I upgraded my radius server from: radiusd: FreeRADIUS Version 1.0.4, for host , built on Aug 30 2005 at 20:59:48 to: radiusd: FreeRADIUS Version 1.1.2, for host , built on Sep 4 2006 at 19:15:42 in order to allow plain-text passwords to correctly work from a wifi client connecting to a cisco aeronet 1200 server which then connects to a raidus server which uses a ldap database as the user database. The ldap server has sha1 and crypt passwords, generally, though it might have others I suppose.. Till the upgrade, I had to include the already encrypted password (with leading {crypt} or {ssha}) as the password on the client. Meaning, for one, that whenever a user changed their password through some means or another, they have to get ahold of the "encrypted" version of their password from the LDAP database and use that for their wireless connections. Unpleasant. I read about auto_header and it implied that by upgrading, I could get the whole thing to use unecrypted passwords (which would be generally simpler for our users) instead. This failed to work. Something mis-configured, or possibly not doable?! Here is a dump of radiusd -X with the new server. Can anyone out there point out what I might be doing wrong? [root@ldap raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "radius" main: group = "radius" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded Pam pam: pam_auth = "radiusd" Module: Instantiated pam (pam) Module: Loaded LDAP ldap: server = "ldapsvr.laszlosystems.com" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=Manager,dc=laszlosystems,dc=com" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "BLABLABLA" ldap: basedn = "ou=Users,dc=laszlosystems,dc=com" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "(null)" ldap: groupname_attribute = "cn" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member= %{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=% {Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling- Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed- Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX- Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination- Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed- AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed- AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed- AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x814ca58 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/root/certs/radius/radius.pem" tls: certificate_file = "/root/certs/radius/radius.pem" tls: CA_file = "/root/certs/cacert.pem" tls: private_key_password = "" tls: dh_file = "/dev/urandom" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = "mschapv2" peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/ detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.43.106:1645, id=35, length=149 User-Name = "USER" Framed-MTU = 1400 Called-Station-Id = "0014.a9c8.0fb0" Calling-Station-Id = "0016.cbb6.57b8" Service-Type = Login-User Message-Authenticator = 0x26548df1f8773d5573d3135259bb61b3 EAP-Message = 0x0201000b01796f73736965 NAS-Port-Type = Wireless-802.11 NAS-Port = 86989 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "sap.corp.laszlosystems.com" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "USER", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for USER radius_xlat: '(uid=USER)' radius_xlat: 'ou=Users,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldapsvr.laszlosystems.com:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=laszlosystems,dc=com/BLABLABLA to ldapsvr.laszlosystems.com:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=Users,dc=laszlosystems,dc=com, with filter (uid=USER) rlm_ldap: Added password {CRYPT}5usNgubjIO.a6 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user USER authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 modcall: leaving group authorize (returns updated) for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module "eap" returns handled for request 0 modcall: leaving group authenticate (returns handled) for request 0 Sending Access-Challenge of id 35 to 192.168.43.106 port 1645 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc34a408a2719251ce766568b5a651faa Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.43.106:1645, id=36, length=274 User-Name = "USER" Framed-MTU = 1400 Called-Station-Id = "0014.a9c8.0fb0" Calling-Station-Id = "0016.cbb6.57b8" Service-Type = Login-User Message-Authenticator = 0x3c9c0bb79649d42bfcd316d2601a3388 EAP-Message = 0x0202007619800000006c16030100670100006303014580701290d45534981ee5030abe 6a55a1ad975159e9165682aff24760b663a900003c002f000500040035000aff830009ff 82000300080006ff8000320033003400380039003a001600150014001300120011001800 1b001a0017001900010100 NAS-Port-Type = Wireless-802.11 NAS-Port = 86989 State = 0xc34a408a2719251ce766568b5a651faa NAS-IP-Address = 192.168.43.106 NAS-Identifier = "sap.corp.laszlosystems.com" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "USER", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 rlm_eap: EAP packet type response id 2 length 118 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 1 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for USER radius_xlat: '(uid=USER)' radius_xlat: 'ou=Users,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=laszlosystems,dc=com, with filter (uid=USER) rlm_ldap: Added password {CRYPT}5usNgubjIO.a6 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user USER authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: leaving group authorize (returns updated) for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization TLS_accept: SSLv3 read client hello A TLS_accept: SSLv3 write server hello A TLS_accept: SSLv3 write certificate A TLS_accept: SSLv3 write key exchange A TLS_accept: SSLv3 write server done A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 1 modcall: leaving group authenticate (returns handled) for request 1 Sending Access-Challenge of id 36 to 192.168.43.106 port 1645 EAP-Message = 0x0103040a19c00000050e160301004a020000460301458070136670a1aa6cfa4b9eeb63 489ca646be0d1040865696f3574af5e569b420710919b71889fb546feb7b16d8285c5992 a8ee99e9937f532ba5d9908fa036c2002f0016030103df0b0003db0003d80003d5308203 d13082033aa003020102020900fdc2cdc7f040b46f300d06092a864886f70d0101050500 3081a2310b3009060355040613025553311330110603550408130a43616c69666f726e69 61311230100603550407130953616e204d6174656f311d301b060355040a13144c61737a 6c6f2053797374656d732c20496e632e311e301c060355040313157777772e6c61737a6c 6f73 EAP-Message = 0x797374656d732e636f6d312b302906092a864886f70d010901161c686f73746d617374 6572406c61737a6c6f73797374656d732e636f6d301e170d303630333330323031323535 5a170d3136303332373230313235355a3081a2310b300906035504061302555331133011 0603550408130a43616c69666f726e6961311230100603550407130953616e204d617465 6f311d301b060355040a13144c61737a6c6f2053797374656d732c20496e632e311e301c 060355040313157777772e6c61737a6c6f73797374656d732e636f6d312b302906092a86 4886f70d010901161c686f73746d6173746572406c61737a6c6f73797374656d732e636f 6d30 EAP-Message = 0x819f300d06092a864886f70d010101050003818d0030818902818100ac77f58ce8d3f7 50c365cbbee96d0cf029320205665568c54f085f5e112655c942866ad5ed7f37d907bc25 44b1e896408637ba8fb45a2d5d7b8a63be2815b6b39f47449b6acf898c7fe38cce5ed6b9 3d07e7bae4029af7134100a7bf698adf307a76d3481f79efe20e4441785af40b79cd950f 1bbec8ae200ed720ecc9ade98b0203010001a382010b30820107301d0603551d0e041604 14aa891b0ba86793b9a1fd0bcf37ee7c236d882e763081d70603551d230481cf3081cc80 14aa891b0ba86793b9a1fd0bcf37ee7c236d882e76a181a8a481a53081a2310b30090603 5504 EAP-Message = 0x0613025553311330110603550408130a43616c69666f726e6961311230100603550407 130953616e204d6174656f311d301b060355040a13144c61737a6c6f2053797374656d73 2c20496e632e311e301c060355040313157777772e6c61737a6c6f73797374656d732e63 6f6d312b302906092a864886f70d010901161c686f73746d6173746572406c61737a6c6f 73797374656d732e636f6d820900fdc2cdc7f040b46f300c0603551d13040530030101ff 300d06092a864886f70d0101050500038181005b3c5f4cfa5b80295ea44a03a9be591ad8 e25b84cb575221f5d76919c3e1ebb8c1799ab541007ec330c894d3e9075b677354d8a87c 3538 EAP-Message = 0xa5b99054a95b3291d49a51daa034dcfde45976d2ba3c Message-Authenticator = 0x00000000000000000000000000000000 State = 0x2cb14e41f488e26f81eeb69b9e567a75 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.43.106:1645, id=37, length=162 User-Name = "USER" Framed-MTU = 1400 Called-Station-Id = "0014.a9c8.0fb0" Calling-Station-Id = "0016.cbb6.57b8" Service-Type = Login-User Message-Authenticator = 0x096aa9e5788065b00b968a559f45e98a EAP-Message = 0x020300061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 86989 State = 0x2cb14e41f488e26f81eeb69b9e567a75 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "sap.corp.laszlosystems.com" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "USER", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 2 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for USER radius_xlat: '(uid=USER)' radius_xlat: 'ou=Users,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=laszlosystems,dc=com, with filter (uid=USER) rlm_ldap: Added password {CRYPT}5usNgubjIO.a6 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user USER authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: leaving group authorize (returns updated) for request 2 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: No SSL info available. Waiting for more SSL data. eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 2 modcall: leaving group authenticate (returns handled) for request 2 Sending Access-Challenge of id 37 to 192.168.43.106 port 1645 EAP-Message = 0x0104011419009ead4a5bf9d452169c87f2be565a0186ac58bbf95540621769262dcdc6 c7182ff81b6bfa54594a884aaf76e4c044516a7166ad16030100cd0c0000c90040b7e93c 