc=zzz,dc=com dialupAccess: dialup gidNumber: 1000 uid: testing userPassword: Testing10 objectClass: posixGroup objectClass: radiusprofile objectClass: uidObject objectClass: top objectClass: sambaAccount radiusTunnelType: VLAN radiusTunnelMediumType: IEEE-802 cn: testing radiusServiceType: Framed-User radiusFramedProtocol: PPP rid: 1 radiusTunnelPrivateGroupId: 101 radiusCallingStationId: 00-16-36-5a-f1-e4 radiusLoginTime: WK0800-1800 lmPassword: Testing10 ntPassword: Testing10
You are making it difficult for anyone to help you. Giving out as little information as possible in every message is counter-productive.
Alan DeKok.
Sorry Alan, I don't intend to do that and make it difficult. it just usually people don't like a lot text show up and make them bored to read it, so I pick the message which I conclude have to do with the problem... I include all debug below... thanks for your help Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" EAP-Message = 0x0201000c0174657374696e67 Message-Authenticator = 0x58d7a85d7797a6a111db87923f69e24a server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 1 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 ++[checkval] returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 31800 ++[logintime] returns ok rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 31800 EAP-Message = 0x01020016041048440cae339c25dd9942d481c619058c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a7375571e0e26109302528641e5 Finished request 10. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a7375571e0e26109302528641e5 EAP-Message = 0x020200060319 Message-Authenticator = 0x2c169b4ad0f19c446a99e338e6b1a7c6 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 2 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound users: Matched entry DEFAULT at line 183 ++[files] returns ok ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-36-5a-f1-e4 ++[checkval] returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 31800 ++[logintime] returns ok rlm_pap: Found existing Auth-Type, not changing it. ++[pap] returns noop rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 ++[eap] returns handled } # server nispdot1x Framed-Compression = Van-Jacobson-TCP-IP Tunnel-Private-Group-Id:0 = "101" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN Framed-Protocol = PPP Service-Type = Framed-User Session-Timeout = 31800 EAP-Message = 0x010300061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737456030e26109302528641e5 Finished request 11. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737456030e26109302528641e5 EAP-Message = 0x0203005019800000004616030100410100003d030148b4bc69321696e0d1656dab694d3c387eff81c6eae128e69ac7f10a7e7ccf4700001600040005000a000900640062000300060013001200630100 Message-Authenticator = 0x3f0d589e8606511eced69d8ef80183c1 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 3 length 80 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 70 rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 085e], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0004], ServerHelloDone TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0104040019c0000008bb160301004a02000046030148b4b7efd619a7e04a0c6ed4869fb7366f65093d0a8b1dda8d4e857c85a7b61120ea4ccb554796cbb559177b4c8dc61620f99c3b5aea4153b4407df3b5b4e924ef000400160301085e0b00085a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d0101040500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d3126302406035504 EAP-Message = 0x03131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730335a170d3039303731303038353730335a307c310b3009060355040613024652310f300d0603550408130652616469757331153013060355040a130c4578616d706c6520496e632e312330210603550403131a4578616d706c65205365727665722043657274696669636174653120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100ec2f4b59fd990bb3aa49d2754c816072707ecf355f0c386b6912dcdad9ad EAP-Message = 0x4dac38aa26efc31d4f0834eb773d2382dd11765a00093fef9cabd38a9528553c78f8fb8dce9d78119e3ba62b123df0e536afeb3d5e11dda425031f69d89f7535aa322765c7918cc97b5c87bae4bd939f55caa83e664a985349eeffe852c0438d3953b0c42d84e1a27a05d265a1d531d72ce5dc8bc3177ca58e3e284021e07506f5e606f2a136ce62b3c9c4b996cfe4c5212bbd4191fcf6758585cab9002723100e5c7a582877fa12fc49dd779227d74b86e60fdfe97ecabec7d576ecdafd4a255abc15d81a18d661b5fce04d9a9c0f1dd014c0da3f81fd5704a9c71ec1b28d63caa70203010001a317301530130603551d25040c300a06082b06010505 