radtest is working, but connecting my android phone via Access Point with SSID eduroam1 to freeradius and to LDAP server - now so much
rad_recv: Access-Request packet from host 127.0.0.1 port 58878, id=228, length=76
User-Name = "skuska"
User-Password = "skuska"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x2a5dcc7deb1dbac6d6abbb04e9b7f311
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %t -> Tue Apr 8 13:35:45 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "skuska", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[ldap] performing user authorization for skuska
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> skuska
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=skuska)
[ldap] expand: dc=fri,dc=uniza,dc=sk -> dc=fri,dc=uniza,dc=sk
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=fri,dc=uniza,dc=sk, with filter (uid=skuska)
[ldap] Added User-Password = {SSHA}CA+M2KYvU3oYGtotgDtQEBta2WliH5w3 in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{SSHA}CA+M2KYvU3oYGtotgDtQEBta2WliH5w3"
[ldap] looking for reply items in directory...
[ldap] user skuska authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "skuska"
[pap] Using SSHA encryption.
[pap] Normalizing SSHA1-Password from base64 encoding
[pap] User authenticated successfully
++[pap] returns ok
Login OK: [skuska] (from client localhost port 0)
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand: %t -> Tue Apr 8 13:35:45 2014
++[reply_log] returns ok
++[exec] returns noop
Sending Access-Accept of id 228 to 127.0.0.1 port 58878
rad_recv: Access-Request packet from host 192.168.1.1 port 3072, id=0, length=138
Cleaning up request 12 ID 0 with timestamp +37
User-Name = "skuska"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00904c910003"
Calling-Station-Id = "1cb094111188"
NAS-Identifier = "00904c910003"
NAS-Port = 8
Framed-MTU = 1400
State = 0xfd4902fefe4d1bbe3a2596e3bf6ac7bb
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xc52506a949478fe4d20b63da335ebdee
server eduroam1 {
# Executing section authorize from file /etc/freeradius/sites-enabled/eduroam1
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: %t -> Tue Apr 8 13:37:40 2014
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "skuska", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Realm = "NULL"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[ntdomain] Request already proxied. Ignoring.
++[ntdomain] returns ok
[ldap] performing user authorization for skuska
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> skuska
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=skuska)
[ldap] expand: dc=fri,dc=uniza,dc=sk -> dc=fri,dc=uniza,dc=sk
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=fri,dc=uniza,dc=sk, with filter (uid=skuska)
[ldap] Added User-Password = {SSHA}CA+M2KYvU3oYGtotgDtQEBta2WliH5w3 in check items
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
[ldap] userPassword -> Password-With-Header == "{SSHA}CA+M2KYvU3oYGtotgDtQEBta2WliH5w3"
[ldap] looking for reply items in directory...
[ldap] user skuska authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[eap] EAP packet type response id 4 length 6
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Replacing User-Password in config items with Cleartext-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/eduroam1
+- entering group EAP {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] Received TLS ACK
[peap] ACK handshake is finished
[peap] eaptls_verify returned 3
[peap] eaptls_process returned 3
[peap] EAPTLS_SUCCESS
[peap] Session established. Decoding tunneled attributes.
[peap] Peap state TUNNEL ESTABLISHED
++[eap] returns handled
} # server eduroam1
Sending Access-Challenge of id 0 to 192.168.1.1 port 3072
EAP-Message = 0x0105002b190017030100206fb4433047881387cf9d3a1297cdfacfa5fa56da9e3cac8319000142f92d35cf
Message-Authenticator = 0x00000000000000000000000000000000
State = 0xfd4902fef94c1bbe3a2596e3bf6ac7bb
Finished request 13.
Going to the next request
Waking up in 4.9 seconds.