442c0eaee440ff11ca0a3581bb62f81fd375aaa531388cba47fc654eafedb008e32236ef 2783b4787bfa5d4f42c79bab8e0e863da4733ea8d8effe79f10003010001008060b4d1b8 9e51ebf5bf8851d9d1afc922225062d061b45bd84d96dba3bb0a02558f4f30a7251f5d71 98ea2f75daa6b8e538160f640691299c09044f6b9ef8a3f7e51a443c172250896520a455 87e97e4845cfe347f4eb0ef6c2ebd3ee1a818e8b9454add459d5b70bb3f8d430b6032c54 11e9 EAP-Message = 0x649ba0a7ef359445ef91a32ad5ec16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x6ec2482e58dbe98f951f51ff52dabd8e Finished request 2 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.43.106:1645, id=38, length=300 User-Name = "USER" Framed-MTU = 1400 Called-Station-Id = "0014.a9c8.0fb0" Calling-Station-Id = "0016.cbb6.57b8" Service-Type = Login-User Message-Authenticator = 0xa937d2ea590e079a9f29bd6c57e229aa EAP-Message = 0x020400901980000000861603010046100000420040673dea3b73c8612479a8558d548f ebf33e7745322aeeda666059501b5302eaf7f583c81378cc3af6a84db6a53a49b4ddf656 895f16fcbe85861cf0ca8cb46dc51403010001011603010030ec4cf04e18a0c2e82aa207 19a9b3b35b0d477dfe1d72239d9b4d16c425001c4cc989e7727c544515767f080ec08844 67 NAS-Port-Type = Wireless-802.11 NAS-Port = 86989 State = 0x6ec2482e58dbe98f951f51ff52dabd8e NAS-IP-Address = 192.168.43.106 NAS-Identifier = "sap.corp.laszlosystems.com" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "USER", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: EAP packet type response id 4 length 144 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 3 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for USER radius_xlat: '(uid=USER)' radius_xlat: 'ou=Users,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=laszlosystems,dc=com, with filter (uid=USER) rlm_ldap: Added password {CRYPT}5usNgubjIO.a6 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user USER authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 TLS_accept: SSLv3 read client key exchange A TLS_accept: SSLv3 read finished A TLS_accept: SSLv3 write change cipher spec A TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully rlm_eap: SSL error error:00000000:lib(0):func(0):reason(0) SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 3 modcall: leaving group authenticate (returns handled) for request 3 Sending Access-Challenge of id 38 to 192.168.43.106 port 1645 EAP-Message = 0x0105004119001403010001011603010030de7f717fb19dec3b50cadbb53ba7e83658e6 ca8f6486c1774e5cc72dd8ae013b260425d5727fa05321ddb95bcbdd9e50 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x4da94ec3a8dbc38413ea566eefab8e73 Finished request 3 Going to the next request Waking up in 5 seconds... rad_recv: Access-Request packet from host 192.168.43.106:1645, id=39, length=162 User-Name = "USER" Framed-MTU = 1400 Called-Station-Id = "0014.a9c8.0fb0" Calling-Station-Id = "0016.cbb6.57b8" Service-Type = Login-User Message-Authenticator = 0x923fff95497858a00c2970c88b80147a EAP-Message = 0x020500061900 NAS-Port-Type = Wireless-802.11 NAS-Port = 86989 State = 0x4da94ec3a8dbc38413ea566eefab8e73 NAS-IP-Address = 192.168.43.106 NAS-Identifier = "sap.corp.laszlosystems.com" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 4 modcall[authorize]: module "preprocess" returns ok for request 4 modcall[authorize]: module "mschap" returns noop for request 4 rlm_realm: No '@' in User-Name = ""USER"", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 4 rlm_eap: EAP packet type response id 5 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 4 users: Matched entry DEFAULT at line 217 users: Matched entry DEFAULT at line 220 modcall[authorize]: module "files" returns ok for request 4 rlm_ldap: - authorize rlm_ldap: performing user authorization for USER radius_xlat: '(uid=USER)' radius_xlat: 'ou=Users,dc=laszlosystems,dc=com' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=Users,dc=laszlosystems,dc=com, with filter (uid=USER) rlm_ldap: Added password {CRYPT}5usNgubjIO.a6 in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user USER authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: No SSL info available. Waiting for more SSL data. eaptls_verify returned 1 eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module "eap" returns handled for request 4 modcall: leaving group authenticate (returns handled) for request 4 Sending Access-Challenge of id 39 to 192.168.43.106 port 1645 EAP-Message = 0x010600061900 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x7c82b915bfc84d169d053dc47c2c3aa6 Finished request 4 Going to the next request Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 35 with timestamp 45807012 Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 36 with timestamp 45807013 Cleaning up request 2 ID 37 with timestamp 45807013 Cleaning up request 3 ID 38 with timestamp 45807013 Cleaning up request 4 ID 39 with timestamp 45807013 Nothing to do. Sleeping until we see a request.