EAP-Message = 0x070301300d06092a864886f70d010104050003820101007c56fcb65c607a6487b1638c1e0aabdc6b25cd21538c199683a80f6abc1151f472999eb4fe9731ccd215606c322ba3df94fa2fa3e6d0a6b47f7b1e76ed4e1ea6567f2bb9065e82cd2d99c581aed4714a25cf9fcadc663a9bbe05aafa373a170cd5407caa2e5acdbcbe36b3e993df82a361ff2998394b294e6dd07244fe47c8491747bac377f6f8df33db3685e334a9e1e8161f770c3ef43bcc15660babb211e09d81d3762fd5872641623685bfdc077a3052050597d04e9ccc531ea011f9f781aa8346e82cf00e0a7afe69efa933d8d451f9175e5a6632c4c85d2b3f15b5877419915b31ac0c EAP-Message = 0xe7889fcefb2540ca2a830a91 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737751030e26109302528641e5 Finished request 12. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737751030e26109302528641e5 EAP-Message = 0x020400061900 Message-Authenticator = 0xf9351f3ef43c261e4525ac5fcc925cf4 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 4 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010503fc194056c741a9eb20ed7a485e12951f700004ab308204a73082038fa00302010202090093f3d8f5226c7123300d06092a864886f70d0101050500308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f72697479301e170d3038303731303038353730325a170d3038303830393038353730325a308193310b30090603 EAP-Message = 0x55040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100be264c476f850b3652a81ebc52c29d062720c552587af2c8799dd527c6c455e325aa636d3fd44d8a87b61783f420519555022a51311c835ded6eccc8a175aa5cd8724b65684a8971b94159f46cfaf6 EAP-Message = 0xecc1e9bcd4c196db3141a69e42963b0255e7b4a61d85762a03540f40cfb27164208e93b4b8f06c49d6466dedb923617bb288381d6f54762f1999bea92963f24f3fe144ebf60832ff32302ae5d8260f5e852a74c20bec698380291837083b7a32796074c7d47a9eb731d9b377fa13ba88536a06fe11a4abea0a5a7d05d62292b4f7bb428f7f22ee14ce3a5304b6f8b35ed33cffdf5b594309a2a9c9a8d86dc9d18df87b2fe32a4463677240fffd26dbc2010203010001a381fb3081f8301d0603551d0e041604141f870249b94c6f4c4a51ba0b95def93a98e062dc3081c80603551d230481c03081bd80141f870249b94c6f4c4a51ba0b95def93a98e0 EAP-Message = 0x62dca18199a48196308193310b3009060355040613024652310f300d060355040813065261646975733112301006035504071309536f6d65776865726531153013060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520436572746966696361746520417574686f7269747982090093f3d8f5226c7123300c0603551d13040530030101ff300d06092a864886f70d010105050003820101004c0887dc9d3611832e3f55c592e3b45cf553d2207647285a275174d1bdce00b3b040ddcc5e9925bd1f8f1b6ca2d0bfe61da1 EAP-Message = 0x2f31d1264b04c5b4 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737650030e26109302528641e5 Finished request 13. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737650030e26109302528641e5 EAP-Message = 0x020500061900 Message-Authenticator = 0x24d837d72e911f142726c4409b12fed7 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 5 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010600d51900845e93ce9ffc5452e73f653e704f16f3a5687176926863d49558a742cb84f6aeb016521bf6b5b28bfa804c0aea2719ac3a3df6629264b273d9498374bb2b5716c95c2db2c5a64b857c7f07e6f84c629730b2aceb3dddf4d50d7d549da3b9d5e03639b6881d7f75a86afbf799407cacee9100d670506bf5084ffe2d7ef5ff9c8f6d4b586d7ec9dc16f5c67e84f1a1817faff565ffc1642463ff7fdb1ecc13e9f87b9ce19d4715a693750e56ad468a453462abce15950da8ad436016bbd394128e09c47accf10816030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737153030e26109302528641e5 Finished request 14. Going to the next request Waking up in 4.9 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737153030e26109302528641e5 EAP-Message = 0x02060140198000000136160301010610000102010002d08c548b39f5a1650d584bf14ac1e518356e120c783922bcf9df9a933daed8b0e907f51b68c726e0646fa1853881fefc8513fc965040a5c88b7c6721c2a5d922d17c13125f3bb2c773055f6ecb8b4ba2f6e6a9485c793403202f9c6fe4c1eae61f4d1cb18e72b7f79bdb6ce4a4dce106f9bccc5f2bcb5370f94352d9ebd3d6400501a6c34a5cf9f65347d8811931a3c4602f5a6e5567f23d0f52e6e9a762168522cd9f1fe2cad532d277931983b0467a0950e423435ddb2ea0d7d6871de475af79c0c0b6c92eef7c542270e2bbea150b24fff20a686678dad7982d6da8795013dae056f0f274ea EAP-Message = 0xd1bd6be8816c7e382ba7cb137963610e798319f717ef9f1d14030100010116030100205363f8669f0c24dae14fd4032f51f4cddf8de12776f47fd36d4c912257ae743e Message-Authenticator = 0x83aa0ed31684637820569d91822e4bad server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 6 length 253 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS