We're experiencing a similar issue. We upgraded to 2.1.9.3 and everything worked fine for server 1 with no complaints. But for server 2 we set it up with the same Freeradius version, but we configured it with a Verisign certificate. The servers are configured the exact same way for each except for the type of certificate. So does this somehow add a delay to the auth or change the process? We tested it with maybe 6 Apple iDevices and the issue varied. Nathan Van Fleet
-----Original Message----- From: freeradius-users- bounces+nmcdavit=alcor.concordia.ca@lists.freeradius.org [mailto:freeradius-users- bounces+nmcdavit=alcor.concordia.ca@lists.freeradius.org] On Behalf Of amin ahoora Sent: Wednesday, March 23, 2011 3:59 PM To: FreeRadius users mailing list Subject: Re: Problem with iPods/iTouches
Hi can you send your configuration file that i can debug it
THANK YOU WITH BEST REGARDS AMIN AHOORA
On Wed, Mar 23, 2011 at 11:58 PM, Jonathan Paul <JPaul@stfrancis.edu> wrote:
Hi, Just wondering if you were able to find a solution to this problem ? I was reading through the archives and we have the same Enterasys equipment and are experiencing the same problem. As you noted, other devices work ok with the default installation.
Thanks Jonathan Paul Network Support Services University of St.Francis
1/12/2011 2:10 PM >>> We have a stangle problem going on with the Apple iTouches in the district here. This started since they were upgraded to iOS v.4.x....so it seems. What is happening is that the user will put in their credentials and get prompted to accept the certificate as it says its untrusted. The user clicks accept, all looks good and then it says it failed to connected. So they hit dismiss on that message, click join again, accept the certificate again and then they are accepted onto the network. But, sometimes they have to hit Dismiss/Join up to 15-20 times until it will accept it.
Right now I am working with a default install FreeRadius v2.1.8 for testing this, including default certificates. I was planning on slowly adding in my config to narrow it down, but the problem appears to be happening by default. I *thought* that setting the default_eap_type to peap was causing it, but I had it happen when it was set to md5 as well. Im working on a iPod Touch with iOS v4.2. Below is the debug output of a failed attempt, and the follow up attempt that put the user through.
*********************** FAILED ATTEMPT ***************************
Ready to process requests. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x3035303030313031343330353233
3035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0200000b016b7465737435 Message-Authenticator = 0x32cf9f891633152f0f139a53cb61f9ee +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 0 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010100061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420 Cleaning up request 0 ID 66 with timestamp +30 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0201008819800000007e16030100790100007503014d2e0343e5f920d1f519dbf eac002febc3736014d9bee7e0c55fd8085b99b7af00003ac00ac009c007c008c013 c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a00090 00300080033003900160015001401000012000a00080006001700180019000b0002 0100 State = 0xc4b1fdf8c4b0e4f9163ffe27c4915746 Message-Authenticator = 0xf4e7c59223ecd3e5741cc6cc48762e1f +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 136 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x0102040019c00000089b160301002a0200002603014d2e0330bf07fe39f7236a6 19358e64fa3db011bcbda7c9b9584846f6e32102000002f00160301085e0b00085 a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d01 01040500308193310b3009060355040613024652310f300d0603550408130652616 46975733112301006035504071309536f6d65776865726531153013060355040a13 0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d 696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520 436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a 307c310b3009060355040613024652310f300d06035504081306526164697573311 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 78616d706c65205365727665722043657274696669636174653120301e06092a864 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 b1f81044272b76dbaa079cbd3dd727461dfd7a5 EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 a317301530130603551d25040c300a06082b06010505070301300d06092a864886f 70d01010405000382010100904c9828165a2de337 EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf d34797fbefa47a4eed95cca895860004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 1 ID 66 with timestamp +30 Ready to process requests. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x020200061900 State = 0xc4b1fdf8c5b3e4f9163ffe27c4915746 Message-Authenticator = 0xa5c69d05dee0560c68b7d67d25b2e0b1 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010303fc194000ae0fc87b0b841be2300d06092a864886f70d010105050030819 3310b3009060355040613024652310f300d06035504081306526164697573311230 1006035504071309536f6d65776865726531153013060355040a130c4578616d706 c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616 d706c652e636f6d312630240603550403131d4578616d706c652043657274696669 6361746520417574686f72697479301e170d3131303131323138353335315a170d3 132303131323138353335315a308193310b3009060355040613024652310f300d06 0355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496 e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652 e636f6d312630240603550403131d4578616d706c65204365727469666963617465 20417574686f7269747930820122300d06092a864886f70d01010105000382010f0 03082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272 e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b4806 5e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea 646bdde6442593b17cb4713fb4d6f0616a5db38d9b EAP-Message = 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b6 0ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69 fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f11162697 9b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16 409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e041604 14872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c030 81bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193 310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d6577686572653115301 3060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d0109 01161161646d696e406578616d706c652e636f6d312630240603550403131d4578 616d706c6520436572746966696361746520417574686f72697479820900ae0fc87 b0b841be2300c0603551d13040530030101ff300d06092a864886f70d0101050500 0382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556 ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1 d8583cd575710b49070b3794384d2cff45f22b81e EAP-Message = 0x2dc327be959645c8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290 Cleaning up request 2 ID 66 with timestamp +39 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x020300061900 State = 0xc4b1fdf8c6b2e4f9163ffe27c4915746 Message-Authenticator = 0x834956d460493056f00e0117298d68d7 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010400b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afdd fcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b 4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c230 9b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fd a7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777 ae3413772aa2f5f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=622 Cleaning up request 3 ID 66 with timestamp +39 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x020401501980000001461603010106100001020100373aae08036c5c081766d84 efb8b257d7a9840bd2d91f9fbb1bad0c23993b1becc777b0890f6c8eb6b9ad515a 2a5436dd50ea6feaeb8d0e9d3b7142af44ef0a0d52004a50e4b3022e3c2752cbc9 caff85cbbd8281543a4a2c1b8a9a9141dd4430cafb7375f8d1a299c321a10edf205 010f828f80cb188855d7888ef33d2c14d9bbc52bb23e99e2570ec2be2e6896f918 c61926fbfc21009af339abbf671c483c897e7f5a9614f7ffd003d126edeebb752e3a f6f8dc63a10a314fb5d105124ce25332a68c7b6aee6bebcf5eb9aa3a3853cdb0ec ef655a78107a86ce327d51d84fb858490131e5c8 EAP-Message = 0x4fdfa622a41c66fd40edceb1c3cc99f33a0591a75a1c419d681403010001011603 010030183a1d1ce2e805a60d16d91940d4b659bc1ecda540c675ea25f530b5c3eb e4114d5553609074df1351384da76ab4f78a State = 0xc4b1fdf8c7b5e4f9163ffe27c4915746 Message-Authenticator = 0xef9d2df3d5a31b39f3ddf68d687d6b5c +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 4 length 252 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 326 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0106], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x0105004119001403010001011603010030c5ca03d2a20ef23d2e6375c8153c3e6 c1afa2151b0232004998802bece4070cb14b8a1bffac3874c849f89a1f8450de2 Message-Authenticator = 0x00000000000000000000000000000000 State = 0xc4b1fdf8c0b4e4f9163ffe27c4915746 Finished request 4. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277 Cleaning up request 4 ID 66 with timestamp +39 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0206000b016b7465737435 Message-Authenticator = 0x7667edddd0b6ae7ddec276f6fc0d09fd +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 6 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010700061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8791eff18796f6b55a0a76adc31036d5 Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420 Cleaning up request 5 ID 66 with timestamp +42 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0207008819800000007e16030100790100007503014d2e034fe43eb22c54e9c3 0587e009b69a0a7712664fc62b7754d5321207a9e700003ac00ac009c007c008c01 3c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009 000300080033003900160015001401000012000a00080006001700180019000b000 20100 State = 0x8791eff18796f6b55a0a76adc31036d5 Message-Authenticator = 0xdd954eaa01deac01b7a9d0973e934401 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 7 length 136 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x0108040019c00000089b160301002a0200002603014d2e033cabdd48cf6a4f062 f86f5947a33952f7547e4871741c1b81a7c7ae51e00002f00160301085e0b00085a 0008570003a6308203a23082028aa003020102020101300d06092a864886f70d010 1040500308193310b3009060355040613024652310f300d06035504081306526164 6975733112301006035504071309536f6d65776865726531153013060355040a130 c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d6 96e406578616d706c652e636f6d312630240603550403131d4578616d706c65204 36572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a 307c310b3009060355040613024652310f300d06035504081306526164697573311 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 78616d706c65205365727665722043657274696669636174653120301e06092a864 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 b1f81044272b76dbaa079cbd3dd727461dfd7a5 EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 a317301530130603551d25040c300a06082b06010505070301300d06092a864886f 70d01010405000382010100904c9828165a2de337 EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf d34797fbefa47a4eed95cca895860004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8791eff18699f6b55a0a76adc31036d5 Finished request 6. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290 Cleaning up request 6 ID 66 with timestamp +42 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x020800061900 State = 0x8791eff18699f6b55a0a76adc31036d5 Message-Authenticator = 0x806cd522495a9dea0f1b63c2c7612616 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 8 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010903fc194000ae0fc87b0b841be2300d06092a864886f70d010105050030819 3310b3009060355040613024652310f300d06035504081306526164697573311230 1006035504071309536f6d65776865726531153013060355040a130c4578616d706 c6520496e632e3120301e06092a864886f70d010901161161646d696e406578616 d706c652e636f6d312630240603550403131d4578616d706c652043657274696669 6361746520417574686f72697479301e170d3131303131323138353335315a170d3 132303131323138353335315a308193310b3009060355040613024652310f300d06 0355040813065261646975733112301006035504 EAP-Message = 0x071309536f6d65776865726531153013060355040a130c4578616d706c6520496 e632e3120301e06092a864886f70d010901161161646d696e406578616d706c652 e636f6d312630240603550403131d4578616d706c65204365727469666963617465 20417574686f7269747930820122300d06092a864886f70d01010105000382010f0 03082010a0282010100d73060bc3e4f3bacd8c526ff5efa081cbfd333963c0a90272 e83d654b8d1a16a25c9e1358b347d3f91d49ed29d387fd6de5ba5fe18c43b4806 5e8f1bb9dcb22d1a8679925af0bdc049d32199ba543f1d40a7c6b3578892efcaea 646bdde6442593b17cb4713fb4d6f0616a5db38d9b EAP-Message = 0xfd1d6e9dd30b6e536ba717a75adaa7c87fd019e83bea06f5eacb6a09fa9954b6 0ccc92116455610a2674a03a4ecacee05ce914a72a27965d55471df19c8751fdb69 fe66426bb236f7d57cfffe41822e7d8ddfc6c1c8f5b45e6010c896918c4f11162697 9b280ddf2219099024cb0efb17c9660df9fc642edc9874074cb83e93349b19a2c16 409b7444545ee27b2a52bb9d0203010001a381fb3081f8301d0603551d0e041604 14872c00a6ed850850f4e202b4d86a1d663b35fd8e3081c80603551d230481c030 81bd8014872c00a6ed850850f4e202b4d86a1d663b35fd8ea18199a48196308193 310b3009060355040613024652310f300d06035504 EAP-Message = 0x0813065261646975733112301006035504071309536f6d6577686572653115301 3060355040a130c4578616d706c6520496e632e3120301e06092a864886f70d0109 01161161646d696e406578616d706c652e636f6d312630240603550403131d4578 616d706c6520436572746966696361746520417574686f72697479820900ae0fc87 b0b841be2300c0603551d13040530030101ff300d06092a864886f70d0101050500 0382010100a5c0c601e1cb4606aa986dc240b7488bb4afd8c0e81ba0361530d556 ad117222cdcc5a57a13fe3eb073ca72dff40db0a58c8d835ec110485bd158ab6cd1 d8583cd575710b49070b3794384d2cff45f22b81e EAP-Message = 0x2dc327be959645c8 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8791eff18598f6b55a0a76adc31036d5 Finished request 7. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=290 Cleaning up request 7 ID 66 with timestamp +43 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x020900061900 State = 0x8791eff18598f6b55a0a76adc31036d5 Message-Authenticator = 0xf2ec741c480f9339eaa13537cadc59e4 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 9 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010a00b51900387bb57f237040a0b009495fcb1c4460694c6214f871d93a5afdd fcc7aa7727e9ce657d22551e936e9415eea3a0ce78a7ea4b121f711fc19e2b505b 4fa004bcc2952effdc18d0cd1ec6fe10bf431e8a189a5cbefcaebd9beab4e75c230 9b55de25a9e392112915ad1c7b866a902f091b366eb96e7aa6ab544889069e70fd a7ad8a9ec9eb729a6db3aeeb3ca9965daf0d515783a89a0947b6004eaad452777 ae3413772aa2f5f16030100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x8791eff1849bf6b55a0a76adc31036d5 Finished request 8. Going to the next request Waking up in 4.9 seconds. Cleaning up request 8 ID 66 with timestamp +43 Ready to process requests. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=277 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0201000b016b7465737435 Message-Authenticator = 0xacd1f25254d19ef7ef878a3a79e240be +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 1 length 11 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x119bd5731199cc528cc4c05b9703cffa Finished request 9. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 10.1.1.1 port 38428, id=66, length=420 Cleaning up request 9 ID 66 with timestamp +48 User-Name = "ktest5" NAS-IP-Address = 127.0.4.1 NAS-Port = 259 Framed-MTU = 1400 Called-Station-Id = "00:1f:45:7f:83:fa" Calling-Station-Id = "58:b0:35:28:19:ad" NAS-Port-Type = Wireless-802.11 NAS-Identifier = "KASD_TEST" Service-Type = Framed-User Vendor-4329-Attr-3 = 0x30353030303130313433303532333035 Vendor-4329-Attr-2 = 0x4a52472d31464c2d41503039 Vendor-4329-Attr-4 = 0x4b4153445f54455354 Vendor-4329-Attr-5 = 0x4b4153445f54455354 Vendor-4329-Attr-6 = 0x30303a31663a34353a37663a38333a6661 Vendor-4329-Attr-7 = 0x53747564656e7473 Vendor-4329-Attr-8 = 0x4b41534453747564656e7473 EAP-Message = 0x0202008819800000007e16030100790100007503014d2e0355d881daaa7bc48a b53b8cbf1877d5045d28d27e8bc56439c8160f2d2e00003ac00ac009c007c008c01 3c014c011c012c004c005c002c003c00ec00fc00cc00d002f000500040035000a0009 000300080033003900160015001401000012000a00080006001700180019000b000 20100 State = 0x119bd5731199cc528cc4c05b9703cffa Message-Authenticator = 0x502685c6634bcf13076884276d720178 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "ktest5", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 2 length 136 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 126 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0079], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 002a], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 085e], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 66 to 10.1.1.1 port 38428 EAP-Message = 0x0103040019c00000089b160301002a0200002603014d2e0342163fcd54d6877c3 4fe6b48bf4ada483c9daaeb893988fd2bdc1ee46300002f00160301085e0b00085 a0008570003a6308203a23082028aa003020102020101300d06092a864886f70d01 01040500308193310b3009060355040613024652310f300d0603550408130652616 46975733112301006035504071309536f6d65776865726531153013060355040a13 0c4578616d706c6520496e632e3120301e06092a864886f70d010901161161646d 696e406578616d706c652e636f6d312630240603550403131d4578616d706c6520 436572746966696361746520417574686f72697479 EAP-Message = 0x301e170d3131303131323138353335325a170d3132303131323138353335325a 307c310b3009060355040613024652310f300d06035504081306526164697573311 53013060355040a130c4578616d706c6520496e632e312330210603550403131a45 78616d706c65205365727665722043657274696669636174653120301e06092a864 886f70d010901161161646d696e406578616d706c652e636f6d30820122300d060 92a864886f70d01010105000382010f003082010a0282010100e8460af12ab26451 d71f5f5853ac201a8dee4f3c17d2f6c4725f4c9cc44fc6ae87c1b32d3e62fcd1964c8 b1f81044272b76dbaa079cbd3dd727461dfd7a5 EAP-Message = 0x8b623cc4e0c8beccafbc499fc74e8d17e3c9fbd9aafbac061bfa1309372c83e95c 8dd5da071d7d97fdd7660ab45c93db04d72184885f895897d840ac4934c11f51c8 1c4d2e83dccf646b499739781cdff243a48f064e209bef2d2bcde936c6104b63ee4 67f448d005c127b83bfa708aeed69f1467d3b280a4f1b151d153ce7216ea94c2e3 3fe400de92d84b823c5b32828959b9ea5b8afbc063ba5db0cabb0b602fdf90e60c 354b8e788facfc654ff2310ea763297ea1aef098b4ddb5466abb528910203010001 a317301530130603551d25040c300a06082b06010505070301300d06092a864886f 70d01010405000382010100904c9828165a2de337 EAP-Message = 0x50191a87ef600b1584376573598f31e772c944faf6e61c383d477c201b0aa6cf8b cb49d8b416f2de1e84774a9423608aad94af078dad2b6b30979d1c6b58cd8eefa9 cf827d27f7755f8030dbc7c9e230187f212a5d4400928da0cc2845a7b5048a3b742 5818fb437ac9c33746b39aaf4aa49af51340496250c837496f449307860f6cae9bd2 24c557af44806b46ac837b12a149124e35da9bde2538d9f39c2c33fe33dc7df0d45 c5bec5bda68294a994af2db4f7298cf47e680cbca4789791aa3048a17761e4c71eb bd9b82bd324af0dbe8ce26ae88ee8a5d16dbd6685dce7ecb7af820abf975c67bf d34797fbefa47a4eed95cca895860004ab308204 EAP-Message = 0xa73082038fa0030201020209 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x119bd5731098cc528cc4c05b9703cffa Finished request 10. Going to the next request Waking up in 4.9 seconds. Cleaning up request 10 ID 66 with timestamp +48 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html