TLS Length 310 rlm_eap_tls: Length Included eaptls_verify returned 11 rlm_eap_tls: <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange TLS_accept: SSLv3 read client key exchange A rlm_eap_tls: <<< TLS 1.0 ChangeCipherSpec [length 0001] rlm_eap_tls: <<< TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 read finished A rlm_eap_tls: >>> TLS 1.0 ChangeCipherSpec [length 0001] TLS_accept: SSLv3 write change cipher spec A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0010], Finished TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED ++[eap] returns handled } # server nispdot1x EAP-Message = 0x0107003119001403010001011603010020d2f96596f1dfeb4b5ae7f057995607cd56c714c9f3af6bdfaa2435ddcdfdab78 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737052030e26109302528641e5 Finished request 15. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737052030e26109302528641e5 EAP-Message = 0x020700061900 Message-Authenticator = 0x5cbbec25f9dbe7886341794f3576ac57 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 7 length 6 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 rlm_eap_peap: EAPTLS_SUCCESS ++[eap] returns handled } # server nispdot1x EAP-Message = 0x01080020190017030100156d77402b9a9913d65c34c0c79536a4de03a7df1329 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a73735d030e26109302528641e5 Finished request 16. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a73735d030e26109302528641e5 EAP-Message = 0x0208002319001703010018003d538073577b201151fcd903dc99247ce29173a24429f8 Message-Authenticator = 0x6393c4c01c39e8983c7fdd43a30beb37 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 8 length 35 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Identity - testing PEAP: Got tunneled identity of testing PEAP: Setting default EAP type for tunneled EAP session. PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 8 length 12 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 31800 ++[logintime] returns ok ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: Issuing Challenge ++[eap] returns handled PEAP: Got tunneled Access-Challenge ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010900381900170301002dd7a5a8ab029369cbd1ecf737adfc7a4b5daa00f6b7d7a4fcf01735dfbd3e97d4d5190063ef62a13161d21c55a9 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a73725c030e26109302528641e5 Finished request 17. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a73725c030e26109302528641e5 EAP-Message = 0x020900591900170301004efa95838288851040a38ab3cae8e1f63f3de78d4dfaca64200b7cc044c9f20834365ddacbba8de1a04bf2845841de0616ffbc4af1d8efa184d3e82bf74a763c007af32d4798d15eb721709526db37 Message-Authenticator = 0x7a29bad23e8ceed045dcc246a81ebad0 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 9 length 89 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 PEAP: Setting User-Name to testing +- entering group authorize ++[chap] returns noop ++[mschap] returns noop ++[unix] returns notfound rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop ++[control] returns noop rlm_eap: EAP packet type response id 9 length 66 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[files] returns noop ++- entering redundant-load-balance group redundant-load-balance rlm_ldap: - authorize rlm_ldap: performing user authorization for testing expand: (uid=%u) -> (uid=testing) expand: ou=dialup,dc=zzz,dc=com -> ou=dialup,dc=zzz,dc=com rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=dialup,dc=zzz,dc=com, with filter (uid=testing) rlm_ldap: checking if remote access for testing is allowed by uid rlm_ldap: Added User-Password = Testing10 in check items rlm_ldap: looking for check items in directory... rlm_ldap: LDAP attribute radiusLoginTime as RADIUS attribute Login-Time == "WK0800-1800" rlm_ldap: LDAP attribute ntPassword as RADIUS attribute NT-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute lmPassword as RADIUS attribute LM-Password == 0x54657374696e673130 rlm_ldap: LDAP attribute radiusCallingStationId as RADIUS attribute Calling-Station-Id == "00-16-36-5a-f1-e4" rlm_ldap: looking for reply items in directory... rlm_ldap: LDAP attribute radiusTunnelPrivateGroupId as RADIUS attribute Tunnel-Private-Group-Id:0 = "101" rlm_ldap: LDAP attribute radiusTunnelMediumType as RADIUS attribute Tunnel-Medium-Type:0 = IEEE-802 rlm_ldap: LDAP attribute radiusTunnelType as RADIUS attribute Tunnel-Type:0 = VLAN rlm_ldap: LDAP attribute radiusFramedProtocol as RADIUS attribute Framed-Protocol = PPP rlm_ldap: LDAP attribute radiusServiceType as RADIUS attribute Service-Type = Framed-User rlm_ldap: user testing authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 +++[ldap_instance10] returns ok ++- redundant-load-balance group redundant-load-balance returns ok ++[expiration] returns noop rlm_logintime: Checking Login-Time: 'WK0800-1800' rlm_logintime: timestr returned accept rlm_logintime: Session-Timeout set to: 31800 ++[logintime] returns ok ++[pap] returns noop WARNING: You set Proxy-To-Realm = LOCAL, but it is a LOCAL realm! Cancelling invalid proxy request. rad_check_password: Found Auth-Type EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 +- entering group MS-CHAP rlm_mschap: Invalid LM-Password rlm_mschap: Invalid NT-Password rlm_mschap: Told to do MS-CHAPv2 for testing with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect ++[mschap] returns reject rlm_eap: Freeing handler ++[eap] returns reject auth: Failed to validate the user. Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 0) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE ++[eap] returns handled } # server nispdot1x EAP-Message = 0x010a00261900170301001b8e6e9b2da2b0242bdec84613a3729556bf12c346e1b06abad199ce Message-Authenticator = 0x00000000000000000000000000000000 State = 0x75551a737d5f030e26109302528641e5 Finished request 18. Going to the next request Waking up in 4.8 seconds. Framed-MTU = 1480 NAS-IP-Address = 192.168.12.130 NAS-Identifier = "ProCurve Switch 2650" User-Name = "testing" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 1 NAS-Port-Type = Ethernet NAS-Port-Id = "1" Called-Station-Id = "00-1c-2e-73-85-00" Calling-Station-Id = "00-16-36-5a-f1-e4" Connect-Info = "CONNECT Ethernet 100Mbps Full duplex" Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" State = 0x75551a737d5f030e26109302528641e5 EAP-Message = 0x020a00261900170301001b4a5a2ad7687a0a23d75b1068550cf25a9f1406cf7602a4404724ce Message-Authenticator = 0x227edf666d3499a59a8b1aca9a727953 server nispdot1x { +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testing", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: EAP packet type response id 10 length 38 rlm_eap: Continuing tunnel setup. ++[eap] returns ok rad_check_password: Found Auth-Type EAP auth: type "EAP" +- entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Had sent TLV failure. User was rejected earlier in this session. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select ++[eap] returns invalid auth: Failed to validate the user. Login incorrect: [testing/<via Auth-Type = EAP>] (from client dotix port 1 cli 00-16-36-5a-f1-e4) } # server nispdot1x Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> testing attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 19 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 19 EAP-Message = 0x040a0004 Message-Authenticator = 0x00000000000000000000000000000000 Waking up in 3.8 seconds. Cleaning up request 10 ID 154 with timestamp +882 Cleaning up request 11 ID 155 with timestamp +882 Cleaning up request 12 ID 156 with timestamp +882 Cleaning up request 13 ID 157 with timestamp +882 Cleaning up request 14 ID 158 with timestamp +882 Cleaning up request 15 ID 159 with timestamp +882 Cleaning up request 16 ID 160 with timestamp +882 Cleaning up request 17 ID 161 with timestamp +882 Cleaning up request 18 ID 162 with timestamp +882 Waking up in 1.0 seconds. Cleaning up request 19 ID 163 with timestamp +882 Ready to process requests. -- DISCLAIMER: The contents of this email and attachments are confidential and may be subject to legal privilege. Any unauthorized use, copying, disclosure or communicating any part of it to others is strictly prohibited and may be unlawful. If you are not the intended recipient you must not use, copy, distribute or rely on this email and should please return it immediately to the sender or notify us and delete the email and any attachments from your system. We cannot accept liability for loss or damage resulting from computer viruses. The integrity of email across the Internet cannot be guaranteed and PT BANK NISP, Tbk. will not accept liability for any claims arising as a result of the use of this medium for transmissions by or to PT BANK NISP, Tbk.